public function userHasPermissionOnPlanning($planning_id, $group_id, PFUser $user, $permission)
{
return $user->isMember($group_id) && $user->hasPermission($permission, $planning_id, $group_id);
}
/**
* Test is user can administrate FRS service of given project
*
* @param PFUser $user User to test
* @param Integer $groupId Project
*
* @return Boolean
*/
public static function userCanAdmin($user, $groupId)
{
return $user->isSuperUser() || $user->isMember($groupId, 'R2') || $user->isMember($groupId, 'A');
}
private function userIsRestrictedAndNotMemberOfProject(PFUser $user, Project $project)
{
return $user->isRestricted() && !$user->isMember($project->getID()) && $this->project_manager->checkRestrictedAccessForUser($project, $user);
}
private function restrictedMemberIsNotProjectMember(PFUser $user, $project_id)
{
return $user->isRestricted() && !$user->isMember($project_id);
}
public function getUserProjectsAsOptions(PFUser $user, ProjectManager $manager, $currentProjectId)
{
$purifier = Codendi_HTMLPurifier::instance();
$html = '';
$option = '<option value="%d" title="%s">%s</option>';
$usrProject = array_diff($user->getAllProjects(), array($currentProjectId));
foreach ($usrProject as $projectId) {
$project = $manager->getProject($projectId);
if ($user->isMember($projectId, 'A') && $project->usesService(GitPlugin::SERVICE_SHORTNAME)) {
$projectName = $project->getPublicName();
$projectUnixName = $purifier->purify($project->getUnixName());
$html .= sprintf($option, $projectId, $projectUnixName, $projectName);
}
}
return $html;
}
private function userIsRestrictedAndNotProjectMember(PFUser $user, Project $project)
{
return $project->allowsRestricted() && $user->isRestricted() && !$user->isMember($project->getID());
}
private function addGenericUserInProject(PFUser $user, $session_key, $group_id)
{
if (!$user->isMember($group_id)) {
$this->addProjectMember($session_key, $group_id, $user->getUnixName());
}
}
public function assertUserCanAccessProject(PFUser $user, Project $project)
{
if ($project->isPublic() && $user->isRestricted() && !$user->isMember($project->getGroupId()) || !$project->isPublic() && !$user->isMember($project->getGroupId())) {
throw new Exception('User do not have access to the project', '3002');
}
}
/**
* Tests if the user is Superuser, or File release admin
*
* @param PFUser $user
* @param Integer $groupId
*
* @return Boolean
*/
function userCanWrite($user, $groupId)
{
// R2 refers to File release admin
return $this->isWriteEnabled() && ($user->isSuperUser() || $user->isMember($groupId, 'R2'));
}
/**
* Test if user can modify repository configuration
*
* @param PFUser $user The user to test
*
* @return Boolean
*/
public function userCanAdmin($user)
{
return $user->isMember($this->getProjectId(), 'A');
}
/**
* Append project dynamic ugroups of user
*
* @param PFUser $user
* @param array $user_ugroups
*
* @return array the new array of user's ugroup
*/
private function appendDynamicUGroups(PFUser $user, array $user_ugroups = array())
{
$user_projects = $user->getProjects(true);
foreach ($user_projects as $user_project) {
$project_name = strtolower($user_project['unix_group_name']);
$group_id = $user_project['group_id'];
$user_ugroups[] = $this->ugroupIdToStringWithoutArobase(ProjectUGroup::PROJECT_MEMBERS, $project_name);
if ($user->isMember($group_id, 'A')) {
$user_ugroups[] = $this->ugroupIdToStringWithoutArobase(ProjectUGroup::PROJECT_ADMIN, $project_name);
}
}
return $user_ugroups;
}
/**
* Remove a notified mail address from all private repositories of a project
*
* @param Integer $groupId Porject ID to remove its repositories notification
* @param PFUser $user User to exclude from notification
*
* @return void
*/
function removeMailByProjectPrivateRepository($groupId, $user)
{
if (!$user->isMember($groupId)) {
$gitDao = $this->_getGitDao();
$repositoryList = $gitDao->getProjectRepositoryList($groupId);
if ($repositoryList) {
foreach ($repositoryList as $row) {
$repository = $this->_getGitRepository();
$repository->setId($row['repository_id']);
$repository->load();
if (!$repository->userCanRead($user)) {
if (!$this->removeMailByRepository($repository, $user->getEmail())) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'dao_error_remove_notification'));
}
}
}
}
}
}
/**
* Ensure given user can access given project
*
* @param PFUser $user
* @param Project $project
* @return boolean
* @throws Project_AccessProjectNotFoundException
* @throws Project_AccessDeletedException
* @throws Project_AccessRestrictedException
* @throws Project_AccessPrivateException
*/
public function userCanAccessProject(PFUser $user, Project $project)
{
if ($project->isError()) {
throw new Project_AccessProjectNotFoundException();
} elseif ($user->isSuperUser()) {
return true;
} elseif (!$project->isActive()) {
throw new Project_AccessDeletedException($project);
} elseif ($user->isMember($project->getID())) {
return true;
} elseif ($user->isRestricted() && !$this->canRestrictedUserAccess($user, $project)) {
throw new Project_AccessRestrictedException();
} elseif ($project->isPublic()) {
return true;
} elseif ($this->userHasBeenDelegatedAccess($user)) {
return true;
}
throw new Project_AccessPrivateException();
}
/**
* Ensure given user can access given project
*
* @param PFUser $user
* @param Project $project
* @return boolean
* @throws Project_AccessProjectNotFoundException
* @throws Project_AccessDeletedException
* @throws Project_AccessRestrictedException
* @throws Project_AccessPrivateException
*/
public function userCanAccessProject(PFUser $user, Project $project)
{
if ($project->isError()) {
throw new Project_AccessProjectNotFoundException();
} elseif ($user->isSuperUser()) {
return true;
} elseif (!$project->isActive()) {
throw new Project_AccessDeletedException($project);
} elseif ($user->isMember($project->getID())) {
return true;
} elseif ($this->getPermissionsOverriderManager()->doesOverriderAllowUserToAccessProject($user, $project)) {
return true;
} elseif ($user->isRestricted()) {
if (!$project->allowsRestricted() || !$this->restrictedUserCanAccessUrl($user, $this->getUrl(), $_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME'])) {
throw new Project_AccessRestrictedException();
}
return true;
} elseif ($project->isPublic()) {
return true;
} elseif ($this->userHasBeenDelegatedAccess($user)) {
return true;
}
throw new Project_AccessPrivateException();
}
/**
* Test is user can read the content of this repository and metadata
*
* @param PFUser $user The user to test
* @param GitRepository $repository The repository to test
*
* @return Boolean
*/
public function userCanRead($user, $repository)
{
return $user->isMember($repository->getProjectId(), 'A') || $user->hasPermission(Git::PERM_READ, $repository->getId(), $repository->getProjectId()) || $user->hasPermission(Git::PERM_WRITE, $repository->getId(), $repository->getProjectId()) || $user->hasPermission(Git::PERM_WPLUS, $repository->getId(), $repository->getProjectId());
}
/**
* Test is user can read the content of this repository and metadata
*
* @param PFUser $user The user to test
* @param GitRepository $repository The repository to test
*
* @return Boolean
*/
public function userCanRead($user, $repository)
{
if ($repository->isPrivate() && $user->isMember($repository->getProjectId())) {
return true;
}
if ($repository->isPublic()) {
if ($user->isRestricted() && $user->isMember($repository->getProjectId())) {
return true;
}
if (!$user->isAnonymous()) {
return true;
}
}
return false;
}
private function userIsAdmin(PFUser $user, $group_id, $permissions, $ugroups)
{
return $user->isSuperUser() || $user->isMember($group_id, 'A') || $this->hasPermissionFor(Tracker::PERMISSION_ADMIN, $permissions, $ugroups);
}
