Example #1
0
 function testDump()
 {
     $p = new Pluf_Permission();
     $p->name = 'test permission';
     $p->code_name = 'test';
     $p->description = 'Simple test permission.';
     $p->application = 'Pluf';
     $p->create();
     $json = Pluf_Test_Fixture::dump('Pluf_Permission');
     $this->assertEqual('[{"model":"Pluf_Permission","pk":1,"fields":{"id":1,"name":"test permission","code_name":"test","description":"Simple test permission.","application":"Pluf"}}]', $json);
 }
Example #2
0
 public function save($commit = true)
 {
     if (!$this->isValid()) {
         throw new Exception(__('Cannot save the model from an invalid form.'));
     }
     // remove all the permissions
     $perm = Pluf_Permission::getFromString('IDF.project-authorized-user');
     $cm = $this->project->getMembershipData();
     $guser = new Pluf_User();
     foreach ($cm['authorized'] as $user) {
         Pluf_RowPermission::remove($user, $this->project, $perm);
     }
     if ($this->cleaned_data['private_project']) {
         foreach (preg_split("/\r\n|\r|\n|\\,/", $this->cleaned_data['authorized_users'], -1, PREG_SPLIT_NO_EMPTY) as $login) {
             $sql = new Pluf_SQL('login=%s', array(trim($login)));
             $users = $guser->getList(array('filter' => $sql->gen()));
             if ($users->count() == 1) {
                 Pluf_RowPermission::add($users[0], $this->project, $perm);
             }
         }
         $this->project->private = 1;
     } else {
         $this->project->private = 0;
     }
     $this->project->update();
     $this->project->membershipsUpdated();
 }
Example #3
0
function IDF_Migrations_6PrivateProject_down($params = null)
{
    $perm = Pluf_Permission::getFromString('IDF.project-authorized-user');
    if ($perm) {
        $perm->delete();
    }
    $table = Pluf::factory('IDF_Project')->getSqlTable();
    $sql = array();
    $sql['PostgreSQL'] = 'ALTER TABLE ' . $table . ' DROP COLUMN "private"';
    $sql['MySQL'] = 'ALTER TABLE ' . $table . ' DROP COLUMN `private`';
    $db = Pluf::db();
    $engine = Pluf::f('db_engine');
    if (!isset($sql[$engine])) {
        throw new Exception('SQLite complex migration not supported.');
    }
    $db->execute($sql[$engine]);
}
Example #4
0
 public static function remove($owner, $object, $perm)
 {
     if (!is_object($perm)) {
         $found = Pluf_Permission::getFromString($perm);
         if (false === $found) {
             throw new Exception(sprintf('The permission %s does not exist.', $perm));
         }
         $perm = $found;
     }
     $growp = new Pluf_RowPermission();
     $sql = new Pluf_SQL('owner_id=%s AND owner_class=%s AND model_id=%s AND model_class=%s AND permission=%s', array($owner->id, $owner->_a['model'], $object->id, $object->_a['model'], $perm->id));
     $perms = $growp->getList(array('filter' => $sql->gen()));
     foreach ($perms as $p) {
         $p->delete();
     }
     return true;
 }
Example #5
0
function IDF_Migrations_Install_teardown($params = null)
{
    $perm = Pluf_Permission::getFromString('IDF.project-member');
    if ($perm) {
        $perm->delete();
    }
    $perm = Pluf_Permission::getFromString('IDF.project-owner');
    if ($perm) {
        $perm->delete();
    }
    $perm = Pluf_Permission::getFromString('IDF.project-authorized-user');
    if ($perm) {
        $perm->delete();
    }
    $models = array('IDF_Gconf', 'IDF_Queue', 'IDF_Scm_Cache_Git', 'IDF_Key', 'IDF_Review_FileComment', 'IDF_Review_Comment', 'IDF_Review_Patch', 'IDF_Review', 'IDF_WikiRevision', 'IDF_WikiPage', 'IDF_Timeline', 'IDF_IssueFile', 'IDF_Search_Occ', 'IDF_Upload', 'IDF_Conf', 'IDF_IssueComment', 'IDF_Issue', 'IDF_Tag', 'IDF_Commit', 'IDF_Project');
    $db = Pluf::db();
    $schema = new Pluf_DB_Schema($db);
    foreach ($models as $model) {
        $schema->model = new $model();
        $schema->dropTables();
    }
}
Example #6
0
 /**
  * Get all the permissions of a user.
  *
  * @param bool Force the reload of the list of permissions (false)
  * @return array List of permissions
  */
 function getAllPermissions($force = false)
 {
     if ($force == false and !is_null($this->_cache_perms)) {
         return $this->_cache_perms;
     }
     $this->_cache_perms = array();
     $perms = (array) $this->get_permissions_list();
     $groups = $this->get_groups_list();
     $ids = array();
     foreach ($groups as $group) {
         $ids[] = $group->id;
     }
     if (count($ids) > 0) {
         $gperm = new Pluf_Permission();
         $f_name = strtolower(Pluf::f('pluf_custom_group', 'Pluf_Group')) . '_id';
         $perms = array_merge($perms, (array) $gperm->getList(array('filter' => $f_name . ' IN (' . join(', ', $ids) . ')', 'view' => 'join_group')));
     }
     foreach ($perms as $perm) {
         if (!in_array($perm->application . '.' . $perm->code_name, $this->_cache_perms)) {
             $this->_cache_perms[] = $perm->application . '.' . $perm->code_name;
         }
     }
     if (Pluf::f('pluf_use_rowpermission', false) and $this->id) {
         $growp = new Pluf_RowPermission();
         $sql = new Pluf_SQL('owner_id=%s AND owner_class=%s', array($this->id, 'Pluf_User'));
         if (count($ids) > 0) {
             $sql2 = new Pluf_SQL('owner_id IN (' . join(', ', $ids) . ') AND owner_class=%s', array(Pluf::f('pluf_custom_group', 'Pluf_Group')));
             $sql->SOr($sql2);
         }
         $perms = $growp->getList(array('filter' => $sql->gen(), 'view' => 'join_permission'));
         foreach ($perms as $perm) {
             $perm_string = $perm->application . '.' . $perm->code_name . '#' . $perm->model_class . '(' . $perm->model_id . ')';
             if ($perm->negative) {
                 $perm_string = '!' . $perm_string;
             }
             if (!in_array($perm_string, $this->_cache_perms)) {
                 $this->_cache_perms[] = $perm_string;
             }
         }
     }
     return $this->_cache_perms;
 }
Example #7
0
 /**
  * The update of the memberships is done in different places. This
  * avoids duplicating code.
  *
  * @param IDF_Project The project
  * @param array The new memberships data in 'owners' and 'members' keys
  */
 public static function updateMemberships($project, $cleaned_data)
 {
     // remove all the permissions
     $cm = $project->getMembershipData();
     $def = array('owners' => Pluf_Permission::getFromString('IDF.project-owner'), 'members' => Pluf_Permission::getFromString('IDF.project-member'));
     $guser = new Pluf_User();
     foreach ($def as $key => $perm) {
         foreach ($cm[$key] as $user) {
             Pluf_RowPermission::remove($user, $project, $perm);
         }
         foreach (preg_split("/\r\n|\r|\n|\\,/", $cleaned_data[$key], -1, PREG_SPLIT_NO_EMPTY) as $login) {
             $sql = new Pluf_SQL('login=%s', array(trim($login)));
             $users = $guser->getList(array('filter' => $sql->gen()));
             if ($users->count() == 1) {
                 Pluf_RowPermission::add($users[0], $project, $perm);
             }
         }
     }
 }
Example #8
0
 public function testRowPermission()
 {
     $user = new Pluf_User(1);
     $group = new Pluf_Group();
     $group->name = 'testRowPermission';
     $group->description = 'testRowPermission';
     $group->create();
     for ($i = 1; $i <= 5; $i++) {
         $mess = new Pluf_Message();
         $mess->user = $user;
         $mess->message = 'Dummy object to test against: ' . $i;
         $mess->create();
     }
     $perm = new Pluf_Permission();
     $perm->application = 'Pluf_RowPermission';
     $perm->code_name = 'test1';
     $perm->name = 'test1';
     $perm->description = 'test1';
     $perm->create();
     // Permission through group
     $mess = new Pluf_Message(1);
     Pluf_RowPermission::add($group, $mess, $perm);
     $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     $user->setAssoc($group);
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     $user->delAssoc($group);
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     $user->setAssoc($group);
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     Pluf_RowPermission::remove($group, $mess, $perm);
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     // Permission through direct user
     Pluf_RowPermission::add($user, $mess, $perm);
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     Pluf_RowPermission::remove($user, $mess, $perm);
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     // Using string for the permission.
     Pluf_RowPermission::add($user, $mess, 'Pluf_RowPermission.test1');
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
     Pluf_RowPermission::remove($user, $mess, 'Pluf_RowPermission.test1');
     $user->getAllPermissions(true);
     //reset the cache
     $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
 }
Example #9
0
 /**
  * Returns a list of projects accessible for the user.
  *
  * @param Pluf_User
  * @return ArrayObject IDF_Project
  */
 public static function getProjects($user)
 {
     $db =& Pluf::db();
     $false = Pluf_DB_BooleanToDb(false, $db);
     if ($user->isAnonymous()) {
         $sql = sprintf('%s=%s', $db->qn('private'), $false);
         return Pluf::factory('IDF_Project')->getList(array('filter' => $sql, 'order' => 'shortname ASC'));
     }
     if ($user->administrator) {
         return Pluf::factory('IDF_Project')->getList(array('order' => 'shortname ASC'));
     }
     // grab the list of projects where the user is admin, member
     // or authorized
     $perms = array(Pluf_Permission::getFromString('IDF.project-member'), Pluf_Permission::getFromString('IDF.project-owner'), Pluf_Permission::getFromString('IDF.project-authorized-user'));
     $sql = new Pluf_SQL("model_class='IDF_Project' AND owner_class='Pluf_User' AND owner_id=%s AND negative=" . $false, $user->id);
     $rows = Pluf::factory('Pluf_RowPermission')->getList(array('filter' => $sql->gen()));
     $sql = sprintf('%s=%s', $db->qn('private'), $false);
     if ($rows->count() > 0) {
         $ids = array();
         foreach ($rows as $row) {
             $ids[] = $row->model_id;
         }
         $sql .= sprintf(' OR id IN (%s)', implode(', ', $ids));
     }
     return Pluf::factory('IDF_Project')->getList(array('filter' => $sql, 'order' => 'shortname ASC'));
 }
Example #10
0
 /**
  * Return membership data.
  *
  * The array has 3 keys: 'members', 'owners' and 'authorized'.
  *
  * The list of users is only taken using the row level permission
  * table. That is, if you set a user as administrator, he will
  * have the member and owner rights but will not appear in the
  * lists.
  *
  * @param string Format ('objects'), 'string'.
  * @return mixed Array of Pluf_User or newline separated list of logins.
  */
 public function getMembershipData($fmt = 'objects')
 {
     $mperm = Pluf_Permission::getFromString('IDF.project-member');
     $operm = Pluf_Permission::getFromString('IDF.project-owner');
     $aperm = Pluf_Permission::getFromString('IDF.project-authorized-user');
     $grow = new Pluf_RowPermission();
     $db =& Pluf::db();
     $false = Pluf_DB_BooleanToDb(false, $db);
     $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $operm->id));
     $owners = new Pluf_Template_ContextVars(array());
     foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
         if ($fmt == 'objects') {
             $owners[] = Pluf::factory('Pluf_User', $row->owner_id);
         } else {
             $owners[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
         }
     }
     $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $mperm->id));
     $members = new Pluf_Template_ContextVars(array());
     foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
         if ($fmt == 'objects') {
             $members[] = Pluf::factory('Pluf_User', $row->owner_id);
         } else {
             $members[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
         }
     }
     $authorized = new Pluf_Template_ContextVars(array());
     if ($aperm != false) {
         $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $aperm->id));
         foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
             if ($fmt == 'objects') {
                 $authorized[] = Pluf::factory('Pluf_User', $row->owner_id);
             } else {
                 $authorized[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
             }
         }
     }
     if ($fmt == 'objects') {
         return new Pluf_Template_ContextVars(array('members' => $members, 'owners' => $owners, 'authorized' => $authorized));
     } else {
         return array('members' => implode("\n", (array) $members), 'owners' => implode("\n", (array) $owners), 'authorized' => implode("\n", (array) $authorized));
     }
 }