public function userIsGitAdmin(PFUser $user, Project $project)
{
$database_result = $this->getCurrentGitAdminPermissionsForProject($project);
if (db_numrows($database_result) < 1) {
$database_result = $this->getDefaultGitAdminPermissions();
}
$has_permission = false;
while (!$has_permission && ($row = db_fetch_array($database_result))) {
$has_permission = ugroup_user_is_member($user->getId(), $row['ugroup_id'], $project->getID());
}
return $has_permission;
}
/**
* @param int $user_id
* @param int $ugroup_id
* @param int $group_id
* @return bool
*/
public function isDynamicUGroupMember($user_id, $ugroup_id, $group_id)
{
return ugroup_user_is_member($user_id, $ugroup_id, $group_id);
}
/**
* userCanView - determine if the user can view this artifact.
*
* @param $my_user_id if not specified, use the current user id..
* @return boolean user_can_view.
*/
function userCanView($my_user_id = 0)
{
if (!$my_user_id) {
$u = UserManager::instance()->getCurrentUser();
$my_user_id = $u->getId();
} else {
$u = UserManager::instance()->getUserById($my_user_id);
}
// Super-user and Tracker admin have all rights to see even artfact that are restricted to all users
if ($u->isSuperUser() || $u->isTrackerAdmin($this->ArtifactType->getGroupID(), $this->ArtifactType->getID())) {
return true;
}
//Individual artifact permission
$can_access = !$this->useArtifactPermissions();
if (!$can_access) {
$res = permission_db_authorized_ugroups('TRACKER_ARTIFACT_ACCESS', $this->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
$can_access = true;
}
}
}
}
if ($can_access) {
// Full access
$res = permission_db_authorized_ugroups('TRACKER_ACCESS_FULL', $this->ArtifactType->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
}
}
// 'submitter' access
$res = permission_db_authorized_ugroups('TRACKER_ACCESS_SUBMITTER', $this->ArtifactType->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
// check that submitter is also a member
if (ugroup_user_is_member($this->getSubmittedBy(), $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
}
}
}
// 'assignee' access
$res = permission_db_authorized_ugroups('TRACKER_ACCESS_ASSIGNEE', $this->ArtifactType->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
// check that one of the assignees is also a member
if (ugroup_user_is_member($this->getValue('assigned_to'), $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
// multi-assigned to
$multi_assigned = $this->getMultiAssignedTo();
if (is_array($multi_assigned)) {
foreach ($multi_assigned as $assigned) {
if (ugroup_user_is_member($assigned, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
}
}
}
}
}
}
return false;
}
function ugroup_add_user_to_ugroup($group_id, $ugroup_id, $user_id)
{
if (!ugroup_user_is_member($user_id, $ugroup_id, $group_id)) {
$sql = "INSERT INTO ugroup_user (ugroup_id, user_id) VALUES(" . db_ei($ugroup_id) . ", " . db_ei($user_id) . ")";
$res = db_query($sql);
if (!$res) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'cant_update_ug', db_error()));
}
if ($rows = db_affected_rows($res)) {
// Now log in project history
$res = ugroup_db_get_ugroup($ugroup_id);
group_add_history('upd_ug', '', $group_id, array(db_result($res, 0, 'name')));
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'ug_upd_success', array(db_result($res, 0, 'name'), 1)));
// Raise event for ugroup modification
EventManager::instance()->processEvent('project_admin_ugroup_add_user', array('group_id' => $group_id, 'ugroup_id' => $ugroup_id, 'user_id' => $user_id));
}
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'cant_insert_u_in_g', array($user_id, $ugroup_id, $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'user_already_exist'))));
}
}
/**
* Return true if the user has one of his ugroups with ADMIN permission on docman
* @return boolean
* @access protected
*/
function _isUserDocmanAdmin($user)
{
require_once 'www/project/admin/permissions.php';
$has_permission = false;
$permission_type = 'PLUGIN_DOCMAN_ADMIN';
$object_id = $this->groupId;
// permissions set for this object.
$res = permission_db_authorized_ugroups($permission_type, (int) $object_id);
if (db_numrows($res) < 1 && $permission_type == 'PLUGIN_DOCMAN_ADMIN') {
// No ugroup defined => no permissions set => get default permissions only for admin permission
$res = permission_db_get_defaults($permission_type);
}
while (!$has_permission && ($row = db_fetch_array($res))) {
// should work even for anonymous users
$has_permission = ugroup_user_is_member($user->getId(), $row['ugroup_id'], $this->groupId);
}
return $has_permission;
}
/**
* Check membership of the user to a specified ugroup
* (call to old style ugroup_user_is_member in /src/www/project/admin ; here for unit tests purpose)
*
* @param int $ugroup_id the id of the ugroup
* @param int $group_id the id of the project (is necessary for automatic project groups like project member, release admin, etc.)
* @param int $tracker_id the id of the tracker (is necessary for trackers since the tracker admin role is different for each tracker.)
*
* @return boolean true if user is member of the ugroup, false otherwise.
*/
public function isMemberOfUGroup($ugroup_id, $group_id, $tracker_id = 0)
{
return ugroup_user_is_member($this->getId(), $ugroup_id, $group_id, $tracker_id);
}
/**
* Check permissions on the given object
*
* WARNING: don't use this method to check access permission on trackers ('TRACKER_ACCESS*' and 'TRACKER_FIELD*' permission types)
* Why? because trackers don't use default permissions, and they need an additional parameter for field permissions.
*
* @param $permission_type defines the type of permission (e.g. "DOCUMENT_READ")
* @param $object_id is the ID of the object we want to access (e.g. a docid)
* @param $user_id is the ID of the user that want to access the object
* @param $group_id is the group_id the object belongs to; useful for project-specific authorized ugroups (e.g. 'project admins')
* @return true if user is authorized, false otherwise.
*/
function permission_is_authorized($permission_type, $object_id, $user_id, $group_id)
{
// Super-user has all rights...
$u = UserManager::instance()->getUserById($user_id);
if ($u->isSuperUser()) {
return true;
}
$res = permission_db_authorized_ugroups($permission_type, $object_id);
if (db_numrows($res) < 1) {
// No ugroup defined => no permissions set => get default permissions
$res = permission_db_get_defaults($permission_type);
}
// permissions set for this object.
while ($row = db_fetch_array($res)) {
// should work even for anonymous users
if (ugroup_user_is_member($user_id, $row['ugroup_id'], $group_id)) {
return true;
}
}
return false;
}
/**
* userCanSubmit - determine if the user can submit an artifact (if he can submit a field).
* Note that if there is no group explicitely auhtorized, access is denied (don't check default values)
*
* @param $my_user_id if not specified, use the current user id..
* @return boolean user_can_submit.
*/
function userCanSubmit($my_user_id = 0)
{
if (!$my_user_id) {
// Super-user has all rights...
if (user_is_super_user()) {
return true;
}
$my_user_id = user_getid();
} else {
$u = UserManager::instance()->getUserById($my_user_id);
if ($u->isSuperUser()) {
return true;
}
}
// Select submit permissions for all fields
$sql = "SELECT ugroup_id \n FROM permissions \n WHERE permission_type='TRACKER_FIELD_SUBMIT' \n AND object_id LIKE '" . db_ei($this->getID()) . "#%' \n GROUP BY ugroup_id";
$res = db_query($sql);
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
// should work even for anonymous users
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->Group->getID(), $this->getID())) {
return true;
}
}
}
return false;
}
