function frs_admin_header($params) { global $group_id; /* Are they logged in? */ if (!session_loggedin()) { exit_not_logged_in(); } $project =& group_get_object($group_id); if (!$project || !is_object($project)) { return; } $perm =& $project->getPermission(session_get_user()); if (!$perm || !is_object($perm)) { return; } /* Are they a release technician? */ if (!$perm->isReleaseTechnician()) { exit_permission_denied(); } frs_header($params); }
/** * exit_permission_denied() - Exit with permission denied error * * @param string $reason_descr */ function exit_permission_denied($reason_descr = '') { if (!session_loggedin()) { exit_not_logged_in(); } else { if (!$reason_descr) { $reason_descr = _('This project\'s administrator will have to grant you permission to view this page.'); } exit_error(_('Permission denied.'), $reason_descr); } }
function exit_permission_denied() { global $feedback, $Language; if (UserManager::instance()->getCurrentUser()->isAnonymous()) { $GLOBALS['Response']->addFeedback('error', $Language->getText('include_exit', 'perm_denied')); $GLOBALS['Response']->addFeedback('error', $Language->getText('include_exit', 'no_perm')); if ($feedback) { $GLOBALS['Response']->addFeedback('error', $feedback); } exit_not_logged_in(); } else { exit_error($Language->getText('include_exit', 'perm_denied'), $Language->getText('include_exit', 'no_perm') . '<p>' . $feedback); } }
*/ /* Project/Task Manager By Tim Perdue, Sourceforge, 11/99 Heavy rewrite by Tim Perdue April 2000 Total rewrite in OO and GForge coding guidelines 12/2002 by Tim Perdue */ require_once '../../env.inc.php'; require_once $gfwww . 'include/pre.php'; require_once $gfwww . 'pm/include/ProjectGroupHTML.class.php'; require_once $gfcommon . 'pm/ProjectGroupFactory.class.php'; require_once $gfcommon . 'pm/ProjectCategory.class.php'; if (!session_loggedin()) { exit_not_logged_in(); } $group_id = getIntFromRequest('group_id'); $group_project_id = getIntFromRequest('group_project_id'); if (!$group_id) { exit_no_group(); } $g =& group_get_object($group_id); if (!$g || !is_object($g)) { exit_no_group(); } elseif ($g->isError()) { exit_error('Error', $g->getErrorMessage()); } $perm =& $g->getPermission(session_get_user()); $update_cat = getStringFromRequest('update_cat'); $add_cat = getStringFromRequest('add_cat');
/** * session_require() - Convenience function to easily enforce permissions * * Calling page will terminate with error message if current user * fails checks. * * @param array Associative array specifying criteria * @return does not return if check is failed * */ function session_require($req) { if (!user_isloggedin()) { exit_not_logged_in(); //exit_permission_denied(); } if ($req['group']) { $group =& group_get_object($req['group']); if (!$group || !is_object($group)) { exit_error(_('Error'), _('Error creating group object')); } else { if ($group->isError()) { exit_error(_('Error'), $group->getErrorMessage()); } } $perm =& $group->getPermission(session_get_user()); if (!$perm || !is_object($perm)) { exit_error(_('Error'), _('Error creating permission object')); } else { if ($perm->isError()) { exit_error(_('Error'), $perm->getErrorMessage()); } } if ($req['admin_flags']) { //$query .= " AND admin_flags = '$req[admin_flags]'"; if (!$perm->isAdmin()) { exit_permission_denied(); } } else { if (!$perm->isMember()) { exit_permission_denied(); } } } else { if ($req['isloggedin']) { //no need to check as long as the check is present at top of function } else { exit_permission_denied(); } } }
/** * Hook to admin graphic reports * Used in www/tracker/admin/index.php * * @param params:hook parameters */ function tracker_graphic_report_admin($params) { $request = HTTPRequest::instance(); if ($request->valid(new Valid_WhiteList('func', array('reportgraphic'))) && $request->valid(new Valid_UInt('atid'))) { $func = $request->get('func'); $atid = $request->get('atid'); if ($func == 'reportgraphic') { require_once 'html-generators/GraphicEngineHtml.class.php'; require_once 'data-access/GraphOnTrackers_Report.class.php'; if (!user_isloggedin()) { exit_not_logged_in(); return; } $user_id = UserManager::instance()->getCurrentUser()->getId(); $geh = new graphicEngineHtml($atid, $user_id, $this->getThemePath()); if ($request->exist('create_report_graphic') && $request->get('rep_name')) { if ($GLOBALS['ath']->userIsAdmin() && $request->valid(new Valid_WhiteList('rep_scope', array('P', 'I')))) { $rep_scope = $request->get('rep_scope'); } else { $rep_scope = 'I'; } if ($report = GraphOnTrackers_Report::create($atid, $user_id, $request->get('rep_name'), $request->get('rep_desc'), $rep_scope)) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'new_created_report')); $GLOBALS['Response']->redirect('/tracker/admin/?func=reportgraphic&group_id=' . $report->getGroupId() . '&atid=' . $report->getAtid() . '&report_graphic_id=' . $report->getId()); } } else { $report_graphic_id = $request->getValidated('report_graphic_id', 'uint', 0); $gr = new GraphOnTrackers_Report($report_graphic_id); if ($gr->getScope() != 'P' || $GLOBALS['ath']->userIsAdmin()) { if ($request->exist('update_report')) { if ($request->valid(new Valid_String('rep_name')) && $request->valid(new Valid_String('rep_desc')) && $request->valid(new Valid_WhiteList('rep_scope', array('I', 'P')))) { $rep_name = $request->get('rep_name'); $rep_desc = $request->get('rep_desc'); $rep_scope = $request->get('rep_scope'); if ($rep_name != $gr->getName() || $rep_desc != $gr->getDescription() || $rep_scope != $gr->getScope()) { $gr->setName($rep_name); $gr->setDescription($rep_desc); $gr->setScope($rep_scope); $gr->setUserId(UserManager::instance()->getCurrentUser()->getId()); if ($gr->update()) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'updated_report')); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'not_updated_report') . ': ' . $gr->getErrorMessage()); } } } } else { if (is_array($request->get('delete_chart'))) { $chart_id_to_delete = (int) key($request->get('delete_chart')); $gr->deleteChart($chart_id_to_delete); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'updated_report')); $GLOBALS['Response']->redirect('/tracker/admin/?func=reportgraphic&group_id=' . $gr->getGroupId() . '&atid=' . $gr->getAtid() . '&report_graphic_id=' . $gr->getId()); } else { if ($request->exist('update_chart') && is_array($request->get('chart'))) { $row = $request->get('chart'); if (isset($row['id'])) { $chart_to_edit = $gr->getChart($row['id']); if ($chart_to_edit->update($row)) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'updated_report')); } } } else { if ($request->exist('edit_chart')) { $chart_to_edit = $gr->getChart((int) $request->get('edit_chart')); } else { if ($request->exist('add_chart')) { if ($chart = $gr->createChart($request->get('add_chart'))) { $GLOBALS['Response']->redirect('/tracker/admin/?func=reportgraphic&group_id=' . $gr->getGroupId() . '&atid=' . $gr->getAtid() . '&report_graphic_id=' . $gr->getId() . '&edit_chart=' . (int) $chart->getId()); } } else { if ($request->exist('delete_report_graphic')) { $gr->delete(); $report_graphic_id = null; $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'report_deleted')); } } } } } } } } $GLOBALS['ath']->adminHeader(array('title' => $GLOBALS['Language']->getText('plugin_graphontrackers_include_report', 'report_mgmt'), 'help' => 'TrackerAdministration.html#GraphTrackerReportSetting')); if ($request->exist('new_report_graphic')) { $geh->createReportForm(); } else { if ($report_graphic_id) { if (isset($chart_to_edit)) { $geh->showChartForm($chart_to_edit); } else { $geh->showReportForm($report_graphic_id); } } else { // Front page $reports = $geh->grf->getReportsAvailable($atid, user_getid()); $geh->showAvailableReports($reports); } } $GLOBALS['ath']->footer(null); exit; } } }
/** * session_require() - Convenience function to easily enforce permissions * * Calling page will terminate with error message if current user * fails checks. * * @param array Associative array specifying criteria * @return does not return if check is failed * */ function session_require($req) { if (!session_loggedin()) { exit_not_logged_in(); } if ($req['group']) { $group =& group_get_object($req['group']); if (!$group || !is_object($group)) { exit_error('Error', 'Could Not Get Group'); } elseif ($group->isError()) { exit_error('Error', $group->getErrorMessage()); } $perm =& $group->getPermission(session_get_user()); if (!$perm || !is_object($perm) || $perm->isError()) { exit_permission_denied(); } //don't really like this, but as admin_flags is not mandatory //I add @ to remove the warning if (@$req['admin_flags']) { if (!$perm->isAdmin()) { exit_permission_denied(); } } else { if (!$perm->isMember()) { exit_permission_denied(); } } } else { if ($req['isloggedin']) { //no need to check as long as the check is present at top of function } else { exit_permission_denied(); } } }
function updateArtifact($row, $data, $aid, &$errors, $notify = false) { global $Language; $ah = new Tracker_Html($this->ath, $aid); if (!$ah || !is_object($ah)) { exit_error($Language->getText('global', 'error'), $Language->getText('plugin_tracker_index', 'not_create_art')); } else { if ($ah->isError()) { exit_error($Language->getText('global', 'error'), $ah->getErrorMessage()); } else { // Check if users can update anonymously if (!user_isloggedin() && !$this->ath->allowsAnon()) { exit_not_logged_in(); } if (!$ah->Tracker->userIsAdmin()) { exit_permission_denied(); return; } $vfl = $this->prepareVfl($data, $artifact_depend_id, $add_cc, $cc_comment, $comments); //data control layer if (!$ah->handleUpdate($artifact_depend_id, 100, $changes, false, $vfl, true)) { exit_error($Language->getText('global', 'error'), ''); } if ($add_cc) { if (!$ah->updateCC($add_cc, $cc_comment)) { $errors .= $Language->getText('plugin_tracker_import_utils', 'problem_add_cc', $ah->getID()) . " "; } } $comments_ok = false; if ($comments) { if ($this->parseFollowUpComments($comments, $parsed_comments, $aid) && $parsed_comments && !empty($parsed_comments)) { $comments_ok = true; if (!$ah->addFollowUpComments($parsed_comments)) { $errors .= $Language->getText('plugin_tracker_import_utils', 'problem_insert_followup', $ah->getID()) . " "; $comments_ok = false; return false; } } else { return false; } } if ($notify && (count($changes) > 0 || $add_cc || $comments_ok)) { $agnf = new Tracker_NotificationsManager($this->ath); $ah->mailFollowupWithPermissions($agnf->getAllAddresses($this->ath->getID(), $update = true), $changes); } if (count($changes) > 0 || $add_cc || $comments_ok) { // Update the 'last_update_date' artifact field $res_last_up = $ah->update_last_update_date(); } } } return true; }
/** * Hook: Tracker admin "controller" * * @param $params * * @return void */ function tracker_graphic_report_admin($params) { $request = HTTPRequest::instance(); if ($request->getValidated('func', 'string') != 'date_field_notification') { return; } if (!user_isloggedin()) { exit_not_logged_in(); return; } if (!$params['ath']->userIsAdmin()) { exit_permission_denied(); return; } $field_id = $request->getValidated('field_id', 'uint'); $field = $params['art_field_fact']->getFieldFromId($field_id); if ($field && $field->isDateField() && !$field->isSpecial()) { if ($request->isPost()) { if ($request->existAndNonEmpty('delete_reminder')) { $tdrArtifactField = new TrackerDateReminder_ArtifactField(); $tdrArtifactField->deleteFieldReminderSettings($field->getID(), $params['ath']->getID()); } elseif (array_key_exists('submit_notif_settings', $_REQUEST) && $_REQUEST['submit_notif_settings']) { if ((!isset($_REQUEST['notified_users']) || isset($_REQUEST['notified_users']) && $_REQUEST['notified_users'] == NULL) && _(!isset($_REQUEST['notified_groups']) || isset($_REQUEST['notified_groups']) && $_REQUEST['notified_groups'] == NULL)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notified_users')); } else { if (count($_REQUEST['notified_users']) == 1 && $_REQUEST['notified_users'][0] == 100 && count($_REQUEST['notified_groups']) == 1 && $_REQUEST['notified_groups'][0] == 100) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notified_users')); } else { if (!isset($_REQUEST['start']) || isset($_REQUEST['start']) && $_REQUEST['start'] == NULL) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notification_start')); } else { if (!ereg("^[0-9]+\$", $_REQUEST['start']) || $_REQUEST['start'] < 0) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'positive_value')); } else { if (!isset($_REQUEST['frequency']) || isset($_REQUEST['frequency']) && ($_REQUEST['frequency'] == NULL || $_REQUEST['frequency'] == 0)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notification_frequency')); } else { if (!ereg("^[0-9]+\$", $_REQUEST['frequency']) || $_REQUEST['frequency'] < 0) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'positive_value')); } else { if (!isset($_REQUEST['recurse']) || isset($_REQUEST['recurse']) && ($_REQUEST['recurse'] == NULL || $_REQUEST['recurse'] == 0)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'specify_notification_recurse')); } else { if (!ereg("^[0-9]+\$", $_REQUEST['recurse']) || $_REQUEST['recurse'] < 0) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'positive_value')); } else { //merge notified_users and notified_groups into one array $notified = array(); if (isset($_REQUEST['notified_users'])) { foreach ($_REQUEST['notified_users'] as $u) { if ($u != 100) { $notified[] = $u; } } } if (isset($_REQUEST['notified_groups'])) { foreach ($_REQUEST['notified_groups'] as $gr) { if ($gr != 100) { $notified[] = $gr; } } } // now update the reminder settings $tdrArtifactField = new TrackerDateReminder_ArtifactField(); $res = $tdrArtifactField->updateDateFieldReminderSettings($params['ath'], $field, $params['ath']->getID(), $_REQUEST['start'], $_REQUEST['notif_type'], $_REQUEST['frequency'], $_REQUEST['recurse'], $notified); if ($res) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'notif_update_success', array($field->getLabel()))); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'notif_update_fail', array($field->getLabel()))); } } } } } } } } } } } $params['ath']->adminHeader(array('title' => $GLOBALS['Language']->getText('plugin_tracker_date_reminder', 'admin_date_field_notif'), 'help' => 'tracker.html#email-notification-settings')); echo '<H2>' . $GLOBALS['Language']->getText('tracker_import_admin', 'tracker') . ' \'<a href="/tracker/admin/?group_id=' . $params['ath']->Group->getID() . '&atid=' . $params['ath']->getID() . '">' . $params['ath']->getName() . '</a>\' - ' . $GLOBALS['Language']->getText('tracker_include_type', 'mail_notif') . '</h2>'; $tdrArtifactFieldHtml = new TrackerDateReminder_ArtifactFieldHtml(); $tdrArtifactFieldHtml->displayDateFieldNotificationSettings($params['ath'], $field); $params['ath']->footer(array()); exit; } }