[evolvis-commits] r15884: Use RBAC to determine what projects a user is a member of
mirabilos at evolvis.org
mirabilos at evolvis.org
Tue Mar 1 00:34:51 CET 2011
Author: mirabilos
Date: 2011-03-01 00:34:51 +0100 (Tue, 01 Mar 2011)
New Revision: 15884
Modified:
trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php
trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php
trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php
Log:
Use RBAC to determine what projects a user is a member of
Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php 2011-02-28 23:34:48 UTC (rev 15883)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php 2011-02-28 23:34:51 UTC (rev 15884)
@@ -1140,10 +1140,23 @@
* @return array Array of groups.
*/
function &getGroups() {
- $res = db_query_params ('SELECT group_id FROM user_group WHERE user_id=$1',
- array ($this->getID())) ;
- $arr =& util_result_column_to_array($res,0);
- return group_get_objects($arr);
+
+ if (USE_PFO_RBAC) {
+ $roles = RBACEngine::getInstance()->getAvailableRolesForUser ($this) ;
+ $ids = array () ;
+ foreach ($roles as $r) {
+ if ($r instanceof RoleExplicit
+ && $r->getHomeProject() != NULL) {
+ $ids[] = $r->getHomeProject()->getID() ;
+ }
+ }
+ return group_get_objects(array_unique($ids)) ;
+ } else {
+ $res = db_query_params ('SELECT group_id FROM user_group WHERE user_id=$1',
+ array ($this->getID())) ;
+ $arr =& util_result_column_to_array($res,0);
+ return group_get_objects($arr);
+ }
}
/**
Modified: trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php 2011-02-28 23:34:48 UTC (rev 15883)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/my/index.php 2011-02-28 23:34:51 UTC (rev 15884)
@@ -396,39 +396,38 @@
$order_name_arr[]=_('Remove');
$order_name_arr[]=_('My Projects');
$order_name_arr[]=_('My Roles');
- echo $HTML->listTableTop($order_name_arr);
+ echo $HTML->listTableTop($order_name_arr);
+
+ $groups = $user->getGroups() ;
- // Include both groups and foundries; developers should be similarly
- // aware of membership in either.
- $result = db_query_params ('SELECT groups.group_name,groups.group_id,groups.unix_group_name,groups.status,groups.type_id,user_group.admin_flags,role.role_name
- FROM groups,user_group,role
- WHERE groups.group_id=user_group.group_id
- AND user_group.user_id=$1
- AND groups.status=$2
- AND user_group.role_id=role.role_id
- ORDER BY group_name',
- array (user_getid(),
- 'A')) ;
- $rows=db_numrows($result);
- if (!$result || $rows < 1) {
+ if (count ($groups) < 1) {
echo '<tr><td colspan="3"><strong>'._('You\'re not a member of any active projects').'</strong></td></tr>';
- echo db_error();
} else {
- for ($i=0; $i<$rows; $i++) {
- $admin_flags = db_result($result, $i, 'admin_flags');
- if (stristr($admin_flags, 'A')) {
- $img="trash-x.png";
- } else {
- $img="trash.png";
+ $roles = RBACEngine::getInstance()->getAvailableRolesForUser ($user) ;
+ foreach ($groups as $g) {
+ $bestrole = NULL ;
+ $img="trash.png";
+ foreach ($roles as $r) {
+ if ($r instanceof RoleExplicit
+ && $r->getHomeProject() != NULL
+ && $r->getHomeProject()->getID() == $g->getID()) {
+ $bestrole = $r ;
+ if ($r->hasPermission ('project_admin', $g->getID())) {
+ $img="trash-x.png";
+ break ;
+ }
+ }
}
echo '
<tr '. $HTML->boxGetAltRowStyle($i) .'><td class="align-center">' ;
- echo util_make_link ("/my/rmproject.php?group_id=" . db_result($result,$i,'group_id'),
+ echo util_make_link ("/my/rmproject.php?group_id=" . $g->getID(),
'<img src="'.$HTML->imgroot.'ic/'.$img.'" alt="'._('Delete').'" height="16" width="16" border="0" />') ;
echo '</td>
- <td>'.util_make_link_g (db_result($result,$i,'unix_group_name'),db_result($result,$i,'group_id'),db_result($result,$i,'group_name')).'</td>
- <td>'. htmlspecialchars(db_result($result,$i,'role_name')) .'</td></tr>';
+ <td>'.util_make_link_g ($g->getUnixName(),$g->getID(),$g->getPublicName()).'</td>
+ <td>'. htmlspecialchars($r->getName()) .'</td></tr>';
+
+
}
}
echo $HTML->listTableBottom();
Modified: trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php 2011-02-28 23:34:48 UTC (rev 15883)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/my/rmproject.php 2011-02-28 23:34:51 UTC (rev 15884)
@@ -40,6 +40,30 @@
exit_error($group->getErrorMessage(),'my');
}
+/*
+ Main code
+*/
+
+$roles = RBACEngine::getInstance()->getAvailableRolesForUser (session_get_user()) ;
+
+$isadmin = false ;
+foreach ($roles as $r) {
+ if ($r instanceof RoleExplicit
+ && $r->getHomeProject() != NULL
+ && $r->getHomeProject()->getID() == $group_id
+ && $r->hasPermission ('project_admin', $group_id)) {
+ $isadmin = true ;
+ }
+}
+
+
+if ($isadmin) {
+ exit_error(
+ sprintf (_('You cannot remove yourself from this project, because you are admin of it. You should ask other admin to reset your admin privilege first. If you are the only admin of the project, please consider posting availability notice to <a href="%s">Help Wanted Board</a> and be ready to pass admin privilege to interested party.'),
+ util_make_url ("/people/")
+ ) ,'my');
+}
+
if (getStringFromRequest('confirm')) {
$user_id = user_getid();
@@ -52,17 +76,6 @@
}
-/*
- Main code
-*/
-
-if (forge_check_perm ('project_admin', $group_id)) {
- exit_error(
- sprintf (_('You cannot remove yourself from this project, because you are admin of it. You should ask other admin to reset your admin privilege first. If you are the only admin of the project, please consider posting availability notice to <a href="%s">Help Wanted Board</a> and be ready to pass admin privilege to interested party.'),
- util_make_url ("/people/")
- ) ,'my');
-}
-
site_user_header(array('title'=>_('Quitting Project')));
echo '
@@ -92,4 +105,9 @@
site_user_footer(array());
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
?>
More information about the evolvis-commits
mailing list