[evolvis-commits] r14064: Tracker: Only keep the Artifacts where the user has admin rights.

mirabilos at evolvis.org mirabilos at evolvis.org
Mon Feb 28 03:47:54 CET 2011


Author: mirabilos
Date: 2011-02-28 03:47:54 +0100 (Mon, 28 Feb 2011)
New Revision: 14064

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/www/tracker/admin/ind.php
Log:
Tracker: Only keep the Artifacts where the user has admin rights.

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/www/tracker/admin/ind.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/www/tracker/admin/ind.php	2011-02-28 02:47:50 UTC (rev 14063)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/www/tracker/admin/ind.php	2011-02-28 02:47:54 UTC (rev 14064)
@@ -8,16 +8,6 @@
 	//
 
 
-	//
-	//  get the Group object
-	//
-	$group =& group_get_object($group_id);
-	if (!$group || !is_object($group)) {
-		exit_error('Error','Could Not Get Group Object');
-	} elseif ($group->isError()) {
-		exit_error('Error',$group->getErrorMessage());
-	}
-
 	$perm =& $group->getPermission( session_get_user() );
 
 	if (getStringFromRequest('post_changes')) {
@@ -59,7 +49,18 @@
 		exit_error('Error','Could Not Get ArtifactTypeFactory');
 	}
 
-	$at_arr =& $atf->getArtifactTypes();
+	// Only keep the Artifacts where the user has admin rights.
+	$arr =& $atf->getArtifactTypes();
+	$i=0;
+	for ($j = 0; $j < count($arr); $j++) {
+		if ($arr[$j]->userIsAdmin()) {
+			$at_arr[$i++] =& $arr[$j];
+		}
+	}
+	// If no more tracker now,
+	if ($i==0 && $j>0) {
+		exit_permission_denied();
+	}
 
 	//required params for site_project_header();
 	$params['group']=$group_id;



More information about the evolvis-commits mailing list