public function __construct(Project $project)
{
if (!$project->isPublic()) {
$this->mapping = array(ProjectUGroup::ANONYMOUS => ProjectUGroup::PROJECT_MEMBERS, ProjectUGroup::AUTHENTICATED => ProjectUGroup::PROJECT_MEMBERS, ProjectUGroup::REGISTERED => ProjectUGroup::PROJECT_MEMBERS);
} elseif (!ForgeConfig::areAnonymousAllowed()) {
$this->mapping[ProjectUGroup::ANONYMOUS] = ProjectUGroup::REGISTERED;
if (ForgeConfig::areRestrictedUsersAllowed() && $project->allowsRestricted()) {
$this->mapping[ProjectUGroup::ANONYMOUS] = ProjectUGroup::AUTHENTICATED;
$this->mapping[ProjectUGroup::AUTHENTICATED] = ProjectUGroup::AUTHENTICATED;
}
}
}
/**
* Check if the user can access the project $group,
* regarding the restricted access
*
* @param Object{Group} $group the Group object
* @return boolean true if the current session user has access to this project, false otherwise
*/
function checkRestrictedAccess($group)
{
if (ForgeConfig::areRestrictedUsersAllowed()) {
if ($group) {
$user = UserManager::instance()->getCurrentUser();
if ($user) {
if ($user->isRestricted()) {
return $group->userIsMember();
} else {
return true;
}
} else {
return false;
}
} else {
return false;
}
} else {
return true;
}
}
}
}
$project_manager->clearProjectFromCache($currentproject->getID());
$currentproject = $project_manager->getProject($currentproject->getID());
// update info for page
$res_grp = db_query("SELECT * FROM groups WHERE group_id='" . db_ei($group_id) . "'");
if (db_numrows($res_grp) < 1) {
exit_no_group();
}
$row_grp = db_fetch_array($res_grp);
$descfieldsvalue = $currentproject->getProjectsDescFieldsValue();
project_admin_header(array('title' => $Language->getText('project_admin_editgroupinfo', 'editing_g_info'), 'group' => $group_id, 'help' => 'project-admin.html#project-public-information'));
echo '<FORM action="?group_id=' . $group_id . '" method="post" id="project_info_form">';
$renderer = TemplateRendererFactory::build()->getRenderer(ForgeConfig::get('codendi_dir') . '/src/templates/project/');
if ($user_can_choose_visibility) {
$presenter = new ProjectVisibilityPresenter($Language, ForgeConfig::areRestrictedUsersAllowed(), $currentproject->getAccess());
echo $renderer->renderToString('project_visibility', $presenter);
}
if ($user_can_choose_truncated_emails) {
$truncated_mails_impacted_services = array();
$file_service = $currentproject->getService(Service::FILE);
if ($file_service) {
$truncated_mails_impacted_services[] = $file_service->getInternationalizedName();
}
$svn_service = $currentproject->getService(Service::SVN);
if ($svn_service) {
$truncated_mails_impacted_services[] = $svn_service->getInternationalizedName();
}
$presenter = new ProjectTruncatedEmailsPresenter($currentproject, $truncated_mails_impacted_services);
echo $renderer->renderToString('truncated_emails', $presenter);
}
/**
* SVNAccessFile definition for repository root
*
* Block access to non project members if:
* - project is private,
* - or SVN is private
* - or "restricted users" is enabled
*
* @see src/common/backend/BackendSVN#getSVNAccessRootPathDef($project)
*
* @param Project $project
*
* @return String
*/
function getSVNAccessRootPathDef($project)
{
$ldapPrjMgr = $this->getLDAPProjectManager();
if ($ldapPrjMgr->hasSVNLDAPAuth($project->getID())) {
$conf = "[/]\n";
if (!$project->isPublic() || $project->isSVNPrivate() || ForgeConfig::areRestrictedUsersAllowed()) {
$conf .= "* = \n";
} else {
$conf .= "* = r\n";
}
$conf .= "@members = rw\n";
return $conf;
} else {
return parent::getSVNAccessRootPathDef($project);
}
}
/**
* Check membership of the user to a specified ugroup
* $group_id is necessary for automatic project groups like project member, release admin, etc.
* $atid is necessary for trackers since the tracker admin role is different for each tracker.
* @return true if user is member of the ugroup, false otherwise.
*/
function ugroup_user_is_member($user_id, $ugroup_id, $group_id, $atid = 0)
{
$um = ugroup_get_user_manager();
$user =& $um->getUserById($user_id);
// Special Cases
if ($ugroup_id == $GLOBALS['UGROUP_NONE']) {
// Empty group
return false;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_ANONYMOUS']) {
// Anonymous user
return true;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_AUTHENTICATED']) {
// Registered user
return $user_id != 0;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && !ForgeConfig::areRestrictedUsersAllowed()) {
// Registered user
return $user_id != 0;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && ForgeConfig::areRestrictedUsersAllowed()) {
$user = UserManager::instance()->getUserById($user_id);
$called_script_handles_restricted = false;
$event_manager = EventManager::instance();
$script = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '';
$event_manager->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$called_script_handles_restricted, 'user' => $user, 'uri' => $script));
// Non-restricted user or restricted member in service that doesn't yet handle restricted users independently
return !$user->isRestricted() || !$called_script_handles_restricted;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_MEMBERS']) {
// Project members
if ($user->isMember($group_id)) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_FILE_MANAGER_ADMIN']) {
// File manager admins
if ($user->isMember($group_id, 'R2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_ADMIN']) {
// Document admin
if ($user->isMember($group_id, 'D2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_TECH']) {
// Document tech
if ($user->isMember($group_id, 'D1')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_WIKI_ADMIN']) {
// Wiki admins
if ($user->isMember($group_id, 'W2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_ADMIN']) {
// Project admins
if ($user->isMember($group_id, 'A')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_TRACKER_ADMIN']) {
// Tracker admins
$pm = ProjectManager::instance();
$group = $pm->getProject($group_id);
$at = new ArtifactType($group, $atid);
return $at->userIsAdmin($user_id);
} else {
// Normal ugroup
$sql = "SELECT * from ugroup_user where ugroup_id='" . db_ei($ugroup_id) . "' and user_id='" . db_ei($user_id) . "'";
$res = db_query($sql);
if (db_numrows($res) > 0) {
return true;
}
}
}
}
}
}
}
}
}
}
}
}
}
return false;
}
function display_account_form($register_error)
{
global $Language;
$request =& HTTPRequest::instance();
$purifier =& Codendi_HTMLPurifier::instance();
$page = $request->get('page');
if ($register_error) {
print "<p><blink><b><span class=\"feedback\">{$register_error}</span></b></blink>";
}
$star = '<span class="highlight"><big>*</big></span>';
$form_loginname = $request->exist('form_loginname') ? $purifier->purify($request->get('form_loginname')) : '';
$form_realname = $request->exist('form_realname') ? $purifier->purify($request->get('form_realname')) : '';
$form_email = $request->exist('form_email') ? $purifier->purify($request->get('form_email')) : '';
$form_expiry = $request->exist('form_expiry') ? $purifier->purify($request->get('form_expiry')) : '';
$form_mail_site = !$request->exist('form_mail_site') || $request->get('form_mail_site') == 1;
$form_restricted = ForgeConfig::areRestrictedUsersAllowed() && (!$request->exist('form_restricted') || $request->get('form_restricted') == 1);
$form_send_email = $request->get('form_send_email') == 1;
if ($request->exist('timezone') && is_valid_timezone($request->get('timezone'))) {
$timezone = $request->get('timezone');
} else {
$timezone = false;
}
$form_register_purpose = $request->exist('form_register_purpose') ? $purifier->purify($request->get('form_register_purpose')) : '';
if ($page == "admin_creation") {
$prefill = new Account_RegisterAdminPrefillValuesPresenter($form_loginname, $form_email, $form_realname, $form_register_purpose, $form_mail_site, $timezone, $form_restricted, $form_send_email);
$presenter = new Account_RegisterByAdminPresenter($prefill);
$template = 'register-admin';
} else {
$prefill = new Account_RegisterPrefillValuesPresenter($form_loginname, $form_email, $form_realname, $form_register_purpose, $form_mail_site, $timezone);
$presenter = new Account_RegisterByUserPresenter($prefill);
$template = 'register-user';
}
$renderer = TemplateRendererFactory::build()->getRenderer(ForgeConfig::get('codendi_dir') . '/src/templates/account/');
$renderer->renderToPage($template, $presenter);
}
function trove_get_visibility_for_user($field, PFUser $user)
{
if (ForgeConfig::areRestrictedUsersAllowed() && $user->isRestricted()) {
return $field . ' = "' . db_es(Project::ACCESS_PUBLIC_UNRESTRICTED) . '"';
} else {
return $field . ' != "' . db_es(Project::ACCESS_PRIVATE) . '"';
}
}
<select name="action_select" size="1">
<option value="validate" selected>' . $Language->getText('admin_approve_pending_users', 'validate') . '
<option value="activate">' . $Language->getText('admin_approve_pending_users', 'activate') . '
</select>
' . $Language->getText('admin_approve_pending_users', 'all_accounts') . ' ' . '
' . $Language->getText('admin_approve_pending_users', 'status') . '
<select name="status" size="1">
<option value="standard">' . $Language->getText('admin_approve_pending_users', 'status_standard') . '
<option value="restricted">' . $Language->getText('admin_approve_pending_users', 'status_restricted') . '
</select>
<INPUT TYPE="HIDDEN" NAME="list_of_users" VALUE="' . $user_list . '">
<INPUT type="submit" name="submit" value="' . $Language->getText('admin_approve_pending_users', 'ok') . '">
</FORM>
</TD>';
}
if ($GLOBALS['sys_user_approval'] == 1 && $page == ADMIN_APPROVE_PENDING_PAGE_PENDING && !ForgeConfig::areRestrictedUsersAllowed()) {
echo '<TD>
<FORM action="?page=' . $page . '" method="POST">
<select name="action_select" size="1">
<option value="validate" selected>' . $Language->getText('admin_approve_pending_users', 'validate') . '
<option value="activate">' . $Language->getText('admin_approve_pending_users', 'activate') . '
</select>
' . $Language->getText('admin_approve_pending_users', 'all_accounts') . '
<INPUT TYPE="HIDDEN" NAME="list_of_users" VALUE="' . $user_list . '">
<INPUT type="submit" name="submit" value="' . $Language->getText('admin_approve_pending_users', 'ok') . '">
</FORM>
</TD>';
}
echo '
</TR>
</TABLE>
/**
* Checks if the user can access the project $group,
* regarding the restricted access
*
* @param Project $group Affected project
* @param $user
*
* @return boolean true if the current session user has access to this project, false otherwise
*/
private function getRestrictedAccessForUserInGroup($group, $user)
{
if (ForgeConfig::areRestrictedUsersAllowed()) {
if ($group) {
if ($user) {
if ($user->isRestricted()) {
return $group->userIsMember();
} else {
return true;
}
} else {
return false;
}
} else {
return false;
}
} else {
return true;
}
}
/**
* @param Project $project
* @return User_ForgeUGroup[]
*/
public function getAllForProject(Project $project)
{
$user_groups = array();
if (ForgeConfig::areAnonymousAllowed() && $project->isPublic()) {
$user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::ANON);
}
if (ForgeConfig::areRestrictedUsersAllowed() && $project->allowsRestricted()) {
$user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::AUTHENTICATED);
}
if ($project->isPublic()) {
$user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::REGISTERED);
}
$user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::PROJECT_MEMBERS);
$user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::PROJECT_ADMINS);
return array_merge($user_groups, $this->getStaticByProject($project), array($this->getDynamicForgeUserGroupByName(User_ForgeUGroup::NOBODY)));
}
if ($request->valid($vUnixStatus)) {
$user->setUnixStatus($request->get('form_unixstatus'));
}
// New status must be valid AND user account must already be validated
// There are specific actions done in approve_pending scripts
$accountActivationEvent = null;
$vStatus = new Valid_WhiteList('form_status', $user->getAllWorkingStatus());
$vStatus->required();
if ($request->valid($vStatus) && in_array($user->getStatus(), $user->getAllWorkingStatus()) && $user->getStatus() != $request->get('form_status')) {
switch ($request->get('form_status')) {
case PFUser::STATUS_ACTIVE:
$user->setStatus($request->get('form_status'));
$accountActivationEvent = 'project_admin_activate_user';
break;
case PFUser::STATUS_RESTRICTED:
if (ForgeConfig::areRestrictedUsersAllowed()) {
$user->setStatus($request->get('form_status'));
// If the user had a shell, set it to restricted shell
if ($user->getShell() && $user->getShell() != "/bin/false" && $user->getShell() != "/sbin/nologin") {
$user->setShell($GLOBALS['codendi_bin_prefix'] . '/cvssh-restricted');
}
$accountActivationEvent = 'project_admin_activate_user';
}
break;
case PFUser::STATUS_DELETED:
$user->setStatus($request->get('form_status'));
$user->setUnixStatus($user->getStatus());
$accountActivationEvent = 'project_admin_delete_user';
break;
case PFUser::STATUS_SUSPENDED:
$user->setStatus($request->get('form_status'));
