[evolvis-commits] r18734: widget-areas pending merges:↵ Thorsten Glaser 2012-10-29 [#3230] Fix RBAC checks for Project Areas widget↵ Thorsten Glaser 2012-10-29 check the right thing…
mirabilos at evolvis.org
mirabilos at evolvis.org
Mon Oct 29 15:08:40 CET 2012
Author: mirabilos
Date: 2012-10-29 15:08:39 +0100 (Mon, 29 Oct 2012)
New Revision: 18734
Modified:
trunk/gforge_base/evolvisforge-5.1/src/common/widget/Widget_ProjectPublicAreas.class.php
trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
trunk/gforge_base/evolvisforge-5.1/src/www/tracker/ind.php
Log:
widget-areas pending merges:
Thorsten Glaser 2012-10-29 [#3230] Fix RBAC checks for Project Areas widget
Thorsten Glaser 2012-10-29 check the right thing…
Modified: trunk/gforge_base/evolvisforge-5.1/src/common/widget/Widget_ProjectPublicAreas.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/widget/Widget_ProjectPublicAreas.class.php 2012-10-29 14:08:34 UTC (rev 18733)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/widget/Widget_ProjectPublicAreas.class.php 2012-10-29 14:08:39 UTC (rev 18734)
@@ -1,24 +1,29 @@
<?php
/**
- * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
+ * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009.
+ * Copyright © 2012
+ * Thorsten Glaser <t.glaser at tarent.de>
+ * All rights reserved.
*
- * This file is a part of Codendi.
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
*
- * Codendi is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * Codendi is distributed in the hope that it will be useful,
+ * FusionForge is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with Codendi. If not, see <http://www.gnu.org/licenses/>.
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
require_once('Widget.class.php');
+require_once($gfcommon.'tracker/ArtifactTypeFactory.class.php');
+require_once($gfcommon.'pm/ProjectGroupFactory.class.php');
/**
* Widget_ProjectPublicAreas
@@ -29,7 +34,7 @@
}
function getTitle() {
- return _('Public Areas');
+ return _('Project Areas');
}
function getContent() {
@@ -40,6 +45,17 @@
$pm = ProjectManager::instance();
$project = $pm->getProject($group_id);
+ $group = group_get_object($group_id);
+ if (!$group || !is_object($group)) {
+ echo "<div>Could not get Group #$group_id</div>\n";
+ return false;
+ } elseif ($group->isError()) {
+ echo "<div>Could not get Group #$group_id: " .
+ util_html_encode($group->getErrorMessage()) .
+ "</div>\n";
+ return false;
+ }
+
// ################# Homepage Link
echo '<div class="public-area-box" rel="doap:homepage">';
@@ -55,34 +71,49 @@
$link_content = $HTML->getFollowPic(_('Tracker')) . ' ' . _('Tracker');
echo util_make_link('/tracker/?group_id=' . $group_id, $link_content);
- $result = db_query_params('SELECT agl.*,aca.count,aca.open_count
- FROM artifact_group_list agl
- LEFT JOIN artifact_counts_agg aca USING (group_artifact_id)
- WHERE agl.group_id=$1
- AND agl.is_public=1
- ORDER BY group_artifact_id ASC',
- array($group_id));
- $rows = db_numrows($result);
-
- if (!$result || $rows < 1) {
- echo "<br />\n<em>" .
- _('There are no public trackers available') .
- "</em>\n";
+ $atf = new ArtifactTypeFactory($group);
+ $emsg = _('There are no public trackers available');
+ if (!$atf || !is_object($atf) || $atf->isError()) {
+ $emsg = _('Could Not Get ArtifactTypeFactory');
+ $at_arr = array();
} else {
- echo "\n".'<ul class="tracker" rel="doap:bug-database">'."\n";
- for ($j = 0; $j < $rows; $j++) {
- $group_artifact_id = db_result($result, $j, 'group_artifact_id');
- $tracker_stdzd_uri = util_make_url('/tracker/cm/project/'. $project->getUnixName() .'/atid/'. $group_artifact_id);
- echo "\t".'<li about="'. $tracker_stdzd_uri . '" typeof="sioc:Container">'."\n";
- print '<span rel="http://www.w3.org/2002/07/owl#sameAs">'."\n";
- echo util_make_link('/tracker/?atid='. $group_artifact_id . '&group_id='.$group_id.'&func=browse',db_result($result, $j, 'name')) . ' ';
- echo "</span>\n";
- printf(ngettext('(<strong>%1$s</strong> open / <strong>%2$s</strong> total)', '(<strong>%1$s</strong> open / <strong>%2$s</strong> total)', (int)db_result($result, $j, 'open_count')), (int)db_result($result, $j, 'open_count'), (int)db_result($result, $j, 'count'));
- echo '<br />';
- print '<span rel="sioc:has_space" resource="" ></span>'."\n";
- echo "</li>\n";
+ $at_arr = $atf->getArtifactTypes();
+ if (!$at_arr) {
+ $at_arr = array();
}
+ }
+
+ $at_cnt = 0;
+ foreach ($at_arr as $at) {
+ if (!$at || !is_object($at) || $at->isError()) {
+ /* just skip it */
+ continue;
+ }
+ if (!$at_cnt++) {
+ /* first one to be displayed */
+ echo "\n<ul class=\"tracker\" rel=\"doap:bug-database\">\n";
+ }
+ $tracker_stdzd_uri = util_make_url('/tracker/cm/project/' .
+ $project->getUnixName() . '/atid/' .
+ $at->getID());
+ echo "\t<li about=\"$tracker_stdzd_uri\" typeof=\"sioc:Container\">\n" .
+ '<span rel="http://www.w3.org/2002/07/owl#sameAs">' . "\n" .
+ util_make_link('/tracker/?atid=' . $at->getID() .
+ '&group_id=' . $group_id . '&func=browse',
+ $at->getName()) . "</span>\n (" . sprintf(ngettext(
+ '<strong>%d</strong> open',
+ '<strong>%d</strong> open',
+ (int)$at->getOpenCount()), (int)$at->getOpenCount()) .
+ ' / ' . sprintf(ngettext(
+ '<strong>%d</strong> total',
+ '<strong>%d</strong> total',
+ (int)$at->getTotalCount()), (int)$at->getTotalCount()) .
+ ")<br /><span rel=\"sioc:has_space\" resource=\"\" ></span>\n</li>\n";
+ }
+ if ($at_cnt) {
echo "</ul>\n";
+ } else {
+ echo "<br />\n<em>$emsg</em>\n";
}
echo "</div>\n";
}
@@ -136,23 +167,47 @@
$link_content = $HTML->getPmPic('') . ' ' . _('Tasks');
print util_make_link('/pm/?group_id=' . $group_id, $link_content);
- $result = db_query_params('SELECT * FROM project_group_list
- WHERE group_id=$1 AND is_public=1',
- array($group_id));
- $rows = db_numrows($result);
- if (!$result || $rows < 1) {
- echo "<br />\n<em>" .
- _('There are no public subprojects available') .
- "</em>\n";
+ $pgf = new ProjectGroupFactory($group);
+ $emsg = _('There are no public subprojects available');
+ if (!$pgf || !is_object($pgf) || $pgf->isError()) {
+ $emsg = _('Could Not Get Factory');
+ $pg_arr = array();
} else {
- echo "\n".'<ul class="task-manager">';
- for ($j = 0; $j < $rows; $j++) {
- echo "\n\t<li>";
- print util_make_link('/pm/task.php?group_project_id='.db_result($result, $j, 'group_project_id').'&group_id='.$group_id.'&func=browse',db_result($result, $j, 'project_name'));
- echo '</li>';
+ $pg_arr = $pgf->getProjectGroups();
+ if (!$pg_arr || $pgf->isError()) {
+ $pg_arr = array();
}
- echo "\n</ul>";
}
+
+ $at_cnt = 0;
+ foreach ($pg_arr as $at) {
+ if (!$at || !is_object($at) || $at->isError()) {
+ /* just skip it */
+ continue;
+ }
+ if (!$at_cnt++) {
+ /* first one to be displayed */
+ echo "\n<ul class=\"task-manager\">\n";
+ }
+ echo "\n\t<li>" . util_make_link(
+ '/pm/task.php?group_project_id=' .
+ $at->getID() . '&group_id=' .
+ $group_id . '&func=browse',
+ $at->getName()) . " (" . sprintf(ngettext(
+ '<strong>%d</strong> open',
+ '<strong>%d</strong> open',
+ (int)$at->getOpenCount()), (int)$at->getOpenCount()) .
+ ' / ' . sprintf(ngettext(
+ '<strong>%d</strong> total',
+ '<strong>%d</strong> total',
+ (int)$at->getTotalCount()), (int)$at->getTotalCount()) .
+ ")</li>\n";
+ }
+ if ($at_cnt) {
+ echo "</ul>\n";
+ } else {
+ echo "<br />\n<em>$emsg</em>\n";
+ }
echo "\n</div>\n";
}
Modified: trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/debian/changelog 2012-10-29 14:08:34 UTC (rev 18733)
+++ trunk/gforge_base/evolvisforge-5.1/src/debian/changelog 2012-10-29 14:08:39 UTC (rev 18734)
@@ -8,8 +8,9 @@
* [#3351] Unbreak adding widgets to Group Summary page
* Widgets: Revert collapsing project members by default, with the
Codendi widget layout we’re flexible enough to keep the page fit
+ * Widgets: [#3230] “Public Areas” ⇒ “Project Areas” (SECURITY fix)
- -- Thorsten Glaser <t.glaser at tarent.de> Mon, 29 Oct 2012 14:52:35 +0100
+ -- Thorsten Glaser <t.glaser at tarent.de> Mon, 29 Oct 2012 14:54:31 +0100
fusionforge (1:5.1.1+evolvis74.2) unstable; urgency=high
Modified: trunk/gforge_base/evolvisforge-5.1/src/www/tracker/ind.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/tracker/ind.php 2012-10-29 14:08:34 UTC (rev 18733)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/tracker/ind.php 2012-10-29 14:08:39 UTC (rev 18734)
@@ -23,7 +23,7 @@
*/
$atf = new ArtifactTypeFactory($group);
-if (!$group || !is_object($group) || $group->isError()) {
+if (!$atf || !is_object($atf) || $atf->isError()) {
exit_error(_('Could Not Get ArtifactTypeFactory'),'tracker');
}
More information about the evolvis-commits
mailing list