[evolvis-commits] r15230: RBAC: bugfixes in reporting-related permissions
mirabilos at evolvis.org
mirabilos at evolvis.org
Mon Feb 28 23:50:31 CET 2011
Author: mirabilos
Date: 2011-02-28 23:50:31 +0100 (Mon, 28 Feb 2011)
New Revision: 15230
Added:
trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql
Modified:
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php
trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl
trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php
Log:
RBAC: bugfixes in reporting-related permissions
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php 2011-02-28 22:50:26 UTC (rev 15229)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/RBAC.php 2011-02-28 22:50:31 UTC (rev 15230)
@@ -328,7 +328,7 @@
// ...and map section names and values to the new values
if ($this->data_array['group_id'] == forge_get_config ('stats_group')) {
- $this->perms_array['forge_stats'][-1] = 1 ;
+ $this->perms_array['forge_stats'][-1] = 2 ;
}
$this->perms_array=array();
Added: trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql (rev 0)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/db/20100524-pfo-rbac.sql 2011-02-28 22:50:31 UTC (rev 15230)
@@ -0,0 +1,169 @@
+CREATE OR REPLACE FUNCTION pfo_rbac_permissions_from_old (rid integer, nsec text, nref integer) RETURNS integer AS $$
+DECLARE
+ os role_setting%ROWTYPE ;
+ onsec text ;
+ onref integer ;
+ onval integer ;
+ r pfo_role%ROWTYPE ;
+ mastergroupid integer := 1 ;
+ newsgroupid integer := 0 ;
+ statsgroupid integer := 0 ;
+ opid integer := 0 ;
+ tmp integer := 0 ;
+BEGIN
+ SELECT group_id INTO newsgroupid FROM groups WHERE unix_group_name = 'newsadmin' ;
+ SELECT group_id INTO statsgroupid FROM groups WHERE unix_group_name = 'stats' ;
+
+ SELECT * INTO r FROM pfo_role WHERE old_role_id = rid ;
+
+ IF nsec = 'project_read' AND nref = r.home_group_id THEN
+ RETURN 1 ;
+ END IF ;
+
+ FOR os IN SELECT * FROM role_setting WHERE role_id = rid ORDER BY role_id, section_name, ref_id
+ LOOP
+ SELECT group_id INTO opid FROM role WHERE role_id = os.role_id ;
+
+ IF os.section_name = 'projectadmin' THEN
+ CONTINUE WHEN os.value != 'A' ;
+ IF nsec = 'project_admin' AND nref = opid THEN
+ RETURN 1 ;
+ END IF ;
+
+ IF nsec = 'forge_admin' AND nref = -1 AND opid = mastergroupid THEN
+ RETURN 1 ;
+ END IF ;
+ IF nsec = 'approve_news' AND nref = -1 AND opid = newsgroupid THEN
+ RETURN 1 ;
+ END IF ;
+ IF nsec = 'forge_stats' AND nref = -1 AND opid = statsgroupid THEN
+ RETURN 2 ;
+ END IF ;
+
+ ELSIF os.section_name IN ('trackeradmin', 'pmadmin', 'forumadmin') THEN
+ CONTINUE WHEN os.value != '2' ;
+ onsec = CASE WHEN os.section_name = 'trackeradmin' THEN 'tracker_admin'
+ WHEN os.section_name = 'pmadmin' THEN 'pm_admin'
+ WHEN os.section_name = 'forumadmin' THEN 'forum_admin' END ;
+ IF nsec = onsec AND nref = opid THEN
+ RETURN 1 ;
+ END IF ;
+
+ ELSIF os.section_name IN ('tracker', 'newtracker') THEN
+ CONTINUE WHEN os.value = '-1' ;
+ onsec = CASE WHEN os.section_name = 'tracker' THEN os.section_name
+ WHEN os.section_name = 'newtracker' THEN 'new_tracker' END ;
+ onref = CASE WHEN os.section_name = 'tracker' THEN os.ref_id
+ WHEN os.section_name = 'newtracker' THEN opid END ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' THEN 3
+ WHEN os.value = '2' THEN 7
+ WHEN os.value = '3' THEN 5 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name IN ('pm', 'newpm') THEN
+ CONTINUE WHEN os.value = '-1' ;
+ onsec = CASE WHEN os.section_name = 'pm' THEN os.section_name
+ WHEN os.section_name = 'newpm' THEN 'new_pm' END ;
+ onref = CASE WHEN os.section_name = 'pm' THEN os.ref_id
+ WHEN os.section_name = 'newpm' THEN opid END ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' THEN 3
+ WHEN os.value = '2' THEN 7
+ WHEN os.value = '3' THEN 5 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'forum' THEN
+ CONTINUE WHEN os.value = '-1' ;
+ onsec = os.section_name ;
+ onref = os.ref_id ;
+ SELECT moderation_level INTO tmp FROM forum_group_list WHERE group_forum_id = onref ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' AND tmp >= 2 THEN 2
+ WHEN os.value = '1' AND tmp <= 1 THEN 3
+ WHEN os.value = '2' THEN 4 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'newforum' THEN
+ CONTINUE WHEN os.value = '-1' ;
+ onsec = 'new_forum' ;
+ onref = opid ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' THEN 2
+ WHEN os.value = '2' THEN 4 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'docman' THEN
+ onsec = os.section_name ;
+ onref = opid ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' THEN 4 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'frs' THEN
+ onsec = os.section_name ;
+ onref = opid ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' THEN 3 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'scm' THEN
+ CONTINUE WHEN os.value = '-1' ;
+ onsec = os.section_name ;
+ onref = opid ;
+ onval = CASE WHEN os.value = '0' THEN 1
+ WHEN os.value = '1' THEN 2 END ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'webcal' THEN
+ CONTINUE WHEN os.value = '0' ;
+ onsec = os.section_name ;
+ onref = opid ;
+ onval = os.value ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSIF os.section_name = 'plugin_mediawiki_edit' THEN
+ CONTINUE WHEN os.value = '0' ;
+ onsec = os.section_name ;
+ onref = opid ;
+ onval = os.value ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ ELSE
+ RAISE EXCEPTION 'Unknown setting % for role %', os.section_name, os.role_id ;
+ CONTINUE WHEN os.value = '0' ;
+ onsec = os.section_name ;
+ onref = os.ref_id ;
+ onval = os.value::integer ;
+ IF nsec = onsec AND nref = onref THEN
+ RETURN onval ;
+ END IF ;
+
+ END IF ;
+
+ END LOOP ;
+
+ RETURN 0 ;
+
+END ;
+$$ LANGUAGE plpgsql ;
+
+SELECT pfo_rbac_full_migration () ;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl 2011-02-28 22:50:26 UTC (rev 15229)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/db-upgrade.pl 2011-02-28 22:50:31 UTC (rev 15230)
@@ -2911,6 +2911,7 @@
&update_with_sql("20100506-add-widgets","5.0.1-2");
&update_with_sql("20100517-add-project-widgets","5.0.1-3");
&update_with_sql("20100518-pfo-rbac","5.0.1-4");
+ &update_with_sql("20100524-pfo-rbac","5.0.1-5");
########################### INSERT HERE #################################
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php 2011-02-28 22:50:26 UTC (rev 15229)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/www/reporting/index.php 2011-02-28 22:50:31 UTC (rev 15230)
@@ -65,7 +65,7 @@
<a href="usersummary.php"><?php echo _('Site-Wide Task & Hours (report)'); ?></a><br />
</p>
-<?php if (forge_check_perm ('forge_stats', 'admin')) { ?>
+<?php if (forge_check_global_perm ('forge_stats', 'admin')) { ?>
<h2><?php echo _('Administrative'); ?></h2>
<p>
<a href="rebuild.php"><?php echo _('Initialize / Rebuild Reporting Tables'); ?></a><br />
More information about the evolvis-commits
mailing list