[evolvis-commits] r16360: Use RBAC API rather than accessing the user_group table

mirabilos at evolvis.org mirabilos at evolvis.org
Tue Mar 1 01:11:04 CET 2011


Author: mirabilos
Date: 2011-03-01 01:11:04 +0100 (Tue, 01 Mar 2011)
New Revision: 16360

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php
Log:
Use RBAC API rather than accessing the user_group table

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php	2011-03-01 00:11:02 UTC (rev 16359)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/tracker/admin/form-extrafieldcopy.php	2011-03-01 00:11:04 UTC (rev 16360)
@@ -30,24 +30,24 @@
 
 // Get a list of all extra fields in trackers and groups that you have perms to admin
 
+$project_ids = array () ;
+foreach (session_getuser()->getGroups() as $p) {
+	if (forge_check_perm ('tracker_admin', $p->getID())) {
+		$project_ids[] = $p->getID() ;
+	}
+}
+
 $res = db_query_params ('SELECT g.unix_group_name, agl.name AS tracker_name, aefl.field_name, aefl.extra_field_id
 			FROM groups g, 
 			artifact_group_list agl, 
-			artifact_extra_field_list aefl,
-			user_group ug,
-			artifact_perm ap
-			WHERE 
-			(ug.admin_flags=$1 OR ug.artifact_flags=2 OR ap.perm_level>=2)
-			AND ug.user_id=$2
-			AND ug.group_id=g.group_id
+			artifact_extra_field_list aefl
+			WHERE g.group_id=ANY($1)
 			AND g.group_id=agl.group_id 
 			AND agl.group_artifact_id=ap.group_artifact_id
-			AND ap.user_id=$2
 			AND aefl.group_artifact_id=agl.group_artifact_id
-			AND aefl.extra_field_id != $3
+			AND aefl.extra_field_id != $2
 			AND aefl.field_type IN (1,2,3,5,7)',
-			array ('A',
-			       user_getid(),
+			array (db_int_array_to_any_clause ($project_ids),
 			       $id));
 		if (db_numrows($res) < 1) {
 			exit_error(_('Cannot find a destination tracker where you have administration rights.'),'tracker');



More information about the evolvis-commits mailing list