[evolvis-commits] r15230: RBAC: bugfixes in reporting-related permissions

mirabilos at evolvis.org mirabilos at evolvis.org
Mon Feb 28 23:50:31 CET 2011


Author: mirabilos
Date: 2011-02-28 23:50:31 +0100 (Mon, 28 Feb 2011)
New Revision: 15230

Added:
   trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql
Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php
   trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl
   trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php
Log:
RBAC: bugfixes in reporting-related permissions

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php	2011-02-28 22:50:26 UTC (rev 15229)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php	2011-02-28 22:50:31 UTC (rev 15230)
@@ -328,7 +328,7 @@
 			// ...and map section names and values to the new values
 
 			if ($this->data_array['group_id'] == forge_get_config ('stats_group')) {
-				$this->perms_array['forge_stats'][-1] = 1 ;
+				$this->perms_array['forge_stats'][-1] = 2 ;
 			}
 
 			$this->perms_array=array();

Added: trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql	                        (rev 0)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql	2011-02-28 22:50:31 UTC (rev 15230)
@@ -0,0 +1,169 @@
+CREATE OR REPLACE FUNCTION pfo_rbac_permissions_from_old (rid integer, nsec text, nref integer) RETURNS integer AS $$
+DECLARE
+	os role_setting%ROWTYPE ;
+	onsec text ;
+	onref integer ;
+	onval integer ;
+	r pfo_role%ROWTYPE ;
+	mastergroupid integer := 1 ;
+	newsgroupid integer := 0 ;
+	statsgroupid integer := 0 ;
+	opid integer := 0 ;
+	tmp integer := 0 ;
+BEGIN
+	SELECT group_id INTO newsgroupid FROM groups WHERE unix_group_name = 'newsadmin' ;
+	SELECT group_id INTO statsgroupid FROM groups WHERE unix_group_name = 'stats' ;
+
+	SELECT * INTO r FROM pfo_role WHERE old_role_id = rid ;
+
+	IF nsec = 'project_read' AND nref = r.home_group_id THEN
+	   RETURN 1 ;
+	END IF ;
+
+	FOR os IN SELECT * FROM role_setting WHERE role_id = rid ORDER BY role_id, section_name, ref_id
+	LOOP
+		SELECT group_id INTO opid FROM role WHERE role_id = os.role_id ;
+
+		IF os.section_name = 'projectadmin' THEN
+		   CONTINUE WHEN os.value != 'A' ;
+		   IF nsec = 'project_admin' AND nref = opid THEN
+		      RETURN 1 ;
+		   END IF ;
+		   
+		   IF nsec = 'forge_admin' AND nref = -1 AND opid = mastergroupid THEN
+		      RETURN 1 ;
+		   END IF ;
+		   IF nsec = 'approve_news' AND nref = -1 AND opid = newsgroupid THEN
+		      RETURN 1 ;
+		   END IF ;
+		   IF nsec = 'forge_stats' AND nref = -1 AND opid = statsgroupid THEN
+		      RETURN 2 ;
+		   END IF ;
+
+		ELSIF os.section_name IN ('trackeradmin', 'pmadmin', 'forumadmin') THEN
+		   CONTINUE WHEN os.value != '2' ;
+		   onsec = CASE WHEN os.section_name = 'trackeradmin' THEN 'tracker_admin'
+		   	       WHEN os.section_name = 'pmadmin' THEN 'pm_admin'
+		   	       WHEN os.section_name = 'forumadmin' THEN 'forum_admin' END ;
+		   IF nsec = onsec AND nref = opid THEN
+		      RETURN 1 ;
+		   END IF ;
+
+		ELSIF os.section_name IN ('tracker', 'newtracker') THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = CASE WHEN os.section_name = 'tracker' THEN os.section_name
+		   	       WHEN os.section_name = 'newtracker' THEN 'new_tracker' END ;
+		   onref = CASE WHEN os.section_name = 'tracker' THEN os.ref_id
+		   	       WHEN os.section_name = 'newtracker' THEN opid END ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 3
+		   	       WHEN os.value = '2' THEN 7
+		   	       WHEN os.value = '3' THEN 5 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name IN ('pm', 'newpm') THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = CASE WHEN os.section_name = 'pm' THEN os.section_name
+		   	       WHEN os.section_name = 'newpm' THEN 'new_pm' END ;
+		   onref = CASE WHEN os.section_name = 'pm' THEN os.ref_id
+		   	       WHEN os.section_name = 'newpm' THEN opid END ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 3
+		   	       WHEN os.value = '2' THEN 7
+		   	       WHEN os.value = '3' THEN 5 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'forum' THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = os.section_name ;
+		   onref = os.ref_id ;
+		   SELECT moderation_level INTO tmp FROM forum_group_list WHERE group_forum_id = onref ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' AND tmp >= 2 THEN 2
+		   	       WHEN os.value = '1' AND tmp <= 1 THEN 3
+		   	       WHEN os.value = '2' THEN 4 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'newforum' THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = 'new_forum' ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 2
+		   	       WHEN os.value = '2' THEN 4 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'docman' THEN
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 4 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'frs' THEN
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 3 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'scm' THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 2 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'webcal' THEN
+		   CONTINUE WHEN os.value = '0' ;
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = os.value ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'plugin_mediawiki_edit' THEN
+		   CONTINUE WHEN os.value = '0' ;
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = os.value ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSE
+		   RAISE EXCEPTION 'Unknown setting % for role %', os.section_name, os.role_id ;
+		   CONTINUE WHEN os.value = '0' ;
+		   onsec = os.section_name ;
+		   onref = os.ref_id ;
+		   onval = os.value::integer ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		END IF ;
+
+	END LOOP ;
+
+	RETURN 0 ;
+
+END ;
+$$ LANGUAGE plpgsql ;
+
+SELECT pfo_rbac_full_migration () ;

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl	2011-02-28 22:50:26 UTC (rev 15229)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl	2011-02-28 22:50:31 UTC (rev 15230)
@@ -2911,6 +2911,7 @@
     &update_with_sql("20100506-add-widgets","5.0.1-2");
     &update_with_sql("20100517-add-project-widgets","5.0.1-3");
     &update_with_sql("20100518-pfo-rbac","5.0.1-4");
+    &update_with_sql("20100524-pfo-rbac","5.0.1-5");
 
     ########################### INSERT HERE #################################
 

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php	2011-02-28 22:50:26 UTC (rev 15229)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php	2011-02-28 22:50:31 UTC (rev 15230)
@@ -65,7 +65,7 @@
 <a href="usersummary.php"><?php echo _('Site-Wide Task & Hours (report)'); ?></a><br />
 </p>
 
-<?php if (forge_check_perm ('forge_stats', 'admin')) { ?>
+<?php if (forge_check_global_perm ('forge_stats', 'admin')) { ?>
 <h2><?php echo _('Administrative'); ?></h2>
 <p>
 <a href="rebuild.php"><?php echo _('Initialize / Rebuild Reporting Tables'); ?></a><br />



More information about the evolvis-commits mailing list