コード例 #1
0
 /**
  * Set the permission for a ugroup on an item.
  *
  * The difficult part of the algorithm comes from two point:
  * - There is a hierarchy between ugroups (@see ugroup_get_parent)
  * - There is a hierarchy between permissions (READ < WRITE < MANAGE)
  *
  * Let's see a scenario:
  * I've selected WRITE permission for Registered users and READ permission for Project Members
  * => Project Members ARE registered users therefore they have WRITE permission.
  * => WRITE is stronger than READ permission.
  * So the permissions wich will be set are: WRITE for registered and WRITE for project members
  *
  * The force parameter must be set to true if you want to bypass permissions checking (@see permission_add_ugroup).
  * Pretty difficult to know if a user can update the permissions which does not exist for a new item...
  *
  * @param $group_id integer The id of the project
  * @param $item_id integer The id of the item
  * @param $permission_definition array The definission of the permission (pretty name, relations between perms, internal name, ...)
  * @param $old_permissions array The permissions before
  * @param &$done_permissions array The permissions after
  * @param $ugroup_id The ugroup_id we want to set permission now
  * @param $wanted_permissions array The permissions the user has asked
  * @param &$history array Does a permission has been set ?
  * @param $force boolean true if you want to bypass permissions checking (@see permission_add_ugroup).
  *
  * @access protected
  */
 function _setPermission($group_id, $item_id, $permission_definition, $old_permissions, &$done_permissions, $ugroup_id, $wanted_permissions, &$history, $force = false)
 {
     //Do nothing if we have already choose a permission for ugroup
     if (!isset($done_permissions[$ugroup_id])) {
         //if the ugroup has a parent
         if (($parent = ugroup_get_parent($ugroup_id)) !== false) {
             //first choose the permission for the parent
             $this->_setPermission($group_id, $item_id, $permission_definition, $old_permissions, $done_permissions, $parent, $wanted_permissions, $history, $force);
             //is there a conflict between given permissions?
             if ($parent = $this->_getBiggerOrEqualParent($permission_definition, $done_permissions, $parent, $wanted_permissions[$ugroup_id])) {
                 //warn the user that there was a conflict
                 $this->_controler->feedback->log('warning', $GLOBALS['Language']->getText('plugin_docman', 'warning_perms', array($old_permissions[$ugroup_id]['ugroup']['name'], $old_permissions[$parent]['ugroup']['name'], $permission_definition[$done_permissions[$parent]]['label'])));
                 //remove permissions which was set for the ugroup
                 if (count($old_permissions[$ugroup_id]['permissions'])) {
                     foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) {
                         permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id);
                         $history[$permission] = true;
                     }
                 }
                 //The permission is none (default) for this ugroup
                 $done_permissions[$ugroup_id] = 100;
             }
         }
         //If the permissions have not been set (no parent || no conflict)
         if (!isset($done_permissions[$ugroup_id])) {
             //remove permissions if needed
             $perms_cleared = false;
             if (count($old_permissions[$ugroup_id]['permissions'])) {
                 foreach ($old_permissions[$ugroup_id]['permissions'] as $permission => $nop) {
                     if ($permission != $permission_definition[$wanted_permissions[$ugroup_id]]['type']) {
                         //The permission has been changed
                         permission_clear_ugroup_object($group_id, $permission, $ugroup_id, $item_id);
                         $history[$permission] = true;
                         $perms_cleared = true;
                         $done_permissions[$ugroup_id] = 100;
                     } else {
                         //keep the old permission
                         $done_permissions[$ugroup_id] = Docman_PermissionsManager::getDefinitionIndexForPermission($permission);
                     }
                 }
             }
             //If the user set an explicit permission and there was no perms before or they have been removed
             if ($wanted_permissions[$ugroup_id] != 100 && (!count($old_permissions[$ugroup_id]['permissions']) || $perms_cleared)) {
                 //Then give the permission
                 $permission = $permission_definition[$wanted_permissions[$ugroup_id]]['type'];
                 permission_add_ugroup($group_id, $permission, $item_id, $ugroup_id, $force);
                 $history[$permission] = true;
                 $done_permissions[$ugroup_id] = $wanted_permissions[$ugroup_id];
             } else {
                 //else set none(default) permission
                 $done_permissions[$ugroup_id] = 100;
             }
         }
     }
 }
コード例 #2
0
function plugin_tracker_permission_process_update_fields_permissions($group_id, $atid, $fields, $permissions_wanted_by_user)
{
    //The actual permissions
    $stored_ugroups_permissions = plugin_tracker_permission_get_field_tracker_ugroups_permissions($group_id, $atid, $fields);
    $permissions_updated = false;
    //some special ugroup names
    $anonymous_name = $GLOBALS['Language']->getText('project_ugroup', ugroup_get_name_from_id($GLOBALS['UGROUP_ANONYMOUS']));
    $registered_name = $GLOBALS['Language']->getText('project_ugroup', ugroup_get_name_from_id($GLOBALS['UGROUP_REGISTERED']));
    //We process the request
    foreach ($permissions_wanted_by_user as $field_id => $ugroups_permissions) {
        if (is_numeric($field_id) && isset($stored_ugroups_permissions[$field_id])) {
            $the_field_can_be_submitted = $stored_ugroups_permissions[$field_id]['field']['field']->isSubmitable();
            $the_field_can_be_updated = $stored_ugroups_permissions[$field_id]['field']['field']->isUpdateable();
            $fake_object_id = $field_id;
            //small variables for history
            $add_submit_to_history = false;
            $add_read_to_history = false;
            $add_update_to_history = false;
            //We look for anonymous and registered users' permissions, both in the user's request and in the db
            $user_set_anonymous_to_submit = isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]) && isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['submit']) && $ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['submit'] === "on";
            $user_set_anonymous_to_read = isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]) && isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['others']) && $ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['others'] === "0";
            $user_set_anonymous_to_update = isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]) && isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['others']) && $ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['others'] === "1";
            $user_set_registered_to_submit = isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]) && isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['submit']) && $ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['submit'] === "on";
            $user_set_registered_to_read = isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]) && isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['others']) && $ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['others'] === "0";
            $user_set_registered_to_update = isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]) && isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['others']) && $ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['others'] === "1";
            $anonymous_is_already_set_to_submit = isset($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_ANONYMOUS']]['permissions']['PLUGIN_TRACKER_FIELD_SUBMIT']);
            $anonymous_is_already_set_to_read = isset($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_ANONYMOUS']]['permissions']['PLUGIN_TRACKER_FIELD_READ']);
            $anonymous_is_already_set_to_update = isset($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_ANONYMOUS']]['permissions']['PLUGIN_TRACKER_FIELD_UPDATE']);
            $registered_is_already_set_to_submit = isset($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_REGISTERED']]['permissions']['PLUGIN_TRACKER_FIELD_SUBMIT']);
            $registered_is_already_set_to_read = isset($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_REGISTERED']]['permissions']['PLUGIN_TRACKER_FIELD_READ']);
            $registered_is_already_set_to_update = isset($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_REGISTERED']]['permissions']['PLUGIN_TRACKER_FIELD_UPDATE']);
            //ANONYMOUS
            ////////////////////////////////////////////////////////////////
            //Firstly we set permissions for anonymous users
            if (isset($ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']])) {
                $ugroup_permissions = $ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']];
                //SUBMIT Permission
                //-----------------
                if ($the_field_can_be_submitted && !$anonymous_is_already_set_to_submit && $user_set_anonymous_to_submit) {
                    //if the ugroup is anonymous, we have to erase submit permissions for other ugroups
                    foreach ($stored_ugroups_permissions[$field_id]['ugroups'] as $stored_ugroup_id => $stored_ugroup_permissions) {
                        if ($stored_ugroup_id === $GLOBALS['UGROUP_ANONYMOUS']) {
                            permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $fake_object_id, $stored_ugroup_id);
                            $add_submit_to_history = true;
                            $anonymous_is_already_set_to_submit = true;
                        } else {
                            if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_SUBMIT']) && (!isset($ugroups_permissions[$stored_ugroup_id]) || !isset($ugroups_permissions[$stored_ugroup_id]['submit']) || $ugroups_permissions[$stored_ugroup_id]['submit'] !== "on")) {
                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_submit', array($stored_ugroup_permissions['ugroup']['name'], $anonymous_name)));
                                permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $stored_ugroup_id, $fake_object_id);
                                $add_submit_to_history = true;
                            }
                        }
                    }
                } else {
                    if ($anonymous_is_already_set_to_submit && !$user_set_anonymous_to_submit) {
                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $GLOBALS['UGROUP_ANONYMOUS'], $fake_object_id);
                        $add_submit_to_history = true;
                        $anonymous_is_already_set_to_submit = false;
                    }
                }
                //UPDATE Permission
                //---------------
                if ($the_field_can_be_updated && !$anonymous_is_already_set_to_update && $user_set_anonymous_to_update) {
                    //if the ugroup is anonymous, we have to erase submt permissions for other ugroups
                    foreach ($stored_ugroups_permissions[$field_id]['ugroups'] as $stored_ugroup_id => $stored_ugroup_permissions) {
                        if ($stored_ugroup_id === $GLOBALS['UGROUP_ANONYMOUS']) {
                            permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $fake_object_id, $stored_ugroup_id);
                            $add_update_to_history = true;
                            $anonymous_is_already_set_to_update = true;
                        } else {
                            if (!isset($ugroups_permissions[$stored_ugroup_id]) || !isset($ugroups_permissions[$stored_ugroup_id]['others']) || $ugroups_permissions[$stored_ugroup_id]['others'] !== "100") {
                                if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_UPDATE'])) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_update', array($stored_ugroup_permissions['ugroup']['name'], $anonymous_name)));
                                    permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $stored_ugroup_id, $fake_object_id);
                                    $add_update_to_history = true;
                                }
                                if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_READ'])) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_update', array($stored_ugroup_permissions['ugroup']['name'], $anonymous_name)));
                                    permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $stored_ugroup_id, $fake_object_id);
                                    $add_read_to_history = true;
                                }
                            }
                        }
                    }
                } else {
                    if ($anonymous_is_already_set_to_update && !$user_set_anonymous_to_update) {
                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $GLOBALS['UGROUP_ANONYMOUS'], $fake_object_id);
                        $add_update_to_history = true;
                        $anonymous_is_already_set_to_update = false;
                    }
                }
                //READ Permission
                //---------------
                if (!$anonymous_is_already_set_to_read && $user_set_anonymous_to_read) {
                    //if the ugroup is anonymous, we have to erase submit permissions for other ugroups
                    foreach ($stored_ugroups_permissions[$field_id]['ugroups'] as $stored_ugroup_id => $stored_ugroup_permissions) {
                        if ($stored_ugroup_id === $GLOBALS['UGROUP_ANONYMOUS']) {
                            permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_READ', $fake_object_id, $stored_ugroup_id);
                            $add_read_to_history = true;
                            $anonymous_is_already_set_to_read = true;
                        } else {
                            if (!isset($ugroups_permissions[$stored_ugroup_id]) || !isset($ugroups_permissions[$stored_ugroup_id]['others']) || $ugroups_permissions[$stored_ugroup_id]['others'] !== "100") {
                                if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_READ'])) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_read', array($stored_ugroup_permissions['ugroup']['name'], $anonymous_name)));
                                    permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $stored_ugroup_id, $fake_object_id);
                                    $add_read_to_history = true;
                                }
                            }
                        }
                    }
                } else {
                    if ($anonymous_is_already_set_to_read && !$user_set_anonymous_to_read) {
                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $GLOBALS['UGROUP_ANONYMOUS'], $fake_object_id);
                        $add_read_to_history = true;
                        $anonymous_is_already_set_to_read = false;
                    }
                }
            }
            //REGISTERED
            ////////////////////////////////////////////////////////////////
            //Secondly we set permissions for registered users
            if (isset($ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']])) {
                $ugroup_permissions = $ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']];
                //SUBMIT Permission
                //-----------------
                if ($the_field_can_be_submitted && !$registered_is_already_set_to_submit && $user_set_registered_to_submit) {
                    //if the ugroup is registered, we have to:
                    // 1. check consistency with current permissions for anonymous users
                    if ($user_set_anonymous_to_submit || $anonymous_is_already_set_to_submit) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_submit', array($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        // 2. erase submit permissions for other ugroups
                        foreach ($stored_ugroups_permissions[$field_id]['ugroups'] as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $fake_object_id, $stored_ugroup_id);
                                $add_submit_to_history = true;
                                $registered_is_already_set_to_submit = true;
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_SUBMIT']) && (!isset($ugroups_permissions[$stored_ugroup_id]) || !isset($ugroups_permissions[$stored_ugroup_id]['submit']) || $ugroups_permissions[$stored_ugroup_id]['submit'] !== "on")) {
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_submit', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $stored_ugroup_id, $fake_object_id);
                                        $add_submit_to_history = true;
                                    }
                                }
                            }
                        }
                    }
                } else {
                    if ($registered_is_already_set_to_submit && !$user_set_registered_to_submit) {
                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $GLOBALS['UGROUP_REGISTERED'], $fake_object_id);
                        $add_submit_to_history = true;
                        $registered_is_already_set_to_submit = false;
                    }
                }
                //UPDATE Permission
                //---------------
                if ($the_field_can_be_updated && !$registered_is_already_set_to_update && $user_set_registered_to_update) {
                    //if the ugroup is registered, we have to:
                    // 1. check consistency with current permissions for anonymous users
                    if ($user_set_anonymous_to_update || $anonymous_is_already_set_to_update) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_update', array($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        // 2. erase update permissions for other ugroups
                        foreach ($stored_ugroups_permissions[$field_id]['ugroups'] as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $fake_object_id, $stored_ugroup_id);
                                $add_update_to_history = true;
                                $registered_is_already_set_to_update = true;
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    //ugroups other than anonymous
                                    if (!isset($ugroups_permissions[$stored_ugroup_id]) || !isset($ugroups_permissions[$stored_ugroup_id]['others']) || $ugroups_permissions[$stored_ugroup_id]['others'] !== "100") {
                                        if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_UPDATE'])) {
                                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_update', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                            permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $stored_ugroup_id, $fake_object_id);
                                            $add_update_to_history = true;
                                        }
                                        if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_READ'])) {
                                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_update', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                            permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $stored_ugroup_id, $fake_object_id);
                                            $add_read_to_history = true;
                                        }
                                    }
                                }
                            }
                        }
                    }
                } else {
                    if ($registered_is_already_set_to_update && !$user_set_registered_to_update) {
                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $GLOBALS['UGROUP_REGISTERED'], $fake_object_id);
                        $add_update_to_history = true;
                        $registered_is_already_set_to_update = false;
                    }
                }
                //READ Permission
                //---------------
                if (!$registered_is_already_set_to_read && $user_set_registered_to_read) {
                    //if the ugroup is registered, we have to:
                    // 1. check consistency with current permissions for anonymous users
                    if ($user_set_anonymous_to_read || $anonymous_is_already_set_to_read || $anonymous_is_already_set_to_update) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_read', array($stored_ugroups_permissions[$field_id]['ugroups'][$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        // 2. erase read permissions for other ugroups
                        foreach ($stored_ugroups_permissions[$field_id]['ugroups'] as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_READ', $fake_object_id, $stored_ugroup_id);
                                $add_read_to_history = true;
                                $registered_is_already_set_to_read = true;
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    //ugroups other than anonymous
                                    if (!isset($ugroups_permissions[$stored_ugroup_id]) || !isset($ugroups_permissions[$stored_ugroup_id]['others']) || $ugroups_permissions[$stored_ugroup_id]['others'] !== "100") {
                                        if (isset($stored_ugroup_permissions['permissions']['PLUGIN_TRACKER_FIELD_READ'])) {
                                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_read', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                            permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $stored_ugroup_id, $fake_object_id);
                                            $add_read_to_history = true;
                                        }
                                    }
                                }
                            }
                        }
                    }
                } else {
                    if ($registered_is_already_set_to_read && !$user_set_registered_to_read) {
                        permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $GLOBALS['UGROUP_REGISTERED'], $fake_object_id);
                        $registered_is_already_set_to_read = false;
                    }
                }
            }
            //OTHER INSIGNIFIANT UGROUPS
            ////////////////////////////////////////////////////////////////
            foreach ($ugroups_permissions as $ugroup_id => $ugroup_permissions) {
                if (is_numeric($ugroup_id) && $ugroup_id != $GLOBALS['UGROUP_REGISTERED'] && $ugroup_id != $GLOBALS['UGROUP_ANONYMOUS']) {
                    $name_of_ugroup = $stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['ugroup']['name'];
                    //SUBMIT Permission
                    //-----------------
                    if ($the_field_can_be_submitted && !isset($stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['permissions']['PLUGIN_TRACKER_FIELD_SUBMIT']) && isset($ugroup_permissions['submit']) && $ugroup_permissions['submit'] === "on") {
                        //if the ugroup is not anonymous and not registered, we have to:
                        // check consistency with current permissions for anonymous users
                        // and current permissions for registered users
                        if ($user_set_anonymous_to_submit || $anonymous_is_already_set_to_submit) {
                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_submit', array($name_of_ugroup, $anonymous_name)));
                        } else {
                            if ($user_set_registered_to_submit || $registered_is_already_set_to_submit) {
                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_submit', array($name_of_ugroup, $registered_name)));
                            } else {
                                permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $fake_object_id, $ugroup_id);
                                $add_submit_to_history = true;
                            }
                        }
                    } else {
                        if (isset($stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['permissions']['PLUGIN_TRACKER_FIELD_SUBMIT']) && isset($ugroup_permissions['submit']) && $ugroup_permissions['submit'] !== "on") {
                            //If we don't have already clear the permissions
                            if (!$user_set_anonymous_to_submit && !$user_set_registered_to_submit) {
                                permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $ugroup_id, $fake_object_id);
                                $add_submit_to_history = true;
                            }
                        }
                    }
                    //UPDATE Permission
                    //-----------------
                    if ($the_field_can_be_updated && !isset($stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['permissions']['PLUGIN_TRACKER_FIELD_UPDATE']) && isset($ugroup_permissions['others']) && $ugroup_permissions['others'] === "1") {
                        //if the ugroup is not anonymous and not registered, we have to:
                        // check consistency with current permissions for anonymous users
                        // and current permissions for registered users
                        if ($user_set_anonymous_to_update || $anonymous_is_already_set_to_update) {
                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_update', array($name_of_ugroup, $anonymous_name)));
                        } else {
                            if ($user_set_registered_to_update || $registered_is_already_set_to_update) {
                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_update', array($name_of_ugroup, $registered_name)));
                            } else {
                                permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $fake_object_id, $ugroup_id);
                                $add_update_to_history = true;
                            }
                        }
                    } else {
                        if (isset($stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['permissions']['PLUGIN_TRACKER_FIELD_UPDATE']) && isset($ugroup_permissions['others']) && $ugroup_permissions['others'] !== "1") {
                            //If we don't have already clear the permissions
                            if (!$user_set_anonymous_to_update && !$user_set_registered_to_update) {
                                permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $ugroup_id, $fake_object_id);
                                $add_update_to_history = true;
                            }
                        }
                    }
                    //READ Permission
                    //-----------------
                    if (!isset($stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['permissions']['PLUGIN_TRACKER_FIELD_READ']) && isset($ugroup_permissions['others']) && $ugroup_permissions['others'] === "0") {
                        //if the ugroup is not anonymous and not registered, we have to:
                        // check consistency with current permissions for anonymous users
                        // and current permissions for registered users
                        if ($user_set_anonymous_to_read || $anonymous_is_already_set_to_read) {
                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_read', array($name_of_ugroup, $anonymous_name)));
                        } else {
                            if ($user_set_registered_to_read || $registered_is_already_set_to_read) {
                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_read', array($name_of_ugroup, $registered_name)));
                            } else {
                                if ($user_set_anonymous_to_update || $anonymous_is_already_set_to_update) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_anon_update', array($name_of_ugroup, $anonymous_name)));
                                } else {
                                    if ($user_set_registered_to_update || $registered_is_already_set_to_update) {
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'ignore_g_regis_update', array($name_of_ugroup, $registered_name)));
                                    } else {
                                        permission_add_ugroup($group_id, 'PLUGIN_TRACKER_FIELD_READ', $fake_object_id, $ugroup_id);
                                        $add_read_to_history = true;
                                    }
                                }
                            }
                        }
                    } else {
                        if (isset($stored_ugroups_permissions[$field_id]['ugroups'][$ugroup_id]['permissions']['PLUGIN_TRACKER_FIELD_READ']) && isset($ugroup_permissions['others']) && $ugroup_permissions['others'] !== "0") {
                            //If we don't have already clear the permissions
                            if (!$user_set_anonymous_to_read && !$user_set_registered_to_read) {
                                permission_clear_ugroup_object($group_id, 'PLUGIN_TRACKER_FIELD_READ', $ugroup_id, $fake_object_id);
                                $add_read_to_history = true;
                            }
                        }
                    }
                }
            }
            //history
            if ($add_submit_to_history) {
                permission_add_history($group_id, 'PLUGIN_TRACKER_FIELD_SUBMIT', $fake_object_id);
            }
            if ($add_read_to_history) {
                permission_add_history($group_id, 'PLUGIN_TRACKER_FIELD_READ', $fake_object_id);
            }
            if ($add_update_to_history) {
                permission_add_history($group_id, 'PLUGIN_TRACKER_FIELD_UPDATE', $fake_object_id);
            }
            if (!$permissions_updated && ($add_submit_to_history || $add_read_to_history || $add_update_to_history)) {
                $permissions_updated = true;
            }
        }
    }
    return $permissions_updated;
    //$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_userperms', 'perm_upd'));
}
コード例 #3
0
ファイル: permissions.php プロジェクト: pombredanne/tuleap
function permission_process_update_tracker_permissions($group_id, $atid, $permissions_wanted_by_user)
{
    //The user want to update permissions for the tracker.
    //We look into the request for specials variable
    $prefixe_expected = 'permissions_';
    $len_prefixe_expected = strlen($prefixe_expected);
    //some special ugroup names
    $anonymous_name = $GLOBALS['Language']->getText('project_ugroup', ugroup_get_name_from_id($GLOBALS['UGROUP_ANONYMOUS']));
    $registered_name = $GLOBALS['Language']->getText('project_ugroup', ugroup_get_name_from_id($GLOBALS['UGROUP_REGISTERED']));
    //small variables for history
    $add_full_to_history = false;
    $add_assignee_to_history = false;
    $add_submitter_to_history = false;
    //The actual permissions
    $stored_ugroups_permissions = permission_get_tracker_ugroups_permissions($group_id, $atid);
    //We look for anonymous and registered users' permissions, both in the user's request and in the db
    $user_set_anonymous_to_fullaccess = isset($_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_ANONYMOUS']]) && $_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_ANONYMOUS']] === "0";
    $user_set_registered_to_fullaccess = isset($_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_REGISTERED']]) && $_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_ANONYMOUS']] === "0";
    $anonymous_is_already_set_to_fullaccess = isset($stored_ugroups_permissions[$GLOBALS['UGROUP_ANONYMOUS']]['permissions']['TRACKER_ACCESS_FULL']);
    $registered_is_already_set_to_fullaccess = isset($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['permissions']['TRACKER_ACCESS_FULL']);
    $registered_is_already_set_to_assignee = isset($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['permissions']['TRACKER_ACCESS_ASSIGNEE']);
    $registered_is_already_set_to_submitter = isset($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['permissions']['TRACKER_ACCESS_SUBMITTER']);
    //ANONYMOUS
    ////////////////////////////////////////////////////////////////
    if (isset($_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_ANONYMOUS']])) {
        switch ($_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_ANONYMOUS']]) {
            case 0:
                //TRACKER_ACCESS_FULL
                //-------------------
                if (!$anonymous_is_already_set_to_fullaccess) {
                    foreach ($stored_ugroups_permissions as $stored_ugroup_id => $stored_ugroup_permissions) {
                        if ($stored_ugroup_id === $GLOBALS['UGROUP_ANONYMOUS']) {
                            permission_add_ugroup($group_id, 'TRACKER_ACCESS_FULL', $atid, $stored_ugroup_id);
                            $add_full_to_history = true;
                            $anonymous_is_already_set_to_fullaccess = true;
                        } else {
                            //We remove permissions for others ugroups
                            if (count($stored_ugroup_permissions['permissions']) > 0 && (!isset($_REQUEST[$prefixe_expected . $stored_ugroup_id]) || $_REQUEST[$prefixe_expected . $stored_ugroup_id] != 100)) {
                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($stored_ugroup_permissions['ugroup']['name'], $anonymous_name)));
                                if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_FULL'])) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $stored_ugroup_id, $atid);
                                    $add_full_to_history = true;
                                    if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                        $registered_is_already_set_to_fullaccess = false;
                                    }
                                }
                                if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $stored_ugroup_id, $atid);
                                    $add_assignee_to_history = true;
                                    if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                        $registered_is_already_set_to_assignee = false;
                                    }
                                }
                                if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $stored_ugroup_id, $atid);
                                    $add_submitter_to_history = true;
                                    if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                        $registered_is_already_set_to_submitter = false;
                                    }
                                }
                            }
                        }
                    }
                }
                break;
            case 1:
                //TRACKER_ACCESS_ASSIGNEE
                //-----------------------
                //forbidden, do nothing
                break;
            case 2:
                //TRACKER_ACCESS_SUBMITTER
                //------------------------
                //forbidden, do nothing
                break;
            case 3:
                //TRACKER_ACCESS_SUBMITTER && TRACKER_ACCESS_ASSIGNEE
                //---------------------------------------------------
                //forbidden, do nothing
                break;
            case 100:
                //NO ACCESS
                //---------
                if ($anonymous_is_already_set_to_fullaccess) {
                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $GLOBALS['UGROUP_ANONYMOUS'], $atid);
                    $add_submitter_to_history = true;
                    $anonymous_is_already_set_to_fullaccess = false;
                }
                break;
            default:
                //do nothing
                break;
        }
    }
    //REGISTERED
    ////////////////////////////////////////////////////////////////
    if (isset($_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_REGISTERED']])) {
        switch ($_REQUEST[$prefixe_expected . $GLOBALS['UGROUP_REGISTERED']]) {
            case 0:
                //TRACKER_ACCESS_FULL
                //-------------------
                if (!$registered_is_already_set_to_fullaccess) {
                    //It is not necessary to process if the anonymous has full access
                    if ($anonymous_is_already_set_to_fullaccess) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        foreach ($stored_ugroups_permissions as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                //We remove old permissions
                                if ($registered_is_already_set_to_assignee) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $stored_ugroup_id, $atid);
                                    $add_assignee_to_history = true;
                                    $registered_is_already_set_to_assignee = false;
                                }
                                if ($registered_is_already_set_to_submitter) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $stored_ugroup_id, $atid);
                                    $add_submitter_to_history = true;
                                    $registered_is_already_set_to_submitter = false;
                                }
                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_FULL', $atid, $stored_ugroup_id);
                                $add_full_to_history = true;
                                $registered_is_already_set_to_fullaccess = true;
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    //ugroups other than anonymous
                                    //We remove permissions for others ugroups
                                    if (count($stored_ugroup_permissions['permissions']) > 0 && (!isset($_REQUEST[$prefixe_expected . $stored_ugroup_id]) || $_REQUEST[$prefixe_expected . $stored_ugroup_id] != 100)) {
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_full', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                        if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_FULL'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $stored_ugroup_id, $atid);
                                            $add_full_to_history = true;
                                        }
                                        if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $stored_ugroup_id, $atid);
                                            $add_assignee_to_history = true;
                                        }
                                        if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $stored_ugroup_id, $atid);
                                            $add_submitter_to_history = true;
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                break;
            case 1:
                //TRACKER_ACCESS_ASSIGNEE
                //-----------------------
                if (!$registered_is_already_set_to_assignee) {
                    //It is not necessary to process if the anonymous has full access (anon can't have assignee or submitter access)
                    if ($anonymous_is_already_set_to_fullaccess) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        foreach ($stored_ugroups_permissions as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                //We remove old permissions
                                if ($registered_is_already_set_to_fullaccess) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $stored_ugroup_id, $atid);
                                    $add_full_to_history = true;
                                    $registered_is_already_set_to_fullaccess = false;
                                }
                                if ($registered_is_already_set_to_submitter) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $stored_ugroup_id, $atid);
                                    $add_submitter_to_history = true;
                                    $registered_is_already_set_to_submitter = false;
                                }
                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_ASSIGNEE', $atid, $stored_ugroup_id);
                                $registered_is_already_set_to_assignee = true;
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    //ugroups other than anonymous
                                    //We remove permissions for others ugroups if they have assignee
                                    if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_ASSIGNEE']) && !isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_SUBMITTER']) && (!isset($_REQUEST[$prefixe_expected . $stored_ugroup_id]) || $_REQUEST[$prefixe_expected . $stored_ugroup_id] != 100)) {
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_assignee', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                        permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $stored_ugroup_id, $atid);
                                        $add_assignee_to_history = true;
                                    }
                                }
                            }
                        }
                    }
                }
                break;
            case 2:
                //TRACKER_ACCESS_SUBMITTER
                //------------------------
                if (!$registered_is_already_set_to_submitter) {
                    //It is not necessary to process if the anonymous has full access (anon can't have assignee or submitter access)
                    if ($anonymous_is_already_set_to_fullaccess) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        foreach ($stored_ugroups_permissions as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                //We remove old permissions
                                if ($registered_is_already_set_to_fullaccess) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $stored_ugroup_id, $atid);
                                    $add_full_to_history = true;
                                    $registered_is_already_set_to_fullaccess = false;
                                }
                                if ($registered_is_already_set_to_assignee) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $stored_ugroup_id, $atid);
                                    $add_assignee_to_history = true;
                                    $registered_is_already_set_to_assignee = false;
                                }
                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_SUBMITTER', $atid, $stored_ugroup_id);
                                $add_submitter_to_history = true;
                                $registered_is_already_set_to_submitter = true;
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    //ugroups other than anonymous
                                    //We remove permissions for others ugroups if they have submitter
                                    if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_SUBMITTER']) && !isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_ASSIGNEE']) && (!isset($_REQUEST[$prefixe_expected . $stored_ugroup_id]) || $_REQUEST[$prefixe_expected . $stored_ugroup_id] != 100)) {
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_submitter', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                        permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $stored_ugroup_id, $atid);
                                        $add_submitter_to_history = true;
                                    }
                                }
                            }
                        }
                    }
                }
                break;
            case 3:
                //TRACKER_ACCESS_SUBMITTER && TRACKER_ACCESS_ASSIGNEE
                //---------------------------------------------------
                if (!($registered_is_already_set_to_submitter && $registered_is_already_set_to_assignee)) {
                    //It is not necessary to process if the anonymous has full access (anon can't have assignee or submitter access)
                    if ($anonymous_is_already_set_to_fullaccess) {
                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($stored_ugroups_permissions[$GLOBALS['UGROUP_REGISTERED']]['ugroup']['name'], $anonymous_name)));
                    } else {
                        foreach ($stored_ugroups_permissions as $stored_ugroup_id => $stored_ugroup_permissions) {
                            if ($stored_ugroup_id === $GLOBALS['UGROUP_REGISTERED']) {
                                //We remove old permissions
                                if ($registered_is_already_set_to_fullaccess) {
                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $stored_ugroup_id, $atid);
                                    $add_full_to_history = true;
                                    $registered_is_already_set_to_fullaccess = false;
                                }
                                if (!$registered_is_already_set_to_assignee) {
                                    permission_add_ugroup($group_id, 'TRACKER_ACCESS_ASSIGNEE', $atid, $stored_ugroup_id);
                                    $add_assignee_to_history = true;
                                    $registered_is_already_set_to_assignee = true;
                                }
                                if (!$registered_is_already_set_to_submitter) {
                                    permission_add_ugroup($group_id, 'TRACKER_ACCESS_SUBMITTER', $atid, $stored_ugroup_id);
                                    $add_submitter_to_history = true;
                                    $registered_is_already_set_to_submitter = true;
                                }
                            } else {
                                if ($stored_ugroup_id !== $GLOBALS['UGROUP_ANONYMOUS']) {
                                    //ugroups other than anonymous
                                    //We remove permissions for others ugroups if they have submitter or assignee
                                    if ((isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_SUBMITTER']) || isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_ASSIGNEE'])) && (!isset($_REQUEST[$prefixe_expected . $stored_ugroup_id]) || $_REQUEST[$prefixe_expected . $stored_ugroup_id] != 100)) {
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_submitter_assignee', array($stored_ugroup_permissions['ugroup']['name'], $registered_name)));
                                        if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $stored_ugroup_id, $atid);
                                            $add_submitter_to_history = true;
                                        }
                                        if (isset($stored_ugroup_permissions['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $stored_ugroup_id, $atid);
                                            $add_assignee_to_history = true;
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                break;
            case 100:
                //NO SPECIFIC ACCESS
                //------------------
                if ($registered_is_already_set_to_assignee) {
                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $GLOBALS['UGROUP_REGISTERED'], $atid);
                    $add_assignee_to_history = true;
                    $registered_is_already_set_to_assignee = false;
                }
                if ($registered_is_already_set_to_submitter) {
                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $GLOBALS['UGROUP_REGISTERED'], $atid);
                    $add_submitter_to_history = true;
                    $registered_is_already_set_to_submitter = false;
                }
                if ($registered_is_already_set_to_fullaccess) {
                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $GLOBALS['UGROUP_REGISTERED'], $atid);
                    $add_full_to_history = true;
                    $registered_is_already_set_to_fullaccess = false;
                }
                break;
            default:
                //do nothing
                break;
        }
    }
    //OTHERS INSIGNIFIANT UGROUPS
    ////////////////////////////////////////////////////////////////
    foreach ($_REQUEST as $key => $value) {
        $pos = strpos($key, $prefixe_expected);
        if ($pos !== false) {
            //We've just found a variable
            //We check now if the suffixe (id of ugroup) and the value is numeric values
            $suffixe = substr($key, $len_prefixe_expected);
            if (is_numeric($suffixe)) {
                $ugroup_id = $suffixe;
                if ($ugroup_id != $GLOBALS['UGROUP_ANONYMOUS'] && $ugroup_id != $GLOBALS['UGROUP_REGISTERED']) {
                    //already done.
                    $ugroup_name = $stored_ugroups_permissions[$ugroup_id]['ugroup']['name'];
                    switch ($value) {
                        case 0:
                            //TRACKER_FULL_ACCESS
                            //-------------------
                            if (!isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_FULL'])) {
                                if ($anonymous_is_already_set_to_fullaccess) {
                                    //It is not necessary to process if the anonymous has full access
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($ugroup_name, $anonymous_name)));
                                } else {
                                    if ($registered_is_already_set_to_fullaccess) {
                                        //It is not necessary to process if the registered has full access
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_full', array($ugroup_name, $registered_name)));
                                    } else {
                                        //We remove old permissions
                                        if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $ugroup_id, $atid);
                                            $add_assignee_to_history = true;
                                        }
                                        if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                            permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $ugroup_id, $atid);
                                            $add_submitter_to_history = true;
                                        }
                                        permission_add_ugroup($group_id, 'TRACKER_ACCESS_FULL', $atid, $ugroup_id);
                                        $add_full_to_history = true;
                                    }
                                }
                            }
                            break;
                        case 1:
                            //TRACKER_ACCESS_ASSIGNEE
                            //-----------------------
                            if (!isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                //It is not necessary to process if the anonymous has full access
                                if ($anonymous_is_already_set_to_fullaccess) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($ugroup_name, $anonymous_name)));
                                } else {
                                    if ($registered_is_already_set_to_fullaccess) {
                                        //It is not necessary to process if the registered has full access
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_full', array($ugroup_name, $registered_name)));
                                    } else {
                                        if ($registered_is_already_set_to_submitter && $registered_is_already_set_to_assignee) {
                                            //It is not necessary to process if the registered has submitter and assignee
                                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_submitter_assignee', array($ugroup_name, $registered_name)));
                                        } else {
                                            if ($registered_is_already_set_to_assignee) {
                                                //It is not necessary to process if the registered has assignee
                                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_assignee', array($ugroup_name, $registered_name)));
                                            } else {
                                                //We remove old permissions
                                                if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_FULL'])) {
                                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $ugroup_id, $atid);
                                                    $add_full_to_history = true;
                                                }
                                                if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $ugroup_id, $atid);
                                                    $add_submitter_to_history = true;
                                                }
                                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_ASSIGNEE', $atid, $ugroup_id);
                                                $add_assignee_to_history = true;
                                            }
                                        }
                                    }
                                }
                            }
                            break;
                        case 2:
                            //TRACKER_ACCESS_SUBMITTER
                            //------------------------
                            if (!isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                //It is not necessary to process if the anonymous has full access
                                if ($anonymous_is_already_set_to_fullaccess) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($ugroup_name, $anonymous_name)));
                                } else {
                                    if ($registered_is_already_set_to_fullaccess) {
                                        //It is not necessary to process if the registered has full access
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_full', array($ugroup_name, $registered_name)));
                                    } else {
                                        if ($registered_is_already_set_to_submitter && $registered_is_already_set_to_assignee) {
                                            //It is not necessary to process if the registered has submitter and assignee
                                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_submitter_assignee', array($ugroup_name, $registered_name)));
                                        } else {
                                            if ($registered_is_already_set_to_submitter) {
                                                //It is not necessary to process if the registered has submitter
                                                $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_submitter', array($ugroup_name, $registered_name)));
                                            } else {
                                                //We remove old permissions
                                                if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_FULL'])) {
                                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $ugroup_id, $atid);
                                                    $add_full_to_history = true;
                                                }
                                                if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                                    permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $ugroup_id, $atid);
                                                    $add_assignee_to_history = true;
                                                }
                                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_SUBMITTER', $atid, $ugroup_id);
                                                $add_submitter_to_history = true;
                                            }
                                        }
                                    }
                                }
                            }
                            break;
                        case 3:
                            //TRACKER_ACCESS_SUBMITTER && TRACKER_ACCESS_ASSIGNEE
                            //---------------------------------------------------
                            if (!(isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_ASSIGNEE']) && isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_SUBMITTER']))) {
                                //It is not necessary to process if the anonymous has full access
                                if ($anonymous_is_already_set_to_fullaccess) {
                                    $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_anon_full', array($ugroup_name, $anonymous_name)));
                                } else {
                                    if ($registered_is_already_set_to_fullaccess) {
                                        //It is not necessary to process if the registered has full access
                                        $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_full', array($ugroup_name, $registered_name)));
                                    } else {
                                        if ($registered_is_already_set_to_submitter && $registered_is_already_set_to_assignee) {
                                            //It is not necessary to process if the registered has submitter and assignee
                                            $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('tracker_admin_permissions', 'tracker_ignore_g_regis_submitter_assignee', array($ugroup_name, $registered_name)));
                                        } else {
                                            //We remove old permissions
                                            if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_FULL'])) {
                                                permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $ugroup_id, $atid);
                                                $add_full_to_history = true;
                                            }
                                            if (!isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_ASSIGNEE', $atid, $ugroup_id);
                                                $add_assignee_to_history = true;
                                            }
                                            if (!isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                                permission_add_ugroup($group_id, 'TRACKER_ACCESS_SUBMITTER', $atid, $ugroup_id);
                                                $add_submitter_to_history = true;
                                            }
                                        }
                                    }
                                }
                            }
                            break;
                        case 100:
                            //NO SPECIFIC ACCESS
                            //------------------
                            if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_FULL'])) {
                                permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_FULL', $ugroup_id, $atid);
                                $add_full_to_history = true;
                            }
                            if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_ASSIGNEE'])) {
                                permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_ASSIGNEE', $ugroup_id, $atid);
                                $add_assignee_to_history = true;
                            }
                            if (isset($stored_ugroups_permissions[$ugroup_id]['permissions']['TRACKER_ACCESS_SUBMITTER'])) {
                                permission_clear_ugroup_object($group_id, 'TRACKER_ACCESS_SUBMITTER', $ugroup_id, $atid);
                                $add_submitter_to_history = true;
                            }
                            break;
                        default:
                            //do nothing
                            break;
                    }
                }
            }
        }
    }
    //history
    if ($add_full_to_history) {
        permission_add_history($group_id, 'TRACKER_ACCESS_FULL', $atid);
    }
    if ($add_assignee_to_history) {
        permission_add_history($group_id, 'TRACKER_ACCESS_ASSIGNEE', $atid);
    }
    if ($add_submitter_to_history) {
        permission_add_history($group_id, 'TRACKER_ACCESS_SUBMITTER', $atid);
    }
    //feedback
    if ($add_full_to_history || $add_assignee_to_history || $add_submitter_to_history) {
        $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_userperms', 'perm_upd'));
    }
}