public function userIsGitAdmin(PFUser $user, Project $project) { $database_result = $this->getCurrentGitAdminPermissionsForProject($project); if (db_numrows($database_result) < 1) { $database_result = $this->getDefaultGitAdminPermissions(); } $has_permission = false; while (!$has_permission && ($row = db_fetch_array($database_result))) { $has_permission = ugroup_user_is_member($user->getId(), $row['ugroup_id'], $project->getID()); } return $has_permission; }
/** * @param int $user_id * @param int $ugroup_id * @param int $group_id * @return bool */ public function isDynamicUGroupMember($user_id, $ugroup_id, $group_id) { return ugroup_user_is_member($user_id, $ugroup_id, $group_id); }
/** * userCanView - determine if the user can view this artifact. * * @param $my_user_id if not specified, use the current user id.. * @return boolean user_can_view. */ function userCanView($my_user_id = 0) { if (!$my_user_id) { $u = UserManager::instance()->getCurrentUser(); $my_user_id = $u->getId(); } else { $u = UserManager::instance()->getUserById($my_user_id); } // Super-user and Tracker admin have all rights to see even artfact that are restricted to all users if ($u->isSuperUser() || $u->isTrackerAdmin($this->ArtifactType->getGroupID(), $this->ArtifactType->getID())) { return true; } //Individual artifact permission $can_access = !$this->useArtifactPermissions(); if (!$can_access) { $res = permission_db_authorized_ugroups('TRACKER_ARTIFACT_ACCESS', $this->getID()); if (db_numrows($res) > 0) { while ($row = db_fetch_array($res)) { if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { $can_access = true; } } } } if ($can_access) { // Full access $res = permission_db_authorized_ugroups('TRACKER_ACCESS_FULL', $this->ArtifactType->getID()); if (db_numrows($res) > 0) { while ($row = db_fetch_array($res)) { if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { return true; } } } // 'submitter' access $res = permission_db_authorized_ugroups('TRACKER_ACCESS_SUBMITTER', $this->ArtifactType->getID()); if (db_numrows($res) > 0) { while ($row = db_fetch_array($res)) { if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { // check that submitter is also a member if (ugroup_user_is_member($this->getSubmittedBy(), $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { return true; } } } } // 'assignee' access $res = permission_db_authorized_ugroups('TRACKER_ACCESS_ASSIGNEE', $this->ArtifactType->getID()); if (db_numrows($res) > 0) { while ($row = db_fetch_array($res)) { if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { // check that one of the assignees is also a member if (ugroup_user_is_member($this->getValue('assigned_to'), $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { return true; } // multi-assigned to $multi_assigned = $this->getMultiAssignedTo(); if (is_array($multi_assigned)) { foreach ($multi_assigned as $assigned) { if (ugroup_user_is_member($assigned, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) { return true; } } } } } } } return false; }
function ugroup_add_user_to_ugroup($group_id, $ugroup_id, $user_id) { if (!ugroup_user_is_member($user_id, $ugroup_id, $group_id)) { $sql = "INSERT INTO ugroup_user (ugroup_id, user_id) VALUES(" . db_ei($ugroup_id) . ", " . db_ei($user_id) . ")"; $res = db_query($sql); if (!$res) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'cant_update_ug', db_error())); } if ($rows = db_affected_rows($res)) { // Now log in project history $res = ugroup_db_get_ugroup($ugroup_id); group_add_history('upd_ug', '', $group_id, array(db_result($res, 0, 'name'))); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'ug_upd_success', array(db_result($res, 0, 'name'), 1))); // Raise event for ugroup modification EventManager::instance()->processEvent('project_admin_ugroup_add_user', array('group_id' => $group_id, 'ugroup_id' => $ugroup_id, 'user_id' => $user_id)); } } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'cant_insert_u_in_g', array($user_id, $ugroup_id, $GLOBALS['Language']->getText('project_admin_ugroup_utils', 'user_already_exist')))); } }
/** * Return true if the user has one of his ugroups with ADMIN permission on docman * @return boolean * @access protected */ function _isUserDocmanAdmin($user) { require_once 'www/project/admin/permissions.php'; $has_permission = false; $permission_type = 'PLUGIN_DOCMAN_ADMIN'; $object_id = $this->groupId; // permissions set for this object. $res = permission_db_authorized_ugroups($permission_type, (int) $object_id); if (db_numrows($res) < 1 && $permission_type == 'PLUGIN_DOCMAN_ADMIN') { // No ugroup defined => no permissions set => get default permissions only for admin permission $res = permission_db_get_defaults($permission_type); } while (!$has_permission && ($row = db_fetch_array($res))) { // should work even for anonymous users $has_permission = ugroup_user_is_member($user->getId(), $row['ugroup_id'], $this->groupId); } return $has_permission; }
/** * Check membership of the user to a specified ugroup * (call to old style ugroup_user_is_member in /src/www/project/admin ; here for unit tests purpose) * * @param int $ugroup_id the id of the ugroup * @param int $group_id the id of the project (is necessary for automatic project groups like project member, release admin, etc.) * @param int $tracker_id the id of the tracker (is necessary for trackers since the tracker admin role is different for each tracker.) * * @return boolean true if user is member of the ugroup, false otherwise. */ public function isMemberOfUGroup($ugroup_id, $group_id, $tracker_id = 0) { return ugroup_user_is_member($this->getId(), $ugroup_id, $group_id, $tracker_id); }
/** * Check permissions on the given object * * WARNING: don't use this method to check access permission on trackers ('TRACKER_ACCESS*' and 'TRACKER_FIELD*' permission types) * Why? because trackers don't use default permissions, and they need an additional parameter for field permissions. * * @param $permission_type defines the type of permission (e.g. "DOCUMENT_READ") * @param $object_id is the ID of the object we want to access (e.g. a docid) * @param $user_id is the ID of the user that want to access the object * @param $group_id is the group_id the object belongs to; useful for project-specific authorized ugroups (e.g. 'project admins') * @return true if user is authorized, false otherwise. */ function permission_is_authorized($permission_type, $object_id, $user_id, $group_id) { // Super-user has all rights... $u = UserManager::instance()->getUserById($user_id); if ($u->isSuperUser()) { return true; } $res = permission_db_authorized_ugroups($permission_type, $object_id); if (db_numrows($res) < 1) { // No ugroup defined => no permissions set => get default permissions $res = permission_db_get_defaults($permission_type); } // permissions set for this object. while ($row = db_fetch_array($res)) { // should work even for anonymous users if (ugroup_user_is_member($user_id, $row['ugroup_id'], $group_id)) { return true; } } return false; }
/** * userCanSubmit - determine if the user can submit an artifact (if he can submit a field). * Note that if there is no group explicitely auhtorized, access is denied (don't check default values) * * @param $my_user_id if not specified, use the current user id.. * @return boolean user_can_submit. */ function userCanSubmit($my_user_id = 0) { if (!$my_user_id) { // Super-user has all rights... if (user_is_super_user()) { return true; } $my_user_id = user_getid(); } else { $u = UserManager::instance()->getUserById($my_user_id); if ($u->isSuperUser()) { return true; } } // Select submit permissions for all fields $sql = "SELECT ugroup_id \n FROM permissions \n WHERE permission_type='TRACKER_FIELD_SUBMIT' \n AND object_id LIKE '" . db_ei($this->getID()) . "#%' \n GROUP BY ugroup_id"; $res = db_query($sql); if (db_numrows($res) > 0) { while ($row = db_fetch_array($res)) { // should work even for anonymous users if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->Group->getID(), $this->getID())) { return true; } } } return false; }