/** * getRoles - Get the roles of the group. * * @return array Roles of this group. */ function getRoles() { $result = array(); $roles = $this->getRolesId(); if (USE_PFO_RBAC) { $engine = RBACEngine::getInstance(); foreach ($roles as $role_id) { $result[] = $engine->getRoleById($role_id); } } else { foreach ($roles as $role_id) { $result[] = new Role($this, $role_id); } } return $result; }
function forge_check_global_perm_for_user($user, $section, $action = NULL) { $engine = RBACEngine::getInstance(); return $engine->isGlobalActionAllowedForUser($user, $section, $action); }
function CallHook($hookname, &$params) { if (isset($params['group_id'])) { $group_id = $params['group_id']; } elseif (isset($params['group'])) { $group_id = $params['group']; } else { $group_id = null; } if ($hookname == "groupmenu") { $project = group_get_object($group_id); if (!$project || !is_object($project)) { return; } if ($project->isError()) { return; } if (!$project->isProject()) { return; } if ($project->usesPlugin($this->name)) { $params['TITLES'][] = $this->text; $params['DIRS'][] = util_make_url('/plugins/mediawiki/wiki/' . $project->getUnixName() . '/index.php'); $params['ADMIN'][] = ''; $params['TOOLTIPS'][] = _('Mediawiki Space'); } $params['toptab'] == $this->name ? $params['selected'] = count($params['TITLES']) - 1 : ''; } elseif ($hookname == "groupisactivecheckbox") { //Check if the group is active // this code creates the checkbox in the project edit public info page to activate/deactivate the plugin $group = group_get_object($group_id); echo "<tr>"; echo "<td>"; echo ' <input type="checkbox" name="use_mediawikiplugin" value="1" '; // checked or unchecked? if ($group->usesPlugin($this->name)) { echo "checked"; } echo " /><br/>"; echo "</td>"; echo "<td>"; echo "<strong>Use " . $this->text . " Plugin</strong>"; echo "</td>"; echo "</tr>"; } elseif ($hookname == "groupisactivecheckboxpost") { // this code actually activates/deactivates the plugin after the form was submitted in the project edit public info page $group = group_get_object($group_id); $use_mediawikiplugin = getStringFromRequest('use_mediawikiplugin'); if ($use_mediawikiplugin == 1) { $group->setPluginUse($this->name); } else { $group->setPluginUse($this->name, false); } } elseif ($hookname == "project_public_area") { $project = group_get_object($group_id); if (!$project || !is_object($project)) { return; } if ($project->isError()) { return; } if (!$project->isProject()) { return; } if ($project->usesPlugin($this->name)) { echo '<div class="public-area-box">'; print '<a href="' . util_make_url('/plugins/mediawiki/wiki/' . $project->getUnixName() . '/index.php') . '">'; print html_abs_image(util_make_url('/plugins/mediawiki/wiki/' . $project->getUnixName() . '/skins/fusionforge/wiki.png'), '20', '20', array('alt' => 'Mediawiki')); print ' Mediawiki'; print '</a>'; echo '</div>'; } } elseif ($hookname == "role_get") { $role =& $params['role']; // Read access $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_read'); $right->SetAllowedValues(array('0', '1')); $right->SetDefaultValues(array('Admin' => '1', 'Senior Developer' => '1', 'Junior Developer' => '1', 'Doc Writer' => '1', 'Support Tech' => '1')); // Edit privileges $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_edit'); $right->SetAllowedValues(array('0', '1', '2', '3')); $right->SetDefaultValues(array('Admin' => '3', 'Senior Developer' => '2', 'Junior Developer' => '1', 'Doc Writer' => '3', 'Support Tech' => '0')); // File upload privileges $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_upload'); $right->SetAllowedValues(array('0', '1', '2')); $right->SetDefaultValues(array('Admin' => '2', 'Senior Developer' => '2', 'Junior Developer' => '1', 'Doc Writer' => '2', 'Support Tech' => '0')); // Administrative tasks $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_admin'); $right->SetAllowedValues(array('0', '1')); $right->SetDefaultValues(array('Admin' => '1', 'Senior Developer' => '0', 'Junior Developer' => '0', 'Doc Writer' => '0', 'Support Tech' => '0')); } elseif ($hookname == "role_normalize") { $role =& $params['role']; $new_sa =& $params['new_sa']; $new_pa =& $params['new_pa']; $projects = $role->getLinkedProjects(); foreach ($projects as $p) { $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_read', $p->getID()); $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_edit', $p->getID()); $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_upload', $p->getID()); $role->normalizePermsForSection($new_pa, 'plugin_mediawiki_admin', $p->getID()); } } elseif ($hookname == "role_translate_strings") { $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_read'); $right->setDescription(_('Mediawiki read access')); $right->setValueDescriptions(array('0' => _('No reading'), '1' => _('Read access'))); $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_edit'); $right->setDescription(_('Mediawiki write access')); $right->setValueDescriptions(array('0' => _('No editing'), '1' => _('Edit existing pages only'), '2' => _('Edit and create pages'), '3' => _('Edit, create, move, delete pages'))); $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_upload'); $right->setDescription(_('Mediawiki file upload')); $right->setValueDescriptions(array('0' => _('No uploading'), '1' => _('Upload permitted'), '2' => _('Upload and re-upload'))); $right = new PluginSpecificRoleSetting($role, 'plugin_mediawiki_admin'); $right->setDescription(_('Mediawiki administrative tasks')); $right->setValueDescriptions(array('0' => _('No administrative access'), '1' => _('Edit interface, import XML dumps'))); } elseif ($hookname == "role_get_setting") { $role = $params['role']; $reference = $params['reference']; $value = $params['value']; switch ($params['section']) { case 'plugin_mediawiki_read': if ($role->hasPermission('project_admin', $reference)) { $params['result'] = 1; } else { $params['result'] = $value; } break; case 'plugin_mediawiki_edit': if ($role->hasPermission('project_admin', $reference)) { $params['result'] = 3; } else { $params['result'] = $value; } break; case 'plugin_mediawiki_upload': if ($role->hasPermission('project_admin', $reference)) { $params['result'] = 2; } else { $params['result'] = $value; } break; case 'plugin_mediawiki_admin': if ($role->hasPermission('project_admin', $reference)) { $params['result'] = 1; } else { $params['result'] = $value; } break; } } elseif ($hookname == "role_has_permission") { $value = $params['value']; switch ($params['section']) { case 'plugin_mediawiki_read': switch ($params['action']) { case 'read': default: $params['result'] |= $value >= 1; break; } break; case 'plugin_mediawiki_edit': switch ($params['action']) { case 'editexisting': $params['result'] |= $value >= 1; break; case 'editnew': $params['result'] |= $value >= 2; break; case 'editmove': $params['result'] |= $value >= 3; break; } break; case 'plugin_mediawiki_upload': switch ($params['action']) { case 'upload': $params['result'] |= $value >= 1; break; case 'reupload': $params['result'] |= $value >= 2; break; } break; case 'plugin_mediawiki_admin': switch ($params['action']) { case 'admin': default: $params['result'] |= $value >= 1; break; } break; } } elseif ($hookname == "list_roles_by_permission") { switch ($params['section']) { case 'plugin_mediawiki_read': switch ($params['action']) { case 'read': default: $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1'); break; } break; case 'plugin_mediawiki_edit': switch ($params['action']) { case 'editexisting': $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1'); break; case 'editnew': $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 2'); break; case 'editmove': $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 3'); break; } break; case 'plugin_mediawiki_upload': switch ($params['action']) { case 'upload': $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1'); break; case 'reupload': $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 2'); break; } break; case 'plugin_mediawiki_admin': switch ($params['action']) { case 'admin': default: $params['qpa'] = db_construct_qpa($params['qpa'], ' AND perm_val >= 1'); break; } break; } } elseif ($hookname == "project_admin_plugins") { $group_id = $params['group_id']; $group = group_get_object($group_id); if ($group->usesPlugin($this->name)) { echo util_make_link("/plugins/mediawiki/plugin_admin.php?group_id=" . $group->getID(), _("MediaWiki Plugin admin")) . "<br />"; } } elseif ($hookname == "clone_project_from_template") { $template = $params['template']; $project = $params['project']; $id_mappings = $params['id_mappings']; $sections = array('plugin_mediawiki_read', 'plugin_mediawiki_edit', 'plugin_mediawiki_upload', 'plugin_mediawiki_admin'); foreach ($template->getRoles() as $oldrole) { $newrole = RBACEngine::getInstance()->getRoleById($id_mappings['role'][$oldrole->getID()]); $oldsettings = $oldrole->getSettingsForProject($template); foreach ($sections as $section) { if (isset($oldsettings[$section][$template->getID()])) { $newrole->setSetting($section, $project->getID(), $oldsettings[$section][$template->getID()]); } } } } elseif ($hookname == 'group_delete') { $projectId = $params['group_id']; $projectObject = group_get_object($projectId); if ($projectObject->usesPlugin($this->name)) { //delete the files and db schema $schema = 'plugin_mediawiki_' . $projectObject->getUnixName(); // Sanitize schema name $schema = strtr($schema, "-", "_"); db_query_params('drop schema $1 cascade', array($schema)); exec('/bin/rm -rf ' . forge_get_config('projects_path', 'mediawiki') . '/' . $projectObject->getUnixName()); } } }
/** * Outputs user's FOAF profile * @param unknown_type $params */ function content_negociated_user_home(&$params) { $username = $params['username']; $accept = $params['accept']; if ($accept == 'application/rdf+xml') { $params['content_type'] = 'application/rdf+xml'; $user_obj = user_get_object_by_name($username); $user_real_name = $user_obj->getRealName(); $user_email = $user_obj->getEmail(); $mbox = 'mailto:' . $user_email; $mbox_sha1sum = sha1($mbox); $projects = $user_obj->getGroups(); sortProjectList($projects); $roles = RBACEngine::getInstance()->getAvailableRolesForUser($user_obj); sortRoleList($roles); // Construct an ARC2_Resource containing the project's RDF (DOAP) description $ns = array('rdf' => 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', 'rdfs' => 'http://www.w3.org/2000/01/rdf-schema#', 'foaf' => 'http://xmlns.com/foaf/0.1/', 'sioc' => 'http://rdfs.org/sioc/ns#', 'doap' => 'http://usefulinc.com/ns/doap#', 'dcterms' => 'http://purl.org/dc/terms/', 'planetforge' => 'http://coclico-project.org/ontology/planetforge#'); $conf = array('ns' => $ns); // First, let's deal with the account $account_res = ARC2::getResource($conf); $account_uri = util_make_url_u($username, $user_obj->getID()); $account_uri = rtrim($account_uri, '/'); $person_uri = $account_uri . '#person'; $account_res->setURI($account_uri); // $account_res->setRel('rdf:type', 'foaf:OnlineAccount'); rdfutils_setPropToUri($account_res, 'rdf:type', 'foaf:OnlineAccount'); rdfutils_setPropToUri($account_res, 'foaf:accountServiceHomepage', $account_uri . '/'); $account_res->setProp('foaf:accountName', $username); rdfutils_setPropToUri($account_res, 'sioc:account_of', $person_uri); rdfutils_setPropToUri($account_res, 'foaf:accountProfilePage', $account_uri); $groups_index = array(); $projects_index = array(); $roles_index = array(); $usergroups_uris = array(); // see if there were any groups if (count($projects) >= 1) { foreach ($projects as $p) { // TODO : report also private projects if authenticated, for instance through OAuth if ($p->isPublic()) { $project_link = util_make_link_g($p->getUnixName(), $p->getID(), $p->getPublicName()); $project_uri = util_make_url_g($p->getUnixName(), $p->getID()); // sioc:UserGroups for all members of a project are named after /projects/A_PROJECT/members/ $usergroup_uri = $project_uri . 'members/'; $role_names = array(); $usergroups_uris[] = $usergroup_uri; $usergroup_res = ARC2::getResource($conf); $usergroup_res->setURI($usergroup_uri); rdfutils_setPropToUri($usergroup_res, 'rdf:type', 'sioc:UserGroup'); rdfutils_setPropToUri($usergroup_res, 'sioc:usergroup_of', $project_uri); $roles_uris = array(); foreach ($roles as $r) { if ($r instanceof RoleExplicit && $r->getHomeProject() != NULL && $r->getHomeProject()->getID() == $p->getID()) { $role_names[$r->getID()] = $r->getName(); $role_uri = $project_uri . 'roles/' . $r->getID(); $roles_uris[] = $role_uri; } } rdfutils_setPropToUri($usergroup_res, 'planetforge:group_has_function', $roles_uris); $project_res = ARC2::getResource($conf); $project_res->setURI($project_uri); rdfutils_setPropToUri($project_res, 'rdf:type', 'planetforge:ForgeProject'); $project_res->setProp('doap:name', $p->getUnixName()); $projects_index = ARC2::getMergedIndex($projects_index, $project_res->index); foreach ($role_names as $id => $name) { $role_res = ARC2::getResource($conf); $role_res->setURI($project_uri . 'roles/' . $id); rdfutils_setPropToUri($role_res, 'rdf:type', 'sioc:Role'); $role_res->setProp('sioc:name', $name); $roles_index = ARC2::getMergedIndex($roles_index, $role_res->index); } $groups_index = ARC2::getMergedIndex($groups_index, $usergroup_res->index); } } } // end if groups rdfutils_setPropToUri($account_res, 'sioc:member_of', $usergroups_uris); // next, deal with the person $person_res = ARC2::getResource($conf); $person_res->setURI($person_uri); rdfutils_setPropToUri($person_res, 'rdf:type', 'foaf:Person'); $person_res->setProp('foaf:name', $user_real_name); rdfutils_setPropToUri($person_res, 'foaf:holdsAccount', $account_uri); $person_res->setProp('foaf:mbox_sha1sum', $mbox_sha1sum); // merge the two sets of triples $merged_index = ARC2::getMergedIndex($account_res->index, $person_res->index); $merged_index = ARC2::getMergedIndex($merged_index, $groups_index); $merged_index = ARC2::getMergedIndex($merged_index, $projects_index); $merged_index = ARC2::getMergedIndex($merged_index, $roles_index); $conf = array('ns' => $ns, 'serializer_type_nodes' => true); $ser = ARC2::getRDFXMLSerializer($conf); /* Serialize a resource index */ $doc = $ser->getSerializedIndex($merged_index); $params['content'] = $doc . "\n"; } }