public function testEscapeBoolean()
{
$tests = array('123', 123, 123.32, 'qwe\\qwe', '\'', false, '0');
$res = array("'1'", "'1'", "'1'", "'1'", "'1'", "'0'", "'0'");
foreach ($tests as $test) {
$ok = current($res);
$this->assertEquals($ok, Pluf_DB_BooleanToDb($test, $this->db));
next($res);
}
}
public function users($request, $match, $not_validated = false)
{
$pag = new Pluf_Paginator(new Pluf_User());
$db =& Pluf::db();
$true = Pluf_DB_BooleanToDb(true, $db);
if ($not_validated) {
$pag->forced_where = new Pluf_SQL('first_name = \'---\' AND active!=' . $true);
$title = __('Not Validated User List');
$pag->action = 'IDF_Views_Admin::usersNotValidated';
} else {
$pag->forced_where = new Pluf_SQL('first_name != \'---\'');
$title = __('User List');
$pag->action = 'IDF_Views_Admin::users';
}
$pag->class = 'recent-issues';
$pag->summary = __('This table shows the users in the forge.');
$pag->edit_action = array('IDF_Views_Admin::userUpdate', 'id');
$pag->sort_order = array('login', 'ASC');
$list_display = array('login' => __('login'), array('last_name', 'Pluf_Paginator_ToString', __('Name')), array('staff', 'IDF_Views_Admin_bool', __('Staff')), array('administrator', 'IDF_Views_Admin_bool', __('Admin')), array('active', 'IDF_Views_Admin_bool', __('Active')), array('last_login', 'Pluf_Paginator_DateYMDHM', __('Last Login')));
$pag->extra_classes = array('', '', 'a-c', 'a-c', 'a-c', 'a-c');
$pag->configure($list_display, array('login', 'last_name', 'email'), array('login', 'last_login'));
$pag->items_per_page = 50;
$pag->no_results_text = __('No users were found.');
$pag->setFromRequest($request);
return Pluf_Shortcuts_RenderToResponse('idf/gadmin/users/index.html', array('page_title' => $title, 'users' => $pag, 'not_validated' => $not_validated), $request);
}
/**
* Based on the request, it is automatically setting the user.
*
* API calls are not translated.
*/
public static function apiSetUser($request)
{
// REQUEST is used to be used both for POST and GET requests.
if (!isset($request->REQUEST['_hash']) or !isset($request->REQUEST['_login']) or !isset($request->REQUEST['_salt'])) {
// equivalent to anonymous access.
return true;
}
$db =& Pluf::db();
$true = Pluf_DB_BooleanToDb(true, $db);
$sql = new Pluf_SQL('login=%s AND active=' . $true, $request->REQUEST['_login']);
$users = Pluf::factory('Pluf_User')->getList(array('filter' => $sql->gen()));
if ($users->count() != 1 or !$users[0]->active) {
// Should return a special authentication error like user
// not found.
return true;
}
$hash = sha1($request->REQUEST['_salt'] . sha1($users[0]->password));
if ($hash != $request->REQUEST['_hash']) {
return true;
// Again need authentication error
}
$request->user = $users[0];
IDF_Middleware::setRights($request);
return true;
}
function get_current_revision()
{
$true = Pluf_DB_BooleanToDb(true, $this->getDbConnection());
$rev = $this->get_revisions_list(array('filter' => 'is_head=' . $true, 'nb' => 1));
return $rev->count() == 1 ? $rev[0] : null;
}
/**
* Returns a list of projects accessible for the user.
*
* @param Pluf_User
* @return ArrayObject IDF_Project
*/
public static function getProjects($user)
{
$db =& Pluf::db();
$false = Pluf_DB_BooleanToDb(false, $db);
if ($user->isAnonymous()) {
$sql = sprintf('%s=%s', $db->qn('private'), $false);
return Pluf::factory('IDF_Project')->getList(array('filter' => $sql, 'order' => 'shortname ASC'));
}
if ($user->administrator) {
return Pluf::factory('IDF_Project')->getList(array('order' => 'shortname ASC'));
}
// grab the list of projects where the user is admin, member
// or authorized
$perms = array(Pluf_Permission::getFromString('IDF.project-member'), Pluf_Permission::getFromString('IDF.project-owner'), Pluf_Permission::getFromString('IDF.project-authorized-user'));
$sql = new Pluf_SQL("model_class='IDF_Project' AND owner_class='Pluf_User' AND owner_id=%s AND negative=" . $false, $user->id);
$rows = Pluf::factory('Pluf_RowPermission')->getList(array('filter' => $sql->gen()));
$sql = sprintf('%s=%s', $db->qn('private'), $false);
if ($rows->count() > 0) {
$ids = array();
foreach ($rows as $row) {
$ids[] = $row->model_id;
}
$sql .= sprintf(' OR id IN (%s)', implode(', ', $ids));
}
return Pluf::factory('IDF_Project')->getList(array('filter' => $sql, 'order' => 'shortname ASC'));
}
/**
* Return membership data.
*
* The array has 3 keys: 'members', 'owners' and 'authorized'.
*
* The list of users is only taken using the row level permission
* table. That is, if you set a user as administrator, he will
* have the member and owner rights but will not appear in the
* lists.
*
* @param string Format ('objects'), 'string'.
* @return mixed Array of Pluf_User or newline separated list of logins.
*/
public function getMembershipData($fmt = 'objects')
{
$mperm = Pluf_Permission::getFromString('IDF.project-member');
$operm = Pluf_Permission::getFromString('IDF.project-owner');
$aperm = Pluf_Permission::getFromString('IDF.project-authorized-user');
$grow = new Pluf_RowPermission();
$db =& Pluf::db();
$false = Pluf_DB_BooleanToDb(false, $db);
$sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $operm->id));
$owners = new Pluf_Template_ContextVars(array());
foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
if ($fmt == 'objects') {
$owners[] = Pluf::factory('Pluf_User', $row->owner_id);
} else {
$owners[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
}
}
$sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $mperm->id));
$members = new Pluf_Template_ContextVars(array());
foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
if ($fmt == 'objects') {
$members[] = Pluf::factory('Pluf_User', $row->owner_id);
} else {
$members[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
}
}
$authorized = new Pluf_Template_ContextVars(array());
if ($aperm != false) {
$sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $aperm->id));
foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
if ($fmt == 'objects') {
$authorized[] = Pluf::factory('Pluf_User', $row->owner_id);
} else {
$authorized[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
}
}
}
if ($fmt == 'objects') {
return new Pluf_Template_ContextVars(array('members' => $members, 'owners' => $owners, 'authorized' => $authorized));
} else {
return array('members' => implode("\n", (array) $members), 'owners' => implode("\n", (array) $owners), 'authorized' => implode("\n", (array) $authorized));
}
}
public function delete($request, $match)
{
$prj = $request->project;
$page = Pluf_Shortcuts_GetObjectOr404('IDF_WikiPage', $match[2]);
$prj->inOr404($page);
$params = array('page' => $page);
if ($request->method == 'POST') {
$form = new IDF_Form_WikiDelete($request->POST, $params);
if ($form->isValid()) {
$form->save();
$request->user->setMessage(__('The documentation page has been deleted.'));
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Wiki::index', array($prj->shortname));
return new Pluf_HTTP_Response_Redirect($url);
}
} else {
$form = new IDF_Form_WikiDelete(null, $params);
}
$title = sprintf(__('Delete Page %s'), $page->title);
$revision = $page->get_current_revision();
$false = Pluf_DB_BooleanToDb(false, $page->getDbConnection());
$revs = $page->get_revisions_list(array('order' => 'creation_dtime DESC', 'filter' => 'is_head=' . $false));
return Pluf_Shortcuts_RenderToResponse('idf/wiki/deletepage.html', array('page_title' => $title, 'page' => $page, 'form' => $form, 'rev' => $revision, 'revs' => $revs, 'tags' => $page->get_tags_list()), $request);
}