[evolvis-commits] r16357: Use RBAC for artifact workflow checking
mirabilos at evolvis.org
mirabilos at evolvis.org
Tue Mar 1 01:10:56 CET 2011
Author: mirabilos
Date: 2011-03-01 01:10:56 +0100 (Tue, 01 Mar 2011)
New Revision: 16357
Modified:
trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php
Log:
Use RBAC for artifact workflow checking
Modified: trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php 2011-03-01 00:10:54 UTC (rev 16356)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/tracker/ArtifactWorkflow.class.php 2011-03-01 00:10:56 UTC (rev 16357)
@@ -59,16 +59,23 @@
return true;
// There is a transition, now check if current role is allowed.
-
+ $rids = array () ;
+ $available_roles = RBACEngine::getInstance()->getAvailableRoles() ;
+ $project_role_ids = $this->ath->Group->getRolesId () ;
+ foreach ($available_roles as $role) {
+ if (in_array($role->getID(),$project_role_ids)) {
+ $rids[] = $role->getID() ;
+ }
+ }
+
$res = db_query_params ('SELECT event_id
- FROM user_group, artifact_workflow_roles
- WHERE user_id=$1
- AND group_id=$2
- AND event_id=$3
- AND user_group.role_id=artifact_workflow_roles.role_id',
- array(user_getid(),
- $this->ath->Group->getID(),
- $event_id));
+ FROM artifact_workflow_roles
+ WHERE group_id=$1
+ AND event_id=$2
+ AND role_id=ANY($3)',
+ array ($this->ath->Group->getID(),
+ $event_id,
+ db_int_array_to_any_clause($rids)));
return db_result($res, 0, 'event_id') ? true : false;
}
return false;
More information about the evolvis-commits
mailing list