/** * Check membership of the user to a specified ugroup * $group_id is necessary for automatic project groups like project member, release admin, etc. * $atid is necessary for trackers since the tracker admin role is different for each tracker. * @return true if user is member of the ugroup, false otherwise. */ function ugroup_user_is_member($user_id, $ugroup_id, $group_id, $atid = 0) { $um =& UserManager::instance(); $user =& $um->getUserById($user_id); // Special Cases if ($ugroup_id == $GLOBALS['UGROUP_NONE']) { // Empty group return false; } else { if ($ugroup_id == $GLOBALS['UGROUP_ANONYMOUS']) { // Anonymous user return true; } else { if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED']) { // Registered user return $user_id != 0; } else { if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_MEMBERS']) { // Project members if ($user->isMember($group_id)) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_FILE_MANAGER_ADMIN']) { // File manager admins if ($user->isMember($group_id, 'R2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_ADMIN']) { // Document admin if ($user->isMember($group_id, 'D2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_TECH']) { // Document tech if ($user->isMember($group_id, 'D1')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_WIKI_ADMIN']) { // Wiki admins if ($user->isMember($group_id, 'W2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_ADMIN']) { // Project admins if ($user->isMember($group_id, 'A')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_TRACKER_ADMIN']) { // Tracker admins $pm = ProjectManager::instance(); $group = $pm->getProject($group_id); $at = new ArtifactType($group, $atid); return $at->userIsAdmin($user_id); } else { // Normal ugroup $sql = "SELECT * from ugroup_user where ugroup_id='{$ugroup_id}' and user_id='{$user_id}'"; $res = db_query($sql); if (db_numrows($res) > 0) { return true; } } } } } } } } } } } return false; }
/** * Check membership of the user to a specified ugroup * $group_id is necessary for automatic project groups like project member, release admin, etc. * $atid is necessary for trackers since the tracker admin role is different for each tracker. * @return true if user is member of the ugroup, false otherwise. */ function ugroup_user_is_member($user_id, $ugroup_id, $group_id, $atid = 0) { $um = ugroup_get_user_manager(); $user =& $um->getUserById($user_id); // Special Cases if ($ugroup_id == $GLOBALS['UGROUP_NONE']) { // Empty group return false; } else { if ($ugroup_id == $GLOBALS['UGROUP_ANONYMOUS']) { // Anonymous user return true; } else { if ($ugroup_id == $GLOBALS['UGROUP_AUTHENTICATED']) { // Registered user return $user_id != 0; } else { if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && !ForgeConfig::areRestrictedUsersAllowed()) { // Registered user return $user_id != 0; } else { if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && ForgeConfig::areRestrictedUsersAllowed()) { $user = UserManager::instance()->getUserById($user_id); $called_script_handles_restricted = false; $event_manager = EventManager::instance(); $script = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : ''; $event_manager->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$called_script_handles_restricted, 'user' => $user, 'uri' => $script)); // Non-restricted user or restricted member in service that doesn't yet handle restricted users independently return !$user->isRestricted() || !$called_script_handles_restricted; } else { if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_MEMBERS']) { // Project members if ($user->isMember($group_id)) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_FILE_MANAGER_ADMIN']) { // File manager admins if ($user->isMember($group_id, 'R2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_ADMIN']) { // Document admin if ($user->isMember($group_id, 'D2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_TECH']) { // Document tech if ($user->isMember($group_id, 'D1')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_WIKI_ADMIN']) { // Wiki admins if ($user->isMember($group_id, 'W2')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_ADMIN']) { // Project admins if ($user->isMember($group_id, 'A')) { return true; } } else { if ($ugroup_id == $GLOBALS['UGROUP_TRACKER_ADMIN']) { // Tracker admins $pm = ProjectManager::instance(); $group = $pm->getProject($group_id); $at = new ArtifactType($group, $atid); return $at->userIsAdmin($user_id); } else { // Normal ugroup $sql = "SELECT * from ugroup_user where ugroup_id='" . db_ei($ugroup_id) . "' and user_id='" . db_ei($user_id) . "'"; $res = db_query($sql); if (db_numrows($res) > 0) { return true; } } } } } } } } } } } } } return false; }
/** * Check if the current user is allowed to change permissions, depending on the permission_type * * @param Integer $group_id Id of the project * @param String $permission_type Type of the permission * @param Boolean $object_id Object on which permission is applied * * @return Boolean */ function permission_user_allowed_to_change($group_id, $permission_type, $object_id = 0) { // Super-user and project admin has all rights... $user = UserManager::instance()->getCurrentUser(); if (user_is_super_user() || $user->isMember($group_id, 'A')) { return true; } if ($permission_type == 'NEWS_READ') { //special case : if user has write (or admin) perms on News, he can submit news ==> he can submit private news ==> he can define news perms return user_ismember($group_id, 'N1') || user_ismember($group_id, 'N2'); } else { if ($permission_type == 'PACKAGE_READ') { return user_ismember($group_id, 'R2'); } else { if ($permission_type == 'RELEASE_READ') { return user_ismember($group_id, 'R2'); } else { if ($permission_type == 'DOCGROUP_READ') { return user_ismember($group_id, 'D2'); } else { if ($permission_type == 'DOCUMENT_READ') { return user_ismember($group_id, 'D2'); } else { if ($permission_type == 'WIKI_READ') { return user_ismember($group_id, 'W2'); } else { if ($permission_type == 'WIKIPAGE_READ') { return user_ismember($group_id, 'W2'); } else { if ($permission_type == 'WIKIATTACHMENT_READ') { return user_ismember($group_id, 'W2'); } else { if (strpos($permission_type, 'TRACKER') === 0) { // Starts with 'TRACKER' $pm = ProjectManager::instance(); $group = $pm->getProject($group_id); //The object_id stored in the permission table when permission_type ='TRACKER_ARTIFACT_ACCESS' //corresponds to the artifact_id if ($permission_type == 'TRACKER_ARTIFACT_ACCESS') { $sql = 'SELECT group_artifact_id from artifact WHERE artifact_id = ' . db_ei($object_id); $res = db_query($sql); if ($res && db_numrows($res) == 1) { $row = db_fetch_array($res); $object_id = $row['group_artifact_id']; } else { return false; } } $at = new ArtifactType($group, (int) $object_id); return $at->userIsAdmin(); } else { $em =& EventManager::instance(); $allowed = false; $em->processEvent('permission_user_allowed_to_change', array('group_id' => $group_id, 'permission_type' => $permission_type, 'object_id' => $object_id, 'allowed' => &$allowed)); return $allowed; } } } } } } } } } }