public function runSetPermission(TBGRequest $request) { $i18n = TBGContext::getI18n(); if ($this->access_level == TBGSettings::ACCESS_FULL) { $uid = 0; $gid = 0; $tid = 0; switch ($request->getParameter('target_type')) { case 'user': $uid = $request->getParameter('item_id'); break; case 'group': $gid = $request->getParameter('item_id'); break; case 'team': $tid = $request->getParameter('item_id'); break; } switch ($request->getParameter('mode')) { case 'allowed': TBGContext::setPermission($request->getParameter('key'), $request->getParameter('target_id'), $request->getParameter('target_module'), $uid, $gid, $tid, true); break; case 'denied': TBGContext::setPermission($request->getParameter('key'), $request->getParameter('target_id'), $request->getParameter('target_module'), $uid, $gid, $tid, false); break; case 'unset': TBGContext::removePermission($request->getParameter('key'), $request->getParameter('target_id'), $request->getParameter('target_module'), $uid, $gid, $tid); break; } return $this->renderJSON(array('failed' => false, 'content' => $this->getComponentHTML('configuration/permissionsinfoitem', array('key' => $request->getParameter('key'), 'target_id' => $request->getParameter('target_id'), 'type' => $request->getParameter('target_type'), 'mode' => $request->getParameter('template_mode'), 'item_id' => $request->getParameter('item_id'), 'module' => $request->getParameter('target_module'), 'access_level' => $this->access_level)))); } return $this->renderJSON(array('failed' => true, "error" => $i18n->__("You don't have access to modify permissions"))); }
/** * Unlock the issue * * @param TBGRequest $request */ public function runLockIssue(TBGRequest $request) { if ($issue_id = $request['issue_id']) { try { $issue = TBGContext::factory()->TBGIssue($issue_id); if (!$issue->canEditIssueDetails()) { $this->forward403($this->getI18n()->__("You don't have access to update the issue access policy")); return; } $issue->setLocked(); $issue->save(); TBGContext::setPermission('canviewissue', $issue->getID(), 'core', 0, 0, 0, false); TBGContext::setPermission('canviewissue', $issue->getID(), 'core', $this->getUser()->getID(), 0, 0, true); $al_users = $request->getParameter('access_list_users', array()); $al_teams = $request->getParameter('access_list_teams', array()); $i_al = $issue->getAccessList(); foreach ($i_al as $k => $item) { if ($item['target'] instanceof TBGTeam) { $tid = $item['target']->getID(); if (array_key_exists($tid, $al_teams)) { unset($i_al[$k]); } else { TBGContext::removePermission('canviewissue', $issue->getID(), 'core', 0, 0, $tid); } } elseif ($item['target'] instanceof TBGUser) { $uid = $item['target']->getID(); if (array_key_exists($uid, $al_users)) { unset($i_al[$k]); } elseif ($uid != $this->getUser()->getID()) { TBGContext::removePermission('canviewissue', $issue->getID(), 'core', $uid, 0, 0); } } } foreach ($al_users as $uid) { TBGContext::setPermission('canviewissue', $issue->getID(), 'core', $uid, 0, 0, true); } foreach ($al_teams as $tid) { TBGContext::setPermission('canviewissue', $issue->getID(), 'core', 0, 0, $tid, true); } } catch (Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('message' => TBGContext::getI18n()->__('This issue does not exist'))); } } else { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('message' => TBGContext::getI18n()->__('This issue does not exist'))); } return $this->renderJSON(array('message' => $this->getI18n()->__('Issue access policy updated'))); }