private function isSuperPublic() { $super_public_projects = ForgeConfig::getSuperPublicProjectsFromRestrictedFile(); return in_array($this->getID(), $super_public_projects); }
private function isProjectSuperPublic($project_id) { $projects = ForgeConfig::getSuperPublicProjectsFromRestrictedFile(); return in_array($project_id, $projects); }
/** * Test if given url is restricted for user * * @param PFUser $user * @param Url $url * @param Array $request_uri * @param Array $script_name * * @return Boolean False if user not allowed to see the content */ protected function restrictedUserCanAccessUrl($user, $url, $request_uri, $script_name) { // This assume that we already checked that project is accessible to restricted prior to function call. // Hence, summary page is ALWAYS accessible if ($script_name === '/projects') { return true; } $group_id = isset($GLOBALS['group_id']) ? $GLOBALS['group_id'] : $url->getGroupIdFromUrl($request_uri); // Make sure the URI starts with a single slash $req_uri = '/' . trim($request_uri, "/"); $user_is_allowed = false; /* Examples of input params: Script: /projects, Uri=/projects/ljproj/ Script: /survey/index.php, Uri=/survey/?group_id=101 Script: /project/admin/index.php, Uri=/project/admin/?group_id=101 Script: /tracker/index.php, Uri=/tracker/index.php?group_id=101 Script: /tracker/index.php, Uri=/tracker/?func=detail&aid=14&atid=101&group_id=101 */ // Restricted users cannot access any page belonging to a project they are not a member of. // In addition, the following URLs are forbidden (value overriden in site-content file) $forbidden_url = array('/snippet', '/new/', '/people/', '/stats', '/top', '/project/register.php', '/export', '/info.php'); // Default values are very restrictive, but they can be overriden in the site-content file // Default support project is project 1. $allow_welcome_page = false; // Allow access to welcome page $allow_news_browsing = false; // Allow restricted users to read/comment news, including for their project $allow_user_browsing = false; // Allow restricted users to access other user's page (Developer Profile) $allow_access_to_project_forums = array(1); // Support project help forums are accessible through the 'Discussion Forums' link $allow_access_to_project_trackers = array(1); // Support project trackers are used for support requests $allow_access_to_project_docs = array(1); // Support project documents and wiki (Note that the User Guide is always accessible) $allow_access_to_project_mail = array(1); // Support project mailing lists (Developers Channels) $allow_access_to_project_frs = array(1); // Support project file releases $allow_access_to_project_refs = array(1); // Support project references $allow_access_to_project_news = array(1); // Support project news $allow_access_to_project_trackers_v5 = array(1); //Support project trackers v5 are used for support requests // List of fully public projects (same access for restricted and unrestricted users) // Customizable security settings for restricted users: include $GLOBALS['Language']->getContent('include/restricted_user_permissions', 'en_US'); // End of customization // For convenient reasons, admin can customize those variables as arrays // but for performances reasons we prefer to use hashes (avoid in_array) // so we transform array(101) => array(101=>0) $allow_access_to_project_forums = array_flip($allow_access_to_project_forums); $allow_access_to_project_trackers = array_flip($allow_access_to_project_trackers); $allow_access_to_project_docs = array_flip($allow_access_to_project_docs); $allow_access_to_project_mail = array_flip($allow_access_to_project_mail); $allow_access_to_project_frs = array_flip($allow_access_to_project_frs); $allow_access_to_project_refs = array_flip($allow_access_to_project_refs); $allow_access_to_project_news = array_flip($allow_access_to_project_news); $allow_access_to_project_trackers_v5 = array_flip($allow_access_to_project_trackers_v5); foreach ($forbidden_url as $str) { $pos = strpos($req_uri, $str); if ($pos === false) { // Not found } else { if ($pos == 0) { // beginning of string return false; } } } // Welcome page if (!$allow_welcome_page) { $sc_name = '/' . trim($script_name, "/"); if ($sc_name == '/index.php') { return false; } } //Forbid search unless it's on a tracker if (strpos($req_uri, '/search') === 0 && isset($_REQUEST['type_of_search']) && $_REQUEST['type_of_search'] == 'tracker') { return true; } elseif (strpos($req_uri, '/search') === 0) { return false; } // Forbid access to other user's page (Developer Profile) if (strpos($req_uri, '/users/') === 0 && !$allow_user_browsing) { if ($req_uri != '/users/' . $user->getName() && $req_uri != '/users/' . $user->getName() . '/avatar.png') { return false; } } // Forum and news. Each published news is a special forum of project 'news' if (strpos($req_uri, '/news/') === 0 && isset($allow_access_to_project_news[$group_id])) { $user_is_allowed = true; } if (strpos($req_uri, '/news/') === 0 && $allow_news_browsing) { $user_is_allowed = true; } if (strpos($req_uri, '/forum/') === 0 && isset($allow_access_to_project_forums[$group_id])) { $user_is_allowed = true; } // Codendi trackers if (strpos($req_uri, '/tracker/') === 0 && isset($allow_access_to_project_trackers[$group_id])) { $user_is_allowed = true; } // Trackers v5 if (strpos($req_uri, '/plugins/tracker/') === 0 && isset($allow_access_to_project_trackers_v5[$group_id])) { $user_is_allowed = true; } // Codendi documents and wiki if ((strpos($req_uri, '/docman/') === 0 || strpos($req_uri, '/plugins/docman/') === 0 || strpos($req_uri, '/wiki/') === 0) && isset($allow_access_to_project_docs[$group_id])) { $user_is_allowed = true; } // Codendi mailing lists page if (strpos($req_uri, '/mail/') === 0 && isset($allow_access_to_project_mail[$group_id])) { $user_is_allowed = true; } // Codendi file releases if (strpos($req_uri, '/file/') === 0 && isset($allow_access_to_project_frs[$group_id])) { $user_is_allowed = true; } // References if (strpos($req_uri, '/goto') === 0 && isset($allow_access_to_project_refs[$group_id])) { $user_is_allowed = true; } if (!$user_is_allowed) { $this->getEventManager()->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$user_is_allowed, 'user' => $user, 'uri' => $script_name)); } if ($group_id && !$user_is_allowed) { if (in_array($group_id, ForgeConfig::getSuperPublicProjectsFromRestrictedFile())) { return true; } return false; } return true; }
public function itDoesNotStorePublicProjectsInTheStorage() { stub($GLOBALS['Language'])->getContent('include/restricted_user_permissions', 'en_US')->returns($this->customised_file); ForgeConfig::getSuperPublicProjectsFromRestrictedFile(); $this->assertIdentical(ForgeConfig::get('public_projects'), false); }