[evolvis-commits] r15099: More implementation of the PFO RBAC spec

mirabilos at evolvis.org mirabilos at evolvis.org
Mon Feb 28 23:40:08 CET 2011


Author: mirabilos
Date: 2011-02-28 23:40:08 +0100 (Mon, 28 Feb 2011)
New Revision: 15099

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/common/include/PFO-RBAC.interface.php
   trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php
   trunk/gforge_base/evolvisforge-5.1/gforge/common/include/Role.class.php
Log:
More implementation of the PFO RBAC spec

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/PFO-RBAC.interface.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/PFO-RBAC.interface.php	2011-02-28 22:39:58 UTC (rev 15098)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/PFO-RBAC.interface.php	2011-02-28 22:40:08 UTC (rev 15099)
@@ -52,8 +52,8 @@
 
 	public function getUsers() ;
 	public function hasUser($user) ;
-	public function hasPermission($section, $reference, $permission) ;
-	public function hasGlobalPermission($section, $permission) ;
+	public function hasPermission($section, $reference, $action) ;
+	public function hasGlobalPermission($section, $action) ;
 	public function normalizeData() ;
 	public function getSettings() ;
 	public function setSettings($data) ;

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php	2011-02-28 22:39:58 UTC (rev 15098)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php	2011-02-28 22:40:08 UTC (rev 15099)
@@ -34,11 +34,11 @@
 	public function hasUser($user) {
 		throw new Exception ("Not implemented") ;
 	}
-	public function hasPermission($section, $reference, $permission) {
+	public function hasPermission($section, $reference, $action) {
 		throw new Exception ("Not implemented") ;
 	}
-	public function hasGlobalPermission($section, $permission) {
-		throw new Exception ("Not implemented") ;
+        function hasGlobalPermission($section, $action = NULL) {
+		return $this->hasPermission ($section, -1, $action) ;
 	}
 	public function getSettings() {
 		throw new Exception ("Not implemented") ;
@@ -75,6 +75,17 @@
 }
 
 class RoleAnonymous extends BaseRole implements PFO_RoleAnonymous {
+	// This role is implemented as a singleton
+	private static $_instance ;
+	public static function getInstance() {
+		if (!isset(self::$_instance)) {
+			$c = __CLASS__;
+			self::$_instance = new $c;
+		}
+		
+		return self::$_instance;
+	}
+
 	public function getID () {
 		return -PFO_ROLE_ANONYMOUS ;
 	}
@@ -96,6 +107,17 @@
 }
 
 class RoleLoggedIn extends BaseRole implements PFO_RoleLoggedIn {
+	// This role is implemented as a singleton
+	private static $_instance ;
+	public static function getInstance() {
+		if (!isset(self::$_instance)) {
+			$c = __CLASS__;
+			self::$_instance = new $c;
+		}
+		
+		return self::$_instance;
+	}
+
 	public function getID () {
 		return -PFO_ROLE_LOGGEDIN ;
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/Role.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/Role.class.php	2011-02-28 22:39:58 UTC (rev 15098)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/Role.class.php	2011-02-28 22:40:08 UTC (rev 15099)
@@ -26,10 +26,13 @@
 require_once $gfcommon.'include/rbac_texts.php' ;
 require_once $gfcommon.'include/RBAC.php' ;
 
+define ('USE_PFO_RBAC', false) ;
+
 class Role extends RoleExplicit implements PFO_RoleExplicit {
 
 	var $data_array;
 	var $setting_array;
+	var $perms_array ;
 	var $role_vals;
 	var $Group;
 	var $role_values = array(
@@ -425,6 +428,8 @@
 	function fetchData($role_id) {
 		unset($this->data_array);
 		unset($this->setting_array);
+		unset($this->perms_array);
+
 		$res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
 					array ($role_id)) ;
 		if (!$res || db_numrows($res) < 1) {
@@ -432,6 +437,7 @@
 			return false;
 		}
 		$this->data_array =& db_fetch_array($res);
+
 		$res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
 					array ($role_id)) ;
 		if (!$res) {
@@ -442,9 +448,157 @@
 		while ($arr =& db_fetch_array($res)) {
 			$this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
 		}
+
+		if (USE_PFO_RBAC) {
+		$res = db_query_params ('SELECT section, reference, value FROM role_perms WHERE role_id=$1',
+					array ($role_id)) ;
+		if (!$res) {
+			$this->setError('Role::fetchData()::'.db_error());
+			return false;
+		}
+		$this->perms_array=array();
+		while ($arr =& db_fetch_array($res)) {
+			$this->perms_array[$arr['section']][$arr['reference']] = $arr['value'];
+		}
+		}
+
 		return true;
 	}
 
+        function hasPermission($section, $reference, $action = NULL) {
+		$result = false ;
+                if (isset ($this->perms_array[$section][$reference])) {
+			$value = $this->perms_array[$section][$reference] ;
+		} else {
+			$value = 0 ;
+		}
+		$min = PHP_INT_MAX ;
+		$mask = 0 ;
+		
+		switch ($section) {
+		case 'forge_admin':
+			if ($value == 1) {
+				return true ;
+			}
+			break ;
+			
+		case 'approve_projects':
+		case 'approve_news':
+			if (($value == 1)
+			    || $this->hasGlobalPermission('forge_admin')) {
+				return true ;
+			}
+		break ;
+		
+		case 'project_admin':
+			if (($value == 1)
+			    || $this->hasGlobalPermission('forge_admin')) {
+				return true ;
+			}
+			break ;
+			
+		case 'project_read':
+		case 'tracker_admin':
+		case 'pm_admin':
+		case 'forum_admin':
+			if (($value == 1)
+			    || $this->hasPermission ('project_admin', $reference)) {
+				return true ;
+			}
+		break ;
+		
+		case 'scm':
+			switch ($action) {
+			case 'read':
+				$min = 1 ;
+				break ;
+			case 'write':
+				$min = 2 ;
+				break ;
+			}
+			if (($value >= $min)
+			    || $this->hasPermission ('project_admin', $reference)) {
+				return true ;
+			}
+			break ;
+			
+		case 'docman':
+			switch ($action) {
+			case 'read':
+				$min = 1 ;
+				break ;
+			case 'submit':
+				$min = 2 ;
+				break ;
+			case 'approve':
+				$min = 3 ;
+				break ;
+			case 'admin':
+				$min = 4 ;
+				break ;
+			}
+			if (($value >= $min)
+			    || $this->hasPermission ('project_admin', $reference)) {
+				return true ;
+			}
+			break ;
+			
+		case 'frs':
+			switch ($action) {
+			case 'read':
+				$min = 1 ;
+				break ;
+			case 'write':
+				$min = 2 ;
+				break ;
+			}
+			if (($value >= $min)
+			    || $this->hasPermission ('project_admin', $reference)) {
+				return true ;
+			}
+			break ;
+			
+		case 'forum':
+			switch ($action) {
+			case 'read':
+				$min = 1 ;
+				break ;
+			case 'post':
+				$min = 2 ;
+				break ;
+			case 'moderate':
+				$min = 3 ;
+				break ;
+			}
+			if (($value >= $min)
+			    || $this->hasPermission ('project_admin', $reference)) {
+				return true ;
+			}
+			break ;
+			
+		case 'tracker':
+			switch ($action) {
+			case 'read':
+				$mask = 1 ;
+				break ;
+			case 'tech':
+				$mask = 2 ;
+				break ;
+			case 'manager':
+				$mask = 4 ;
+				break ;
+			}
+			$o = artifactType_get_object ($reference) ;
+
+			if (($value & $mask == true)
+			    || $this->hasPermission ('project_admin', $reference)
+			    || $this->hasPermission ('project_admin', $reference)) {
+				return true ;
+			}
+			break ;
+		}
+	}
+
 	function normalizeDataForSection (&$new_sa, $section) {
 		if (array_key_exists ($section, $this->setting_array)) {
 			$new_sa[$section][0] = $this->setting_array[$section][0] ;



More information about the evolvis-commits mailing list