/** * @param framework\Request $request * @param $issue */ protected function _lockIssueAfter(framework\Request $request, $issue) { framework\Context::setPermission('canviewissue', $issue->getID(), 'core', 0, 0, 0, false); framework\Context::setPermission('canviewissue', $issue->getID(), 'core', $this->getUser()->getID(), 0, 0, true); $al_users = $request->getParameter('access_list_users', array()); $al_teams = $request->getParameter('access_list_teams', array()); $i_al = $issue->getAccessList(); foreach ($i_al as $k => $item) { if ($item['target'] instanceof entities\Team) { $tid = $item['target']->getID(); if (array_key_exists($tid, $al_teams)) { unset($i_al[$k]); } else { framework\Context::removePermission('canviewissue', $issue->getID(), 'core', 0, 0, $tid); } } elseif ($item['target'] instanceof entities\User) { $uid = $item['target']->getID(); if (array_key_exists($uid, $al_users)) { unset($i_al[$k]); } elseif ($uid != $this->getUser()->getID()) { framework\Context::removePermission('canviewissue', $issue->getID(), 'core', $uid, 0, 0); } } } foreach ($al_users as $uid) { framework\Context::setPermission('canviewissue', $issue->getID(), 'core', $uid, 0, 0, true); } foreach ($al_teams as $tid) { framework\Context::setPermission('canviewissue', $issue->getID(), 'core', 0, 0, $tid, true); } }
public function runSetPermission(framework\Request $request) { $i18n = framework\Context::getI18n(); if ($this->access_level == framework\Settings::ACCESS_FULL) { $uid = 0; $gid = 0; $tid = 0; switch ($request['target_type']) { case 'user': $uid = $request['item_id']; break; case 'group': $gid = $request['item_id']; break; case 'team': $tid = $request['item_id']; break; } $target_id = $request->getRawParameter('target_id'); switch ($request['mode']) { case 'allowed': framework\Context::setPermission($request['key'], $target_id, $request['target_module'], $uid, $gid, $tid, true); break; case 'denied': framework\Context::setPermission($request['key'], $target_id, $request['target_module'], $uid, $gid, $tid, false); break; case 'unset': framework\Context::removePermission($request['key'], $target_id, $request['target_module'], $uid, $gid, $tid, true, null, 0); break; } return $this->renderJSON(array('content' => $this->getComponentHTML('configuration/permissionsinfoitem', array('key' => $request['key'], 'target_id' => $target_id, 'type' => $request['target_type'], 'mode' => $request['template_mode'], 'item_id' => $request['item_id'], 'module' => $request['target_module'], 'access_level' => $this->access_level)))); } $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array("error" => $i18n->__("You don't have access to modify permissions"))); }
/** * Unlock the issue * * @param \thebuggenie\core\framework\Request $request */ public function runLockIssue(framework\Request $request) { if ($issue_id = $request['issue_id']) { try { $issue = entities\Issue::getB2DBTable()->selectById($issue_id); if (!$issue->canEditIssueDetails()) { $this->forward403($this->getI18n()->__("You don't have access to update the issue access policy")); return; } $issue->setLocked(); $issue->save(); framework\Context::setPermission('canviewissue', $issue->getID(), 'core', 0, 0, 0, false); framework\Context::setPermission('canviewissue', $issue->getID(), 'core', $this->getUser()->getID(), 0, 0, true); $al_users = $request->getParameter('access_list_users', array()); $al_teams = $request->getParameter('access_list_teams', array()); $i_al = $issue->getAccessList(); foreach ($i_al as $k => $item) { if ($item['target'] instanceof entities\Team) { $tid = $item['target']->getID(); if (array_key_exists($tid, $al_teams)) { unset($i_al[$k]); } else { framework\Context::removePermission('canviewissue', $issue->getID(), 'core', 0, 0, $tid); } } elseif ($item['target'] instanceof entities\User) { $uid = $item['target']->getID(); if (array_key_exists($uid, $al_users)) { unset($i_al[$k]); } elseif ($uid != $this->getUser()->getID()) { framework\Context::removePermission('canviewissue', $issue->getID(), 'core', $uid, 0, 0); } } } foreach ($al_users as $uid) { framework\Context::setPermission('canviewissue', $issue->getID(), 'core', $uid, 0, 0, true); } foreach ($al_teams as $tid) { framework\Context::setPermission('canviewissue', $issue->getID(), 'core', 0, 0, $tid, true); } } catch (\Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('message' => framework\Context::getI18n()->__('This issue does not exist'))); } } else { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('message' => framework\Context::getI18n()->__('This issue does not exist'))); } return $this->renderJSON(array('message' => $this->getI18n()->__('Issue access policy updated'))); }