function CallHook($hookname, &$params)
 {
     if (isset($params['group_id'])) {
         $group_id = $params['group_id'];
     } elseif (isset($params['group'])) {
         $group_id = $params['group'];
     } else {
         $group_id = null;
     }
     if ($hookname == "groupmenu") {
         $project = group_get_object($group_id);
         if (!$project || !is_object($project)) {
             return;
         }
         if ($project->isError()) {
             return;
         }
         if (!$project->isProject()) {
             return;
         }
         if ($project->usesPlugin($this->name)) {
             $params['TITLES'][] = $this->text;
             $params['DIRS'][] = util_make_url('/plugins/mediawiki/wiki/' . $project->getUnixName() . '/index.php');
             $params['ADMIN'][] = '';
             $params['TOOLTIPS'][] = _('Mediawiki Space');
         }
         $params['toptab'] == $this->name ? $params['selected'] = count($params['TITLES']) - 1 : '';
     } elseif ($hookname == "groupisactivecheckbox") {
         //Check if the group is active
         // this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
         $group = group_get_object($group_id);
         echo "<tr>";
         echo "<td>";
         echo ' <input type="checkbox" name="use_mediawikiplugin" value="1" ';
         // checked or unchecked?
         if ($group->usesPlugin($this->name)) {
             echo "checked";
         }
         echo " /><br/>";
         echo "</td>";
         echo "<td>";
         echo "<strong>Use " . $this->text . " Plugin</strong>";
         echo "</td>";
         echo "</tr>";
     } elseif ($hookname == "groupisactivecheckboxpost") {
         // this code actually activates/deactivates the plugin after the form was submitted in the project edit public info page
         $group = group_get_object($group_id);
         $use_mediawikiplugin = getStringFromRequest('use_mediawikiplugin');
         if ($use_mediawikiplugin == 1) {
             $group->setPluginUse($this->name);
         } else {
             $group->setPluginUse($this->name, false);
         }
     } elseif ($hookname == "project_public_area") {
         $project = group_get_object($group_id);
         if (!$project || !is_object($project)) {
             return;
         }
         if ($project->isError()) {
             return;
         }
         if (!$project->isProject()) {
             return;
         }
         if ($project->usesPlugin($this->name)) {
             echo '<div class="public-area-box">';
             print '<a href="' . util_make_url('/plugins/mediawiki/wiki/' . $project->getUnixName() . '/index.php') . '">';
             print html_abs_image(util_make_url('/plugins/mediawiki/wiki/' . $project->getUnixName() . '/skins/fusionforge/wiki.png'), '20', '20', array('alt' => 'Mediawiki'));
             print ' Mediawiki';
             print '</a>';
             echo '</div>';
         }
     } elseif ($hookname == "role_get") {
         $role =& $params['role'];
         // Read access
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_read');
         $right->SetAllowedValues(array('0', '1'));
         $right->SetDefaultValues(array('Admin' => '1', 'Senior Developer' => '1', 'Junior Developer' => '1', 'Doc Writer' => '1', 'Support Tech' => '1'));
         // Edit privileges
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_edit');
         $right->SetAllowedValues(array('0', '1', '2', '3'));
         $right->SetDefaultValues(array('Admin' => '3', 'Senior Developer' => '2', 'Junior Developer' => '1', 'Doc Writer' => '3', 'Support Tech' => '0'));
         // File upload privileges
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_upload');
         $right->SetAllowedValues(array('0', '1', '2'));
         $right->SetDefaultValues(array('Admin' => '2', 'Senior Developer' => '2', 'Junior Developer' => '1', 'Doc Writer' => '2', 'Support Tech' => '0'));
         // Administrative tasks
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_admin');
         $right->SetAllowedValues(array('0', '1'));
         $right->SetDefaultValues(array('Admin' => '1', 'Senior Developer' => '0', 'Junior Developer' => '0', 'Doc Writer' => '0', 'Support Tech' => '0'));
     } elseif ($hookname == "role_normalize") {
         $role =& $params['role'];
         $new_sa =& $params['new_sa'];
         $new_pa =& $params['new_pa'];
         $projects = $role->getLinkedProjects();
         foreach ($projects as $p) {
             $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_read', $p->getID());
             $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_edit', $p->getID());
             $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_upload', $p->getID());
             $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_admin', $p->getID());
         }
     } elseif ($hookname == "role_translate_strings") {
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_read');
         $right->setDescription(_('Mediawiki read access'));
         $right->setValueDescriptions(array('0' => _('No reading'), '1' => _('Read access')));
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_edit');
         $right->setDescription(_('Mediawiki write access'));
         $right->setValueDescriptions(array('0' => _('No editing'), '1' => _('Edit existing pages only'), '2' => _('Edit and create pages'), '3' => _('Edit, create, move, delete pages')));
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_upload');
         $right->setDescription(_('Mediawiki file upload'));
         $right->setValueDescriptions(array('0' => _('No uploading'), '1' => _('Upload permitted'), '2' => _('Upload and re-upload')));
         $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_admin');
         $right->setDescription(_('Mediawiki administrative tasks'));
         $right->setValueDescriptions(array('0' => _('No administrative access'), '1' => _('Edit interface, import XML dumps')));
     } elseif ($hookname == "role_get_setting") {
         $role = $params['role'];
         $reference = $params['reference'];
         $value = $params['value'];
         switch ($params['section']) {
             case 'plugin_mediawiki_read':
                 if ($role->hasPermission('project_admin', $reference)) {
                     $params['result'] = 1;
                 } else {
                     $params['result'] = $value;
                 }
                 break;
             case 'plugin_mediawiki_edit':
                 if ($role->hasPermission('project_admin', $reference)) {
                     $params['result'] = 3;
                 } else {
                     $params['result'] = $value;
                 }
                 break;
             case 'plugin_mediawiki_upload':
                 if ($role->hasPermission('project_admin', $reference)) {
                     $params['result'] = 2;
                 } else {
                     $params['result'] = $value;
                 }
                 break;
             case 'plugin_mediawiki_admin':
                 if ($role->hasPermission('project_admin', $reference)) {
                     $params['result'] = 1;
                 } else {
                     $params['result'] = $value;
                 }
                 break;
         }
     } elseif ($hookname == "role_has_permission") {
         $value = $params['value'];
         switch ($params['section']) {
             case 'plugin_mediawiki_read':
                 switch ($params['action']) {
                     case 'read':
                     default:
                         $params['result'] |= $value >= 1;
                         break;
                 }
                 break;
             case 'plugin_mediawiki_edit':
                 switch ($params['action']) {
                     case 'editexisting':
                         $params['result'] |= $value >= 1;
                         break;
                     case 'editnew':
                         $params['result'] |= $value >= 2;
                         break;
                     case 'editmove':
                         $params['result'] |= $value >= 3;
                         break;
                 }
                 break;
             case 'plugin_mediawiki_upload':
                 switch ($params['action']) {
                     case 'upload':
                         $params['result'] |= $value >= 1;
                         break;
                     case 'reupload':
                         $params['result'] |= $value >= 2;
                         break;
                 }
                 break;
             case 'plugin_mediawiki_admin':
                 switch ($params['action']) {
                     case 'admin':
                     default:
                         $params['result'] |= $value >= 1;
                         break;
                 }
                 break;
         }
     } elseif ($hookname == "list_roles_by_permission") {
         switch ($params['section']) {
             case 'plugin_mediawiki_read':
                 switch ($params['action']) {
                     case 'read':
                     default:
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1');
                         break;
                 }
                 break;
             case 'plugin_mediawiki_edit':
                 switch ($params['action']) {
                     case 'editexisting':
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1');
                         break;
                     case 'editnew':
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 2');
                         break;
                     case 'editmove':
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 3');
                         break;
                 }
                 break;
             case 'plugin_mediawiki_upload':
                 switch ($params['action']) {
                     case 'upload':
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1');
                         break;
                     case 'reupload':
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 2');
                         break;
                 }
                 break;
             case 'plugin_mediawiki_admin':
                 switch ($params['action']) {
                     case 'admin':
                     default:
                         $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1');
                         break;
                 }
                 break;
         }
     } elseif ($hookname == "project_admin_plugins") {
         $group_id = $params['group_id'];
         $group = group_get_object($group_id);
         if ($group->usesPlugin($this->name)) {
             echo util_make_link("/plugins/mediawiki/plugin_admin.php?group_id=" . $group->getID(), _("MediaWiki Plugin admin")) . "<br />";
         }
     } elseif ($hookname == "clone_project_from_template") {
         $template = $params['template'];
         $project = $params['project'];
         $id_mappings = $params['id_mappings'];
         $sections = array('plugin_mediawiki_read', 'plugin_mediawiki_edit', 'plugin_mediawiki_upload', 'plugin_mediawiki_admin');
         foreach ($template->getRoles() as $oldrole) {
             $newrole = RBACEngine::getInstance()->getRoleById($id_mappings['role'][$oldrole->getID()]);
             $oldsettings = $oldrole->getSettingsForProject($template);
             foreach ($sections as $section) {
                 if (isset($oldsettings[$section][$template->getID()])) {
                     $newrole->setSetting($section, $project->getID(), $oldsettings[$section][$template->getID()]);
                 }
             }
         }
     } elseif ($hookname == 'group_delete') {
         $projectId = $params['group_id'];
         $projectObject = group_get_object($projectId);
         if ($projectObject->usesPlugin($this->name)) {
             //delete the files and db schema
             $schema = 'plugin_mediawiki_' . $projectObject->getUnixName();
             // Sanitize schema name
             $schema = strtr($schema, "-", "_");
             db_query_params('drop schema $1 cascade', array($schema));
             exec('/bin/rm -rf ' . forge_get_config('projects_path', 'mediawiki') . '/' . $projectObject->getUnixName());
         }
     }
 }
Example #2
0
 private function _getRolesIdByAllowedAction($section, $reference, $action = NULL)
 {
     $result = array();
     $qpa = db_construct_qpa();
     $qpa = db_construct_qpa($qpa, 'SELECT role_id FROM pfo_role_setting WHERE section_name=$1 AND ref_id=$2 ', array($section, $reference));
     // Look for roles that are directly allowed to perform action
     switch ($section) {
         case 'forge_admin':
         case 'forge_read':
         case 'approve_projects':
         case 'approve_news':
         case 'project_admin':
         case 'project_read':
         case 'tracker_admin':
         case 'pm_admin':
         case 'forum_admin':
             $qpa = db_construct_qpa($qpa, 'AND perm_val = 1');
             break;
         case 'forge_stats':
             switch ($action) {
                 case 'ANY':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val != 0');
                     break;
                 case 'read':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 1');
                     break;
                 case 'admin':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 2');
                     break;
             }
             break;
         case 'scm':
             switch ($action) {
                 case 'ANY':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val != 0');
                     break;
                 case 'read':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 1');
                     break;
                 case 'write':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 2');
                     break;
             }
             break;
         case 'docman':
             switch ($action) {
                 case 'ANY':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val != 0');
                     break;
                 case 'read':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 1');
                     break;
                 case 'submit':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 2');
                     break;
                 case 'approve':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 3');
                     break;
                 case 'admin':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 4');
                     break;
             }
             break;
         case 'frs':
             switch ($action) {
                 case 'ANY':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val != 0');
                     break;
                 case 'read_public':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 1');
                     break;
                 case 'read_private':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 2');
                     break;
                 case 'write':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 3');
                     break;
             }
             break;
         case 'forum':
             switch ($action) {
                 case 'ANY':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val != 0');
                     break;
                 case 'read':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 1');
                     break;
                 case 'post':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 2');
                     break;
                 case 'unmoderated_post':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 3');
                     break;
                 case 'moderate':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val >= 4');
                     break;
             }
             break;
         case 'tracker':
         case 'pm':
             switch ($action) {
                 case 'ANY':
                     $qpa = db_construct_qpa($qpa, 'AND perm_val != 0');
                     break;
                 case 'read':
                     $qpa = db_construct_qpa($qpa, 'AND (perm_val & 1) = 1');
                     break;
                 case 'tech':
                     $qpa = db_construct_qpa($qpa, 'AND (perm_val & 2) = 2');
                     break;
                 case 'manager':
                     $qpa = db_construct_qpa($qpa, 'AND (perm_val & 4) = 4');
                     break;
             }
             break;
         default:
             $hook_params = array();
             $hook_params['section'] = $section;
             $hook_params['reference'] = $reference;
             $hook_params['action'] = $action;
             $hook_params['qpa'] = $qpa;
             $hook_params['result'] = $result;
             plugin_hook_by_reference("list_roles_by_permission", $hook_params);
             $qpa = $hook_params['qpa'];
             break;
     }
     $res = db_query_qpa($qpa);
     if (!$res) {
         $this->setError('RBACEngine::getRolesByAllowedAction()::' . db_error());
         return false;
     }
     while ($arr = db_fetch_array($res)) {
         $result[] = $arr['role_id'];
     }
     // Also look for roles that can perform the action because they're more powerful
     switch ($section) {
         case 'forge_read':
         case 'approve_projects':
         case 'approve_news':
         case 'forge_stats':
         case 'project_admin':
             $result = array_merge($result, $this->_getRolesIdByAllowedAction('forge_admin', -1));
             break;
         case 'project_read':
         case 'tracker_admin':
         case 'pm_admin':
         case 'forum_admin':
         case 'scm':
         case 'docman':
         case 'frs':
             $result = array_merge($result, $this->_getRolesIdByAllowedAction('project_admin', $reference));
             break;
         case 'tracker':
             if ($action != 'tech') {
                 $t = artifactType_get_object($reference);
                 $result = array_merge($result, $this->_getRolesIdByAllowedAction('tracker_admin', $t->Group->getID()));
             }
             break;
         case 'pm':
             if ($action != 'tech') {
                 $t = projectgroup_get_object($reference);
                 $result = array_merge($result, $this->_getRolesIdByAllowedAction('pm_admin', $t->Group->getID()));
             }
             break;
         case 'forum':
             $t = forum_get_object($reference);
             $result = array_merge($result, $this->_getRolesIdByAllowedAction('forum_admin', $t->Group->getID()));
             break;
         case 'new_tracker':
             if ($action != 'tech') {
                 $result = array_merge($result, $this->_getRolesIdByAllowedAction('tracker_admin', $reference));
             }
             break;
         case 'new_pm':
             if ($action != 'tech') {
                 $result = array_merge($result, $this->_getRolesIdByAllowedAction('pm_admin', $reference));
             }
             break;
         case 'new_forum':
             $t = forum_get_object($reference);
             $result = array_merge($result, $this->_getRolesIdByAllowedAction('forum_admin', $reference));
             break;
     }
     return array_unique($result);
 }