[evolvis-commits] r15884: Use RBAC to determine what projects a user is a member of

mirabilos at evolvis.org mirabilos at evolvis.org
Tue Mar 1 00:34:51 CET 2011


Author: mirabilos
Date: 2011-03-01 00:34:51 +0100 (Tue, 01 Mar 2011)
New Revision: 15884

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php
   trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php
   trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php
Log:
Use RBAC to determine what projects a user is a member of

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php	2011-02-28 23:34:48 UTC (rev 15883)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php	2011-02-28 23:34:51 UTC (rev 15884)
@@ -1140,10 +1140,23 @@
 	 *	@return array	Array of groups.
 	 */
 	function &getGroups() {
-		$res = db_query_params ('SELECT group_id FROM user_group WHERE user_id=$1',
-					array ($this->getID())) ;
-		$arr =& util_result_column_to_array($res,0);	
-		return group_get_objects($arr);
+
+		if (USE_PFO_RBAC) {
+			$roles = RBACEngine::getInstance()->getAvailableRolesForUser ($this) ;
+			$ids = array () ;
+			foreach ($roles as $r) {
+				if ($r instanceof RoleExplicit
+				    && $r->getHomeProject() != NULL) {
+					$ids[] = $r->getHomeProject()->getID() ;
+				}
+			}
+			return group_get_objects(array_unique($ids)) ;
+		} else {
+			$res = db_query_params ('SELECT group_id FROM user_group WHERE user_id=$1',
+						array ($this->getID())) ;
+			$arr =& util_result_column_to_array($res,0);	
+			return group_get_objects($arr);
+		}
 	}
 
 	/**

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php	2011-02-28 23:34:48 UTC (rev 15883)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php	2011-02-28 23:34:51 UTC (rev 15884)
@@ -396,39 +396,38 @@
 	$order_name_arr[]=_('Remove');
 	$order_name_arr[]=_('My Projects');
 	$order_name_arr[]=_('My Roles');
-    echo $HTML->listTableTop($order_name_arr);
+	echo $HTML->listTableTop($order_name_arr);
+	
+	$groups = $user->getGroups() ;
 
-	// Include both groups and foundries; developers should be similarly
-	// aware of membership in either.
-	$result = db_query_params ('SELECT groups.group_name,groups.group_id,groups.unix_group_name,groups.status,groups.type_id,user_group.admin_flags,role.role_name
-		FROM groups,user_group,role 
-		WHERE groups.group_id=user_group.group_id 
-		AND user_group.user_id=$1
-		AND groups.status=$2 
-		AND user_group.role_id=role.role_id 
-		ORDER BY group_name',
-				   array (user_getid(),
-					  'A')) ;
-	$rows=db_numrows($result);
-	if (!$result || $rows < 1) {
+	if (count ($groups) < 1) {
 		echo '<tr><td colspan="3"><strong>'._('You\'re not a member of any active projects').'</strong></td></tr>';
-		echo db_error();
 	} else {
-		for ($i=0; $i<$rows; $i++) {
-			$admin_flags = db_result($result, $i, 'admin_flags');
-			if (stristr($admin_flags, 'A')) {
-				$img="trash-x.png";
-			} else {
-				$img="trash.png";
+		$roles = RBACEngine::getInstance()->getAvailableRolesForUser ($user) ;
+		foreach ($groups as $g) {
+			$bestrole = NULL ;
+			$img="trash.png";
+			foreach ($roles as $r) {
+				if ($r instanceof RoleExplicit
+				    && $r->getHomeProject() != NULL
+				    && $r->getHomeProject()->getID() == $g->getID()) {
+					$bestrole = $r ;
+					if ($r->hasPermission ('project_admin', $g->getID())) {
+						$img="trash-x.png";
+						break ;
+					}
+				}
 			}
 			echo '
 			<tr '. $HTML->boxGetAltRowStyle($i) .'><td class="align-center">' ;
-			echo util_make_link ("/my/rmproject.php?group_id=" . db_result($result,$i,'group_id'),
+			echo util_make_link ("/my/rmproject.php?group_id=" . $g->getID(),
 					     '<img src="'.$HTML->imgroot.'ic/'.$img.'" alt="'._('Delete').'" height="16" width="16" border="0" />') ;
 
 			echo '</td>
-			<td>'.util_make_link_g (db_result($result,$i,'unix_group_name'),db_result($result,$i,'group_id'),db_result($result,$i,'group_name')).'</td>
-			<td>'. htmlspecialchars(db_result($result,$i,'role_name')) .'</td></tr>';
+			<td>'.util_make_link_g ($g->getUnixName(),$g->getID(),$g->getPublicName()).'</td>
+			<td>'. htmlspecialchars($r->getName()) .'</td></tr>';
+
+
 		}
 	}
 	echo $HTML->listTableBottom();

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php	2011-02-28 23:34:48 UTC (rev 15883)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php	2011-02-28 23:34:51 UTC (rev 15884)
@@ -40,6 +40,30 @@
 	exit_error($group->getErrorMessage(),'my');
 }
 
+/*
+	Main code
+*/
+
+$roles = RBACEngine::getInstance()->getAvailableRolesForUser (session_get_user()) ;
+
+$isadmin = false ;
+foreach ($roles as $r) {
+	if ($r instanceof RoleExplicit
+	    && $r->getHomeProject() != NULL
+	    && $r->getHomeProject()->getID() == $group_id
+	    && $r->hasPermission ('project_admin', $group_id)) {
+		$isadmin = true ;
+	}
+}
+
+
+if ($isadmin) {
+	exit_error(
+		sprintf (_('You cannot remove yourself from this project, because you are admin of it. You should ask other admin to reset your admin privilege first. If you are the only admin of the project, please consider posting availability notice to <a href="%s">Help Wanted Board</a> and be ready to pass admin privilege to interested party.'),
+			 util_make_url ("/people/")
+			) ,'my');
+}
+
 if (getStringFromRequest('confirm')) {
 
 	$user_id = user_getid();
@@ -52,17 +76,6 @@
 
 }
 
-/*
-	Main code
-*/
-
-if (forge_check_perm ('project_admin', $group_id)) {
-	exit_error(
-		sprintf (_('You cannot remove yourself from this project, because you are admin of it. You should ask other admin to reset your admin privilege first. If you are the only admin of the project, please consider posting availability notice to <a href="%s">Help Wanted Board</a> and be ready to pass admin privilege to interested party.'),
-			 util_make_url ("/people/")
-			) ,'my');
-}
-
 site_user_header(array('title'=>_('Quitting Project')));
 
 echo '
@@ -92,4 +105,9 @@
 
 site_user_footer(array());
 
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
 ?>



More information about the evolvis-commits mailing list