function testDump() { $p = new Pluf_Permission(); $p->name = 'test permission'; $p->code_name = 'test'; $p->description = 'Simple test permission.'; $p->application = 'Pluf'; $p->create(); $json = Pluf_Test_Fixture::dump('Pluf_Permission'); $this->assertEqual('[{"model":"Pluf_Permission","pk":1,"fields":{"id":1,"name":"test permission","code_name":"test","description":"Simple test permission.","application":"Pluf"}}]', $json); }
public function save($commit = true) { if (!$this->isValid()) { throw new Exception(__('Cannot save the model from an invalid form.')); } // remove all the permissions $perm = Pluf_Permission::getFromString('IDF.project-authorized-user'); $cm = $this->project->getMembershipData(); $guser = new Pluf_User(); foreach ($cm['authorized'] as $user) { Pluf_RowPermission::remove($user, $this->project, $perm); } if ($this->cleaned_data['private_project']) { foreach (preg_split("/\r\n|\r|\n|\\,/", $this->cleaned_data['authorized_users'], -1, PREG_SPLIT_NO_EMPTY) as $login) { $sql = new Pluf_SQL('login=%s', array(trim($login))); $users = $guser->getList(array('filter' => $sql->gen())); if ($users->count() == 1) { Pluf_RowPermission::add($users[0], $this->project, $perm); } } $this->project->private = 1; } else { $this->project->private = 0; } $this->project->update(); $this->project->membershipsUpdated(); }
function IDF_Migrations_6PrivateProject_down($params = null) { $perm = Pluf_Permission::getFromString('IDF.project-authorized-user'); if ($perm) { $perm->delete(); } $table = Pluf::factory('IDF_Project')->getSqlTable(); $sql = array(); $sql['PostgreSQL'] = 'ALTER TABLE ' . $table . ' DROP COLUMN "private"'; $sql['MySQL'] = 'ALTER TABLE ' . $table . ' DROP COLUMN `private`'; $db = Pluf::db(); $engine = Pluf::f('db_engine'); if (!isset($sql[$engine])) { throw new Exception('SQLite complex migration not supported.'); } $db->execute($sql[$engine]); }
public static function remove($owner, $object, $perm) { if (!is_object($perm)) { $found = Pluf_Permission::getFromString($perm); if (false === $found) { throw new Exception(sprintf('The permission %s does not exist.', $perm)); } $perm = $found; } $growp = new Pluf_RowPermission(); $sql = new Pluf_SQL('owner_id=%s AND owner_class=%s AND model_id=%s AND model_class=%s AND permission=%s', array($owner->id, $owner->_a['model'], $object->id, $object->_a['model'], $perm->id)); $perms = $growp->getList(array('filter' => $sql->gen())); foreach ($perms as $p) { $p->delete(); } return true; }
function IDF_Migrations_Install_teardown($params = null) { $perm = Pluf_Permission::getFromString('IDF.project-member'); if ($perm) { $perm->delete(); } $perm = Pluf_Permission::getFromString('IDF.project-owner'); if ($perm) { $perm->delete(); } $perm = Pluf_Permission::getFromString('IDF.project-authorized-user'); if ($perm) { $perm->delete(); } $models = array('IDF_Gconf', 'IDF_Queue', 'IDF_Scm_Cache_Git', 'IDF_Key', 'IDF_Review_FileComment', 'IDF_Review_Comment', 'IDF_Review_Patch', 'IDF_Review', 'IDF_WikiRevision', 'IDF_WikiPage', 'IDF_Timeline', 'IDF_IssueFile', 'IDF_Search_Occ', 'IDF_Upload', 'IDF_Conf', 'IDF_IssueComment', 'IDF_Issue', 'IDF_Tag', 'IDF_Commit', 'IDF_Project'); $db = Pluf::db(); $schema = new Pluf_DB_Schema($db); foreach ($models as $model) { $schema->model = new $model(); $schema->dropTables(); } }
/** * Get all the permissions of a user. * * @param bool Force the reload of the list of permissions (false) * @return array List of permissions */ function getAllPermissions($force = false) { if ($force == false and !is_null($this->_cache_perms)) { return $this->_cache_perms; } $this->_cache_perms = array(); $perms = (array) $this->get_permissions_list(); $groups = $this->get_groups_list(); $ids = array(); foreach ($groups as $group) { $ids[] = $group->id; } if (count($ids) > 0) { $gperm = new Pluf_Permission(); $f_name = strtolower(Pluf::f('pluf_custom_group', 'Pluf_Group')) . '_id'; $perms = array_merge($perms, (array) $gperm->getList(array('filter' => $f_name . ' IN (' . join(', ', $ids) . ')', 'view' => 'join_group'))); } foreach ($perms as $perm) { if (!in_array($perm->application . '.' . $perm->code_name, $this->_cache_perms)) { $this->_cache_perms[] = $perm->application . '.' . $perm->code_name; } } if (Pluf::f('pluf_use_rowpermission', false) and $this->id) { $growp = new Pluf_RowPermission(); $sql = new Pluf_SQL('owner_id=%s AND owner_class=%s', array($this->id, 'Pluf_User')); if (count($ids) > 0) { $sql2 = new Pluf_SQL('owner_id IN (' . join(', ', $ids) . ') AND owner_class=%s', array(Pluf::f('pluf_custom_group', 'Pluf_Group'))); $sql->SOr($sql2); } $perms = $growp->getList(array('filter' => $sql->gen(), 'view' => 'join_permission')); foreach ($perms as $perm) { $perm_string = $perm->application . '.' . $perm->code_name . '#' . $perm->model_class . '(' . $perm->model_id . ')'; if ($perm->negative) { $perm_string = '!' . $perm_string; } if (!in_array($perm_string, $this->_cache_perms)) { $this->_cache_perms[] = $perm_string; } } } return $this->_cache_perms; }
/** * The update of the memberships is done in different places. This * avoids duplicating code. * * @param IDF_Project The project * @param array The new memberships data in 'owners' and 'members' keys */ public static function updateMemberships($project, $cleaned_data) { // remove all the permissions $cm = $project->getMembershipData(); $def = array('owners' => Pluf_Permission::getFromString('IDF.project-owner'), 'members' => Pluf_Permission::getFromString('IDF.project-member')); $guser = new Pluf_User(); foreach ($def as $key => $perm) { foreach ($cm[$key] as $user) { Pluf_RowPermission::remove($user, $project, $perm); } foreach (preg_split("/\r\n|\r|\n|\\,/", $cleaned_data[$key], -1, PREG_SPLIT_NO_EMPTY) as $login) { $sql = new Pluf_SQL('login=%s', array(trim($login))); $users = $guser->getList(array('filter' => $sql->gen())); if ($users->count() == 1) { Pluf_RowPermission::add($users[0], $project, $perm); } } } }
public function testRowPermission() { $user = new Pluf_User(1); $group = new Pluf_Group(); $group->name = 'testRowPermission'; $group->description = 'testRowPermission'; $group->create(); for ($i = 1; $i <= 5; $i++) { $mess = new Pluf_Message(); $mess->user = $user; $mess->message = 'Dummy object to test against: ' . $i; $mess->create(); } $perm = new Pluf_Permission(); $perm->application = 'Pluf_RowPermission'; $perm->code_name = 'test1'; $perm->name = 'test1'; $perm->description = 'test1'; $perm->create(); // Permission through group $mess = new Pluf_Message(1); Pluf_RowPermission::add($group, $mess, $perm); $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess)); $user->setAssoc($group); $user->getAllPermissions(true); //reset the cache $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess)); $user->delAssoc($group); $user->getAllPermissions(true); //reset the cache $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess)); $user->setAssoc($group); $user->getAllPermissions(true); //reset the cache $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess)); Pluf_RowPermission::remove($group, $mess, $perm); $user->getAllPermissions(true); //reset the cache $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess)); // Permission through direct user Pluf_RowPermission::add($user, $mess, $perm); $user->getAllPermissions(true); //reset the cache $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess)); Pluf_RowPermission::remove($user, $mess, $perm); $user->getAllPermissions(true); //reset the cache $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess)); // Using string for the permission. Pluf_RowPermission::add($user, $mess, 'Pluf_RowPermission.test1'); $user->getAllPermissions(true); //reset the cache $this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess)); Pluf_RowPermission::remove($user, $mess, 'Pluf_RowPermission.test1'); $user->getAllPermissions(true); //reset the cache $this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess)); }
/** * Returns a list of projects accessible for the user. * * @param Pluf_User * @return ArrayObject IDF_Project */ public static function getProjects($user) { $db =& Pluf::db(); $false = Pluf_DB_BooleanToDb(false, $db); if ($user->isAnonymous()) { $sql = sprintf('%s=%s', $db->qn('private'), $false); return Pluf::factory('IDF_Project')->getList(array('filter' => $sql, 'order' => 'shortname ASC')); } if ($user->administrator) { return Pluf::factory('IDF_Project')->getList(array('order' => 'shortname ASC')); } // grab the list of projects where the user is admin, member // or authorized $perms = array(Pluf_Permission::getFromString('IDF.project-member'), Pluf_Permission::getFromString('IDF.project-owner'), Pluf_Permission::getFromString('IDF.project-authorized-user')); $sql = new Pluf_SQL("model_class='IDF_Project' AND owner_class='Pluf_User' AND owner_id=%s AND negative=" . $false, $user->id); $rows = Pluf::factory('Pluf_RowPermission')->getList(array('filter' => $sql->gen())); $sql = sprintf('%s=%s', $db->qn('private'), $false); if ($rows->count() > 0) { $ids = array(); foreach ($rows as $row) { $ids[] = $row->model_id; } $sql .= sprintf(' OR id IN (%s)', implode(', ', $ids)); } return Pluf::factory('IDF_Project')->getList(array('filter' => $sql, 'order' => 'shortname ASC')); }
/** * Return membership data. * * The array has 3 keys: 'members', 'owners' and 'authorized'. * * The list of users is only taken using the row level permission * table. That is, if you set a user as administrator, he will * have the member and owner rights but will not appear in the * lists. * * @param string Format ('objects'), 'string'. * @return mixed Array of Pluf_User or newline separated list of logins. */ public function getMembershipData($fmt = 'objects') { $mperm = Pluf_Permission::getFromString('IDF.project-member'); $operm = Pluf_Permission::getFromString('IDF.project-owner'); $aperm = Pluf_Permission::getFromString('IDF.project-authorized-user'); $grow = new Pluf_RowPermission(); $db =& Pluf::db(); $false = Pluf_DB_BooleanToDb(false, $db); $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $operm->id)); $owners = new Pluf_Template_ContextVars(array()); foreach ($grow->getList(array('filter' => $sql->gen())) as $row) { if ($fmt == 'objects') { $owners[] = Pluf::factory('Pluf_User', $row->owner_id); } else { $owners[] = Pluf::factory('Pluf_User', $row->owner_id)->login; } } $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $mperm->id)); $members = new Pluf_Template_ContextVars(array()); foreach ($grow->getList(array('filter' => $sql->gen())) as $row) { if ($fmt == 'objects') { $members[] = Pluf::factory('Pluf_User', $row->owner_id); } else { $members[] = Pluf::factory('Pluf_User', $row->owner_id)->login; } } $authorized = new Pluf_Template_ContextVars(array()); if ($aperm != false) { $sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $aperm->id)); foreach ($grow->getList(array('filter' => $sql->gen())) as $row) { if ($fmt == 'objects') { $authorized[] = Pluf::factory('Pluf_User', $row->owner_id); } else { $authorized[] = Pluf::factory('Pluf_User', $row->owner_id)->login; } } } if ($fmt == 'objects') { return new Pluf_Template_ContextVars(array('members' => $members, 'owners' => $owners, 'authorized' => $authorized)); } else { return array('members' => implode("\n", (array) $members), 'owners' => implode("\n", (array) $owners), 'authorized' => implode("\n", (array) $authorized)); } }