public function save($commit = true)
{
if (!$this->isValid()) {
throw new Exception(__('Cannot save the model from an invalid form.'));
}
// remove all the permissions
$perm = Pluf_Permission::getFromString('IDF.project-authorized-user');
$cm = $this->project->getMembershipData();
$guser = new Pluf_User();
foreach ($cm['authorized'] as $user) {
Pluf_RowPermission::remove($user, $this->project, $perm);
}
if ($this->cleaned_data['private_project']) {
foreach (preg_split("/\r\n|\r|\n|\\,/", $this->cleaned_data['authorized_users'], -1, PREG_SPLIT_NO_EMPTY) as $login) {
$sql = new Pluf_SQL('login=%s', array(trim($login)));
$users = $guser->getList(array('filter' => $sql->gen()));
if ($users->count() == 1) {
Pluf_RowPermission::add($users[0], $this->project, $perm);
}
}
$this->project->private = 1;
} else {
$this->project->private = 0;
}
$this->project->update();
$this->project->membershipsUpdated();
}
public static function remove($owner, $object, $perm)
{
if (!is_object($perm)) {
$found = Pluf_Permission::getFromString($perm);
if (false === $found) {
throw new Exception(sprintf('The permission %s does not exist.', $perm));
}
$perm = $found;
}
$growp = new Pluf_RowPermission();
$sql = new Pluf_SQL('owner_id=%s AND owner_class=%s AND model_id=%s AND model_class=%s AND permission=%s', array($owner->id, $owner->_a['model'], $object->id, $object->_a['model'], $perm->id));
$perms = $growp->getList(array('filter' => $sql->gen()));
foreach ($perms as $p) {
$p->delete();
}
return true;
}
/**
* Get all the permissions of a user.
*
* @param bool Force the reload of the list of permissions (false)
* @return array List of permissions
*/
function getAllPermissions($force = false)
{
if ($force == false and !is_null($this->_cache_perms)) {
return $this->_cache_perms;
}
$this->_cache_perms = array();
$perms = (array) $this->get_permissions_list();
$groups = $this->get_groups_list();
$ids = array();
foreach ($groups as $group) {
$ids[] = $group->id;
}
if (count($ids) > 0) {
$gperm = new Pluf_Permission();
$f_name = strtolower(Pluf::f('pluf_custom_group', 'Pluf_Group')) . '_id';
$perms = array_merge($perms, (array) $gperm->getList(array('filter' => $f_name . ' IN (' . join(', ', $ids) . ')', 'view' => 'join_group')));
}
foreach ($perms as $perm) {
if (!in_array($perm->application . '.' . $perm->code_name, $this->_cache_perms)) {
$this->_cache_perms[] = $perm->application . '.' . $perm->code_name;
}
}
if (Pluf::f('pluf_use_rowpermission', false) and $this->id) {
$growp = new Pluf_RowPermission();
$sql = new Pluf_SQL('owner_id=%s AND owner_class=%s', array($this->id, 'Pluf_User'));
if (count($ids) > 0) {
$sql2 = new Pluf_SQL('owner_id IN (' . join(', ', $ids) . ') AND owner_class=%s', array(Pluf::f('pluf_custom_group', 'Pluf_Group')));
$sql->SOr($sql2);
}
$perms = $growp->getList(array('filter' => $sql->gen(), 'view' => 'join_permission'));
foreach ($perms as $perm) {
$perm_string = $perm->application . '.' . $perm->code_name . '#' . $perm->model_class . '(' . $perm->model_id . ')';
if ($perm->negative) {
$perm_string = '!' . $perm_string;
}
if (!in_array($perm_string, $this->_cache_perms)) {
$this->_cache_perms[] = $perm_string;
}
}
}
return $this->_cache_perms;
}
/**
* The update of the memberships is done in different places. This
* avoids duplicating code.
*
* @param IDF_Project The project
* @param array The new memberships data in 'owners' and 'members' keys
*/
public static function updateMemberships($project, $cleaned_data)
{
// remove all the permissions
$cm = $project->getMembershipData();
$def = array('owners' => Pluf_Permission::getFromString('IDF.project-owner'), 'members' => Pluf_Permission::getFromString('IDF.project-member'));
$guser = new Pluf_User();
foreach ($def as $key => $perm) {
foreach ($cm[$key] as $user) {
Pluf_RowPermission::remove($user, $project, $perm);
}
foreach (preg_split("/\r\n|\r|\n|\\,/", $cleaned_data[$key], -1, PREG_SPLIT_NO_EMPTY) as $login) {
$sql = new Pluf_SQL('login=%s', array(trim($login)));
$users = $guser->getList(array('filter' => $sql->gen()));
if ($users->count() == 1) {
Pluf_RowPermission::add($users[0], $project, $perm);
}
}
}
}
public function testRowPermission()
{
$user = new Pluf_User(1);
$group = new Pluf_Group();
$group->name = 'testRowPermission';
$group->description = 'testRowPermission';
$group->create();
for ($i = 1; $i <= 5; $i++) {
$mess = new Pluf_Message();
$mess->user = $user;
$mess->message = 'Dummy object to test against: ' . $i;
$mess->create();
}
$perm = new Pluf_Permission();
$perm->application = 'Pluf_RowPermission';
$perm->code_name = 'test1';
$perm->name = 'test1';
$perm->description = 'test1';
$perm->create();
// Permission through group
$mess = new Pluf_Message(1);
Pluf_RowPermission::add($group, $mess, $perm);
$this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
$user->setAssoc($group);
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
$user->delAssoc($group);
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
$user->setAssoc($group);
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
Pluf_RowPermission::remove($group, $mess, $perm);
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
// Permission through direct user
Pluf_RowPermission::add($user, $mess, $perm);
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
Pluf_RowPermission::remove($user, $mess, $perm);
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
// Using string for the permission.
Pluf_RowPermission::add($user, $mess, 'Pluf_RowPermission.test1');
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(true, $user->hasPerm('Pluf_RowPermission.test1', $mess));
Pluf_RowPermission::remove($user, $mess, 'Pluf_RowPermission.test1');
$user->getAllPermissions(true);
//reset the cache
$this->assertEquals(false, $user->hasPerm('Pluf_RowPermission.test1', $mess));
}
/**
* Return membership data.
*
* The array has 3 keys: 'members', 'owners' and 'authorized'.
*
* The list of users is only taken using the row level permission
* table. That is, if you set a user as administrator, he will
* have the member and owner rights but will not appear in the
* lists.
*
* @param string Format ('objects'), 'string'.
* @return mixed Array of Pluf_User or newline separated list of logins.
*/
public function getMembershipData($fmt = 'objects')
{
$mperm = Pluf_Permission::getFromString('IDF.project-member');
$operm = Pluf_Permission::getFromString('IDF.project-owner');
$aperm = Pluf_Permission::getFromString('IDF.project-authorized-user');
$grow = new Pluf_RowPermission();
$db =& Pluf::db();
$false = Pluf_DB_BooleanToDb(false, $db);
$sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $operm->id));
$owners = new Pluf_Template_ContextVars(array());
foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
if ($fmt == 'objects') {
$owners[] = Pluf::factory('Pluf_User', $row->owner_id);
} else {
$owners[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
}
}
$sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $mperm->id));
$members = new Pluf_Template_ContextVars(array());
foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
if ($fmt == 'objects') {
$members[] = Pluf::factory('Pluf_User', $row->owner_id);
} else {
$members[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
}
}
$authorized = new Pluf_Template_ContextVars(array());
if ($aperm != false) {
$sql = new Pluf_SQL('model_class=%s AND model_id=%s AND owner_class=%s AND permission=%s AND negative=' . $false, array('IDF_Project', $this->id, 'Pluf_User', $aperm->id));
foreach ($grow->getList(array('filter' => $sql->gen())) as $row) {
if ($fmt == 'objects') {
$authorized[] = Pluf::factory('Pluf_User', $row->owner_id);
} else {
$authorized[] = Pluf::factory('Pluf_User', $row->owner_id)->login;
}
}
}
if ($fmt == 'objects') {
return new Pluf_Template_ContextVars(array('members' => $members, 'owners' => $owners, 'authorized' => $authorized));
} else {
return array('members' => implode("\n", (array) $members), 'owners' => implode("\n", (array) $owners), 'authorized' => implode("\n", (array) $authorized));
}
}
