/** * @return int[] */ private function getDefaultReadAccessControl(Project $project) { if ($project->isPublic()) { return array(ProjectUGroup::REGISTERED); } return array(ProjectUGroup::PROJECT_MEMBERS); }
public function __construct(Project $project) { if (!$project->isPublic()) { $this->mapping = array(ProjectUGroup::ANONYMOUS => ProjectUGroup::PROJECT_MEMBERS, ProjectUGroup::AUTHENTICATED => ProjectUGroup::PROJECT_MEMBERS, ProjectUGroup::REGISTERED => ProjectUGroup::PROJECT_MEMBERS); } elseif (!ForgeConfig::areAnonymousAllowed()) { $this->mapping[ProjectUGroup::ANONYMOUS] = ProjectUGroup::REGISTERED; if (ForgeConfig::areRestrictedUsersAllowed() && $project->allowsRestricted()) { $this->mapping[ProjectUGroup::ANONYMOUS] = ProjectUGroup::AUTHENTICATED; $this->mapping[ProjectUGroup::AUTHENTICATED] = ProjectUGroup::AUTHENTICATED; } } }
private function getIndexedUgroups(Project $project) { $ugroups = array(); $ugroup_manager = new UGroupManager(); $excluded_groups = array_merge(ProjectUGroup::$legacy_ugroups, array(ProjectUGroup::NONE, ProjectUGroup::ANONYMOUS)); if (!$project->isPublic()) { $excluded_groups = array_merge($excluded_groups, array(ProjectUGroup::REGISTERED)); } $all_ugroups = $ugroup_manager->getUGroups($project, $excluded_groups); foreach ($all_ugroups as $ugroup) { $ugroups[$ugroup->getId()] = $ugroup; } return $ugroups; }
private function exportProjectInfo(Project $project, SimpleXMLElement $project_node) { $access_value = $project->isPublic() ? Project::ACCESS_PUBLIC : Project::ACCESS_PRIVATE; $project_node->addAttribute('unix-name', $project->getUnixName()); $project_node->addAttribute('full-name', $project->getPublicName()); $project_node->addAttribute('description', $project->getDescription()); $project_node->addAttribute('access', $access_value); $project_node->addChild('long-description', ''); $services_node = $project_node->addChild('services'); foreach ($project->getServices() as $service) { $service_node = $services_node->addChild('service'); $service_node->addAttribute('shortname', $service->getShortName()); $service_node->addAttribute('enabled', $service->isUsed()); } }
/** * @param Project $project * @return User_ForgeUGroup[] */ public function getAllForProject(Project $project) { $user_groups = array(); if (ForgeConfig::areAnonymousAllowed() && $project->isPublic()) { $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::ANON); } if (ForgeConfig::areRestrictedUsersAllowed() && $project->allowsRestricted()) { $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::AUTHENTICATED); } if ($project->isPublic()) { $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::REGISTERED); } $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::PROJECT_MEMBERS); $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::PROJECT_ADMINS); return array_merge($user_groups, $this->getStaticByProject($project), array($this->getDynamicForgeUserGroupByName(User_ForgeUGroup::NOBODY))); }
/** * SVNAccessFile definition for repository root * * Block access to non project members if: * - project is private, * - or SVN is private * - or "restricted users" is enabled * * @see src/common/backend/BackendSVN#getSVNAccessRootPathDef($project) * * @param Project $project * * @return String */ function getSVNAccessRootPathDef($project) { $ldapPrjMgr = $this->getLDAPProjectManager(); if ($ldapPrjMgr->hasSVNLDAPAuth($project->getID())) { $conf = "[/]\n"; if (!$project->isPublic() || $project->isSVNPrivate() || ForgeConfig::areRestrictedUsersAllowed()) { $conf .= "* = \n"; } else { $conf .= "* = r\n"; } $conf .= "@members = rw\n"; return $conf; } else { return parent::getSVNAccessRootPathDef($project); } }
/** * Check ownership/mode/privacy of repository * * @param Project $project The project to work on * * @return boolean true if success */ public function checkSVNMode(Project $project) { $unix_group_name = $project->getUnixNameMixedCase(); $svnroot = $project->getSVNRootPath(); $is_private = !$project->isPublic() || $project->isSVNPrivate(); if ($is_private) { $perms = fileperms($svnroot); // 'others' should have no right on the repository if ($perms & 0x4 || $perms & 0x2 || $perms & 0x1 || $perms & 0x200) { $this->log("Restoring privacy on SVN dir: {$svnroot}", Backend::LOG_WARNING); $this->setSVNPrivacy($project, $is_private); } } // Sometimes, there might be a bad ownership on file (e.g. chmod failed, maintenance done as root...) $files_to_check = array('db/current', 'hooks/pre-commit', 'hooks/post-commit', 'db/rep-cache.db'); $need_owner_update = false; foreach ($files_to_check as $file) { // Get file stat if (file_exists("{$svnroot}/{$file}")) { $stat = stat("{$svnroot}/{$file}"); if ($stat['uid'] != $this->getHTTPUserUID() || $stat['gid'] != $project->getUnixGID()) { $need_owner_update = true; } } } if ($need_owner_update) { $this->log("Restoring ownership on SVN dir: {$svnroot}", Backend::LOG_INFO); $this->recurseChownChgrp($svnroot, $this->getHTTPUser(), $unix_group_name); $this->chown($svnroot, $this->getHTTPUser()); $this->chgrp($svnroot, $unix_group_name); system("chmod g+rw {$svnroot}"); } return true; }
protected function getProjectPrivacy(Project $project) { if ($project->isPublic()) { $privacy = 'public'; if (ForgeConfig::areAnonymousAllowed()) { $privacy .= '_w_anon'; } else { $privacy .= '_wo_anon'; } } else { $privacy = 'private'; } return $privacy; }
private function userIsNotMemberOfPrivateProject(PFUser $user, Project $project) { return !$user->isMember($project->getID()) && !$project->isPublic(); }
public function assertUserCanAccessProject(User $user, Project $project) { if ($project->isPublic() && $user->isRestricted() && !$user->isMember($project->getGroupId()) || !$project->isPublic() && !$user->isMember($project->getGroupId())) { throw new Exception('User do not have access to the project', '3002'); } }
private function filterWikiPagePermissionsAccordingToProject(Project $project, $ugroup_ids) { if (!$project->isPublic()) { $ugroup_ids = array_diff($ugroup_ids, $this->getNonProjectMembersGroups()); } return $ugroup_ids; }
public function getDefaultMappingsForProject(Project $project) { if ($project->isPublic()) { return self::$DEFAULT_MAPPING_PUBLIC_PROJECT; } else { return self::$DEFAULT_MAPPING_PRIVATE_PROJECT; } }
/** * SVNAccessFile definition for repository root * * Block access to non project members if: * - project is private, * - or SVN is private * - or "restricted users" is enabled * * @see src/common/backend/BackendSVN#getSVNAccessRootPathDef($project) * * @param Project $project * * @return String */ function getSVNAccessRootPathDef($project) { $ldapPrjMgr = $this->getLDAPProjectManager(); if ($ldapPrjMgr->hasSVNLDAPAuth($project->getID())) { $conf = "[/]\n"; if (!$project->isPublic() || $project->isSVNPrivate() || $GLOBALS['sys_allow_restricted_users'] == 1) { $conf .= "* = \n"; } else { $conf .= "* = r\n"; } $conf .= "@members = rw\n"; return $conf; } else { return parent::getSVNAccessRootPathDef($project); } }
/** * Check ownership/mode/privacy of repository * * @param Project $project The project to work on * * @return boolean true if success */ public function checkCVSMode($project) { $unix_group_name = $project->getUnixName(false); $cvsroot = $GLOBALS['cvs_prefix'] . '/' . $unix_group_name; $is_private = !$project->isPublic() || $project->isCVSPrivate(); if ($is_private) { $perms = fileperms($cvsroot); // 'others' should have no right on the repository if ($perms & 0x4 || $perms & 0x2 || $perms & 0x1 || $perms & 0x200) { $this->log("Restoring privacy on CVS dir: {$cvsroot}", Backend::LOG_WARNING); $this->setCVSPrivacy($project, $is_private); } } // Sometimes, there might be a bad ownership on file (e.g. chmod failed, maintenance done as root...) $files_to_check = array('CVSROOT/loginfo', 'CVSROOT/commitinfo', 'CVSROOT/config'); $need_owner_update = false; foreach ($files_to_check as $file) { if (file_exists($cvsroot . '/' . $file)) { // Get file stat $stat = stat("{$cvsroot}/{$file}"); if ($stat) { if ($stat['uid'] != $this->getHTTPUserUID() || $stat['gid'] != $project->getUnixGID()) { $need_owner_update = true; } } } else { $this->log("File not found in cvsroot: {$cvsroot}/{$file}", Backend::LOG_WARNING); } } if ($need_owner_update) { $this->log("Restoring ownership on CVS dir: {$cvsroot}", Backend::LOG_INFO); $this->changeRepoOwnership($cvsroot, $unix_group_name); $this->system('chmod g+rws ' . $cvsroot); } return true; }