/**
* @deprecated
*/
public function permission_db_authorized_ugroups($permission_type)
{
include_once 'www/project/admin/permissions.php';
$result = array();
$res = permission_db_authorized_ugroups($permission_type, $this->getId());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
$result[] = $row;
}
return $result;
} else {
return false;
}
}
/**
* userCanView - determine if the user can view this artifact.
*
* @param $my_user_id if not specified, use the current user id..
* @return boolean user_can_view.
*/
function userCanView($my_user_id = 0)
{
if (!$my_user_id) {
$u = UserManager::instance()->getCurrentUser();
$my_user_id = $u->getId();
} else {
$u = UserManager::instance()->getUserById($my_user_id);
}
// Super-user and Tracker admin have all rights to see even artfact that are restricted to all users
if ($u->isSuperUser() || $u->isTrackerAdmin($this->ArtifactType->getGroupID(), $this->ArtifactType->getID())) {
return true;
}
//Individual artifact permission
$can_access = !$this->useArtifactPermissions();
if (!$can_access) {
$res = permission_db_authorized_ugroups('TRACKER_ARTIFACT_ACCESS', $this->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
$can_access = true;
}
}
}
}
if ($can_access) {
// Full access
$res = permission_db_authorized_ugroups('TRACKER_ACCESS_FULL', $this->ArtifactType->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
}
}
// 'submitter' access
$res = permission_db_authorized_ugroups('TRACKER_ACCESS_SUBMITTER', $this->ArtifactType->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
// check that submitter is also a member
if (ugroup_user_is_member($this->getSubmittedBy(), $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
}
}
}
// 'assignee' access
$res = permission_db_authorized_ugroups('TRACKER_ACCESS_ASSIGNEE', $this->ArtifactType->getID());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
if (ugroup_user_is_member($my_user_id, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
// check that one of the assignees is also a member
if (ugroup_user_is_member($this->getValue('assigned_to'), $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
// multi-assigned to
$multi_assigned = $this->getMultiAssignedTo();
if (is_array($multi_assigned)) {
foreach ($multi_assigned as $assigned) {
if (ugroup_user_is_member($assigned, $row['ugroup_id'], $this->ArtifactType->Group->getID(), $this->ArtifactType->getID())) {
return true;
}
}
}
}
}
}
}
return false;
}
/**
* @param Project $project
* Return a DB list of ugroup_ids authorized to access the given object
*/
private function getCurrentGitAdminPermissionsForProject(Project $project)
{
return permission_db_authorized_ugroups(Git::PERM_ADMIN, $project->getID());
}
/**
* Get the list of people to notify when Watermarking is disabled
*
* Notify the Docman admins.
* Current code is not really clean, but as there is no clean interface
* for ugroups & permission manangement...
*
* @return Array
*/
public function getPeopleToNotifyWhenWatermarkingIsDisabled($item)
{
$res = permission_db_authorized_ugroups('PLUGIN_DOCMAN_ADMIN', $item->getGroupId());
if (db_numrows($res) == 0) {
$res = permission_db_get_defaults('PLUGIN_DOCMAN_ADMIN');
}
$admins = array();
$um = UserManager::instance();
while ($row = db_fetch_array($res)) {
if ($row['ugroup_id'] < 101) {
$sql = ugroup_db_get_dynamic_members($row['ugroup_id'], 0, $item->getGroupId());
} else {
$sql = ugroup_db_get_members($row['ugroup_id']);
}
$res_members = db_query($sql);
while ($row_members = db_fetch_array($res_members)) {
$admins[] = $um->getUserById($row_members['user_id'])->getEmail();
}
}
return $admins;
}
function plugin_tracker_permission_fetch_selection_field($permission_type, $object_id, $group_id, $html_name = "ugroups[]", $html_disabled = false, $selected = array())
{
$html = '';
// Get ugroups already defined for this permission_type
if (empty($selected)) {
$res_ugroups = permission_db_authorized_ugroups($permission_type, $object_id);
$nb_set = db_numrows($res_ugroups);
} else {
$res_ugroups = $selected;
$nb_set = count($res_ugroups);
}
// Now retrieve all possible ugroups for this project, as well as the default values
$sql = "SELECT ugroup_id,is_default FROM permissions_values WHERE permission_type='{$permission_type}'";
$res = db_query($sql);
$predefined_ugroups = '';
$default_values = array();
if (db_numrows($res) < 1) {
$html .= "<p><b>" . $GLOBALS['Language']->getText('global', 'error') . "</b>: " . $GLOBALS['Language']->getText('project_admin_permissions', 'perm_type_not_def', $permission_type);
return $html;
} else {
while ($row = db_fetch_array($res)) {
if ($predefined_ugroups) {
$predefined_ugroups .= ' ,';
}
$predefined_ugroups .= $row['ugroup_id'];
if ($row['is_default']) {
$default_values[] = $row['ugroup_id'];
}
}
}
$sql = "SELECT * FROM ugroup WHERE group_id=" . $group_id . " OR ugroup_id IN (" . $predefined_ugroups . ") ORDER BY ugroup_id";
$res = db_query($sql);
$array = array();
while ($row = db_fetch_array($res)) {
$name = util_translate_name_ugroup($row[1]);
$array[] = array('value' => $row[0], 'text' => $name);
}
if (empty($selected)) {
if ($nb_set) {
$res_ugroups = util_result_column_to_array($res_ugroups);
} else {
$res_ugroups = $default_values;
}
}
$html .= html_build_multiple_select_box($array, $html_name, $res_ugroups, 8, false, util_translate_name_ugroup('ugroup_nobody_name_key'), false, '', false, '', false, CODENDI_PURIFIER_CONVERT_HTML, $html_disabled);
return $html;
}
public function permission_db_authorized_ugroups($permission_type)
{
$result = array();
$res = permission_db_authorized_ugroups($permission_type, $this->getId());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
$result[] = $row;
}
return $result;
} else {
return false;
}
}
public function fetchCriteriaValue($criteria)
{
$hp = Codendi_HTMLPurifier::instance();
$html = '';
$criteria_value = $this->getCriteriaValue($criteria);
$multiple = ' ';
$size = ' ';
$name = "criteria[{$this->id}][values][]";
//Field values
$permission_type = 'PLUGIN_TRACKER_ARTIFACT_ACCESS';
$object_id = 0;
$group_id = $this->getTracker()->getGroupId();
//TODO :From permissions.php
// Get ugroups already defined for this permission_type
$res_ugroups = permission_db_authorized_ugroups($permission_type, $object_id);
$nb_set = db_numrows($res_ugroups);
// Now retrieve all possible ugroups for this project, as well as the default values
$sql = "SELECT ugroup_id,is_default FROM permissions_values WHERE permission_type='{$permission_type}'";
$res = db_query($sql);
$predefined_ugroups = '';
$default_values = array();
if (db_numrows($res) < 1) {
$html .= "<p><b>" . $GLOBALS['Language']->getText('global', 'error') . "</b>: " . $GLOBALS['Language']->getText('project_admin_permissions', 'perm_type_not_def', $permission_type);
return $html;
} else {
while ($row = db_fetch_array($res)) {
if ($predefined_ugroups) {
$predefined_ugroups .= ' ,';
}
$predefined_ugroups .= $row['ugroup_id'];
if ($row['is_default']) {
$default_values[] = $row['ugroup_id'];
}
}
}
$sql = "SELECT * FROM ugroup WHERE group_id=" . $group_id . " OR ugroup_id IN (" . $predefined_ugroups . ") ORDER BY ugroup_id";
$res = db_query($sql);
$array = array();
while ($row = db_fetch_array($res)) {
$name_ugroup = util_translate_name_ugroup($row[1]);
$array[] = array('value' => $row[0], 'text' => $name_ugroup);
}
//end permissions.php
if ($criteria->is_advanced) {
$multiple = ' multiple="multiple" ';
$size = ' size="' . min(7, count($array) + 2) . '" ';
}
$html .= '<select id="tracker_report_criteria_' . ($criteria->is_advanced ? 'adv_' : '') . $this->id . '"
name="' . $name . '" ' . $size . $multiple . '>';
//Any value
$selected = count($criteria_value) ? '' : 'selected="selected"';
$html .= '<option value="" ' . $selected . '>' . $GLOBALS['Language']->getText('global', 'any') . '</option>';
//None value
$selected = isset($criteria_value[100]) ? 'selected="selected"' : '';
$html .= '<option value="100" ' . $selected . '>' . $GLOBALS['Language']->getText('global', 'none') . '</option>';
foreach ($array as $value) {
$id = $value['value'];
$selected = isset($criteria_value[$id]) ? 'selected="selected"' : '';
$html .= '<option value="' . $value['value'] . '">';
$html .= $value['text'];
$html .= '</option>';
}
$html .= '</select>';
return $html;
}
/**
* Return true if the user has one of his ugroups with ADMIN permission on docman
* @return boolean
* @access protected
*/
function _isUserDocmanAdmin($user)
{
require_once 'www/project/admin/permissions.php';
$has_permission = false;
$permission_type = 'PLUGIN_DOCMAN_ADMIN';
$object_id = $this->groupId;
// permissions set for this object.
$res = permission_db_authorized_ugroups($permission_type, (int) $object_id);
if (db_numrows($res) < 1 && $permission_type == 'PLUGIN_DOCMAN_ADMIN') {
// No ugroup defined => no permissions set => get default permissions only for admin permission
$res = permission_db_get_defaults($permission_type);
}
while (!$has_permission && ($row = db_fetch_array($res))) {
// should work even for anonymous users
$has_permission = ugroup_user_is_member($user->getId(), $row['ugroup_id'], $this->groupId);
}
return $has_permission;
}
public function permission_db_authorized_ugroups($permission_type)
{
if (!isset($this->cached_permission_authorized_ugroups)) {
$this->cached_permission_authorized_ugroups = array();
$res = permission_db_authorized_ugroups($permission_type, $this->getId());
if (db_numrows($res) > 0) {
while ($row = db_fetch_array($res)) {
$this->cached_permission_authorized_ugroups[] = $row;
}
}
}
return $this->cached_permission_authorized_ugroups;
}
private function getLastChangesetValues($artifact_id)
{
$user_group_ids = array();
$db_res = permission_db_authorized_ugroups(self::PERMISSION_TYPE, $artifact_id);
while ($row = db_fetch_array($db_res)) {
$user_group_ids[] = $row['ugroup_id'];
}
return $user_group_ids;
}
/**
* Log permission change in project history
*/
function permission_add_history($group_id, $permission_type, $object_id)
{
global $Language;
$res = permission_db_authorized_ugroups($permission_type, $object_id);
$type = permission_get_object_type($permission_type, $object_id);
$name = permission_get_object_name($permission_type, $object_id);
if (db_numrows($res) < 1) {
// No ugroup defined => no permissions set
group_add_history('perm_reset_for_' . $type, 'default', $group_id, array($name));
return;
}
$ugroup_list = '';
while ($row = db_fetch_array($res)) {
if ($ugroup_list) {
$ugroup_list .= ', ';
}
$ugroup_list .= ugroup_get_name_from_id($row['ugroup_id']);
}
group_add_history('perm_granted_for_' . $type, $ugroup_list, $group_id, array($name));
}
function news_read_permissions($forum_id)
{
/*
Takes forum_id and reads the permission of the corresponding news. Returns a result set.
*/
return permission_db_authorized_ugroups('NEWS_READ', $forum_id);
}
