[evolvis-commits] r11402: Script to fix roles provided by Raphael H?==?UTF-8?Q?ertzog↵
mirabilos at evolvis.org
mirabilos at evolvis.org
Thu Feb 24 18:09:27 CET 2011
Author: mirabilos
Date: 2011-02-24 18:09:27 +0100 (Thu, 24 Feb 2011)
New Revision: 11402
Added:
trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-check-fix-rights.pl
Log:
Script to fix roles provided by Raphael Hertzog
Added: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-check-fix-rights.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-check-fix-rights.pl (rev 0)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-check-fix-rights.pl 2011-02-24 17:09:27 UTC (rev 11402)
@@ -0,0 +1,210 @@
+#!/usr/bin/perl -w
+# vim: sts=4
+# Script provided by Raphael Hertzog, use to fix adullact.net site
+# If you get troubles with roles, you can use this script
+# run with $fix=0 to see (default), set $fix=1 to fix
+
+use strict ;
+use diagnostics ;
+
+use DBI ;
+use MIME::Base64 ;
+use HTML::Entities ;
+
+use vars qw/$dbh @reqlist $query/ ;
+use vars qw/$sys_default_domain $sys_scm_host $sys_download_host
+ $sys_shell_host $sys_users_host $sys_docs_host $sys_lists_host
+ $sys_dns1_host $sys_dns2_host $FTPINCOMING_DIR $FTPFILES_DIR
+ $sys_urlroot $sf_cache_dir $sys_name $sys_themeroot
+ $sys_news_group $sys_dbhost $sys_dbname $sys_dbuser $sys_dbpasswd
+ $sys_ldap_base_dn $sys_ldap_host $admin_login $admin_password
+ $server_admin $domain_name $newsadmin_groupid $statsadmin_groupid
+ $skill_list/ ;
+
+require ("/etc/gforge/local.pl") ;
+
+if ( "$sys_dbname" ne "gforge" || "$sys_dbuser" ne "gforge" ) {
+$dbh ||= DBI->connect("DBI:Pg:dbname=$sys_dbname","$sys_dbuser","$sys_dbpasswd");
+} else {
+$dbh ||= DBI->connect("DBI:Pg:dbname=$sys_dbname");
+}
+die "Cannot connect to database: $!" if ( ! $dbh );
+
+my $fix = 0;
+
+$dbh->{AutoCommit} = 0;
+$dbh->{RaiseError} = 1;
+eval {
+
+ my $query = "SELECT group_id, use_tracker, use_forum, use_pm FROM groups WHERE status='A'";
+ &debug("QUERY: $query\n");
+ my $groups = $dbh->selectall_arrayref($query);
+
+ $query = "SELECT group_artifact_id FROM artifact_group_list";
+ my @valid_g_artifact_id = map { $_->[0] } @{ $dbh->selectall_arrayref($query) };
+ $query = "SELECT group_forum_id FROM forum_group_list";
+ my @valid_g_forum_id = map { $_->[0] } @{ $dbh->selectall_arrayref($query) };
+ $query = "SELECT group_project_id FROM project_group_list";
+ my @valid_g_project_id = map { $_->[0] } @{ $dbh->selectall_arrayref($query) };
+
+ #print "Valid trackers: @valid_g_artifact_id\n";
+ #print "Valid forums: @valid_g_forum_id\n";
+ #print "Valid projects: @valid_g_project_id\n";
+
+ foreach my $group (@{$groups}) {
+ print "Doing group $group->[0]...\n";
+ # Fetch rights associated to roles
+ $query = "SELECT rs.role_id, section_name, ref_id, value
+ FROM role r, role_setting rs WHERE
+ r.role_id = rs.role_id AND
+ r.group_id='$group->[0]'";
+ &debug("QUERY: $query\n");
+ my $role_setting = $dbh->selectall_arrayref($query);
+ my %roles;
+ foreach my $setting (@{$role_setting}) {
+ # Roles may list default objects which have been suppressed ...
+ # We need to skip them
+ next if (($setting->[1] eq "tracker") and (! grep { /^$setting->[2]$/ } @valid_g_artifact_id));
+ next if (($setting->[1] eq "forum") and (! grep { /^$setting->[2]$/ } @valid_g_forum_id));
+ next if (($setting->[1] eq "pm") and (! grep { /^$setting->[2]$/ } @valid_g_project_id));
+ $roles{$setting->[0]}{$setting->[1]}{$setting->[2]} = $setting->[3];
+ #print "Setting role_id sec_name ref_id value: @{$setting}\n";
+ }
+ # Loop over the group members
+ $query = "SELECT user_id, role_id FROM user_group WHERE group_id='$group->[0]'";
+ &debug("QUERY: $query\n");
+ my $users = $dbh->selectall_arrayref($query);
+ foreach my $user (@{$users}) {
+ if ($group->[1] and #use_tracker
+ keys %{$roles{$user->[1]}{'tracker'}}) { #role has right on trackers
+ # Get a list of the user's perm on trackers from this group
+ $query = "SELECT group_artifact_id, perm_level FROM artifact_perm
+ WHERE user_id='$user->[0]' AND
+ group_artifact_id IN (";
+ $query .= join(", ", keys %{$roles{$user->[1]}{'tracker'}}) . ")";
+ &debug("QUERY: $query\n");
+ my $list_rights = $dbh->selectall_arrayref($query);
+ my %rights = map { $_->[0] => $_->[1] } @{$list_rights};
+ foreach my $aid (keys %{$roles{$user->[1]}{'tracker'}}) {
+ if (grep { /^$aid$/ } keys %rights) {
+ # User is registered, check the rights
+ if ($roles{$user->[1]}{'tracker'}{$aid} != $rights{$aid}) {
+ # Right differs !
+ print "PROBLEM: Right on user $user->[0], group_aid $aid differs.\n";
+ my $level = $roles{$user->[1]}{'tracker'}{$aid};
+ $query = "UPDATE artifact_perm SET perm_level='$level' " .
+ "WHERE group_artifact_id='$aid' AND user_id='$user->[0]'";
+ &debug("FIX: $query\n");
+ $dbh->do($query) if $fix;
+ }
+ } else {
+ # User is not registered in this artifact type !
+ print "PROBLEM: User $user->[0] is not registered for group_aid $aid.\n";
+ my $level = $roles{$user->[1]}{'tracker'}{$aid};
+ $query = "INSERT INTO artifact_perm (group_artifact_id, user_id, perm_level)" .
+ " VALUES('$aid', '$user->[0]', '$level')";
+ &debug("FIX: $query\n");
+ $dbh->do($query) if $fix;
+ }
+ }
+ }
+
+ $dbh->commit();
+
+ if ($group->[2] and
+ keys %{$roles{$user->[1]}{'forum'}}) { #use_forum
+ $query = "SELECT group_forum_id, perm_level FROM forum_perm
+ WHERE user_id='$user->[0]' AND
+ group_forum_id IN (";
+ $query .= join(", ", keys %{$roles{$user->[1]}{'forum'}}) . ")";
+ &debug("QUERY: $query\n");
+ my $list_rights = $dbh->selectall_arrayref($query);
+ my %rights = map { $_->[0] => $_->[1] } @{$list_rights};
+ foreach my $aid (keys %{$roles{$user->[1]}{'forum'}}) {
+ if (grep { /^$aid$/ } keys %rights) {
+ # User is registered, check the rights
+ if ($roles{$user->[1]}{'forum'}{$aid} != $rights{$aid}) {
+ # Right differs !
+ print "PROBLEM: Right on user $user->[0], group_forum_id $aid differs.\n";
+ my $level = $roles{$user->[1]}{'forum'}{$aid};
+ $query = "UPDATE forum_perm SET perm_level='$level' " .
+ "WHERE group_forum_id='$aid' AND user_id='$user->[0]'";
+ &debug("FIX: $query\n");
+ $dbh->do($query) if $fix;
+ }
+ } else {
+ # User is not registered in this artifact type !
+ print "PROBLEM: User $user->[0] is not registered for group_forum_id $aid.\n";
+ my $level = $roles{$user->[1]}{'forum'}{$aid};
+ $query = "INSERT INTO forum_perm (group_forum_id, user_id, perm_level)" .
+ " VALUES('$aid', '$user->[0]', '$level')";
+ &debug("FIX: $query\n");
+ $dbh->do($query) if $fix;
+ }
+ }
+ }
+
+ $dbh->commit();
+
+ if ($group->[3] and
+ keys %{$roles{$user->[1]}{'pm'}}) { #use_pm project_manager
+ $query = "SELECT group_project_id, perm_level FROM project_perm
+ WHERE user_id='$user->[0]' AND
+ group_project_id IN (";
+ $query .= join(", ", keys %{$roles{$user->[1]}{'pm'}}) . ")";
+ &debug("QUERY: $query\n");
+ my $list_rights = $dbh->selectall_arrayref($query);
+ my %rights = map { $_->[0] => $_->[1] } @{$list_rights};
+ foreach my $aid (keys %{$roles{$user->[1]}{'pm'}}) {
+ if (grep { /^$aid$/ } keys %rights) {
+ # User is registered, check the rights
+ if ($roles{$user->[1]}{'pm'}{$aid} != $rights{$aid}) {
+ # Right differs !
+ print "PROBLEM: Right on user $user->[0], group_project_id $aid differs.\n";
+ my $level = $roles{$user->[1]}{'pm'}{$aid};
+ $query = "UPDATE project_perm SET perm_level='$level' " .
+ "WHERE group_project_id='$aid' AND user_id='$user->[0]'";
+ &debug("FIX: $query\n");
+ $dbh->do($query) if $fix;
+ }
+ } else {
+ # User is not registered in this artifact type !
+ print "PROBLEM: User $user->[0] is not registered for group_project_id $aid.\n";
+ my $level = $roles{$user->[1]}{'pm'}{$aid};
+ $query = "INSERT INTO project_perm (group_project_id, user_id, perm_level)" .
+ " VALUES('$aid', '$user->[0]', '$level')";
+ &debug("FIX: $query\n");
+ $dbh->do($query) if $fix;
+ }
+ }
+ }
+
+ $dbh->commit();
+ }
+ }
+
+ # There should be a commit at the end of every block above.
+ # If there is not, then it might be symptomatic of a problem.
+ # For safety, we roll back.
+ $dbh->rollback ();
+};
+
+if ($@) {
+ warn "Transaction aborted because $@" ;
+ &debug ("Transaction aborted because $@") ;
+ &debug ("Last SQL query was:\n$query\n(end of query)") ;
+ $dbh->rollback ;
+ &debug ("Please report this bug on the Debian bug-tracking system.") ;
+ &debug ("Please include the previous messages as well to help debugging.") ;
+ &debug ("You should not worry too much about this,") ;
+ &debug ("your DB is still in a consistent state and should be usable.") ;
+ exit 1 ;
+}
+
+$dbh->rollback ;
+$dbh->disconnect ;
+
+sub debug($) {
+ my $log = shift;
+ print $log;
+}
Property changes on: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-check-fix-rights.pl
___________________________________________________________________
Added: svn:executable
+ *
More information about the evolvis-commits
mailing list