/** * Determine if the user can view this tracker. * Note that if there is no group explicitely auhtorized, access is denied (don't check default values) * * @param int $user if not specified, use the current user id. The params accept also User object * * @return boolean true if the user can view the tracker. */ public function userCanView($user = 0) { $user_manager = $this->getUserManager(); if (!$user instanceof PFUser) { if (!$user) { $user = $user_manager->getCurrentUser(); } else { $user = $user_manager->getUserById((int) $user); } } $project_manager = ProjectManager::instance(); $permission_checker = new Tracker_Permission_PermissionChecker($user_manager, $project_manager); return $permission_checker->userCanViewTracker($user, $this); }
/** * userCanView - determine if the user can view this artifact. * * @param PFUser $user if not specified, use the current user * * @return boolean user can view the artifact */ public function userCanView(PFUser $user = null) { $um = $this->getUserManager(); $project_manager = $this->getProjectManager(); if (!$user) { $user = $um->getCurrentUser(); } if ($user instanceof Tracker_UserWithReadAllPermission) { return true; } if (!isset($this->can_view_cache[$user->getId()])) { if ($this->getTracker()->userIsAdmin() || $user->isSuperUser()) { $this->setUserCanView($user, true); } else { $permission_checker = new Tracker_Permission_PermissionChecker($um, $project_manager); $this->setUserCanView($user, $permission_checker->userCanView($user, $this)); } } return $this->can_view_cache[$user->getId()]; }
function testUserCanViewTrackerAccessFull() { $ugroup_ass = 101; $ugroup_sub = 102; $ugroup_ful = 103; // $assignee is in (UgroupAss - ugroup_id=101) // $submitter is in (UgroupSub - ugroup_id=102) // $u is in (UgroupFul - ugroup_id=103); // $other do not belong to any ugroup // $u = mock('PFUser'); $u->setReturnValue('getId', 120); $u->setReturnValue('isMemberOfUgroup', true, array(103, 222)); $u->setReturnValue('isMemberOfUgroup', false, array(101, 222)); $u->setReturnValue('isMemberOfUgroup', false, array(102, 222)); $u->setReturnValue('isSuperUser', false); // $assignee = mock('PFUser'); $assignee->setReturnValue('getId', 121); $assignee->setReturnValue('isMemberOfUgroup', true, array(101, 222)); $assignee->setReturnValue('isMemberOfUgroup', false, array(102, 222)); $assignee->setReturnValue('isMemberOfUgroup', false, array(103, 222)); $assignee->setReturnValue('isSuperUser', false); // $submitter = mock('PFUser'); $submitter->setReturnValue('getId', 122); $submitter->setReturnValue('isMemberOfUgroup', false, array(101, 222)); $submitter->setReturnValue('isMemberOfUgroup', true, array(102, 222)); $submitter->setReturnValue('isMemberOfUgroup', false, array(103, 222)); $submitter->setReturnValue('isSuperUser', false); // $other = mock('PFUser'); $other->setReturnValue('getId', 123); $other->setReturnValue('isMemberOfUgroup', false); $other->setReturnValue('isSuperUser', false); $user_manager = mock('UserManager'); $user_manager->setReturnReference('getUserById', $u, array(120)); $user_manager->setReturnReference('getUserById', $assignee, array(121)); $user_manager->setReturnReference('getUserById', $submitter, array(122)); $user_manager->setReturnReference('getUserById', $other, array(123)); $project_manager = mock('ProjectManager'); // $artifact_subass has been submitted by $submitter and assigned to $assignee // $u should have the right to see it. // $other, $submitter and assigned should not have the right to see it $permissions = array("PLUGIN_TRACKER_ACCESS_FULL" => array(0 => $ugroup_ful)); $this->tracker->setReturnReference('getAuthorizedUgroupsByPermissionType', $permissions); $contributor_field = aMockField()->build(); $this->tracker->setReturnReference('getContributorField', $contributor_field); $artifact_subass = mock('Tracker_Artifact'); $artifact_subass->setReturnReference('getTracker', $this->tracker); $artifact_subass->setReturnValue('useArtifactPermissions', false); $artifact_subass->setReturnValue('getSubmittedBy', 123); $user_changeset_value = new MockTracker_Artifact_ChangesetValue(); $contributors = array(121); $user_changeset_value->setReturnReference('getValue', $contributors); $artifact_subass->setReturnReference('getValue', $user_changeset_value, array($contributor_field)); $permission_checker = new Tracker_Permission_PermissionChecker($user_manager, $project_manager); $this->assertFalse($permission_checker->userCanView($submitter, $artifact_subass)); $this->assertFalse($permission_checker->userCanView($assignee, $artifact_subass)); $this->assertFalse($permission_checker->userCanView($other, $artifact_subass)); $this->assertTrue($permission_checker->userCanView($u, $artifact_subass)); }