public function getFromattedUgroupsThatCanReadWikiPage(WikiPage $wiki_page)
{
$project = $this->project_manager->getProject($wiki_page->getGid());
$ugroup_ids = $this->permission_manager->getAuthorizedUgroupIds($wiki_page->getId(), self::WIKI_PERMISSION_READ);
$ugroup_ids = $this->filterWikiPagePermissionsAccordingToService($project, $ugroup_ids);
$ugroup_ids = $this->filterWikiPagePermissionsAccordingToProject($project, $ugroup_ids);
return $this->literalizer->ugroupIdsToString($ugroup_ids, $project);
}
private function getUgroupIdsPermissions(Docman_Item $item, UGroupLiteralizer $literalizer, Project $project)
{
$ugroups_ids = $literalizer->getUgroupIds($item->getId(), self::PERMISSIONS_TYPE);
$parent_item = $this->getParentItem($item, $project);
if ($parent_item) {
$parent_ugroups_ids = $this->getUgroupIdsPermissions($parent_item, $literalizer, $project);
$ugroups_ids = $this->mergeUgroupIds($parent_ugroups_ids, $ugroups_ids);
}
return array_values($ugroups_ids);
}
private function getUgroupIdsPermissions(Docman_Item $item, UGroupLiteralizer $literalizer, Project $project)
{
$ugroups_ids = $literalizer->getUgroupIds($project, $item->getId(), self::PERMISSIONS_TYPE);
if (empty($ugroups_ids)) {
$ugroups_ids = PermissionsManager::instance()->getAuthorizedUgroupIds($project->getID(), 'PLUGIN_DOCMAN_ADMIN');
}
$parent_item = $this->getParentItem($item, $project);
if ($parent_item) {
$parent_ugroups_ids = $this->getUgroupIdsPermissions($parent_item, $literalizer, $project);
$ugroups_ids = $this->mergeUgroupIds($parent_ugroups_ids, $ugroups_ids);
}
return array_values($ugroups_ids);
}
protected function filterQueryWithPermissions(array &$query, User $user)
{
$ugroup_literalizer = new UGroupLiteralizer();
$filtered_query = array('filtered' => array('query' => $query['query'], 'filter' => array('terms' => array('permissions' => $ugroup_literalizer->getUserGroupsForUserWithArobase($user)))));
$query['query'] = $filtered_query;
}
/**
* Returns ugroups of an artifact in a human readable format
*
* @return array
*/
public function exportPermissions()
{
$project = ProjectManager::instance()->getProject($this->getTracker()->getGroupId());
$literalizer = new UGroupLiteralizer();
$ugroupsId = $this->getAuthorisedUgroups();
return $literalizer->ugroupIdsToString($ugroupsId, $project);
}
private function literalize(array $ugroups_ids, Project $project)
{
$literalizer = new UGroupLiteralizer();
return $literalizer->ugroupIdsToString($ugroups_ids, $project);
}
/**
* Fetch the gitolite readable conf for permissions on a repository
*
* @return string
*/
public function fetchConfigPermissions($project, $repository, $permission_type)
{
if (!isset(self::$permissions_types[$permission_type])) {
return '';
}
$ugroup_literalizer = new UGroupLiteralizer();
$repository_groups = $ugroup_literalizer->getUGroupsThatHaveGivenPermissionOnObject($project, $repository->getId(), $permission_type);
if (count($repository_groups) == 0) {
return '';
}
return self::$permissions_types[$permission_type] . ' = ' . implode(' ', $repository_groups) . PHP_EOL;
}
*
* Tuleap is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tuleap; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*
* Ouput all the tuleap user groups, one ssh/gitolite user is member of.
* Example:
* $> gitolite_membership_pgm.php vaceletm
* site_active gpig_project_members gpig_project_admin ug_1234
*
* Inspired from:
* https://github.com/sitaramc/gitolite/blob/pu/doc/big-config.mkd#_storing_usergroup_information_outside_gitolite_like_in_LDAP_
* https://github.com/sitaramc/gitolite/blob/pu/contrib/ldap/ldap-query-example.pl
*/
require_once 'pre.php';
require_once 'common/project/UGroupLiteralizer.class.php';
if (!isset($argv[1])) {
echo "Usage: " . $argv[0] . " username" . PHP_EOL;
exit(1);
}
$ugroup_literalizer = new UGroupLiteralizer();
$groups = $ugroup_literalizer->getUserGroupsForUserName($argv[1]);
if (count($groups) > 0) {
echo implode(' ', $groups) . PHP_EOL;
}
protected function filterQueryWithPermissions(array &$query, PFUser $user, $terms, $facets)
{
$ugroup_literalizer = new UGroupLiteralizer();
$ugroups = $ugroup_literalizer->getUserGroupsForUserWithArobase($user);
$types = $this->getTypesForFacets($facets);
$document_types = array(ElasticSearch_SearchResultWiki::TYPE_IDENTIFIER, ElasticSearch_SearchResultDocman::TYPE_IDENTIFIER);
$tracker_types = array(ElasticSearch_SearchResultTracker::TYPE_IDENTIFIER);
if (array_intersect($types, $tracker_types) && array_intersect($types, $document_types)) {
$query_part = array('bool' => array('should' => array($this->getDocumentQueryPart($terms, $ugroups), $this->getTrackerQueryPart($user, $terms, $ugroups, $facets))));
} elseif (array_intersect($types, $document_types)) {
$query_part = $this->getDocumentQueryPart($terms, $ugroups);
} elseif (array_intersect($types, $tracker_types)) {
$query_part = $this->getTrackerQueryPart($user, $terms, $ugroups, $facets);
}
$query['query'] = $query_part;
}
/**
* Fetch the gitolite readable conf for permissions on a repository
*
* @return string
*/
public function fetchConfigPermissions($project, $repository, $permission_type)
{
if (!isset(self::$permissions_types[$permission_type])) {
return '';
}
$git_online_edit_conf_right = $this->getUserForOnlineEdition($repository);
$ugroup_literalizer = new UGroupLiteralizer();
$repository_groups = $ugroup_literalizer->getUGroupsThatHaveGivenPermissionOnObject($project, $repository->getId(), $permission_type);
if ($git_online_edit_conf_right) {
$repository_groups[] = $git_online_edit_conf_right;
}
return $this->formatPermission($permission_type, $repository_groups);
}
