/** * Ensure given user can access given project * * @param PFUser $user * @param Project $project * @return boolean * @throws Project_AccessProjectNotFoundException * @throws Project_AccessDeletedException * @throws Project_AccessRestrictedException * @throws Project_AccessPrivateException */ public function userCanAccessProject(PFUser $user, Project $project) { $tracker_manager = new TrackerManager(); if ($tracker_manager->userCanAdminAllProjectTrackers($user)) { return true; } return parent::userCanAccessProject($user, $project); }
public function getSearchResults(array $result) { $results = array(); $validator = new ElasticSearch_1_2_ResultValidator(); if (!isset($result['hits']['hits'])) { return $results; } $user = $this->user_manager->getCurrentUser(); foreach ($result['hits']['hits'] as $hit) { $project = $this->project_manager->getProject($this->extractGroupIdFromHit($hit)); $index = $this->extractIndexFromHit($hit); if ($project->isError()) { continue; } try { $this->url_verification->userCanAccessProject($user, $project); } catch (Project_AccessPrivateException $exception) { continue; } switch ($index) { case fulltextsearchPlugin::SEARCH_DOCMAN_TYPE: if (!$validator->isDocmanResultValid($hit)) { continue; } $results[] = new ElasticSearch_SearchResultDocman($hit, $project); break; case fulltextsearchPlugin::SEARCH_WIKI_TYPE: if (!$validator->isWikiResultValid($hit)) { continue; } $wiki = new Wiki($project->getID()); if ($wiki->isAutorized($user->getId())) { $results[] = new ElasticSearch_SearchResultWiki($hit, $project); } break; case fulltextsearchPlugin::SEARCH_TRACKER_TYPE: if (!$validator->isArtifactResultValid($hit)) { continue; } $artifact = Tracker_ArtifactFactory::instance()->getArtifactById($hit['fields']['id'][0]); if ($artifact->userCanView($user)) { $results[] = new ElasticSearch_SearchResultTracker($hit, $project, $artifact); } break; default: } } return $results; }
/** * Get a project repository by its id * * @return GitRepository the repository or null if not found */ public function getRepositoryByIdUserCanSee(PFUser $user, $id) { if ($id == GitRepositoryGitoliteAdmin::ID) { return new GitRepositoryGitoliteAdmin(); } $dar = $this->dao->searchProjectRepositoryById($id); $repository = $this->getRepositoryFromDar($dar); if ($repository === null) { throw new GitRepoNotFoundException(); } $project = $repository->getProject(); $url_verification = new URLVerification(); try { $url_verification->userCanAccessProject($user, $project); } catch (Exception $exception) { throw $exception; } if (!$repository->userCanRead($user)) { throw new GitRepoNotReadableException(); } return $repository; }
public function testRestrictedUserCanNotAccessProjectWhichDoesntAllowResticted() { $user = new MockPFUser(); $project = mock('Project'); $url_verification = new URLVerification(); stub($project)->isError()->returns(false); stub($project)->isActive()->returns(true); stub($project)->allowsRestricted()->returns(false); stub($user)->isSuperUser()->returns(false); stub($user)->isMember()->returns(false); stub($user)->isRestricted()->returns(true); $this->expectException('Project_AccessRestrictedException'); $url_verification->userCanAccessProject($user, $project); }
function getPageChangeEmails($notify) { $emails = array(); $userids = array(); foreach ($notify as $page => $users) { if (glob_match($page, $this->_pagename)) { foreach ($users as $userid => $user) { $um = UserManager::instance(); $dbUser = $um->getUserByUserName($userid); $wiki = new Wiki($_REQUEST['group_id']); $wp = new WikiPage($_REQUEST['group_id'], $_REQUEST['pagename']); $project = ProjectManager::instance()->getProject($_REQUEST['group_id']); $url_verifier = new URLVerification(); $user_can_access_project = false; try { $user_can_access_project = $dbUser !== null && $url_verifier->userCanAccessProject($dbUser, $project); } catch (Project_AccessException $e) { continue; } if ($user_can_access_project && $wiki->isAutorized($dbUser->getId()) && $wp->isAutorized($dbUser->getId())) { if (!$user) { // handle the case for ModeratePage: no prefs, just userid's. global $request; $u = $request->getUser(); if ($u->UserName() == $userid) { $prefs = $u->getPreferences(); } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($GLOBALS['request'], $userid); $prefs = $u->getPreferences(); } } $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; } else { if (!empty($user['verified']) and !empty($user['email'])) { $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; } elseif (!empty($user['email'])) { global $request; // do a dynamic emailVerified check update $u = $request->getUser(); if ($u->UserName() == $userid) { if ($request->_prefs->get('emailVerified')) { $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; $notify[$page][$userid]['verified'] = 1; $request->_dbi->set('notify', $notify); } } else { // not current user if (ENABLE_USER_NEW) { $u = WikiUser($userid); $u->getPreferences(); $prefs =& $u->_prefs; } else { $u = new WikiUser($GLOBALS['request'], $userid); $prefs = $u->getPreferences(); } if ($prefs->get('emailVerified')) { $emails[] = user_getemail_from_unix($userid); $userids[] = $userid; $notify[$page][$userid]['verified'] = 1; $request->_dbi->set('notify', $notify); } } // ignore verification /* if (DEBUG) { if (!in_array($user['email'],$emails)) $emails[] = $user['email']; } */ } } } } } } $emails = array_unique($emails); $userids = array_unique($userids); return array($emails, $userids); }