public function __construct(Project $project) { if (!$project->isPublic()) { $this->mapping = array(ProjectUGroup::ANONYMOUS => ProjectUGroup::PROJECT_MEMBERS, ProjectUGroup::AUTHENTICATED => ProjectUGroup::PROJECT_MEMBERS, ProjectUGroup::REGISTERED => ProjectUGroup::PROJECT_MEMBERS); } elseif (!ForgeConfig::areAnonymousAllowed()) { $this->mapping[ProjectUGroup::ANONYMOUS] = ProjectUGroup::REGISTERED; if (ForgeConfig::areRestrictedUsersAllowed() && $project->allowsRestricted()) { $this->mapping[ProjectUGroup::ANONYMOUS] = ProjectUGroup::AUTHENTICATED; $this->mapping[ProjectUGroup::AUTHENTICATED] = ProjectUGroup::AUTHENTICATED; } } }
/** * Check if the user can access the project $group, * regarding the restricted access * * @param Object{Group} $group the Group object * @return boolean true if the current session user has access to this project, false otherwise */ function checkRestrictedAccess($group) { if (ForgeConfig::areRestrictedUsersAllowed()) { if ($group) { $user = UserManager::instance()->getCurrentUser(); if ($user) { if ($user->isRestricted()) { return $group->userIsMember(); } else { return true; } } else { return false; } } else { return false; } } else { return true; } }
} } $project_manager->clearProjectFromCache($currentproject->getID()); $currentproject = $project_manager->getProject($currentproject->getID()); // update info for page $res_grp = db_query("SELECT * FROM groups WHERE group_id='" . db_ei($group_id) . "'"); if (db_numrows($res_grp) < 1) { exit_no_group(); } $row_grp = db_fetch_array($res_grp); $descfieldsvalue = $currentproject->getProjectsDescFieldsValue(); project_admin_header(array('title' => $Language->getText('project_admin_editgroupinfo', 'editing_g_info'), 'group' => $group_id, 'help' => 'project-admin.html#project-public-information')); echo '<FORM action="?group_id=' . $group_id . '" method="post" id="project_info_form">'; $renderer = TemplateRendererFactory::build()->getRenderer(ForgeConfig::get('codendi_dir') . '/src/templates/project/'); if ($user_can_choose_visibility) { $presenter = new ProjectVisibilityPresenter($Language, ForgeConfig::areRestrictedUsersAllowed(), $currentproject->getAccess()); echo $renderer->renderToString('project_visibility', $presenter); } if ($user_can_choose_truncated_emails) { $truncated_mails_impacted_services = array(); $file_service = $currentproject->getService(Service::FILE); if ($file_service) { $truncated_mails_impacted_services[] = $file_service->getInternationalizedName(); } $svn_service = $currentproject->getService(Service::SVN); if ($svn_service) { $truncated_mails_impacted_services[] = $svn_service->getInternationalizedName(); } $presenter = new ProjectTruncatedEmailsPresenter($currentproject, $truncated_mails_impacted_services); echo $renderer->renderToString('truncated_emails', $presenter); }
/** * SVNAccessFile definition for repository root * * Block access to non project members if: * - project is private, * - or SVN is private * - or "restricted users" is enabled * * @see src/common/backend/BackendSVN#getSVNAccessRootPathDef($project) * * @param Project $project * * @return String */ function getSVNAccessRootPathDef($project) { $ldapPrjMgr = $this->getLDAPProjectManager(); if ($ldapPrjMgr->hasSVNLDAPAuth($project->getID())) { $conf = "[/]\n"; if (!$project->isPublic() || $project->isSVNPrivate() || ForgeConfig::areRestrictedUsersAllowed()) { $conf .= "* = \n"; } else { $conf .= "* = r\n"; } $conf .= "@members = rw\n"; return $conf; } else { return parent::getSVNAccessRootPathDef($project); } }
/** * Check membership of the user to a specified ugroup * $group_id is necessary for automatic project groups like project member, release admin, etc. * $atid is necessary for trackers since the tracker admin role is different for each tracker. * @return true if user is member of the ugroup, false otherwise. */ function ugroup_user_is_member($user_id, $ugroup_id, $group_id, $atid = 0) { $um = ugroup_get_user_manager(); $user =& $um->getUserById($user_id); // Special Cases if ($ugroup_id == $GLOBALS['UGROUP_NONE']) { // Empty group return false; } else { if ($ugroup_id == $GLOBALS['UGROUP_ANONYMOUS']) { // Anonymous user return true; } else { if ($ugroup_id == $GLOBALS['UGROUP_AUTHENTICATED']) { // Registered user return $user_id != 0; } else { if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && !ForgeConfig::areRestrictedUsersAllowed()) { // Registered user return $user_id != 0; } else { if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && ForgeConfig::areRestrictedUsersAllowed()) { $user = UserManager::instance()->getUserById($user_id); $called_script_handles_restricted = false; $event_manager = EventManager::instance(); $script = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : ''; $event_manager->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$called_script_handles_restricted, 'user' => $user, 'uri' => $script)); // Non-restricted user or restricted member in service that doesn't yet handle restricted users independently return !$user->isRestricted() || !$called_script_handles_restricted; } else { if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_MEMBERS']) { // Project members if ($user->isMember($group_id)) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_FILE_MANAGER_ADMIN']) { // File manager admins if ($user->isMember($group_id, 'R2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_ADMIN']) { // Document admin if ($user->isMember($group_id, 'D2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_TECH']) { // Document tech if ($user->isMember($group_id, 'D1')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_WIKI_ADMIN']) { // Wiki admins if ($user->isMember($group_id, 'W2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_ADMIN']) { // Project admins if ($user->isMember($group_id, 'A')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_TRACKER_ADMIN']) { // Tracker admins $pm = ProjectManager::instance(); $group = $pm->getProject($group_id); $at = new ArtifactType($group, $atid); return $at->userIsAdmin($user_id); } else { // Normal ugroup $sql = "SELECT * from ugroup_user where ugroup_id='" . db_ei($ugroup_id) . "' and user_id='" . db_ei($user_id) . "'"; $res = db_query($sql); if (db_numrows($res) > 0) { return true; } } } } } } } } } } } } } return false; }
function display_account_form($register_error) { global $Language; $request =& HTTPRequest::instance(); $purifier =& Codendi_HTMLPurifier::instance(); $page = $request->get('page'); if ($register_error) { print "<p><blink><b><span class=\"feedback\">{$register_error}</span></b></blink>"; } $star = '<span class="highlight"><big>*</big></span>'; $form_loginname = $request->exist('form_loginname') ? $purifier->purify($request->get('form_loginname')) : ''; $form_realname = $request->exist('form_realname') ? $purifier->purify($request->get('form_realname')) : ''; $form_email = $request->exist('form_email') ? $purifier->purify($request->get('form_email')) : ''; $form_expiry = $request->exist('form_expiry') ? $purifier->purify($request->get('form_expiry')) : ''; $form_mail_site = !$request->exist('form_mail_site') || $request->get('form_mail_site') == 1; $form_restricted = ForgeConfig::areRestrictedUsersAllowed() && (!$request->exist('form_restricted') || $request->get('form_restricted') == 1); $form_send_email = $request->get('form_send_email') == 1; if ($request->exist('timezone') && is_valid_timezone($request->get('timezone'))) { $timezone = $request->get('timezone'); } else { $timezone = false; } $form_register_purpose = $request->exist('form_register_purpose') ? $purifier->purify($request->get('form_register_purpose')) : ''; if ($page == "admin_creation") { $prefill = new Account_RegisterAdminPrefillValuesPresenter($form_loginname, $form_email, $form_realname, $form_register_purpose, $form_mail_site, $timezone, $form_restricted, $form_send_email); $presenter = new Account_RegisterByAdminPresenter($prefill); $template = 'register-admin'; } else { $prefill = new Account_RegisterPrefillValuesPresenter($form_loginname, $form_email, $form_realname, $form_register_purpose, $form_mail_site, $timezone); $presenter = new Account_RegisterByUserPresenter($prefill); $template = 'register-user'; } $renderer = TemplateRendererFactory::build()->getRenderer(ForgeConfig::get('codendi_dir') . '/src/templates/account/'); $renderer->renderToPage($template, $presenter); }
function trove_get_visibility_for_user($field, PFUser $user) { if (ForgeConfig::areRestrictedUsersAllowed() && $user->isRestricted()) { return $field . ' = "' . db_es(Project::ACCESS_PUBLIC_UNRESTRICTED) . '"'; } else { return $field . ' != "' . db_es(Project::ACCESS_PRIVATE) . '"'; } }
<select name="action_select" size="1"> <option value="validate" selected>' . $Language->getText('admin_approve_pending_users', 'validate') . ' <option value="activate">' . $Language->getText('admin_approve_pending_users', 'activate') . ' </select> ' . $Language->getText('admin_approve_pending_users', 'all_accounts') . ' ' . ' ' . $Language->getText('admin_approve_pending_users', 'status') . ' <select name="status" size="1"> <option value="standard">' . $Language->getText('admin_approve_pending_users', 'status_standard') . ' <option value="restricted">' . $Language->getText('admin_approve_pending_users', 'status_restricted') . ' </select> <INPUT TYPE="HIDDEN" NAME="list_of_users" VALUE="' . $user_list . '"> <INPUT type="submit" name="submit" value="' . $Language->getText('admin_approve_pending_users', 'ok') . '"> </FORM> </TD>'; } if ($GLOBALS['sys_user_approval'] == 1 && $page == ADMIN_APPROVE_PENDING_PAGE_PENDING && !ForgeConfig::areRestrictedUsersAllowed()) { echo '<TD> <FORM action="?page=' . $page . '" method="POST"> <select name="action_select" size="1"> <option value="validate" selected>' . $Language->getText('admin_approve_pending_users', 'validate') . ' <option value="activate">' . $Language->getText('admin_approve_pending_users', 'activate') . ' </select> ' . $Language->getText('admin_approve_pending_users', 'all_accounts') . ' <INPUT TYPE="HIDDEN" NAME="list_of_users" VALUE="' . $user_list . '"> <INPUT type="submit" name="submit" value="' . $Language->getText('admin_approve_pending_users', 'ok') . '"> </FORM> </TD>'; } echo ' </TR> </TABLE>
/** * Checks if the user can access the project $group, * regarding the restricted access * * @param Project $group Affected project * @param $user * * @return boolean true if the current session user has access to this project, false otherwise */ private function getRestrictedAccessForUserInGroup($group, $user) { if (ForgeConfig::areRestrictedUsersAllowed()) { if ($group) { if ($user) { if ($user->isRestricted()) { return $group->userIsMember(); } else { return true; } } else { return false; } } else { return false; } } else { return true; } }
/** * @param Project $project * @return User_ForgeUGroup[] */ public function getAllForProject(Project $project) { $user_groups = array(); if (ForgeConfig::areAnonymousAllowed() && $project->isPublic()) { $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::ANON); } if (ForgeConfig::areRestrictedUsersAllowed() && $project->allowsRestricted()) { $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::AUTHENTICATED); } if ($project->isPublic()) { $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::REGISTERED); } $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::PROJECT_MEMBERS); $user_groups[] = $this->getDynamicForgeUserGroupByName(User_ForgeUGroup::PROJECT_ADMINS); return array_merge($user_groups, $this->getStaticByProject($project), array($this->getDynamicForgeUserGroupByName(User_ForgeUGroup::NOBODY))); }
if ($request->valid($vUnixStatus)) { $user->setUnixStatus($request->get('form_unixstatus')); } // New status must be valid AND user account must already be validated // There are specific actions done in approve_pending scripts $accountActivationEvent = null; $vStatus = new Valid_WhiteList('form_status', $user->getAllWorkingStatus()); $vStatus->required(); if ($request->valid($vStatus) && in_array($user->getStatus(), $user->getAllWorkingStatus()) && $user->getStatus() != $request->get('form_status')) { switch ($request->get('form_status')) { case PFUser::STATUS_ACTIVE: $user->setStatus($request->get('form_status')); $accountActivationEvent = 'project_admin_activate_user'; break; case PFUser::STATUS_RESTRICTED: if (ForgeConfig::areRestrictedUsersAllowed()) { $user->setStatus($request->get('form_status')); // If the user had a shell, set it to restricted shell if ($user->getShell() && $user->getShell() != "/bin/false" && $user->getShell() != "/sbin/nologin") { $user->setShell($GLOBALS['codendi_bin_prefix'] . '/cvssh-restricted'); } $accountActivationEvent = 'project_admin_activate_user'; } break; case PFUser::STATUS_DELETED: $user->setStatus($request->get('form_status')); $user->setUnixStatus($user->getStatus()); $accountActivationEvent = 'project_admin_delete_user'; break; case PFUser::STATUS_SUSPENDED: $user->setStatus($request->get('form_status'));