[evolvis-commits] r16357: Use RBAC for artifact workflow checking

mirabilos at evolvis.org mirabilos at evolvis.org
Tue Mar 1 01:10:56 CET 2011


Author: mirabilos
Date: 2011-03-01 01:10:56 +0100 (Tue, 01 Mar 2011)
New Revision: 16357

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php
Log:
Use RBAC for artifact workflow checking

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php	2011-03-01 00:10:54 UTC (rev 16356)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php	2011-03-01 00:10:56 UTC (rev 16357)
@@ -59,16 +59,23 @@
 				return true;
 
 			// There is a transition, now check if current role is allowed.
-
+			$rids = array () ;
+			$available_roles = RBACEngine::getInstance()->getAvailableRoles() ;
+			$project_role_ids = $this->ath->Group->getRolesId () ;
+			foreach ($available_roles as $role) {
+				if (in_array($role->getID(),$project_role_ids)) {
+					$rids[] = $role->getID() ;
+				}
+			}
+			
 			$res = db_query_params ('SELECT event_id 
-					FROM user_group, artifact_workflow_roles 
-					WHERE user_id=$1
-					AND group_id=$2
-					AND event_id=$3 
-					AND user_group.role_id=artifact_workflow_roles.role_id',
-			array(user_getid(),
-				$this->ath->Group->getID(),
-				$event_id));
+					FROM artifact_workflow_roles 
+					WHERE group_id=$1
+					AND event_id=$2
+					AND role_id=ANY($3)',
+						array ($this->ath->Group->getID(),
+						       $event_id,
+						       db_int_array_to_any_clause($rids)));
 			return db_result($res, 0, 'event_id') ? true : false;
 		}
 		return false;



More information about the evolvis-commits mailing list