[evolvis-commits] r16360: Use RBAC API rather than accessing the user_group table
mirabilos at evolvis.org
mirabilos at evolvis.org
Tue Mar 1 01:11:04 CET 2011
Author: mirabilos
Date: 2011-03-01 01:11:04 +0100 (Tue, 01 Mar 2011)
New Revision: 16360
Modified:
trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php
Log:
Use RBAC API rather than accessing the user_group table
Modified: trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php 2011-03-01 00:11:02 UTC (rev 16359)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php 2011-03-01 00:11:04 UTC (rev 16360)
@@ -30,24 +30,24 @@
// Get a list of all extra fields in trackers and groups that you have perms to admin
+$project_ids = array () ;
+foreach (session_getuser()->getGroups() as $p) {
+ if (forge_check_perm ('tracker_admin', $p->getID())) {
+ $project_ids[] = $p->getID() ;
+ }
+}
+
$res = db_query_params ('SELECT g.unix_group_name, agl.name AS tracker_name, aefl.field_name, aefl.extra_field_id
FROM groups g,
artifact_group_list agl,
- artifact_extra_field_list aefl,
- user_group ug,
- artifact_perm ap
- WHERE
- (ug.admin_flags=$1 OR ug.artifact_flags=2 OR ap.perm_level>=2)
- AND ug.user_id=$2
- AND ug.group_id=g.group_id
+ artifact_extra_field_list aefl
+ WHERE g.group_id=ANY($1)
AND g.group_id=agl.group_id
AND agl.group_artifact_id=ap.group_artifact_id
- AND ap.user_id=$2
AND aefl.group_artifact_id=agl.group_artifact_id
- AND aefl.extra_field_id != $3
+ AND aefl.extra_field_id != $2
AND aefl.field_type IN (1,2,3,5,7)',
- array ('A',
- user_getid(),
+ array (db_int_array_to_any_clause ($project_ids),
$id));
if (db_numrows($res) < 1) {
exit_error(_('Cannot find a destination tracker where you have administration rights.'),'tracker');
More information about the evolvis-commits
mailing list