private function checkUserIsSiteadmin(PFUser $user, Response $response) { if (!$user->isSuperUser()) { $response->addFeedback(Feedback::ERROR, $GLOBALS['Language']->getText('global', 'perm_denied')); $response->redirect('/'); } }
/** * * Send mails to a group of people and check the max number of emailed people limit. * * @param Project $project Project of the receivers * @param PFO_User $user Sender * @param string $subject * @param string $html_body * @param PFUser[] $receivers */ public function sendMassmail(Project $project, PFUser $user, $subject, $html_body, array $receivers) { $hp = Codendi_HTMLPurifier::instance(); $project_name = $project->getPublicName(); $sys_max_number_of_emailed_people = ForgeConfig::get('sys_max_number_of_emailed_people'); if (count($receivers) > $sys_max_number_of_emailed_people && !$user->isSuperUser()) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('my_index', 'massmail_not_sent_max_users', $sys_max_number_of_emailed_people)); return; } $mail = new Codendi_Mail(); $mail->setFrom($user->getEmail()); $mail->setTo($user->getEmail()); $mail->setBccUser($receivers); $mail->setSubject("[" . $GLOBALS['sys_name'] . "] [" . $project_name . "] " . $subject); $mail->setBodyText($hp->purify($html_body, CODENDI_PURIFIER_STRIP_HTML)); $mail->setBodyHtml($html_body); $is_sent = $mail->send(); return $is_sent; }
public function user_is_admin() { return $this->user->isSuperUser(); }
/** * Process the request * * @param Tracker_IDisplayTrackerLayout $layout Displays the page header and footer * @param Codendi_Request $request The data coming from the user * @param PFUser $current_user The user who mades the request * * @return void */ public function process(Tracker_IDisplayTrackerLayout $layout, $request, $current_user) { switch ($request->get('func')) { case 'fetch-artifacts': $read_only = false; $prefill_removed_values = array(); $only_rows = true; $this_project_id = $this->getTracker()->getProject()->getGroupId(); $hp = Codendi_HTMLPurifier::instance(); $ugroups = $current_user->getUgroups($this_project_id, array()); $ids = $request->get('ids'); //2, 14, 15 $tracker = array(); $result = array(); //We must retrieve the last changeset ids of each artifact id. $dao = new Tracker_ArtifactDao(); foreach ($dao->searchLastChangesetIds($ids, $ugroups, $current_user->isSuperUser()) as $matching_ids) { $tracker_id = $matching_ids['tracker_id']; $tracker = $this->getTrackerFactory()->getTrackerById($tracker_id); $project = $tracker->getProject(); if ($tracker->userCanView()) { $trf = Tracker_ReportFactory::instance(); $report = $trf->getDefaultReportsByTrackerId($tracker->getId()); if ($report) { $renderers = $report->getRenderers(); // looking for the first table renderer foreach ($renderers as $renderer) { if ($renderer->getType() === Tracker_Report_Renderer::TABLE) { $key = $this->id . '_' . $report->id . '_' . $renderer->getId(); $result[$key] = $renderer->fetchAsArtifactLink($matching_ids, $this->getId(), $read_only, $prefill_removed_values, $only_rows); $head = '<div class="tracker-form-element-artifactlink-trackerpanel">'; $project_name = ''; if ($project->getGroupId() != $this_project_id) { $project_name = ' (<abbr title="' . $hp->purify($project->getPublicName(), CODENDI_PURIFIER_CONVERT_HTML) . '">'; $project_name .= $hp->purify($project->getUnixName(), CODENDI_PURIFIER_CONVERT_HTML); $project_name .= '</abbr>)'; } $head .= '<h2 class="tracker-form-element-artifactlink-tracker_' . $tracker->getId() . '">'; $head .= $hp->purify($tracker->getName(), CODENDI_PURIFIER_CONVERT_HTML) . $project_name; $head .= '</h2>'; //if ($artifact) { // $title = $hp->purify('link a '. $tracker->getItemName(), CODENDI_PURIFIER_CONVERT_HTML); // $head .= '<a href="'.TRACKER_BASE_URL.'/?tracker='.$tracker_id.'&func=new-artifact-link&id='.$artifact->getId().'" class="tracker-form-element-artifactlink-link-new-artifact">'. 'create a new '.$hp->purify($tracker->getItemName(), CODENDI_PURIFIER_CONVERT_HTML) .'</a>'; //} $result[$key]['head'] = $head . $result[$key]['head']; break; } } } } } if ($result) { $head = array(); $rows = array(); foreach ($result as $key => $value) { $head[$key] = $value["head"]; $rows[$key] = $value["rows"]; } header('Content-type: application/json'); echo json_encode(array('head' => $head, 'rows' => $rows)); } exit; break; case 'fetch-aggregates': $read_only = false; $prefill_removed_values = array(); $only_rows = true; $only_one_column = false; $extracolumn = Tracker_Report_Renderer_Table::EXTRACOLUMN_UNLINK; $read_only = true; $use_data_from_db = false; $ugroups = $current_user->getUgroups($this->getTracker()->getGroupId(), array()); $ids = $request->get('ids'); //2, 14, 15 $tracker = array(); $json = array('tabs' => array()); $dao = new Tracker_ArtifactDao(); foreach ($dao->searchLastChangesetIds($ids, $ugroups, $current_user->isSuperUser()) as $matching_ids) { $tracker_id = $matching_ids['tracker_id']; $tracker = $this->getTrackerFactory()->getTrackerById($tracker_id); $project = $tracker->getProject(); if ($tracker->userCanView()) { $trf = Tracker_ReportFactory::instance(); $report = $trf->getDefaultReportsByTrackerId($tracker->getId()); if ($report) { $renderers = $report->getRenderers(); // looking for the first table renderer foreach ($renderers as $renderer) { if ($renderer->getType() === Tracker_Report_Renderer::TABLE) { $key = $this->id . '_' . $report->id . '_' . $renderer->getId(); $columns = $renderer->getTableColumns($only_one_column, $use_data_from_db); $extracted_fields = $renderer->extractFieldsFromColumns($columns); $json['tabs'][] = array('key' => $key, 'src' => $renderer->fetchAggregates($matching_ids, $extracolumn, $only_one_column, $columns, $extracted_fields, $use_data_from_db, $read_only)); break; } } } } } header('Content-type: application/json'); echo json_encode($json); exit; break; default: parent::process($layout, $request, $current_user); break; } }
/** * Ensure given user can access given project * * @param PFUser $user * @param Project $project * @return boolean * @throws Project_AccessProjectNotFoundException * @throws Project_AccessDeletedException * @throws Project_AccessRestrictedException * @throws Project_AccessPrivateException */ public function userCanAccessProject(PFUser $user, Project $project) { if ($project->isError()) { throw new Project_AccessProjectNotFoundException(); } elseif ($user->isSuperUser()) { return true; } elseif (!$project->isActive()) { throw new Project_AccessDeletedException($project); } elseif ($user->isMember($project->getID())) { return true; } elseif ($this->getPermissionsOverriderManager()->doesOverriderAllowUserToAccessProject($user, $project)) { return true; } elseif ($user->isRestricted()) { if (!$project->allowsRestricted() || !$this->restrictedUserCanAccessUrl($user, $this->getUrl(), $_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME'])) { throw new Project_AccessRestrictedException(); } return true; } elseif ($project->isPublic()) { return true; } elseif ($this->userHasBeenDelegatedAccess($user)) { return true; } throw new Project_AccessPrivateException(); }
/** * Test is user can administrate FRS service of given project * * @param PFUser $user User to test * @param Integer $groupId Project * * @return Boolean */ public static function userCanAdmin($user, $groupId) { return $user->isSuperUser() || $user->isMember($groupId, 'R2') || $user->isMember($groupId, 'A'); }
public function userCanViewTracker(PFUser $user, Tracker $tracker) { if ($user->isSuperUser()) { return true; } if ($tracker->userIsAdmin($user)) { return true; } $project = $tracker->getProject(); if ($this->userIsRestrictedAndNotMemberOfProject($user, $project) || $this->userIsNotMemberOfPrivateProject($user, $project)) { return false; } foreach ($tracker->getPermissionsByUgroupId() as $ugroup_id => $permission_types) { if ($user->isMemberOfUGroup($ugroup_id, $tracker->getGroupId())) { return true; } } return false; }
/** * Check if user as write permission on item * * This method only deals with the permissions set on item. If user has * write permission, it will automatically gives read permission too. * * @param PFUser $user * @param Integer $item_id * * @return Boolean */ function _userHasWritePermission($user, $item_id) { $pm = $this->_getPermissionManagerInstance(); $canWrite = $user->isSuperUser() || $this->userCanAdmin($user) || $pm->userHasPermission($item_id, 'PLUGIN_DOCMAN_WRITE', $user->getUgroups($this->groupId, array())) || $this->userCanManage($user, $item_id); if ($canWrite) { $this->_setCanRead($user->getId(), $item_id, true); } return $canWrite; }
/** * Tests if the user is Superuser, or File release admin * * @param PFUser $user * @param Integer $groupId * * @return Boolean */ function userCanWrite($user, $groupId) { // R2 refers to File release admin return $this->isWriteEnabled() && ($user->isSuperUser() || $user->isMember($groupId, 'R2')); }
private function addAdminItem(FlamingParrot_NavBarItemPresentersCollection $collection) { if ($this->user->isSuperUser()) { $collection->addItem(new FlamingParrot_NavBarItemLinkPresenter(self::$NO_ID, $this->isNavBarItemActive('/admin/', 'admin'), '/admin/', 'Admin')); } }
/** * Monstro query * * @param PFUser $user * @param unknown_type $group_id * @param Tracker_CrossSearch_Query $query * @param array $tracker_ids * @param array $shared_fields * @param array $semantic_fields * @param array $artifact_link_field_ids_for_column_display * @param array $excluded_artifact_ids */ public function searchMatchingArtifacts(PFUser $user, $group_id, Tracker_CrossSearch_Query $query, array $tracker_ids, array $shared_fields, array $semantic_fields, array $artifact_link_field_ids_for_column_display, array $excluded_artifact_ids = array()) { $report_dao = new Tracker_ReportDao(); $is_super_user = $user->isSuperUser(); $ugroups = $user->getUgroups($group_id, array()); $quoted_ugroups = $this->da->quoteSmartImplode(',', $ugroups); $quoted_tracker_ids = $this->da->quoteSmartImplode(',', $tracker_ids); $excluded_artifact_ids = $this->da->quoteSmartImplode(',', $excluded_artifact_ids); $shared_fields_constraints = $this->getSharedFieldsSqlFragment($shared_fields); $title_constraint = $this->getTitleSqlFragment($this->getSemanticFieldCriteria($semantic_fields, 'title')); $status_constraint = $this->getStatusSqlFragment($this->getSemanticFieldCriteria($semantic_fields, 'status')); $tracker_constraint = $tracker_ids ? " AND artifact.tracker_id IN ({$quoted_tracker_ids}) " : ""; $artifact_ids_list = $query->listArtifactIds(); $artifact_link_constraints = ''; if (count($artifact_ids_list)) { $artifact_ids_list = $this->da->quoteSmartImplode(',', $artifact_ids_list); $artifacts_fields = $this->getArtifactLinkFields($artifact_ids_list, $is_super_user, $quoted_ugroups); $artifact_link_constraints = $this->getArtifactLinkSearchSqlFragment($artifacts_fields); } $artifact_link_columns_select = $this->getArtifactLinkSelects($artifact_link_field_ids_for_column_display); $artifact_link_columns_join = $this->getArtifactLinkColumns($artifact_link_field_ids_for_column_display, $is_super_user, $quoted_ugroups); $artifact_permissions = $report_dao->getSqlFragmentForArtifactPermissions($user->isSuperUser(), $user->getUgroups($group_id, array())); $artifact_permissions_join = $artifact_permissions['from']; $artifact_permissions_where = $artifact_permissions['where']; $tracker_semantic_title_join = $this->getTrackerSemanticTitleJoin($is_super_user, $quoted_ugroups); $tracker_semantic_status_join = $this->getTrackerSemanticStatusJoin($is_super_user, $quoted_ugroups); $from = " FROM tracker_artifact AS artifact\n INNER JOIN tracker_changeset AS c ON (artifact.last_changeset_id = c.id) \n {$shared_fields_constraints} \n {$artifact_link_constraints} \n {$tracker_semantic_title_join} \n {$tracker_semantic_status_join} \n {$artifact_permissions_join} "; $where = " WHERE 1 {$artifact_permissions_where} {$title_constraint} {$status_constraint} "; $permissions_manager = PermissionsManager::instance(); $tracker_factory = TrackerFactory::instance(); $sqls = array(); foreach ($tracker_ids as $tracker_id) { // {{{ This is a big copy 'n paste from Tracker_Report::getMatchingIdsInDb. // TODO: // instead of building a big query with plenty of unions, // call getMatchingIdsInDb foreach tracker involved in the // crosssearch query. As getMatchingIdsInDb returns the // tuple (artifact_ids, matching_ids) -- where ids are // comma separated --, we will have to do the join in php // by concatenating strings. // Example: // $artifact_ids = $changeset_ids = ''; // foreach ($trackers as $tracker) { // merge($artifact_ids, $changeset_ids, report->getMatchingIdsInDb(..., $tracker, ...)); // } // crosssearch->retrieveColumns($artifact_ids, $changeset_ids) // // And if we are feeling lucky, we can also move the // reportdao->searchMatchingIds in searchdao since it make more sense. // // Possible caveat: // - 1 big sql query full of unions is really slower // than n small queries? $instances = array('artifact_type' => $tracker_id); $ugroups = $user->getUgroups($group_id, $instances); $static_ugroups = $user->getStaticUgroups($group_id); $dynamic_ugroups = $user->getDynamicUgroups($group_id, $instances); $permissions = $permissions_manager->getPermissionsAndUgroupsByObjectid($tracker_id, $ugroups); $subwhere = " {$where} AND artifact.tracker_id = {$tracker_id} "; $tracker = $tracker_factory->getTrackerById($tracker_id); $contributor_field = $tracker->getContributorField(); $contributor_field_id = $contributor_field ? $contributor_field->getId() : null; // }}} $sqls = array_merge($sqls, $report_dao->getSqlFragmentsAccordinglyToTrackerPermissions($user->isSuperUser(), $from, $subwhere, $group_id, $tracker_id, $permissions, $ugroups, $static_ugroups, $dynamic_ugroups, $contributor_field_id)); } array_filter($sqls); if (count($sqls) == 0) { $results = new DataAccessResultEmpty(); } else { $union = implode(' UNION ', $sqls); $sql = "SET SESSION group_concat_max_len = 134217728"; $this->retrieve($sql); $sql = "\n SELECT artifact.id,\n artifact.last_changeset_id,\n CVT.value AS title,\n artifact.tracker_id,\n GROUP_CONCAT(CVAL.artifact_id) AS artifactlinks\n {$artifact_link_columns_select}\n \n FROM tracker_artifact AS artifact\n INNER JOIN tracker_artifact_priority ON (tracker_artifact_priority.curr_id = artifact.id)\n INNER JOIN ( {$union} ) AS R ON (R.id = artifact.id)\n INNER JOIN tracker_changeset AS c ON (R.last_changeset_id = c.id)\n\n -- shared_fields_constraints\n \n -- artifact_link_constraints\n\n {$tracker_semantic_title_join}\n\n LEFT JOIN (\n tracker_changeset_value_artifactlink AS CVAL\n INNER JOIN tracker_changeset_value AS CV2 ON (CV2.id = CVAL.changeset_value_id) \n \n ) ON CV2.changeset_id = artifact.last_changeset_id\n\n {$artifact_link_columns_join}\n -- artifact_permissions_join\n \n WHERE 1\n -- artifact_permissions_where\n {$tracker_constraint}\n -- title_constraint\n -- status_constraint\n "; if ($excluded_artifact_ids != '') { $sql .= "\n AND artifact.id NOT IN ({$excluded_artifact_ids}) "; } $sql .= "\n GROUP BY artifact.id\n ORDER BY tracker_artifact_priority.rank\n "; $results = $this->retrieve($sql); } return $results; }
/** * Only owners of a report can update it. * owner = report->user_id * or if null, owner = tracker admin or site admins * @param PFUser $user the user who wants to update the report * @return boolean */ public function userCanUpdate($user) { if (!$this->isBelongingToATracker()) { return false; } if ($this->user_id) { return $this->user_id == $user->getId(); } else { $tracker = $this->getTracker(); return $user->isSuperUser() || $tracker->userIsAdmin($user); } }
/** * Ensure given user can access given project * * @param PFUser $user * @param Project $project * @return boolean * @throws Project_AccessProjectNotFoundException * @throws Project_AccessDeletedException * @throws Project_AccessRestrictedException * @throws Project_AccessPrivateException */ public function userCanAccessProject(PFUser $user, Project $project) { if ($project->isError()) { throw new Project_AccessProjectNotFoundException(); } elseif ($user->isSuperUser()) { return true; } elseif (!$project->isActive()) { throw new Project_AccessDeletedException($project); } elseif ($user->isMember($project->getID())) { return true; } elseif ($user->isRestricted() && !$this->canRestrictedUserAccess($user, $project)) { throw new Project_AccessRestrictedException(); } elseif ($project->isPublic()) { return true; } elseif ($this->userHasBeenDelegatedAccess($user)) { return true; } throw new Project_AccessPrivateException(); }
private function userIsAdmin(PFUser $user, $group_id, $permissions, $ugroups) { return $user->isSuperUser() || $user->isMember($group_id, 'A') || $this->hasPermissionFor(Tracker::PERMISSION_ADMIN, $permissions, $ugroups); }