/**
* Ensure given user can access given project
*
* @param PFUser $user
* @param Project $project
* @return boolean
* @throws Project_AccessProjectNotFoundException
* @throws Project_AccessDeletedException
* @throws Project_AccessRestrictedException
* @throws Project_AccessPrivateException
*/
public function userCanAccessProject(PFUser $user, Project $project)
{
$tracker_manager = new TrackerManager();
if ($tracker_manager->userCanAdminAllProjectTrackers($user)) {
return true;
}
return parent::userCanAccessProject($user, $project);
}
public function getSearchResults(array $result)
{
$results = array();
$validator = new ElasticSearch_1_2_ResultValidator();
if (!isset($result['hits']['hits'])) {
return $results;
}
$user = $this->user_manager->getCurrentUser();
foreach ($result['hits']['hits'] as $hit) {
$project = $this->project_manager->getProject($this->extractGroupIdFromHit($hit));
$index = $this->extractIndexFromHit($hit);
if ($project->isError()) {
continue;
}
try {
$this->url_verification->userCanAccessProject($user, $project);
} catch (Project_AccessPrivateException $exception) {
continue;
}
switch ($index) {
case fulltextsearchPlugin::SEARCH_DOCMAN_TYPE:
if (!$validator->isDocmanResultValid($hit)) {
continue;
}
$results[] = new ElasticSearch_SearchResultDocman($hit, $project);
break;
case fulltextsearchPlugin::SEARCH_WIKI_TYPE:
if (!$validator->isWikiResultValid($hit)) {
continue;
}
$wiki = new Wiki($project->getID());
if ($wiki->isAutorized($user->getId())) {
$results[] = new ElasticSearch_SearchResultWiki($hit, $project);
}
break;
case fulltextsearchPlugin::SEARCH_TRACKER_TYPE:
if (!$validator->isArtifactResultValid($hit)) {
continue;
}
$artifact = Tracker_ArtifactFactory::instance()->getArtifactById($hit['fields']['id'][0]);
if ($artifact->userCanView($user)) {
$results[] = new ElasticSearch_SearchResultTracker($hit, $project, $artifact);
}
break;
default:
}
}
return $results;
}
/**
* Get a project repository by its id
*
* @return GitRepository the repository or null if not found
*/
public function getRepositoryByIdUserCanSee(PFUser $user, $id)
{
if ($id == GitRepositoryGitoliteAdmin::ID) {
return new GitRepositoryGitoliteAdmin();
}
$dar = $this->dao->searchProjectRepositoryById($id);
$repository = $this->getRepositoryFromDar($dar);
if ($repository === null) {
throw new GitRepoNotFoundException();
}
$project = $repository->getProject();
$url_verification = new URLVerification();
try {
$url_verification->userCanAccessProject($user, $project);
} catch (Exception $exception) {
throw $exception;
}
if (!$repository->userCanRead($user)) {
throw new GitRepoNotReadableException();
}
return $repository;
}
public function testRestrictedUserCanNotAccessProjectWhichDoesntAllowResticted()
{
$user = new MockPFUser();
$project = mock('Project');
$url_verification = new URLVerification();
stub($project)->isError()->returns(false);
stub($project)->isActive()->returns(true);
stub($project)->allowsRestricted()->returns(false);
stub($user)->isSuperUser()->returns(false);
stub($user)->isMember()->returns(false);
stub($user)->isRestricted()->returns(true);
$this->expectException('Project_AccessRestrictedException');
$url_verification->userCanAccessProject($user, $project);
}
function getPageChangeEmails($notify)
{
$emails = array();
$userids = array();
foreach ($notify as $page => $users) {
if (glob_match($page, $this->_pagename)) {
foreach ($users as $userid => $user) {
$um = UserManager::instance();
$dbUser = $um->getUserByUserName($userid);
$wiki = new Wiki($_REQUEST['group_id']);
$wp = new WikiPage($_REQUEST['group_id'], $_REQUEST['pagename']);
$project = ProjectManager::instance()->getProject($_REQUEST['group_id']);
$url_verifier = new URLVerification();
$user_can_access_project = false;
try {
$user_can_access_project = $dbUser !== null && $url_verifier->userCanAccessProject($dbUser, $project);
} catch (Project_AccessException $e) {
continue;
}
if ($user_can_access_project && $wiki->isAutorized($dbUser->getId()) && $wp->isAutorized($dbUser->getId())) {
if (!$user) {
// handle the case for ModeratePage: no prefs, just userid's.
global $request;
$u = $request->getUser();
if ($u->UserName() == $userid) {
$prefs = $u->getPreferences();
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
}
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
} else {
if (!empty($user['verified']) and !empty($user['email'])) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
} elseif (!empty($user['email'])) {
global $request;
// do a dynamic emailVerified check update
$u = $request->getUser();
if ($u->UserName() == $userid) {
if ($request->_prefs->get('emailVerified')) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
if ($prefs->get('emailVerified')) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
}
// ignore verification
/*
if (DEBUG) {
if (!in_array($user['email'],$emails))
$emails[] = $user['email'];
}
*/
}
}
}
}
}
}
$emails = array_unique($emails);
$userids = array_unique($userids);
return array($emails, $userids);
}
