function session_require($req) { global $Language; /* Codendi admins always return true */ if (user_is_super_user()) { return true; } if (isset($req['group']) && $req['group']) { $query = "SELECT user_id FROM user_group WHERE user_id=" . user_getid() . " AND group_id=" . db_ei($req['group']); if (isset($req['admin_flags']) && $req['admin_flags']) { $query .= " AND admin_flags = '" . db_escape_string($req['admin_flags']) . "'"; } if (db_numrows(db_query($query)) < 1 || !$req['group']) { exit_error($Language->getText('include_session', 'insufficient_g_access'), $Language->getText('include_session', 'no_perm_to_view')); } } elseif (isset($req['user']) && $req['user']) { if (user_getid() != $req['user']) { exit_error($Language->getText('include_session', 'insufficient_u_access'), $Language->getText('include_session', 'no_perm_to_view')); } } elseif (isset($req['isloggedin']) && $req['isloggedin']) { if (!user_isloggedin()) { exit_error($Language->getText('include_session', 'required_login'), $Language->getText('include_session', 'login')); } } else { exit_error($Language->getText('include_session', 'insufficient_access'), $Language->getText('include_session', 'no_access')); } }
/** * return a resultset of Group * * @return resultset */ function getAllGroups() { global $Language; if (user_isloggedin()) { // For surperuser), we can see all the trackers (both public and non public) if (user_is_super_user()) { $access_condition = ''; } else { $access_condition = " AND access != '" . db_es(Project::ACCESS_PRIVATE) . "' "; } } else { if (isset($GLOBALS['Language'])) { $this->setError($Language->getText('include_exit', 'perm_denied')); } return false; } $sql = "SELECT group_id,group_name,unix_group_name FROM groups\n\t\t\tWHERE group_id <> 100 AND status = 'A'\n\t\t\t{$access_condition}\n\t\t\tORDER BY group_name ASC"; //echo $sql; $result = db_query($sql); $rows = db_numrows($result); if (!$result || $rows < 1) { if (isset($GLOBALS['Language'])) { $this->setError($Language->getText('include_common_groupfactory', 'none_found', db_error())); } return false; } return $result; }
function do_edit() { global $feedback; $request =& HTTPRequest::instance(); // Sanity check if (!$request->get('group_id') || !$request->get('reference_id')) { exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('project_reference', 'missing_parameter')); } $reference_manager =& ReferenceManager::instance(); $force = $request->get('force'); $su = false; if (user_is_super_user()) { $su = true; } else { $force = false; } // Load existing reference from DB $ref =& $reference_manager->loadReference($request->get('reference_id'), $request->get('group_id')); if ($ref->isSystemReference() && $ref->getGroupId() != 100) { // Only update is_active field if ($ref->isActive() != $request->get('is_used')) { $reference_manager->updateIsActive($ref, $request->get('is_used')); } } else { if (!$su) { // Only a server admin may define a service_id $service_short_name = ""; } else { if ($request->get('service_short_name') == 100) { // none $service_short_name = ""; } else { $service_short_name = $request->get('service_short_name'); } } $old_keyword = $ref->getKeyword(); //Update table 'reference' $new_ref = new Reference($request->get('reference_id'), $request->get('keyword'), $request->get('description'), $request->get('link'), $ref->getScope(), $service_short_name, $request->get('nature'), $request->get('is_used'), $request->get('group_id')); $result = $reference_manager->updateReference($new_ref, $force); if (!$result) { exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('project_reference', 'edit_fail', db_error())); } else { if ($old_keyword != $request->get('keyword')) { //Update table 'cross_reference' $reference_dao = $this->getCrossReferenceDao(); $result = $reference_dao->updateTargetKeyword($old_keyword, $request->get('keyword'), $request->get('group_id')); $result2 = $reference_dao->updateSourceKeyword($old_keyword, $request->get('keyword'), $request->get('group_id')); //Update table 'artifact_group_list' $reference_dao = $this->getArtifactGroupListDao(); $result = $reference_dao->updateItemName($request->get('group_id'), $old_keyword, $request->get('keyword')); } } } }
function snippet_data_can_modify_snippet_package($snippet_package_id) { if (user_is_super_user()) { return true; } else { $sql = "SELECT submitted_by FROM snippet_package_version WHERE snippet_package_id='{$snippet_package_id}'"; $result = db_query($sql); while ($resrow = db_fetch_array($result)) { if ($resrow['submitted_by'] == user_getid()) { return true; break; } } } return false; }
function edit() { global $sys_default_domain, $Language; $request =& HTTPRequest::instance(); $group_id = $request->get('group_id'); $purifier = Codendi_HTMLPurifier::instance(); $pm = ProjectManager::instance(); $project = $pm->getProject($group_id); $refid = $request->get('reference_id'); if (!$refid) { exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('project_reference', 'missing_parameter')); } $referenceManager =& ReferenceManager::instance(); $ref =& $referenceManager->loadReference($refid, $group_id); $su = false; if (user_is_super_user()) { $su = true; } $star = ' <font color="red">*</font>'; // "Read-only" -> can only edit reference availability (system reference) $ro = false; if ($ref->isSystemReference() && $ref->getGroupId() != 100) { $ro = true; $star = ""; } echo ' <h3>' . $Language->getText('project_reference', 'edit_r') . '</h3> <form name="form_create" method="post" action="/project/admin/reference.php?group_id=' . $group_id . '"> <input type="hidden" name="action" VALUE="do_edit"> <input type="hidden" name="view" VALUE="browse"> <input type="hidden" name="group_id" VALUE="' . $group_id . '"> <input type="hidden" name="reference_id" VALUE="' . $refid . '"> <table width="100%" cellspacing=0 cellpadding=3 border=0> <tr><td width="10%"><a href="#" title="' . $Language->getText('project_reference', 'r_keyword_desc') . '">' . $Language->getText('project_reference', 'r_keyword') . ':</a>' . $star . '</td> <td>'; if ($ro) { echo $purifier->purify($ref->getKeyWord()); } else { echo '<input type="text" name="keyword" size="25" maxlength="25" value="' . $purifier->purify($ref->getKeyWord()) . '">'; } echo '</td></tr>'; echo ' <tr><td><a href="#" title="' . $Language->getText('project_reference', 'r_desc_in_tooltip') . '">' . $Language->getText('project_reference', 'r_desc') . '</a>: </td> <td>'; if ($ro) { if ($ref->getDescription() == "reference_" . $ref->getKeyWord() . "_desc_key") { echo $purifier->purify($Language->getText('project_reference', $ref->getDescription())); } else { echo $purifier->purify($ref->getDescription()); } } else { echo '<input type="text" name="description" size="70" maxlength="255" value="' . $purifier->purify($ref->getDescription()) . '">'; } echo '</td></tr>'; echo ' <tr><td><a href="#" title="' . $Language->getText('project_reference', 'r_nature_desc') . '">' . $Language->getText('project_reference', 'r_nature') . '</a>: </td> <td>'; if ($ro) { echo $purifier->purify($ref->getNature()); } else { echo '<select name="nature" >'; foreach ($this->natures as $nature_key => $nature_desc) { if ($ref->getNature() == $nature_key) { $selected = 'selected="selected"'; } else { $selected = ''; } echo '<option value="' . $purifier->purify($nature_key) . '" ' . $selected . '>' . $purifier->purify($nature_desc['label']) . '</option>'; } echo '</select>'; } echo '</td></tr>'; echo ' <tr><td><a href="#" title="' . $Language->getText('project_reference', 'url') . '">' . $Language->getText('project_reference', 'r_link') . '</a>:' . $star . '</td> <td>'; if ($ro) { echo $purifier->purify($ref->getLink()); } else { echo '<input type="text" name="link" size="70" maxlength="255" value="' . $purifier->purify($ref->getLink()) . '"> '; echo help_button('project-admin.html#creating-or-updating-a-reference-pattern'); } echo '</td></tr>'; if ($group_id == 100) { echo ' <tr><td><a href="#" title="' . $Language->getText('project_reference', 'r_service_desc') . '">' . $Language->getText('project_reference', 'r_service') . '</a>:</td> <td>'; // Get list of services $result = db_query("SELECT * FROM service WHERE group_id=100 ORDER BY rank"); $serv_label = array(); $serv_short_name = array(); while ($serv = db_fetch_array($result)) { $label = $serv['label']; if ($label == "service_" . $serv['short_name'] . "_lbl_key") { $label = $Language->getText('project_admin_editservice', $label); } $serv_short_name[] = $serv['short_name']; $serv_label[] = $label; } echo html_build_select_box_from_arrays($serv_short_name, $serv_label, "service_short_name", $ref->getServiceShortName()); echo '</td></tr>'; echo ' <tr><td><a href="#" title="' . $Language->getText('project_reference', 'r_scope') . '">' . $Language->getText('project_reference', 'scope') . ':</a></td> <td><FONT size="-1">' . ($ref->getScope() == 'S' ? $Language->getText('project_reference', 'system') : $Language->getText('project_reference', 'project')) . '</FONT></td></tr>'; } echo ' <tr><td><a href="#" title="' . $Language->getText('project_reference', 'enabled_desc') . '">' . $Language->getText('project_reference', 'enabled') . ':</a> </td> <td><input type="CHECKBOX" NAME="is_used" VALUE="1"' . ($ref->isActive() ? " CHECKED" : '') . '></td></tr>'; if ($su) { echo '<tr><td><a href="#" title="' . $Language->getText('project_reference', 'force_desc') . '">' . $Language->getText('project_reference', 'force') . '</a> </td> <td><input type="CHECKBOX" NAME="force"></td></tr>'; } echo ' </table> <P><INPUT type="submit" name="Create" value="' . $Language->getText('global', 'btn_update') . '"> </form>'; if (!$ro) { echo '<p>' . $star . ': ' . $Language->getText('project_reference', 'fields_required') . '</p>'; } }
} display_service_creation_form($group_id, $is_superuser); } else { $service_id = $request->getValidated('service_id', 'uint', 0); if (!$service_id) { exit_error('ERROR', 'Service Id was not specified '); } $sql = "SELECT * FROM service WHERE group_id={$group_id} AND service_id={$service_id}"; $result = db_query($sql); if (db_numrows($result) < 1) { exit_error($Language->getText('global', 'error'), $Language->getText('project_admin_editservice', 's_not_exist', $service_id)); } $service = db_fetch_array($result); $readonly = false; $is_superuser = true; if (!user_is_super_user()) { $is_superuser = false; if (!$service['is_active']) { exit_error($Language->getText('project_admin_editservice', 'forbidden'), $Language->getText('project_admin_editservice', 'no_access_inactive_s')); } if ($service['scope'] == "system") { // Display service as read-only $readonly = true; } } if (!ServiceManager::instance()->isServiceAllowedForProject($project, $service_id)) { exit_error('ERROR', $GLOBALS['Language']->getText('project_admin_servicebar', 'not_allowed')); } display_service_configuration_form($group_id, $service_id, $service, $readonly, $is_superuser); } project_admin_footer(array());
/** * special install function * */ function install() { if ($this->gid == 1) { if (!user_is_super_user()) { exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('plugin_phpwiki_lib_wikipagewrap', 'right_error')); } } $we = new PHPWikiEntry(); $we->setGid($this->gid); $we->setLanguage_id($_REQUEST['language_id']); $name_fr = "Page d'accueil"; $page_fr = "PageAccueil"; $desc_fr = "Document initial du Wiki"; $name_en = "Home Page"; $page_en = "HomePage"; $desc_en = "Initial wiki document"; switch ($we->getLanguage_id()) { // English case 'en_US': define('WIKI_PGSRC', 'codendipgsrc'); define('DEFAULT_WIKI_PGSRC', PHPWIKI_SRC_PATH . '/codendipgsrc'); $we->setName($name_en); $we->setPage($page_en); $we->setDesc($desc_en); break; // French // French case 'fr_FR': define('WIKI_PGSRC', 'pgsrc'); define('DEFAULT_WIKI_PGSRC', PHPWIKI_SRC_PATH . '/locale/fr/pgsrc'); $we->setName($name_fr); $we->setPage($page_fr); $we->setDesc($desc_fr); break; default: define('WIKI_PGSRC', 'codendipgsrc'); define('DEFAULT_WIKI_PGSRC', PHPWIKI_SRC_PATH . '/codendipgsrc'); $we->setName($name_en); $we->setPage($page_en); $we->setDesc($desc_en); } $we->add(); $this->render(); }
/** * Function svn_utils_check_access : check if the user $username can access the path $svnpath of the project $gname * regarding the global arrays $SVNACCESS and $SVNGROUPS. * * @param string $username the login name of the user we want to check the perms * @param string $project_svnroot the unix name of the group (project) * @param string $svnpath the subversion path to check * @global array $SVNACCESS the array populated with the rights for each user for this project $gname * @global array $SVNGROUPS the array populated with the members of each ugroup of this project * * Warning: * The code source of this function is writing in Python too. * If you modify part of this code, thanks to check if * the corresponding Python code needs to be updated too. * (see src/utils/svn/svnaccess.py) */ function svn_utils_check_access($username, $project_svnroot, $svnpath) { global $SVNACCESS; if (user_getname() == $username && user_is_super_user()) { return true; } $em =& EventManager::instance(); $em->processEvent('svn_check_access_username', array('username' => &$username, 'project_svnroot' => $project_svnroot)); $username = strtolower($username); if ($SVNACCESS == "None") { svn_utils_parse_access_file($project_svnroot); } $perm = ''; $path = '/' . $svnpath; while (true) { if (array_key_exists($username, $SVNACCESS) && array_key_exists($path, $SVNACCESS[$username])) { $perm = $SVNACCESS[$username][$path]; //echo "match: SVNACCESS[$username][$path] $perm"; break; } else { if (array_key_exists('*', $SVNACCESS) && array_key_exists($path, $SVNACCESS['*'])) { $perm = $SVNACCESS['*'][$path]; //echo "match: SVNACCESS[*][$path] $perm"; break; } else { // see if it maches higher in the path if ($path == '/') { break; } $idx = strrpos($path, '/'); if ($idx == 0) { $path = '/'; } else { $path = substr($path, 0, $idx); } } } } if (strpos($perm, 'r') === false) { return false; } else { return true; } }
/** * @return Widget */ public static function getInstance($widget_name) { $o = null; switch ($widget_name) { case 'mysurveys': $o = new Widget_MySurveys(); break; case 'myprojects': $o = new Widget_MyProjects(); break; case 'mybookmarks': $o = new Widget_MyBookmarks(); break; case 'mymonitoredforums': $o = new Widget_MyMonitoredForums(); break; case 'mymonitoredfp': $o = new Widget_MyMonitoredFp(); break; case 'mylatestsvncommits': $o = new Widget_MyLatestSvnCommits(); break; case 'myartifacts': $o = new Widget_MyArtifacts(); break; case 'myrss': $o = new Widget_MyRss(); break; case 'mytwitterfollow': $o = new Widget_MyTwitterFollow(); break; //case 'mywikipage': //not yet // $o = new Widget_MyWikiPage(); // break; //case 'mywikipage': //not yet // $o = new Widget_MyWikiPage(); // break; case 'myimageviewer': $o = new Widget_MyImageViewer(); break; case 'myadmin': if (user_is_super_user()) { //This widget is only for super admin $o = new Widget_MyAdmin(); } break; case 'mysystemevent': if (user_is_super_user()) { //This widget is only for super admin $o = new Widget_MySystemEvent(); } break; case 'projectdescription': $o = new Widget_ProjectDescription(); break; case 'projectclassification': $o = new Widget_ProjectClassification(); break; case 'projectmembers': $o = new Widget_ProjectMembers(); break; case 'projectlatestfilereleases': $o = new Widget_ProjectLatestFileReleases(); break; case 'projectlatestnews': $o = new Widget_ProjectLatestNews(); break; case 'projectpublicareas': $o = new Widget_ProjectPublicAreas(); break; case 'projectrss': $o = new Widget_ProjectRss(); break; case 'projecttwitterfollow': $o = new Widget_ProjectTwitterFollow(); break; case 'projectsvnstats': $o = new Widget_ProjectSvnStats(); break; //case 'projectwikipage': //not yet // $o = new Widget_ProjectWikiPage(); // break; //case 'projectwikipage': //not yet // $o = new Widget_ProjectWikiPage(); // break; case 'projectlatestsvncommits': $o = new Widget_ProjectLatestSvnCommits(); break; case 'projectlatestcvscommits': $o = new Widget_ProjectLatestCvsCommits(); break; case 'projectimageviewer': $o = new Widget_ProjectImageViewer(); break; default: $em = EventManager::instance(); $em->processEvent('widget_instance', array('widget' => $widget_name, 'instance' => &$o)); break; } if (!$o || !is_a($o, 'Widget')) { $o = null; } return $o; }
$arh->fetchData($update_default); if ($arh->scope == 'P' && $ath->userIsAdmin()) { $arh->updateDefaultReport(); $GLOBALS['Response']->addFeedback('info', $Language->getText('tracker_admin_index', 'update_success')); } } } } if ($request->getValidated('new_report')) { $arh->createReportForm(); } else { if ($request->getValidated('show_report')) { if ($arh->scope == 'P' && !$ath->userIsAdmin()) { exit_permission_denied(); } if ($arh->scope == 'S' && !user_is_super_user()) { exit_permission_denied(); } $arh->showReportForm(); } else { // Front page $reports = $arh->getReports($atid, user_getid()); $arh->showAvailableReports($reports); } } $ath->footer(array()); break; case 'canned': if (!user_isloggedin()) { exit_not_logged_in(); return;
/** * * Method of easily enforcing permissions * Page will terminate with error message if you fail checks * */ function session_require($req) { if (!user_isloggedin()) { exit_permission_denied(); } /* SF Admins always have permission */ if (user_is_super_user()) { return true; } if ($req['group']) { $group =& group_get_object($req['group']); if (!$group) { exit_no_group(); } if ($req['admin_flags']) { //$query .= " AND admin_flags = '$req[admin_flags]'"; if (!$group->userIsAdmin()) { exit_permission_denied(); } } else { if (!$group->userIsMember()) { exit_permission_denied(); } } } else { if ($req['isloggedin']) { //no need to check as long as the check is present at top of function } else { exit_permission_denied(); } } }
function menu_print_sidebar($params) { if (!user_isloggedin()) { echo menu_notloggedin(); if (!$GLOBALS['sys_allow_anon']) { return; } } else { echo menu_loggedin($params['title']); } // LJ Site Admin menu added here if (user_is_super_user()) { echo menu_site_admin(); } echo menu_software(); echo menu_site(); //search menu echo menu_search(); ?> <div align="center"> <?php echo $GLOBALS['HTML']->getOsdnNavDropdown(); ?> </div> <?php }
/** * userCanSubmit - determine if the user can submit an artifact (if he can submit a field). * Note that if there is no group explicitely auhtorized, access is denied (don't check default values) * * @param $my_user_id if not specified, use the current user id.. * @return boolean user_can_submit. */ function userCanSubmit($my_user_id = 0) { if (!$my_user_id) { // Super-user has all rights... if (user_is_super_user()) { return true; } $my_user_id = user_getid(); } else { $u = UserManager::instance()->getUserById($my_user_id); if ($u->isSuperUser()) { return true; } } // Select submit permissions for all fields $sql = "SELECT ugroup_id \n FROM permissions \n WHERE permission_type='TRACKER_FIELD_SUBMIT' \n AND object_id LIKE '" . db_ei($this->getID()) . "#%' \n GROUP BY ugroup_id"; $res = db_query($sql); if (db_numrows($res) > 0) { while ($row = db_fetch_array($res)) { // should work even for anonymous users if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->Group->getID(), $this->getID())) { return true; } } } return false; }
/** * _currentUserCanUpdateLayout * * @return boolean true if the user dan uppdate the layout (add/remove widget, collapse, set preferences, ...) * @param owner_id * @param owner_type */ function _currentUserCanUpdateLayout($owner_id, $owner_type) { $readonly = true; $request = HTTPRequest::instance(); switch ($owner_type) { case self::OWNER_TYPE_USER: if (user_getid() == $owner_id) { //Current user can only update its own /my/ page $readonly = false; } break; case self::OWNER_TYPE_GROUP: if (user_is_super_user() || user_ismember($request->get('group_id'), 'A')) { //Only project admin $readonly = false; } break; case self::OWNER_TYPE_HOME: //Only site admin break; default: break; } return !$readonly; }
function _getProjectTabs($toptab, &$project) { global $sys_default_domain; $pm = ProjectManager::instance(); $tabs = array(); $group_id = $project->getGroupId(); reset($project->service_data_array); while (list($short_name, $service_data) = each($project->service_data_array)) { if ((string) $short_name == "admin") { // for the admin service, we will check if the user is allowed to use the service // it means : 1) to be a super user, or // 2) to be project admin if (!user_is_super_user()) { if (!user_isloggedin()) { continue; // we don't include the service in the $tabs } else { if (!user_ismember($group_id, 'A')) { continue; // we don't include the service in the $tabs } } } } if (!$service_data['is_used']) { continue; } if (!$service_data['is_active']) { continue; } // Get URL, and eval variables //$project->services[$short_name]->getUrl(); <- to use when service will be fully served by satellite if ($service_data['is_in_iframe']) { $link = '/service/?group_id=' . $group_id . '&id=' . $service_data['service_id']; } else { $link = $service_data['link']; } if ($group_id == 100) { if (strstr($link, '$projectname')) { // NOTE: if you change link variables here, change them also in src/common/project/RegisterProjectStep_Confirmation.class.php and src/www/project/admin/servicebar.php // Don't check project name if not needed. // When it is done here, the service bar will not appear updated on the current page $link = str_replace('$projectname', $pm->getProject($group_id)->getUnixName(), $link); } $link = str_replace('$sys_default_domain', $GLOBALS['sys_default_domain'], $link); if ($GLOBALS['sys_force_ssl']) { $sys_default_protocol = 'https'; } else { $sys_default_protocol = 'http'; } $link = str_replace('$sys_default_protocol', $sys_default_protocol, $link); $link = str_replace('$group_id', $group_id, $link); } $enabled = is_numeric($toptab) && $toptab == $service_data['service_id'] || $short_name && $toptab == $short_name; $hp =& Codendi_HTMLPurifier::instance(); if ($short_name == 'summary') { // Add a default tab to explain project privacy if ($project->isPublic()) { $privacy = 'public'; } else { $privacy = 'private'; } $label = '<span class="project_privacy_' . $privacy . '">['; $label .= $GLOBALS['Language']->getText('project_privacy', $privacy); $label .= ']</span>'; // Javascript for project privacy tooltip $js = "\ndocument.observe('dom:loaded', function() {\n \$\$('span[class=project_privacy_private], span[class=project_privacy_public]').each(function (span) {\n var type = span.className.substring('project_privacy_'.length, span.className.length);\n codendi.Tooltips.push(new codendi.Tooltip(span, '/project/privacy.php?project_type='+type));\n });\n});\n"; $this->includeFooterJavascriptSnippet($js); $label .= ' ' . $hp->purify(util_unconvert_htmlspecialchars($project->getPublicName()), CODENDI_PURIFIER_CONVERT_HTML) . ' »'; } else { $label = $hp->purify($service_data['label']); } $tabs[] = array('link' => $link, 'icon' => null, 'label' => $label, 'enabled' => $enabled, 'description' => $hp->purify($service_data['description'])); } return $tabs; }
} if ($good) { if ($request->exist('name')) { $param = $request->get('name'); $name = array_pop(array_keys($param)); $instance_id = (int) $param[$name]; if ($widget =& Widget::getInstance($name)) { if ($widget->isAvailable()) { switch ($request->get('action')) { case 'rss': $widget->displayRss(); exit; break; case 'update': if ($layout_id = (int) $request->get('layout_id')) { if ($owner_type == WidgetLayoutManager::OWNER_TYPE_USER || user_ismember($group_id, 'A') || user_is_super_user()) { if ($request->get('cancel') || $widget->updatePreferences($request)) { $lm->hideWidgetPreferences($owner_id, $owner_type, $layout_id, $name, $instance_id); } } } break; case 'ajax': if ($widget->isAjax()) { $widget->loadContent($instance_id); echo $widget->getContent(); //Layout::showDebugInfo(); exit; } break; case 'iframe':
/** * Check if the current user is allowed to change permissions, depending on the permission_type * * @param Integer $group_id Id of the project * @param String $permission_type Type of the permission * @param Boolean $object_id Object on which permission is applied * * @return Boolean */ function permission_user_allowed_to_change($group_id, $permission_type, $object_id = 0) { // Super-user and project admin has all rights... $user = UserManager::instance()->getCurrentUser(); if (user_is_super_user() || $user->isMember($group_id, 'A')) { return true; } if ($permission_type == 'NEWS_READ') { //special case : if user has write (or admin) perms on News, he can submit news ==> he can submit private news ==> he can define news perms return user_ismember($group_id, 'N1') || user_ismember($group_id, 'N2'); } else { if ($permission_type == 'PACKAGE_READ') { return user_ismember($group_id, 'R2'); } else { if ($permission_type == 'RELEASE_READ') { return user_ismember($group_id, 'R2'); } else { if ($permission_type == 'DOCGROUP_READ') { return user_ismember($group_id, 'D2'); } else { if ($permission_type == 'DOCUMENT_READ') { return user_ismember($group_id, 'D2'); } else { if ($permission_type == 'WIKI_READ') { return user_ismember($group_id, 'W2'); } else { if ($permission_type == 'WIKIPAGE_READ') { return user_ismember($group_id, 'W2'); } else { if ($permission_type == 'WIKIATTACHMENT_READ') { return user_ismember($group_id, 'W2'); } else { if (strpos($permission_type, 'TRACKER') === 0) { // Starts with 'TRACKER' $pm = ProjectManager::instance(); $group = $pm->getProject($group_id); //The object_id stored in the permission table when permission_type ='TRACKER_ARTIFACT_ACCESS' //corresponds to the artifact_id if ($permission_type == 'TRACKER_ARTIFACT_ACCESS') { $sql = 'SELECT group_artifact_id from artifact WHERE artifact_id = ' . db_ei($object_id); $res = db_query($sql); if ($res && db_numrows($res) == 1) { $row = db_fetch_array($res); $object_id = $row['group_artifact_id']; } else { return false; } } $at = new ArtifactType($group, (int) $object_id); return $at->userIsAdmin(); } else { $em =& EventManager::instance(); $allowed = false; $em->processEvent('permission_user_allowed_to_change', array('group_id' => $group_id, 'permission_type' => $permission_type, 'object_id' => $object_id, 'allowed' => &$allowed)); return $allowed; } } } } } } } } } }
while ($row_trovecat = db_fetch_array($res_trovecat)) { print '<LI>' . $row_trovecat['fullpath'] . ' ' . help_button('trove_cat', $row_trovecat['trove_cat_id']) . "\n"; } print ' </UL> <P align="center"> <A href="/project/admin/group_trove.php?group_id=' . $group_id . '">' . '<B>' . $Language->getText('project_admin_index', 'edit_trove_cat') . '</B></A> '; } // list all possible project types // get current information $template =& TemplateSingleton::instance(); print ' <HR NoShade SIZE="1"> <P>'; if (user_is_super_user()) { print '<TABLE WIDTH="100%" BORDER="0"> <TR> <TD><B>' . $Language->getText('project_admin_index', 'group_type') . ' ' . help_button('project-admin.html#project-type') . ' : </B> <FORM action="?" method="post"> <INPUT TYPE="HIDDEN" NAME="func" VALUE="change_group_type"> <INPUT TYPE="HIDDEN" NAME="group_id" VALUE="' . $group_id . '"></TD> <TD valign="top">' . $template->showTypeBox('form_project_type', $group->getType()) . ' <INPUT type="submit" name="Update" value="' . $Language->getText('global', 'btn_update') . '"> </FORM></TD> </TR> </TABLE> '; } else { print '<B>' . $Language->getText('project_admin_index', 'group_type') . ' ' . help_button('project-admin.html#project-type') . ' : ' . $template->getLabel($group->getType()) . '</B>'; }
function _getProjectTabs($toptab, &$project) { global $sys_default_domain; $pm = ProjectManager::instance(); $tabs = array(); $group_id = $project->getGroupId(); $user = UserManager::instance()->getCurrentUser(); if ($this->restrictedMemberIsNotProjectMember($user, $group_id)) { $allowed_services = array('summary'); $this->getEventManager()->processEvent(Event::GET_SERVICES_ALLOWED_FOR_RESTRICTED, array('allowed_services' => &$allowed_services)); } foreach ($project->getServicesData() as $short_name => $service_data) { if ((string) $short_name == "admin") { // for the admin service, we will check if the user is allowed to use the service // it means : 1) to be a super user, or // 2) to be project admin if (!user_is_super_user()) { if (!user_isloggedin()) { continue; // we don't include the service in the $tabs } else { if (!user_ismember($group_id, 'A')) { continue; // we don't include the service in the $tabs } } } } $permissions_overrider = PermissionsOverrider_PermissionsOverriderManager::instance(); if (!$this->isProjectSuperPublic($group_id) && $this->restrictedMemberIsNotProjectMember($user, $group_id) && !$permissions_overrider->doesOverriderAllowUserToAccessProject($user, $project)) { if (!in_array($short_name, $allowed_services)) { continue; } } if (!$service_data['is_used']) { continue; } if (!$service_data['is_active']) { continue; } $hp = Codendi_HTMLPurifier::instance(); // Get URL, and eval variables //$project->services[$short_name]->getUrl(); <- to use when service will be fully served by satellite if ($service_data['is_in_iframe']) { $link = '/service/?group_id=' . $group_id . '&id=' . $service_data['service_id']; } else { $link = $hp->purify($service_data['link']); } if ($group_id == 100) { if (strstr($link, '$projectname')) { // NOTE: if you change link variables here, change them also in src/common/project/RegisterProjectStep_Confirmation.class.php and src/www/project/admin/servicebar.php // Don't check project name if not needed. // When it is done here, the service bar will not appear updated on the current page $link = str_replace('$projectname', $pm->getProject($group_id)->getUnixName(), $link); } $link = str_replace('$sys_default_domain', $GLOBALS['sys_default_domain'], $link); if ($GLOBALS['sys_force_ssl']) { $sys_default_protocol = 'https'; } else { $sys_default_protocol = 'http'; } $link = str_replace('$sys_default_protocol', $sys_default_protocol, $link); $link = str_replace('$group_id', $group_id, $link); } $enabled = is_numeric($toptab) && $toptab == $service_data['service_id'] || $short_name && $toptab == $short_name; if ($short_name == 'summary') { $label = '<span>'; if (ForgeConfig::get('sys_display_project_privacy_in_service_bar')) { // Add a default tab to explain project privacy if ($project->isPublic()) { $privacy = 'public'; } else { $privacy = 'private'; } $privacy_text = $GLOBALS['Language']->getText('project_privacy', 'tooltip_' . $this->getProjectPrivacy($project)); $label .= '<span class="project-title-container project_privacy_' . $privacy . '" data-content="' . $privacy_text . '" data-placement="bottom">['; $label .= $GLOBALS['Language']->getText('project_privacy', $privacy); $label .= ']</span>'; $label .= ' '; } $label .= $hp->purify(util_unconvert_htmlspecialchars($project->getPublicName()), CODENDI_PURIFIER_CONVERT_HTML) . ' »</span>'; } else { $label = '<span title="' . $hp->purify($service_data['description']) . '">'; $label .= $hp->purify($service_data['label']) . '</span>'; } $name = $hp->purify($service_data['label']); $icon = $this->getServiceIcon($short_name); if (isset($service_data['icon'])) { $icon = $service_data['icon']; } $tabs[] = array('link' => $link, 'icon' => $icon, 'name' => $name, 'label' => $label, 'enabled' => $enabled, 'description' => $hp->purify($service_data['description']), 'id' => $hp->purify('sidebar-' . $short_name)); } return $tabs; }
/** * @return Widget */ public static function getInstance($widget_name) { $o = null; switch ($widget_name) { case 'mysurveys': $o = new Widget_MySurveys(); break; case 'myprojects': $o = new Widget_MyProjects(); break; case 'mybookmarks': $o = new Widget_MyBookmarks(); break; case 'mymonitoredforums': $o = new Widget_MyMonitoredForums(); break; case 'mymonitoredfp': $o = new Widget_MyMonitoredFp(); break; case 'mylatestsvncommits': $o = new Widget_MyLatestSvnCommits(); break; case 'myartifacts': $o = new Widget_MyArtifacts(); break; case 'myrss': $o = new Widget_MyRss(); break; //case 'mywikipage': //not yet // $o = new Widget_MyWikiPage(); // break; //case 'mywikipage': //not yet // $o = new Widget_MyWikiPage(); // break; case 'myimageviewer': $o = new Widget_MyImageViewer(); break; case 'myadmin': $user_is_super_user = user_is_super_user(); if (!$user_is_super_user) { $user = UserManager::instance()->getCurrentUser(); $forge_ugroup_permissions_manager = new User_ForgeUserGroupPermissionsManager(new User_ForgeUserGroupPermissionsDao()); $can_access = $forge_ugroup_permissions_manager->doesUserHavePermission($user, new User_ForgeUserGroupPermission_ProjectApproval()); } if ($user_is_super_user || $can_access) { //This widget is mainly for super admin $o = new Widget_MyAdmin($user_is_super_user); } break; case 'mysystemevent': if (user_is_super_user()) { //This widget is only for super admin $o = new Widget_MySystemEvent(); } break; case 'projectdescription': $o = new Widget_ProjectDescription(); break; case 'projectclassification': $o = new Widget_ProjectClassification(); break; case 'projectmembers': $o = new Widget_ProjectMembers(); break; case 'projectlatestfilereleases': $o = new Widget_ProjectLatestFileReleases(); break; case 'projectlatestnews': $o = new Widget_ProjectLatestNews(); break; case 'projectpublicareas': $o = new Widget_ProjectPublicAreas(); break; case 'projectrss': $o = new Widget_ProjectRss(); break; case 'projectsvnstats': $o = new Widget_ProjectSvnStats(); break; //case 'projectwikipage': //not yet // $o = new Widget_ProjectWikiPage(); // break; //case 'projectwikipage': //not yet // $o = new Widget_ProjectWikiPage(); // break; case 'projectlatestsvncommits': $o = new Widget_ProjectLatestSvnCommits(); break; case 'projectlatestcvscommits': $o = new Widget_ProjectLatestCvsCommits(); break; case 'projectimageviewer': $o = new Widget_ProjectImageViewer(); break; case 'projectcontacts': $o = new Widget_Contacts(); break; default: $em = EventManager::instance(); $em->processEvent('widget_instance', array('widget' => $widget_name, 'instance' => &$o)); break; } if (!$o || !is_a($o, 'Widget')) { $o = null; } return $o; }
// // SourceForge: Breaking Down the Barriers to Open Source Development // Copyright 1999-2000 (c) The SourceForge Crew // http://sourceforge.net // // require_once 'pre.php'; require_once 'my_utils.php'; require_once 'common/event/EventManager.class.php'; require_once 'common/widget/WidgetLayoutManager.class.php'; $hp = Codendi_HTMLPurifier::instance(); if (user_isloggedin()) { // If it's super user and license terms have not yet been agreed then redirect // to license agreement page if (user_is_super_user() && !license_already_displayed()) { session_redirect("/admin/approve_license.php"); } // Make sure this page is not cached because // it uses the exact same URL for all user's // personal page header("Cache-Control: no-cache, no-store, must-revalidate"); // for HTTP 1.1 header("Pragma: no-cache"); // for HTTP 1.0 if (browser_is_netscape4()) { $feedback .= $Language->getText('my_index', 'err_badbrowser'); } $title = $Language->getText('my_index', 'title', array($hp->purify(user_getrealname(user_getid()), CODENDI_PURIFIER_CONVERT_HTML) . ' (' . user_getname() . ')')); $GLOBALS['HTML']->includeJavascriptFile('/scripts/scriptaculous/scriptaculous.js'); my_header(array('title' => $title, 'body_class' => array('widgetable')));
/** * Remove user from all ugroups * * @return false if access rights are insufficient (need to be site admin) */ function ugroup_delete_user_from_all_ugroups($user_id) { if (!user_is_super_user()) { return false; } db_query("DELETE FROM ugroup_user WHERE user_id={$user_id}"); return true; }
switch ($owner_type) { case WidgetLayoutManager::OWNER_TYPE_USER: $owner_id = user_getid(); $layout_id = (int) $request->get('layout_id'); $redirect = '/my/'; $good = true; break; case WidgetLayoutManager::OWNER_TYPE_GROUP: $pm = ProjectManager::instance(); if ($project = $pm->getProject($owner_id)) { $group_id = $owner_id; $_REQUEST['group_id'] = $_GET['group_id'] = $group_id; $request->params['group_id'] = $group_id; //bad! $redirect = '/projects/' . $project->getUnixName() . '/'; if (!user_ismember($group_id, 'A') && !user_is_super_user()) { $GLOBALS['Response']->redirect($redirect); } $good = true; } break; default: break; } if ($good) { if (!$request->exist('layout_id')) { //Search the default one $layout_id = $lm->getDefaultLayoutId($owner_id, $owner_type); } else { $layout_id = (int) $request->get('layout_id'); }
<?php // // Codendi // Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved // http://www.codendi.com // // // // Originally written by Laurent Julliard 2004, Codendi Team, Xerox // require_once 'pre.php'; if (!(user_isloggedin() && user_is_super_user())) { exit_error('ERROR', $Language->getText('admin_approve_license', 'error')); } $legal_acceptance = $request->get('legal_acceptance'); $HTML->header(array('title' => $Language->getText('admin_approve_license', 'title', array($GLOBALS['sys_name'])))); if ($legal_acceptance == 'ACCEPT') { license_accepted(); echo license_msg_accepted(); } else { if ($legal_acceptance == 'DECLINE') { license_declined(); echo '<p><span class="highlight">' . license_msg_declined() . '</span></p>'; } else { echo '<FORM ACTION="' . $_SERVER['PHP_SELF'] . '" METHOD="POST" name="license_form">' . "\n<table><tr><td>\n"; // Preamble echo '<p>' . $Language->getText('admin_approve_license', 'msg_accept'); // display the license and the agree/disagree buttons include $Language->getContent('admin/license_terms'); echo '</td></tr>
/** * return a field for the given user. * * @protected **/ function _getFieldLabelAndValueForUser($group_id, $group_artifact_id, &$field, $user_id, $force_read_only = false) { $html = false; if ($field->userCanRead($group_id, $group_artifact_id, $user_id)) { $read_only = $force_read_only || !$field->userCanUpdate($group_id, $group_artifact_id, $user_id); // For multi select box, we need to retrieve all the values if ($field->isMultiSelectBox()) { $field_value = $field->getValues($this->getID()); } else { $field_value = $this->getValue($field->getName()); } $field_html = new ArtifactFieldHtml($field); $label = $field_html->labelDisplay(false, false, !$read_only); $label .= $field->isEmptyOk() ? '' : '<span class="highlight"><big>*</big></b></span>'; // original submission field must be displayed read-only, // except for site admin, tracker admin and for the artifact submitter if ($field->getName() == 'details') { if (user_is_super_user() || $this->ArtifactType->userIsAdmin() || $this->getSubmittedBy() == $user_id) { // original submission is editable $value = $field_html->display($this->ArtifactType->getID(), $field_value, false, false, $read_only); } else { $value = util_make_links($field_html->display($this->ArtifactType->getID(), $field_value, false, false, true), $group_id, $group_artifact_id); } } else { if ($field->getName() == 'submitted_by') { $value = util_user_link(user_getname($field_value)); } else { if ($field->getName() == 'open_date') { $value = format_date($GLOBALS['Language']->getText('system', 'datefmt'), $field_value); } else { if ($field->getName() == 'last_update_date') { $value = format_date($GLOBALS['Language']->getText('system', 'datefmt'), $field_value); } else { $value = $field_html->display($this->ArtifactType->getID(), $field_value, false, false, $read_only); if ($read_only) { $value = util_make_links($value, $group_id, $group_artifact_id); } } } } } $html = array('label' => $label, 'value' => $value); } return $html; }
switch ($owner_type) { case WidgetLayoutManager::OWNER_TYPE_USER: $owner_id = user_getid(); $title = $Language->getText('my_index', 'title', array($hp->purify(user_getrealname(user_getid()), CODENDI_PURIFIER_CONVERT_HTML) . ' (' . user_getname() . ')')); my_header(array('title' => $title, 'selected_top_tab' => '/my/')); $lm->displayAvailableWidgets(user_getid(), WidgetLayoutManager::OWNER_TYPE_USER, $layout_id); site_footer(array()); break; case WidgetLayoutManager::OWNER_TYPE_GROUP: $pm = ProjectManager::instance(); if ($project = $pm->getProject($owner_id)) { $group_id = $owner_id; $_REQUEST['group_id'] = $_GET['group_id'] = $group_id; $request->params['group_id'] = $group_id; //bad! if (user_ismember($group_id, 'A') || user_is_super_user()) { $title = $Language->getText('include_project_home', 'proj_info') . ' - ' . $project->getPublicName(); site_project_header(array('title' => $title, 'group' => $group_id, 'toptab' => 'summary')); $lm->displayAvailableWidgets($group_id, WidgetLayoutManager::OWNER_TYPE_GROUP, $layout_id); site_footer(array()); } else { $GLOBALS['Response']->redirect('/projects/' . $project->getUnixName() . '/'); } } break; default: break; } } } } else {
/** * Display the field values list for a field * * @param field_id: the field id * * @return void */ function displayFieldValuesList($field_id) { global $ath, $art_field_fact, $Language; $hp = Codendi_HTMLPurifier::instance(); $field = $art_field_fact->getFieldFromId($field_id); if (!$field) { return; } $values = $field->getFieldValues($this->getID(), array('A', 'P')); $rows = db_numrows($values); if (!$values || $rows == 0) { echo "\n<H3>" . $Language->getText('tracker_include_type', 'no_values') . "</H3>"; return; } else { echo '<h3>' . $Language->getText('tracker_include_type', 'exist_values') . '</h3>'; echo '<p>' . $Language->getText('tracker_include_report', 'mod'); } // Show all the fields currently available in the system $i = 0; $title_arr = array(); if ($field->getName() == "severity") { $title_arr[] = $Language->getText('tracker_include_report', 'id'); } $title_arr[] = $Language->getText('tracker_include_type', 'value_label'); $title_arr[] = $Language->getText('tracker_include_artifact', 'desc'); $title_arr[] = $Language->getText('tracker_include_type', 'rank'); $title_arr[] = $Language->getText('global', 'status'); $title_arr[] = $Language->getText('tracker_include_canned', 'delete'); echo html_build_list_table_top($title_arr); // Build HTML ouput for Used fields $iu = 0; $html = ""; while ($row = db_fetch_array($values)) { $rank = $row['order_id'] ? $row['order_id'] : "-"; $status = $this->getLabelValueStatus($row['status']); $html .= '<TR class="' . util_get_alt_row_color($iu) . '">'; if ($field->getName() == "severity") { $html .= '<TD align="center">' . $hp->purify($row['value_id'], CODENDI_PURIFIER_CONVERT_HTML) . '</TD>'; } $html .= '<TD>'; if ($row['value_id'] != 100) { # Can't edit 'None' $html .= '<A HREF="?group_id=' . (int) $this->Group->getID() . "&atid=" . (int) $this->getID() . '&func=display_field_value&field_id=' . (int) $field->getID() . '&value_id=' . (int) $row['value_id'] . '">'; } $html .= $hp->purify(SimpleSanitizer::unsanitize($row['value']), CODENDI_PURIFIER_CONVERT_HTML); if ($row['value_id'] != 100) { # Can't edit 'None' $html .= '</A>'; } $html .= "</td>\n<td>" . $hp->purify(SimpleSanitizer::unsanitize($row['description']), CODENDI_PURIFIER_BASIC, $this->getGroupId()) . '</td>' . "\n<td align =\"center\">" . $hp->purify($rank, CODENDI_PURIFIER_CONVERT_HTML) . '</td>' . "\n<td align =\"center\">" . $hp->purify($status, CODENDI_PURIFIER_CONVERT_HTML) . '</td>'; if (($row['status'] == "P" || $field->getName() == "severity") && !user_is_super_user()) { // Unable to delete Permanent values, except for values in the tracker templates (for Codendi admins) $html .= "\n<td align =\"center\">-</td>"; } else { $html .= "\n<td align =\"center\"><a href=\"/tracker/admin/?func=value_delete&group_id=" . (int) $this->Group->getID() . "&atid=" . (int) $this->getID() . "&field_id=" . (int) $field->getID() . "&value_id=" . (int) $row['value_id'] . "\"><img src=\"" . util_get_image_theme("ic/trash.png") . "\" border=\"0\" onClick=\"return confirm('" . $Language->getText('tracker_include_type', 'del_value') . "')\"></a></td>"; } $html .= "<TR>"; $iu++; } // Now print the HTML table if ($iu == 0) { echo '<tr><td colspan="4"><center><b>' . $Language->getText('tracker_include_type', 'no_active_val') . '</b></center></tr>' . $html; } else { echo '<tr><td colspan="4"><center><b>' . $Language->getText('tracker_include_type', 'active_val') . '</b></center></tr>' . $html; } // Build HTML ouput for Unused fields $iu = 0; $values = $field->getFieldValues($this->getID(), array('H')); $html = ""; while ($row = db_fetch_array($values)) { $rank = $row['order_id'] ? $row['order_id'] : "-"; $status = $this->getLabelValueStatus($row['status']); $html .= '<TR class="' . util_get_alt_row_color($iu) . '">'; if ($field->getName() == "severity") { $html .= '<TD align="center">' . (int) $row['value_id'] . '</TD>'; } $html .= '<TD><A HREF="?group_id=' . (int) $this->Group->getID() . "&atid=" . (int) $this->getID() . '&func=display_field_value&field_id=' . (int) $field->getID() . '&value_id=' . (int) $row['value_id'] . '">' . $row['value'] . '</A></td>' . "\n<td>" . $hp->purify($row['description'], CODENDI_PURIFIER_BASIC, $this->getGroupId()) . '</td>' . "\n<td align =\"center\">" . $hp->purify($rank, CODENDI_PURIFIER_CONVERT_HTML) . '</td>' . "\n<td align =\"center\">" . $hp->purify($status, CODENDI_PURIFIER_CONVERT_HTML) . '</td>'; if ($row['status'] == "P" || $field->getName() == "severity") { // Unable to delete Permanent values $html .= "\n<td align =\"center\">-</td>"; } else { $html .= "\n<td align =\"center\"><a href=\"/tracker/admin/?func=value_delete&group_id=" . (int) $this->Group->getID() . "&atid=" . (int) $this->getID() . "&field_id=" . (int) $field->getID() . "&value_id=" . (int) $row['value_id'] . "\"><img src=\"" . util_get_image_theme("ic/trash.png") . "\" border=\"0\" onClick=\"return confirm('" . $Language->getText('tracker_include_type', 'del_value') . "')\"></a>"; } $html .= "<TR>"; $iu++; } // Now print the HTML table if ($iu == 0) { echo '<tr><td colspan="4"><center><b>' . $Language->getText('tracker_include_type', 'no_hidden_val') . '</b></center></tr>' . $html; } else { echo '<tr><td colspan="4"><center><b>' . $Language->getText('tracker_include_type', 'hidden_val') . '</b></center></tr>' . $html; } echo '</TABLE>'; echo '<hr>'; }
} if (!$ath->userIsAdmin()) { exit_permission_denied(); return; } // Check if this tracker is valid (not deleted) if (!$ath->isValid()) { exit_error($Language->getText('global', 'error'), $Language->getText('tracker_add', 'invalid')); } $ath->adminHeader(array('title' => $Language->getText('tracker_admin_field_usage', 'tracker_admin') . $Language->getText('tracker_admin_field_values_details', 'values_admin'), 'help' => 'tracker-v3.html#browsing-tracker-field-values')); $hp = Codendi_HTMLPurifier::instance(); echo "<H2>" . $Language->getText('tracker_import_admin', 'tracker') . ' \'<a href="/tracker/admin/?group_id=' . (int) $group_id . "&atid=" . (int) $atid . '">' . $hp->purify(SimpleSanitizer::unsanitize($ath->getName()), CODENDI_PURIFIER_CONVERT_HTML) . "</a>'" . $Language->getText('tracker_admin_field_values_details', 'manage_for', $hp->purify(SimpleSanitizer::unsanitize($field->getLabel()), CODENDI_PURIFIER_CONVERT_HTML)) . "</H2>"; if (!$field->isSelectBox() && !$field->isMultiSelectBox()) { $ath->displayDefaultValueForm($field_id, $field->getDefaultValue()); } else { $val_func = $field->getValueFunction(); if (isset($val_func[0]) && $val_func[0]) { $ath->displayValueFunctionForm($field_id, $val_func); $ath->displayDefaultValueFunctionForm($field_id, $field->getDefaultValue(), $val_func); } else { $ath->displayFieldValuesList($field_id); $ath->displayDefaultValueForm($field_id, $field->getDefaultValue()); // For severity field, we don't display the Bind form or the Create Form if ($field->getName() != "severity" && $field->getName() != "status_id" || user_is_super_user()) { echo '<hr>'; $ath->displayFieldValueForm("value_create", $field_id); $ath->displayValueFunctionForm($field_id, NULL, $Language->getText('global', 'or')); } } } $ath->footer(array());