[evolvis-commits] r18383: [#2972] upstream pending merges:↵ Roland Mas 2012-04-26 Fixing searches, part 2: filter results according to RBAC before displaying them↵ Roland Mas 2012-04-26 Fixing searches, part 1: some queries wouldn't return any results; test su...↵ Roland Mas 2012-04-26 Make logged queries more readable

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 26 15:41:54 CEST 2012


Author: mirabilos
Date: 2012-04-26 15:41:53 +0200 (Thu, 26 Apr 2012)
New Revision: 18383

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/common/include/database-pgsql.php
   trunk/gforge_base/evolvisforge-5.1/src/common/search/ArtifactSearchQuery.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/search/DocsSearchQuery.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/search/ForumsSearchQuery.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/search/NewsSearchQuery.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/search/TasksSearchQuery.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/search/TrackersSearchQuery.class.php
   trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
   trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ArtifactHtmlSearchRenderer.class.php
   trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/DocsHtmlSearchRenderer.class.php
   trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumHtmlSearchRenderer.class.php
   trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumsHtmlSearchRenderer.class.php
   trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TasksHtmlSearchRenderer.class.php
   trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TrackersHtmlSearchRenderer.class.php
   trunk/gforge_base/evolvisforge-5.1/tests/func/Search/searchTest.php
Log:
[#2972] upstream pending merges:
  Roland Mas 2012-04-26 Fixing searches, part 2: filter results according to RBAC before displaying them
    Roland Mas 2012-04-26 Fixing searches, part 1: some queries wouldn't return any results; test su...
    Roland Mas 2012-04-26 Make logged queries more readable

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/database-pgsql.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/database-pgsql.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/database-pgsql.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -636,6 +636,9 @@
 }
 
 function db_query_to_string ($sql, $params = array()) {
+	$sql = preg_replace('/\n/',' ',$sql);
+	$sql = preg_replace('/\t/',' ',$sql);
+	$sql = preg_replace('/\s+/',' ',$sql);
 	foreach ($params as $index => $value) {
 		$sql = preg_replace('/\\$'.($index+1).'(?!\d)/', "'".$value."'", $sql);
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/search/ArtifactSearchQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/search/ArtifactSearchQuery.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/search/ArtifactSearchQuery.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -68,10 +68,10 @@
 
 		$qpa = db_construct_qpa ($qpa,
 					 'SELECT x.* FROM (SELECT artifact.artifact_id, artifact.group_artifact_id, artifact.summary, artifact.open_date, users.realname, artifact.summary||$1||artifact.details||$1||coalesce(ff_string_agg(artifact_message.body), $1) as full_string_agg',
-						 array (''));
+						 array ($this->field_separator));
 		if (forge_get_config('use_fti')) {
 			$qpa = db_construct_qpa ($qpa,
-						 ', (artifact_idx.vectors || coalesce(ff_tsvector_agg(artifact_message_idx.vectors), $1::tsvector)) AS full_vector_agg',
+						 ', (artifact_idx.vectors || coalesce(ff_tsvector_agg(artifact_message_idx.vectors), to_tsvector($1))) AS full_vector_agg',
 						 array(''));
 						 }
 		$qpa = db_construct_qpa ($qpa, 
@@ -103,7 +103,7 @@
 		
 		if (forge_get_config('use_fti')) {
 			$qpa = db_construct_qpa ($qpa,
-						 'full_vector_agg @@ $1 ',
+						 'full_vector_agg @@ to_tsquery($1) ',
 						 array($words));
 			if (count($this->phrases)) {
 				$qpa = db_construct_qpa ($qpa,
@@ -113,7 +113,7 @@
 							 ') ') ;
 			}
 			$qpa = db_construct_qpa ($qpa,
-						 'ORDER BY ts_rank(full_vector_agg, $1) DESC',
+						 'ORDER BY ts_rank(full_vector_agg, to_tsquery($1)) DESC',
 						 array($words)) ;
 			
 		} else {
@@ -135,11 +135,11 @@
 			$artifactId = $this->artifactId;
 
 			$qpa = db_construct_qpa ($qpa,
-						 'SELECT a.group_artifact_id, a.artifact_id, ts_headline(summary, $1) AS summary, ',
+						 'SELECT a.group_artifact_id, a.artifact_id, ts_headline(summary, to_tsquery($1)) AS summary, ',
 						 array ($words)) ;
 			$qpa = db_construct_qpa ($qpa,
 						 'a.open_date, users.realname, rank FROM (SELECT a.artifact_id, SUM (ts_rank(ai.vectors, q) + ts_rank(ami.vectors, q)) AS rank, artifact.summary||$1||artifact.details||$1||coalesce(ff_string_agg(artifact_message.body), $1) as full_string_agg FROM artifact a LEFT OUTER JOIN artifact_message am USING (artifact_id)',
-						 array('')) ;
+						 array($this->field_separator)) ;
 
 			$qpa = db_construct_qpa ($qpa,
 						 ', artifact_idx ai, artifact_message_idx ami, to_tsquery($1) q',

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/search/DocsSearchQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/search/DocsSearchQuery.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/search/DocsSearchQuery.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -106,7 +106,7 @@
 					 array ($this->field_separator,
 						$words)) ;
 		$qpa = db_construct_qpa ($qpa,
-					 ' WHERE doc_data.doc_group = doc_groups.doc_group AND doc_data.docid = doc_data_idx.docid AND (vectors @@ $1',
+					 ' WHERE doc_data.doc_group = doc_groups.doc_group AND doc_data.docid = doc_data_idx.docid AND (vectors @@ to_tsquery($1)',
 					 array ($words)) ;
 		$qpa = db_construct_qpa ($qpa,
 					 ') AND doc_data.group_id = $1',
@@ -130,7 +130,7 @@
 			$qpa = $this->addMatchCondition($qpa, 'full_string_agg');
 		}
 		$qpa = db_construct_qpa ($qpa,
-					 ' ORDER BY ts_rank(vectors, $1) DESC, groupname ASC',
+					 ' ORDER BY ts_rank(vectors, to_tsquery($1)) DESC, groupname ASC',
 					 array($words)) ;
 		return $qpa ;
 	}
@@ -142,6 +142,10 @@
 	 * @param $showNonPublic boolean if we should consider non public sections
 	 */
 	static function getSections($groupId, $showNonPublic=false) {
+		if (!forge_check_perm('docman',$groupId,'read')) {
+			return array();
+		}
+
 		$sql = 'SELECT doc_groups.doc_group, doc_groups.groupname FROM doc_groups, doc_data'
 			.' WHERE doc_groups.doc_group = doc_data.doc_group AND doc_groups.group_id=$1';
 		if ($showNonPublic) {

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/search/ForumsSearchQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/search/ForumsSearchQuery.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/search/ForumsSearchQuery.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -80,7 +80,7 @@
 			}
 
 			$qpa = db_construct_qpa ($qpa,
-						 'SELECT forum.msg_id, ts_headline(forum.subject, q) AS subject, forum.post_date, users.realname, forum_group_list.forum_name, forum.subject||$2||forum.body as full_string_agg FROM forum, users, forum_group_list, forum_idx, to_tsquery($1) as q ',
+						 'SELECT forum.group_forum_id, forum.msg_id, ts_headline(forum.subject, q) AS subject, forum.post_date, users.realname, forum_group_list.forum_name, forum.subject||$2||forum.body as full_string_agg FROM forum, users, forum_group_list, forum_idx, to_tsquery($1) as q ',
 						 array ($this->getFTIwords(),
 							$this->field_separator)) ;
 			$qpa = db_construct_qpa ($qpa,
@@ -156,16 +156,15 @@
 	 */
 	static function getSections($groupId, $showNonPublic=false) {
 		$sql = 'SELECT group_forum_id, forum_name FROM forum_group_list WHERE group_id = $1 AND is_public <> 9';
-		if (!$showNonPublic) {
-			$sql .= ' AND is_public = 1';
-		}
 		$sql .= ' ORDER BY forum_name';
 		
 		$sections = array();
 		$res = db_query_params ($sql,
 					array ($groupId));
 		while($data = db_fetch_array($res)) {
-			$sections[$data['group_forum_id']] = $data['forum_name'];
+			if (forge_check_perm('forum',$data['group_forum_id'],'read')) {
+				$sections[$data['group_forum_id']] = $data['forum_name'];
+			}
 		}
 		return $sections;
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/search/NewsSearchQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/search/NewsSearchQuery.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/search/NewsSearchQuery.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -71,7 +71,7 @@
 				$qpa = $this->addMatchCondition ($qpa, 'full_string_agg') ;
 			}
 			$qpa = db_construct_qpa ($qpa,
-						 ' ORDER BY ts_rank(vectors, $1) DESC, post_date DESC',
+						 ' ORDER BY ts_rank(vectors, to_tsquery($1)) DESC, post_date DESC',
 						 array($words)) ;
 		} else {
 			$qpa = db_construct_qpa ($qpa,

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/search/TasksSearchQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/search/TasksSearchQuery.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/search/TasksSearchQuery.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -68,53 +68,77 @@
 		$qpa = db_construct_qpa () ;
 
 		$qpa = db_construct_qpa ($qpa,
-					 'SELECT x.* FROM (SELECT project_task.project_task_id, project_task.summary, project_task.percent_complete, project_task.start_date, project_task.end_date, users.realname, project_group_list.project_name, project_task.summary||$1||project_task.details||$1||coalesce(ff_string_agg(project_messages.body), $1) as full_string_agg',
-					 array (''));
+					 'SELECT x.* FROM (SELECT y.group_project_id, y.project_task_id, y.summary, y.percent_complete, y.start_date, y.end_date, users.realname, project_group_list.project_name, y.full_string_agg',
+					 array());
 		if (forge_get_config('use_fti')) {
 			$words = $this->getFTIwords();
 			$qpa = db_construct_qpa ($qpa,
-						 ', (project_task_idx.vectors || coalesce(ff_tsvector_agg(project_messages_idx.vectors), $1::tsvector)) AS full_vector_agg',
-						 array (''));
+						 ', y.full_vector_agg',
+						 array());
 		}
-		$qpa = db_construct_qpa ($qpa, 
-					 ' FROM project_task LEFT OUTER JOIN project_messages USING (project_task_id), users, project_group_list',
-					 array ()) ;
+		$qpa = db_construct_qpa ($qpa,
+					 ' FROM (SELECT project_task.project_task_id, project_task.summary, project_task.percent_complete, project_task.start_date, project_task.end_date, project_task.created_by, project_task.group_project_id, project_task.summary||$1||project_task.details||$1||coalesce(ff_string_agg(project_messages.body), $1) as full_string_agg',
+					 array($this->field_separator));
 		if (forge_get_config('use_fti')) {
-			$qpa = db_construct_qpa ($qpa, 
-						 ', project_task_idx, project_messages_idx',
-						 array ()) ;
+			$qpa = db_construct_qpa ($qpa,
+						 ', project_task_idx.vectors || coalesce(ff_tsvector_agg(project_messages_idx.vectors), to_tsvector($1)) AS full_vector_agg',
+						 array(''));
 		}
-		$qpa = db_construct_qpa ($qpa, 
-					 ' WHERE project_task.created_by = users.user_id AND project_task.group_project_id = project_group_list.group_project_id AND project_group_list.group_id = $1 AND project_messages.project_task_id = project_task.project_task_id ',
-					 array ($this->groupId)) ;
+		$qpa = db_construct_qpa ($qpa,
+					 ' FROM project_task LEFT OUTER JOIN project_messages USING (project_task_id)',
+					 array());
+		
+		if (forge_get_config('use_fti')) {
+			$qpa = db_construct_qpa ($qpa,
+						 ' LEFT OUTER JOIN project_messages_idx ON (project_messages.project_message_id = project_messages_idx.id) JOIN project_task_idx ON (project_task.project_task_id = project_task_idx.project_task_id)',
+						 array());
+		}
+		$qpa = db_construct_qpa ($qpa,
+					 ' GROUP BY project_task.project_task_id',
+					 array());
+		
+		if (forge_get_config('use_fti')) {
+			$qpa = db_construct_qpa ($qpa,
+						 ', project_task_idx.vectors',
+						 array());
+		}
+		$qpa = db_construct_qpa ($qpa,
+					 ') AS y, users, project_group_list',
+					 array());
+		
+		if (forge_get_config('use_fti')) {
+			$qpa = db_construct_qpa ($qpa,
+						 ', project_task_idx',
+						 array());
+		}
+		$qpa = db_construct_qpa ($qpa,
+					 ' WHERE y.created_by = users.user_id AND y.group_project_id = project_group_list.group_project_id AND project_group_list.group_id = $1',
+					 array($this->groupId));
 		if ($this->sections != SEARCH__ALL_SECTIONS) {
 			$qpa = db_construct_qpa ($qpa,
-						 'AND project_group_list.group_project_id = ANY ($1) ',
+						 ' AND y.group_project_id = ANY ($1)',
 						 array (db_int_array_to_any_clause ($this->sections))) ;
 		}
 		if (!$this->showNonPublic) {
 			$qpa = db_construct_qpa ($qpa,
-						 'AND project_group_list.is_public = 1 ') ;
+						 ' AND project_group_list.is_public = 1') ;
 		}
-
+		$qpa = db_construct_qpa ($qpa,
+					 ' GROUP BY y.group_project_id, y.project_task_id, y.summary, y.percent_complete, y.start_date, y.end_date, users.realname, project_group_list.project_name, y.full_string_agg',
+					 array());
+		
 		if (forge_get_config('use_fti')) {
-			$qpa = db_construct_qpa ($qpa, 
-						 'AND project_task.project_task_id = project_task_idx.project_task_id AND project_messages.project_message_id = project_messages_idx.id ',
-						 array ()) ;
+			$qpa = db_construct_qpa ($qpa,
+						 ', y.full_vector_agg',
+						 array());
 		}
 		$qpa = db_construct_qpa ($qpa,
-					 'GROUP BY project_task.project_task_id, project_task.summary, project_task.percent_complete, project_task.start_date, project_task.end_date, users.realname, project_group_list.project_name, project_task.details') ;
+					 ') AS x WHERE ',
+					 array());
+		
 		if (forge_get_config('use_fti')) {
-			$qpa = db_construct_qpa ($qpa, 
-						 ', project_task_idx.vectors',
-						 array ()) ;
-		}
-		$qpa = db_construct_qpa ($qpa, 
-					 ') AS x WHERE ') ;
-
-		if (forge_get_config('use_fti')) {
 			$qpa = db_construct_qpa ($qpa,
-						 'full_vector_agg @@ $1 ',
+						 'full_vector_agg @@ to_tsquery($1) ',
 						 array($words));
 			if (count($this->phrases)) {
 				$qpa = db_construct_qpa ($qpa,
@@ -124,7 +148,7 @@
 							 ') ') ;
 			}
 			$qpa = db_construct_qpa ($qpa,
-						 'ORDER BY ts_rank(full_vector_agg, $1) DESC',
+						 'ORDER BY ts_rank(full_vector_agg, to_tsquery($1)) DESC',
 						 array($words)) ;
 			
 		} else {
@@ -132,6 +156,7 @@
 			$qpa = db_construct_qpa ($qpa,
 						 ' ORDER BY x.project_name, x.project_task_id') ;
 		}
+
 		return $qpa ;
 	}
 	
@@ -143,16 +168,15 @@
 	 */
 	static function getSections($groupId, $showNonPublic=false) {
 		$sql = 'SELECT group_project_id, project_name FROM project_group_list WHERE group_id=$1' ;
-		if (!$showNonPublic) {
-			$sql .= ' AND is_public = 1';
-		}
 		$sql .= ' ORDER BY project_name';
 		
 		$sections = array();
 		$res = db_query_params ($sql,
 					array ($groupId));
 		while($data = db_fetch_array($res)) {
-			$sections[$data['group_project_id']] = $data['project_name'];
+			if (forge_check_perm('pm',$data['group_project_id'],'read')) {
+				$sections[$data['group_project_id']] = $data['project_name'];
+			}
 		}
 		return $sections;
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/search/TrackersSearchQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/search/TrackersSearchQuery.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/search/TrackersSearchQuery.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -69,11 +69,11 @@
 
 		$qpa = db_construct_qpa ($qpa,
 					 'SELECT x.* FROM (SELECT artifact.artifact_id, artifact.group_artifact_id, artifact.summary, artifact.open_date, users.realname, artifact_group_list.name, artifact.summary||$1||artifact.details||$1||coalesce(ff_string_agg(artifact_message.body), $1) as full_string_agg',
-						 array (''));
+						 array ($this->field_separator));
 		if (forge_get_config('use_fti')) {
 			$words = $this->getFTIwords();
 			$qpa = db_construct_qpa ($qpa,
-						 ', (artifact_idx.vectors || coalesce(ff_tsvector_agg(artifact_message_idx.vectors), $1::tsvector)) AS full_vector_agg',
+						 ', (artifact_idx.vectors || coalesce(ff_tsvector_agg(artifact_message_idx.vectors), to_tsvector($1))) AS full_vector_agg',
 						 array (''));
 						 }
 		$qpa = db_construct_qpa ($qpa, 
@@ -114,7 +114,7 @@
 		
 		if (forge_get_config('use_fti')) {
 			$qpa = db_construct_qpa ($qpa,
-						 'full_vector_agg @@ $1 ',
+						 'full_vector_agg @@ to_tsquery($1) ',
 						 array($words));
 			if (count($this->phrases)) {
 				$qpa = db_construct_qpa ($qpa,
@@ -124,7 +124,7 @@
 							 ') ') ;
 			}
 			$qpa = db_construct_qpa ($qpa,
-						 'ORDER BY ts_rank(full_vector_agg, $1) DESC',
+						 'ORDER BY ts_rank(full_vector_agg, to_tsquery($1)) DESC',
 						 array($words)) ;
 			
 		} else {
@@ -143,16 +143,15 @@
 	 */
 	static function getSections($groupId, $showNonPublic=false) {
 		$sql = 'SELECT group_artifact_id, name FROM artifact_group_list WHERE group_id = $1';
-		if (!$showNonPublic) {
-			$sql .= ' AND artifact_group_list.is_public = 1';
-		}
 		$sql .= ' ORDER BY name';
 		
 		$res = db_query_params ($sql,
 					array ($groupId));
 		$sections = array();
 		while($data = db_fetch_array($res)) {
-			$sections[$data['group_artifact_id']] = $data['name'];
+			if (forge_check_perm('tracker',$data['group_artifact_id'],'read')) {
+				$sections[$data['group_artifact_id']] = $data['name'];
+			}
 		}
 		return $sections;
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/debian/changelog	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/debian/changelog	2012-04-26 13:41:53 UTC (rev 18383)
@@ -5,6 +5,7 @@
     (patch from Christophe Guilloux)
   * Fixed SVN commit stats calculations (thanks to Coiby Xu)
   * Fixed GitPlugin::getRepositories() to always return an array
+  * [#2972] Convert Search to PFO-RBAC and fix some bugs
 
   [ Julien Heyman ]
   * Fix missing projet name tab in viewvc
@@ -18,7 +19,7 @@
   [ Thorsten Glaser ]
   * Improve security of git repositories
 
- -- Thorsten Glaser <t.glaser at tarent.de>  Thu, 26 Apr 2012 14:42:55 +0200
+ -- Thorsten Glaser <t.glaser at tarent.de>  Thu, 26 Apr 2012 15:38:30 +0200
 
 fusionforge (1:5.1.1+evolvis56) unstable; urgency=low
 

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ArtifactHtmlSearchRenderer.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ArtifactHtmlSearchRenderer.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ArtifactHtmlSearchRenderer.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -59,26 +59,52 @@
 		);
 	}
 	
+	function getFilteredRows() {
+		$rowsCount = $this->searchQuery->getRowsCount();
+		$result =& $this->searchQuery->getResult();
+
+		$fields = array ('group_artifact_id',
+				 'artifact_id',
+				 'name',
+				 'summary',
+				 'realname',
+				 'open_date');
+
+		$fd = array();
+		for($i = 0; $i < $rowsCount; $i++) {
+			if (forge_check_perm('tracker',
+					     db_result($result, $i, 'group_artifact_id'),
+					     'read')) {
+				$r = array();
+				foreach ($fields as $f) {
+					$r[$f] = db_result($result, $i, $f);
+				}
+				$fd[] = $r;
+			}
+		}
+		return $fd;
+	}
+
 	/**
 	 * getRows - get the html output for result rows
 	 *
 	 * @return string html output
 	 */
 	function getRows() {
-		$rowsCount = $this->searchQuery->getRowsCount();
-		$result =& $this->searchQuery->getResult();
+		$fd = $this->getFilteredRows();
+
 		$groupId = $this->groupId;
 		$dateFormat = _('Y-m-d H:i');
 		
 		$return = '';
-		for($i = 0; $i < $rowsCount; $i++) {
+		foreach ($fd as $row) {
 			$return .= '<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($i) .'>'
-				.'<td>'.db_result($result, $i, 'artifact_id').'</td>'
-				.'<td><a href="'.util_make_url ('/tracker/?group_id='.$groupId.'&atid=' . db_result($result, $i, 'group_artifact_id') . '&func=detail&aid=' . db_result($result, $i, 'artifact_id')).'"> '
+				.'<td>'.$row['artifact_id'].'</td>'
+				.'<td><a href="'.util_make_url ('/tracker/?group_id='.$groupId.'&atid=' . $row['group_artifact_id'] . '&func=detail&aid=' . $row['artifact_id']).'"> '
 				. html_image('ic/tracker20g.png')
-				. ' '.db_result($result, $i, 'summary').'</a></td>'
-				. '<td>'.db_result($result, $i, 'realname')."</td>"
-				. '<td>'.date($dateFormat, db_result($result, $i, 'open_date')).'</td></tr>';
+				. ' '.$row['summary'].'</a></td>'
+				. '<td>'.$row['realname']."</td>"
+				. '<td>'.date($dateFormat, $row['open_date']).'</td></tr>';
 		}
 		return $return;
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/DocsHtmlSearchRenderer.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/DocsHtmlSearchRenderer.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/DocsHtmlSearchRenderer.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -62,6 +62,10 @@
 		$result =& $this->searchQuery->getResult();
 		$dateFormat = _('Y-m-d H:i');
 		
+		if (!forge_check_perm('docman', $this->groupId, 'read')) {
+			return '';
+		}
+		
 		$return = '';
 		
 		$lastDocGroup = null;

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumHtmlSearchRenderer.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumHtmlSearchRenderer.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumHtmlSearchRenderer.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -57,23 +57,48 @@
 		);
 	}
 	
+	function getFilteredRows() {
+		$rowsCount = $this->searchQuery->getRowsCount();
+		$result =& $this->searchQuery->getResult();
+
+		$fields = array ('group_forum_id',
+				 'msg_id',
+				 'subject',
+				 'realname',
+				 'post_date');
+
+		$fd = array();
+		for($i = 0; $i < $rowsCount; $i++) {
+			if (forge_check_perm('forum',
+					     db_result($result, $i, 'group_forum_id'),
+					     'read')) {
+				$r = array();
+				foreach ($fields as $f) {
+					$r[$f] = db_result($result, $i, $f);
+				}
+				$fd[] = $r;
+			}
+		}
+		return $fd;
+	}
+
 	/**
 	 * getRows - get the html output for result rows
 	 *
 	 * @return string html output
 	 */
 	function getRows() {
-		$rowsCount = $this->searchQuery->getRowsCount();
-		$result =& $this->searchQuery->getResult();
+		$fd = $this->getFilteredRows();
+
 		$dateFormat = _('Y-m-d H:i');
 		
 		$return = '';
-		for($i = 0; $i < $rowsCount; $i++) {
-			$return .= '<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($i) .'><td width="50%"><a href="'.util_make_url ('/forum/message.php?msg_id=' . db_result($result, $i, 'msg_id')).'">'
+		foreach ($fd as $row) {
+			$return .= '<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($i) .'><td width="50%"><a href="'.util_make_url ('/forum/message.php?msg_id=' . $row['msg_id']).'">'
 				. html_image('ic/msg.png', '10', '12')
-				. ' '.db_result($result, $i, 'subject').'</a></td>'
-				. '<td width="30%">'.db_result($result, $i, 'realname').'</td>'
-				. '<td width="20%">'.date($dateFormat, db_result($result, $i, 'post_date')).'</td></tr>';
+				. ' '.$row['subject'].'</a></td>'
+				. '<td width="30%">'.$row['realname'].'</td>'
+				. '<td width="20%">'.date($dateFormat, $row['post_date']).'</td></tr>';
 		}
 		return $return;
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumsHtmlSearchRenderer.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumsHtmlSearchRenderer.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/ForumsHtmlSearchRenderer.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -51,23 +51,49 @@
 		);
 	}
 
+	function getFilteredRows() {
+		$rowsCount = $this->searchQuery->getRowsCount();
+		$result =& $this->searchQuery->getResult();
+
+		$fields = array ('group_forum_id',
+				 'msg_id',
+				 'forum_name',
+				 'subject',
+				 'realname',
+				 'post_date');
+
+		$fd = array();
+		for($i = 0; $i < $rowsCount; $i++) {
+			if (forge_check_perm('forum',
+					     db_result($result, $i, 'group_forum_id'),
+					     'read')) {
+				$r = array();
+				foreach ($fields as $f) {
+					$r[$f] = db_result($result, $i, $f);
+				}
+				$fd[] = $r;
+			}
+		}
+		return $fd;
+	}
+
 	/**
 	 * getRows - get the html output for result rows
 	 *
 	 * @return string html output
 	 */
 	function getRows() {
-		$rowsCount = $this->searchQuery->getRowsCount();
-		$result =& $this->searchQuery->getResult();
+		$fd = $this->getFilteredRows();
+
 		$dateFormat = _('Y-m-d H:i');
 
 		$return = '';
 		$rowColor = 0;
 		$lastForumName = null;
 		
-		for($i = 0; $i < $rowsCount; $i++) {
+		foreach ($fd as $row) {
 			//section changed
-			$currentForumName = db_result($result, $i, 'forum_name');
+			$currentForumName = $row['forum_name'];
 			if ($lastForumName != $currentForumName) {
 				$return .= '<tr><td colspan="4">'.$currentForumName.'</td></tr>';
 				$lastForumName = $currentForumName;
@@ -75,11 +101,11 @@
 			}
 			$return .= '<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($rowColor) .'>'
 						. '<td width="5%"> </td>'
-						. '<td><a href="'.util_make_url ('/forum/message.php?msg_id='. db_result($result, $i, 'msg_id')).'">'
-							. html_image('ic/msg.png', '10', '12').' '.db_result($result, $i, 'subject')
+						. '<td><a href="'.util_make_url ('/forum/message.php?msg_id='. $row['msg_id']).'">'
+							. html_image('ic/msg.png', '10', '12').' '.$row['subject']
 							.'</a></td>'			
-						. '<td width="15%">'.db_result($result, $i, 'realname').'</td>'
-						. '<td width="15%">'.date($dateFormat, db_result($result, $i, 'post_date')).'</td></tr>';
+						. '<td width="15%">'.$row['realname'].'</td>'
+						. '<td width="15%">'.date($dateFormat, $row['post_date']).'</td></tr>';
 			$rowColor ++;
 		}
 		return $return;

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TasksHtmlSearchRenderer.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TasksHtmlSearchRenderer.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TasksHtmlSearchRenderer.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -54,23 +54,51 @@
 		);
 	}
 
+	function getFilteredRows() {
+		$rowsCount = $this->searchQuery->getRowsCount();
+		$result =& $this->searchQuery->getResult();
+
+		$fields = array ('group_project_id',
+				 'project_task_id',
+				 'project_name',
+				 'summary',
+				 'realname',
+				 'start_date',
+				 'end_date',
+				 'percent_complete');
+
+		$fd = array();
+		for($i = 0; $i < $rowsCount; $i++) {
+			if (forge_check_perm('pm',
+					     db_result($result, $i, 'group_project_id'),
+					     'read')) {
+				$r = array();
+				foreach ($fields as $f) {
+					$r[$f] = db_result($result, $i, $f);
+				}
+				$fd[] = $r;
+			}
+		}
+		return $fd;
+	}
+
 	/**
 	 * getRows - get the html output for result rows
 	 *
 	 * @return string html output
 	 */	
 	function getRows() {
-		$rowsCount = $this->searchQuery->getRowsCount();
-		$result =& $this->searchQuery->getResult();
+		$fd = $this->getFilteredRows();
+
 		$dateFormat = _('Y-m-d H:i');
 		
 		$return = '';
 		$rowColor = 0;
 		$lastProjectName = null;
 		
-		for($i = 0; $i < $rowsCount; $i++) {
+		foreach ($fd as $row) {
 			//section changed
-			$currentProjectName = db_result($result, $i, 'project_name');
+			$currentProjectName = $row['project_name'];
 			if ($lastProjectName != $currentProjectName) {
 				$return .= '<tr><td colspan="7">'.$currentProjectName.'</td></tr>';
 				$lastProjectName = $currentProjectName;
@@ -78,15 +106,15 @@
 			}
 			$return .= '<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($rowColor) .'>'
 						. ' <td width="5%"> </td>'
-						. ' <td>'.db_result($result, $i, 'project_task_id').'</td>'
+						. ' <td>'.$row['project_task_id'].'</td>'
 						. ' <td>'
-							. '<a href="'.util_make_url ('/pm/task.php?func=detailtask&project_task_id=' . db_result($result, $i, 'project_task_id').'&group_id='.$this->groupId . '&group_project_id='.db_result($result, $i, 'group_project_id')).'">'
+							. '<a href="'.util_make_url ('/pm/task.php?func=detailtask&project_task_id=' . $row['project_task_id'].'&group_id='.$this->groupId . '&group_project_id='.$row['group_project_id']).'">'
 							. html_image('ic/msg.png', '10', '12').' '
-							. db_result($result, $i, 'summary').'</a></td>'
-						. ' <td width="15%">'.date($dateFormat, db_result($result, $i, 'start_date')).'</td>'
-						. ' <td width="15%">'.date($dateFormat, db_result($result, $i, 'end_date')).'</td>'
-						. ' <td width="15%">'.db_result($result, $i, 'realname').'</td>'
-						. ' <td width="8%">'.db_result($result, $i, 'percent_complete').' %</td></tr>';
+							. $row['summary'].'</a></td>'
+						. ' <td width="15%">'.date($dateFormat, $row['start_date']).'</td>'
+						. ' <td width="15%">'.date($dateFormat, $row['end_date']).'</td>'
+						. ' <td width="15%">'.$row['realname'].'</td>'
+						. ' <td width="8%">'.$row['percent_complete'].' %</td></tr>';
 			$rowColor ++;
 		}
 		return $return;

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TrackersHtmlSearchRenderer.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TrackersHtmlSearchRenderer.class.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/search/include/renderers/TrackersHtmlSearchRenderer.class.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -52,23 +52,49 @@
 		);
 	}
 
+	function getFilteredRows() {
+		$rowsCount = $this->searchQuery->getRowsCount();
+		$result =& $this->searchQuery->getResult();
+
+		$fields = array ('group_artifact_id',
+				 'artifact_id',
+				 'name',
+				 'summary',
+				 'realname',
+				 'open_date');
+
+		$fd = array();
+		for($i = 0; $i < $rowsCount; $i++) {
+			if (forge_check_perm('tracker',
+					     db_result($result, $i, 'group_artifact_id'),
+					     'read')) {
+				$r = array();
+				foreach ($fields as $f) {
+					$r[$f] = db_result($result, $i, $f);
+				}
+				$fd[] = $r;
+			}
+		}
+		return $fd;
+	}
+
 	/**
 	 * getRows - get the html output for result rows
 	 *
 	 * @return string html output
 	 */
 	function getRows() {
-		$rowsCount = $this->searchQuery->getRowsCount();
-		$result =& $this->searchQuery->getResult();
+		$fd = $this->getFilteredRows();
+
 		$dateFormat = _('Y-m-d H:i');
 			
 		$return = '';
 		$rowColor = 0;
 		$lastTracker = null;
 		
-		for($i = 0; $i < $rowsCount; $i++) {
+		foreach ($fd as $row) {
 			//section changed
-			$currentTracker = db_result($result, $i, 'name');
+			$currentTracker = $row['name'];
 			if ($lastTracker != $currentTracker) {
 				$return .= '<tr><td colspan="5">'.$currentTracker.'</td></tr>';
 				$lastTracker = $currentTracker;
@@ -76,13 +102,13 @@
 			}
 			$return .= '<tr '. $GLOBALS['HTML']->boxGetAltRowStyle($rowColor) .'>'
 						. '<td width="5%"> </td>'
-						. '<td>'.db_result($result, $i, 'artifact_id').'</td>'
+						. '<td>'.$row['artifact_id'].'</td>'
 						. '<td>'
-							. '<a href="'.util_make_url ('/tracker/?func=detail&group_id='.$this->groupId.'&aid='.db_result($result, $i, 'artifact_id') . '&atid='.db_result($result, $i, 'group_artifact_id')).'">'
-							. html_image('ic/tracker20g.png').' '.db_result($result, $i, 'summary')
+							. '<a href="'.util_make_url ('/tracker/?func=detail&group_id='.$this->groupId.'&aid='.$row['artifact_id'] . '&atid='.$row['group_artifact_id']).'">'
+							. html_image('ic/tracker20g.png').' '.$row['summary']
 							. '</a></td>'		
-						. '<td width="15%">'.db_result($result, $i, 'realname').'</td>'
-						. '<td width="15%">'.date($dateFormat, db_result($result, $i, 'open_date')).'</td></tr>';
+						. '<td width="15%">'.$row['realname'].'</td>'
+						. '<td width="15%">'.date($dateFormat, $row['open_date']).'</td></tr>';
 			$rowColor ++;
 		}
 		return $return;

Modified: trunk/gforge_base/evolvisforge-5.1/tests/func/Search/searchTest.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/tests/func/Search/searchTest.php	2012-04-26 12:43:58 UTC (rev 18382)
+++ trunk/gforge_base/evolvisforge-5.1/tests/func/Search/searchTest.php	2012-04-26 13:41:53 UTC (rev 18383)
@@ -143,11 +143,6 @@
 		$this->populateStandardTemplate();
 		$this->createProject('projecta');
 
-		// TODO: check that search results vary according to what items are visible to the user
-		// $this->createProject('projectb');
-		// $this->createUser('piperade');
-		// $this->createUser('cassoulet');
-
 		// Prepare some tracker items
 
 		$this->gotoProject('projecta');
@@ -158,7 +153,7 @@
 		$this->type("details", "brebis outremanchienne");
 		$this->clickAndWait("//form[@id='trackeraddform']//input[@type='submit']");
 		$this->clickAndWait("link=Bug1 boustrophédon");
-		$this->type("details", 'Ceci était une référence au « Génie des Alpages », rien à voir avec Charlie');
+		$this->type("details", 'Ceci était une référence au « Génie des Alpages », rien à voir avec Charlie - also, ZONGO');
 		$this->clickAndWait("submit");
 		$this->clickAndWait("link=Bug1 boustrophédon");
 		$this->type("details", 'This is the needle');
@@ -168,7 +163,7 @@
 		$this->clickAndWait("link=Patches");
 		$this->clickAndWait("link=Submit New");
 		$this->type("summary", "Bug2 gratapouêt");
-		$this->type("details", "cthulhu was here");
+		$this->type("details", "cthulhu was here - also, ZONGO");
 		$this->clickAndWait("//form[@id='trackeraddform']//input[@type='submit']");
 		$this->clickAndWait("link=Bug2 gratapouêt");
 		$this->type("details", 'Charlie was here too');
@@ -240,7 +235,7 @@
 		$this->clickAndWait("link=To Do");
 		$this->clickAndWait("link=Add Task");
 		$this->type("summary", "Task1 the brain");
-		$this->type("details", "The same thing we do every night, Pinky - try to take over the world!");
+		$this->type("details", "The same thing we do every night, Pinky - try to take over the world! - also, ZONGO");
 		$this->type("hours", "199");
 		$this->clickAndWait("submit");
 		
@@ -248,9 +243,11 @@
 		$this->type("details", 'This is the needle for tasks');
 		$this->clickAndWait("submit");
 
+		$this->gotoProject('projecta');
+		$this->clickAndWait("link=Next Release");
 		$this->clickAndWait("link=Add Task");
 		$this->type("summary", "Task2 world peace");
-		$this->type("details", "Otherwise WW4 will be fought with sticks");
+		$this->type("details", "Otherwise WW4 will be fought with sticks - also, ZONGO");
 		$this->type("hours", "199");
 		$this->clickAndWait("submit");
 			      
@@ -282,17 +279,17 @@
 		$this->click("link=Start New Thread");
 		$this->waitForPageToLoad("30000");
 		$this->type("subject", "Message1 in a bottle");
-		$this->type("body", "ninetynine of them on Charlie's wall");
+		$this->type("body", "ninetynine of them on Charlie's wall - also, ZONGO");
 		$this->clickAndWait("submit");
 		$this->clickAndWait("link=Message1 in a bottle");
 		$this->clickAndWait("link=[ reply ]");
 		$this->type("subject", "Message2 in a bottle");
-		$this->type("body", "ninetyeight of them in Charlie's fridge");
+		$this->type("body", "ninetyeight of them in Charlie's fridge - also, ZONGO");
 		$this->clickAndWait("submit");
 		$this->clickAndWait("link=Message1 in a bottle");
 		$this->clickAndWait("link=[ reply ]");
 		$this->type("subject", "Message3 in a bottle");
-		$this->type("body", "and yet another needle for the forums");
+		$this->type("body", "and yet another needle for the forums - also, ZONGO");
 		$this->clickAndWait("submit");
 
 		$this->clickAndWait("link=Forums");
@@ -300,7 +297,7 @@
 		$this->click("link=Start New Thread");
 		$this->waitForPageToLoad("30000");
 		$this->type("subject", "Message4 in an envelope");
-		$this->type("body", "not the same thing as an antilope (and different thread anyway) (but still related to Charlie)");
+		$this->type("body", "not the same thing as an antilope (and different thread anyway) (but still related to Charlie) - also, ZONGO");
 		$this->clickAndWait("submit");
 
 		// Search in Forums
@@ -363,14 +360,14 @@
 		$this->clickAndWait("link=Docs");
 		$this->clickAndWait("link=Submit new documentation");
 		$this->type("title", "Doc1 Vladimir");
-		$this->type("description", "Jenkins buildbot");
+		$this->type("description", "Jenkins buildbot - also, ZONGO");
 		$this->click("//input[@name='type' and @value='pasteurl']");
 		$this->type("file_url", "http://buildbot3.fusionforge.org/");
 		$this->clickAndWait("submit");
 
 		$this->clickAndWait("link=Submit new documentation");
 		$this->type("title", "Doc2 Astromir");
-		$this->type("description", "Hudson (the needle)");
+		$this->type("description", "Hudson (the needle) - also, ZONGO");
 		$this->click("//input[@name='type' and @value='pasteurl']");
 		$this->type("file_url", "http://buildbot.fusionforge.org/");
 		$this->clickAndWait("submit");
@@ -397,12 +394,12 @@
 		$this->clickAndWait("link=News");
 		$this->clickAndWait("link=Submit");
 		$this->type("summary", "News1 daily planet");
-		$this->type("details", "Clark Kent's newspaper");
+		$this->type("details", "Clark Kent's newspaper - also, ZONGO");
 		$this->clickAndWait("submit");
 
 		$this->clickAndWait("link=Submit");
 		$this->type("summary", "News2 usenet");
-		$this->type("details", "alt sysadmin recovery (needle)");
+		$this->type("details", "alt sysadmin recovery (needle) - also, ZONGO");
 		$this->clickAndWait("submit");
 		$this->clickAndWait("link=News");
 
@@ -421,7 +418,6 @@
 		$this->assertTrue($this->isTextPresent("News1"));
 
 		// Search in entire project
-
 		$this->gotoProject('projecta');
 		$this->select("type_of_search", "label=Search the entire project");
 		$this->type("//input[@name='words']", "needle");
@@ -439,6 +435,23 @@
 		$this->assertFalse($this->isTextPresent("News1"));
 		$this->assertTrue($this->isTextPresent("News2"));
 
+		$this->gotoProject('projecta');
+		$this->select("type_of_search", "label=Search the entire project");
+		$this->type("//input[@name='words']", "zongo");
+		$this->clickAndWait("//input[@name='Search']");
+		$this->assertTrue($this->isTextPresent("Bug1"));
+		$this->assertTrue($this->isTextPresent("Bug2"));
+		$this->assertTrue($this->isTextPresent("Task1"));
+		$this->assertTrue($this->isTextPresent("Task2"));
+		$this->assertTrue($this->isTextPresent("Message1"));
+		$this->assertTrue($this->isTextPresent("Message2"));
+		$this->assertTrue($this->isTextPresent("Message3"));
+		$this->assertTrue($this->isTextPresent("Message4"));
+		$this->assertTrue($this->isTextPresent("Doc1"));
+		$this->assertTrue($this->isTextPresent("Doc2"));
+		$this->assertTrue($this->isTextPresent("News1"));
+		$this->assertTrue($this->isTextPresent("News2"));
+
 		// Advanced search
 		$this->gotoProject('projecta');
 		$this->clickAndWait('Link=Advanced search');
@@ -461,6 +474,157 @@
 		$this->assertTrue($this->isTextPresent("Doc2"));
 		$this->assertFalse($this->isTextPresent("News1"));
 		$this->assertTrue($this->isTextPresent("News2"));
+
+		$this->gotoProject('projecta');
+		$this->clickAndWait('Link=Advanced search');
+		$this->click("//a[contains(@href,'short_forum') and .='all']");
+		$this->click("//a[contains(@href,'short_tracker') and .='all']");
+		$this->click("//a[contains(@href,'short_pm') and .='all']");
+		$this->click("//a[contains(@href,'short_docman') and .='all']");
+		$this->click("//a[contains(@href,'short_news') and .='all']");
+		$this->type("//div[@id='maindiv']//input[@name='words']", "zongo");
+		$this->clickAndWait("//input[@name='submitbutton']");
+		$this->assertTrue($this->isTextPresent("Bug1"));
+		$this->assertTrue($this->isTextPresent("Bug2"));
+		$this->assertTrue($this->isTextPresent("Task1"));
+		$this->assertTrue($this->isTextPresent("Task2"));
+		$this->assertTrue($this->isTextPresent("Message1"));
+		$this->assertTrue($this->isTextPresent("Message2"));
+		$this->assertTrue($this->isTextPresent("Message3"));
+		$this->assertTrue($this->isTextPresent("Message4"));
+		$this->assertTrue($this->isTextPresent("Doc1"));
+		$this->assertTrue($this->isTextPresent("Doc2"));
+		$this->assertTrue($this->isTextPresent("News1"));
+		$this->assertTrue($this->isTextPresent("News2"));
+
+		// Now let's check that RBAC permissions are taken into account
+
+		$this->createUser('piperade');
+		$this->gotoProject('projecta');
+		$this->click("link=Admin");
+		$this->waitForPageToLoad("30000");
+		$this->click("link=Users and permissions");
+		$this->waitForPageToLoad("30000");
+		$this->click("//tr/td/form/div[contains(.,'Any user logged in')]/../../../td/form/div/input[contains(@value,'Unlink Role')]");
+		$this->waitForPageToLoad("30000");
+		$this->type ("//form[contains(@action,'roleedit.php')]/..//input[@name='role_name']", "Trainee") ;
+		$this->click ("//input[@value='Create Role']") ;
+		$this->waitForPageToLoad("30000");
+
+		$this->click("link=Users and permissions");
+		$this->waitForPageToLoad("30000");
+		$this->type ("//form[contains(@action,'users.php')]//input[@name='form_unix_name' and @type='text']", "piperade") ;
+		$this->select("//input[@value='Add Member']/../select[@name='role_id']", "label=Trainee");
+		$this->click ("//input[@value='Add Member']") ;
+		$this->waitForPageToLoad("30000");
+
+		$this->click("link=Users and permissions");
+		$this->waitForPageToLoad("30000");
+		$this->click ("//td/form/div[contains(.,'Trainee')]/../div/input[@value='Edit Permissions']") ;
+		$this->waitForPageToLoad("30000");
+		$this->select("//tr/td[.='Bugs']/../td/select[contains(@name,'data[tracker]')]", "label=Read only");
+		$this->select("//tr/td[.='Patches']/../td/select[contains(@name,'data[tracker]')]", "label=No access");
+		$this->select("//tr/td[.='To Do']/../td/select[contains(@name,'data[pm]')]", "label=Read only");
+		$this->select("//tr/td[.='Next Release']/../td/select[contains(@name,'data[pm]')]", "label=No access");
+		$this->select("//tr/td[.='open-discussion']/../td/select[contains(@name,'data[forum]')]", "label=Read only");
+		$this->select("//tr/td[.='developers-discussion']/../td/select[contains(@name,'data[forum]')]", "label=No access");
+		$this->select("//select[contains(@name,'data[docman]')]", "label=Read only");
+		$this->click ("//input[@value='Submit']") ;
+		$this->waitForPageToLoad("30000");
+
+		$this->click("link=Users and permissions");
+		$this->waitForPageToLoad("30000");
+		$this->click ("//td/form/div[contains(.,'Anonymous')]/../div/input[@value='Edit Permissions']") ;
+		$this->waitForPageToLoad("30000");
+		$this->select("//tr/td[.='Bugs']/../td/select[contains(@name,'data[tracker]')]", "label=No access");
+		$this->select("//tr/td[.='Patches']/../td/select[contains(@name,'data[tracker]')]", "label=No access");
+		$this->select("//tr/td[.='To Do']/../td/select[contains(@name,'data[pm]')]", "label=No access");
+		$this->select("//tr/td[.='Next Release']/../td/select[contains(@name,'data[pm]')]", "label=No access");
+		$this->select("//tr/td[.='open-discussion']/../td/select[contains(@name,'data[forum]')]", "label=No access");
+		$this->select("//tr/td[.='developers-discussion']/../td/select[contains(@name,'data[forum]')]", "label=No access");
+		$this->select("//select[contains(@name,'data[docman]')]", "label=No access");
+		$this->click ("//input[@value='Submit']") ;
+		$this->waitForPageToLoad("30000");
+
+		$this->switchUser('piperade');
+		$this->gotoProject('projecta');
+		$this->select("type_of_search", "label=Search the entire project");
+		$this->type("//input[@name='words']", "zongo");
+		$this->clickAndWait("//input[@name='Search']");
+		$this->assertTrue($this->isTextPresent("Bug1"));
+		$this->assertFalse($this->isTextPresent("Bug2"));
+		$this->assertTrue($this->isTextPresent("Task1"));
+		$this->assertFalse($this->isTextPresent("Task2"));
+		$this->assertTrue($this->isTextPresent("Message1"));
+		$this->assertTrue($this->isTextPresent("Message2"));
+		$this->assertTrue($this->isTextPresent("Message3"));
+		$this->assertFalse($this->isTextPresent("Message4"));
+		$this->assertTrue($this->isTextPresent("Doc1"));
+		$this->assertTrue($this->isTextPresent("Doc2"));
+		$this->assertTrue($this->isTextPresent("News1"));
+		$this->assertTrue($this->isTextPresent("News2"));
+
+		$this->gotoProject('projecta');
+		$this->clickAndWait('Link=Advanced search');
+		$this->click("//a[contains(@href,'short_forum') and .='all']");
+		$this->click("//a[contains(@href,'short_tracker') and .='all']");
+		$this->click("//a[contains(@href,'short_pm') and .='all']");
+		$this->click("//a[contains(@href,'short_docman') and .='all']");
+		$this->click("//a[contains(@href,'short_news') and .='all']");
+		$this->type("//div[@id='maindiv']//input[@name='words']", "zongo");
+		$this->clickAndWait("//input[@name='submitbutton']");
+		$this->assertTrue($this->isTextPresent("Bug1"));
+		$this->assertFalse($this->isTextPresent("Bug2"));
+		$this->assertTrue($this->isTextPresent("Task1"));
+		$this->assertFalse($this->isTextPresent("Task2"));
+		$this->assertTrue($this->isTextPresent("Message1"));
+		$this->assertTrue($this->isTextPresent("Message2"));
+		$this->assertTrue($this->isTextPresent("Message3"));
+		$this->assertFalse($this->isTextPresent("Message4"));
+		$this->assertTrue($this->isTextPresent("Doc1"));
+		$this->assertTrue($this->isTextPresent("Doc2"));
+		$this->assertTrue($this->isTextPresent("News1"));
+		$this->assertTrue($this->isTextPresent("News2"));
+
+		$this->logout();
+		$this->gotoProject('projecta');
+		$this->select("type_of_search", "label=Search the entire project");
+		$this->type("//input[@name='words']", "zongo");
+		$this->clickAndWait("//input[@name='Search']");
+		$this->assertFalse($this->isTextPresent("Bug1"));
+		$this->assertFalse($this->isTextPresent("Bug2"));
+		$this->assertFalse($this->isTextPresent("Task1"));
+		$this->assertFalse($this->isTextPresent("Task2"));
+		$this->assertFalse($this->isTextPresent("Message1"));
+		$this->assertFalse($this->isTextPresent("Message2"));
+		$this->assertFalse($this->isTextPresent("Message3"));
+		$this->assertFalse($this->isTextPresent("Message4"));
+		$this->assertFalse($this->isTextPresent("Doc1"));
+		$this->assertFalse($this->isTextPresent("Doc2"));
+		$this->assertTrue($this->isTextPresent("News1"));
+		$this->assertTrue($this->isTextPresent("News2"));
+
+		$this->gotoProject('projecta');
+		$this->clickAndWait('Link=Advanced search');
+		$this->click("//a[contains(@href,'short_forum') and .='all']");
+		$this->click("//a[contains(@href,'short_tracker') and .='all']");
+		$this->assertFalse($this->isElementPresent("//a[contains(@href,'short_pm') and .='all']"));
+		$this->assertFalse($this->isElementPresent("//a[contains(@href,'short_docman') and .='all']"));
+		$this->click("//a[contains(@href,'short_news') and .='all']");
+		$this->type("//div[@id='maindiv']//input[@name='words']", "zongo");
+		$this->clickAndWait("//input[@name='submitbutton']");
+		$this->assertFalse($this->isTextPresent("Bug1"));
+		$this->assertFalse($this->isTextPresent("Bug2"));
+		$this->assertFalse($this->isTextPresent("Task1"));
+		$this->assertFalse($this->isTextPresent("Task2"));
+		$this->assertFalse($this->isTextPresent("Message1"));
+		$this->assertFalse($this->isTextPresent("Message2"));
+		$this->assertFalse($this->isTextPresent("Message3"));
+		$this->assertFalse($this->isTextPresent("Message4"));
+		$this->assertFalse($this->isTextPresent("Doc1"));
+		$this->assertFalse($this->isTextPresent("Doc2"));
+		$this->assertTrue($this->isTextPresent("News1"));
+		$this->assertTrue($this->isTextPresent("News2"));
 	}
 
 }



More information about the evolvis-commits mailing list