00001 <?php
00002 # This file is part of the Savane project
00003 # <http://gna.org/projects/savane/>
00004 #
00005 # $Id: member.php 5187 2005-12-01 16:22:29Z yeupou $
00006 #
00007 # Copyright 2003-2005 (c) Mathieu Roy <yeupou--at--gnu.org>
00008 #
00009 # The Savane project is free software; you can redistribute it and/or
00010 # modify it under the terms of the GNU General Public License
00011 # as published by the Free Software Foundation; either version 2
00012 # of the License, or (at your option) any later version.
00013 #
00014 # The Savane project is distributed in the hope that it will be useful,
00015 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00016 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
00017 # GNU General Public License for more details.
00018 #
00019 # You should have received a copy of the GNU General Public License
00020 # along with the Savane project; if not, write to the Free Software
00021 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
00022
00023 # Add or update a user to/in a group
00024 # status is the 'admin_flags', can be pending or admin
00025 function member_add ($user_id, $group_id, $status='')
00026 {
00027
00028 if(!member_check($user_id,$group_id) || user_is_super_user())
00029 {
00030 $sql = "INSERT INTO user_group (user_id, group_id, admin_flags) VALUES ($user_id, $group_id, '$status')";
00031
00032 $result = db_query($sql);
00033 if ($result)
00034 {
00035 # add different history item if the addition is in pending status
00036 if ($status != "P")
00037 {
00038 group_add_history('Added User',user_getname($user_id),$group_id);
00039 }
00040 else
00041 {
00042 group_add_history('User Requested Membership',user_getname($user_id),$group_id);
00043 }
00044 }
00045 return $result;
00046 }
00047 else
00048 {
00049 fb(_("This user is already member of the group."));
00050 print $feedback;
00051 return 0;
00052 }
00053 }
00054
00055 # Approve a pending user for a group
00056 function member_approve ($user_id, $group_id)
00057 {
00058 $sql = "UPDATE user_group SET admin_flags='' WHERE user_id='$user_id' AND group_id='$group_id'";
00059 $result = db_query($sql);
00060 if ($result)
00061 { group_add_history('Approved User',user_getname($user_id),$group_id); }
00062 return $result;
00063 }
00064
00065 function member_remove ($user_id, $group_id)
00066 {
00067 $sql = "DELETE FROM user_group WHERE user_id='$user_id' AND group_id='$group_id'";
00068 $result = db_query($sql);
00069 if ($result)
00070 { group_add_history('Removed User',user_getname($user_id),$group_id); }
00071 return $result;
00072 }
00073
00074
00075 # Get all permissions for a given user
00076 function member_getpermissions ($group_id, $flags, $user_id=0)
00077 {
00078 if (!$user_id)
00079 {
00080 $user_id = user_getid();
00081 }
00082 if ($flags)
00083 {
00084 $sql = "SELECT ".$flags."_flags FROM user_group WHERE group_id='$group_id' AND user_id='$user_id'";
00085 return db_result(db_query($sql), 0, $flags."_flags");
00086 }
00087 }
00088
00089 # Check membership: by default, check only if someone is member of a project.
00090 #
00091 # With the flag option, you can check for specific right:
00092 # - the first letter of the flag should designate the tracker
00093 # (B = bugs, P = patch...
00094 # please use member_create_tracker_flag(ARTIFACT))
00095 # - the second letter, if specified, designate a role
00096 # 1 = technician
00097 # 2 = technican AND manager
00098 # 3 = manager
00099 #
00100 # The strict variable permit to have a return "true" only if the flag
00101 # found is exactly equal to the flag asked. For instance, if you are
00102 # looking for someone who is only technician, and not techn. and manager,
00103 # you can use that flag.
00104 function member_check ($user_id=0, $group_id, $flag=0, $strict=0)
00105 {
00106 # get the current user_id if missing
00107 if (!$user_id)
00108 {
00109 if (!user_isloggedin())
00110 {
00111 # not able to get a valid user id
00112 return false;
00113 }
00114 else
00115 {
00116 if (user_is_super_user())
00117 {
00118 # site admins always return true
00119 return true;
00120 }
00121 else
00122 {
00123 # any other case, define the user_id needed later.
00124 $user_id = user_getid();
00125 }
00126 }
00127 }
00128
00129 # determine whether someone is member of a project or not
00130 $result = db_query("SELECT user_id FROM user_group WHERE user_id='$user_id' AND group_id='$group_id' AND admin_flags<>'P'");
00131
00132 if (!$result || db_numrows($result) < 1)
00133 {
00134 # not a member of the project
00135 return false;
00136 }
00137 elseif (!$flag)
00138 {
00139 # member of a project, not looking for specific permission
00140 return true;
00141 }
00142 else
00143 {
00144 # when looking for permissions, first we look at the user permission,
00145 # if NULL at the group def permission, if NULL at the group type def
00146 # permission.
00147 $flag_tracker = substr(strtoupper($flag), 0, 1);
00148 $flag_level = substr(strtoupper($flag), 1, 2);
00149 if (!$flag_level)
00150 {
00151 # if flag_level does not exists, the level is the tracker flag
00152 # (like P or A for admin_flags)
00153 $flag_level = $flag_tracker;
00154 $flag_tracker = "admin";
00155 }
00156
00157 # get the tracker
00158 switch ($flag_tracker)
00159 {
00160 case 'B': { $flag_tracker = "bugs"; break; }
00161 case 'P': { $flag_tracker = "patch"; break; }
00162 case 'T': { $flag_tracker = "task"; break; }
00163 case 'S': { $flag_tracker = "support"; break; }
00164 case 'N': { $flag_tracker = "news"; break; }
00165 case 'C': { $flag_tracker = "cookbook"; break; }
00166 }
00167
00168 # get the value
00169 $value = member_getpermissions($group_id, $flag_tracker, $user_id);
00170 if (!$value)
00171 { $value = group_getpermissions($group_id, $flag_tracker); }
00172 if (!$value)
00173 { $value = group_gettypepermissions($group_id, $flag_tracker); }
00174 if (!$value)
00175 { $value = "ERROR"; }
00176
00177 # compare the value and what is asked
00178 if ($value == $flag_level)
00179 {
00180 # if the value is equal to the flag, we are obviously in a
00181 # "true" case.
00182 dbg("accept permission (A): role found value:$value, asked flag_level:$flag_level");
00183 return true;
00184 }
00185 elseif (!$strict && (2 == $value && (1 == $flag_level || 3 == $flag_level)))
00186 {
00187 # if the value is equal to 2 (manager and tech) if tech (1) or
00188 # manager (3) is asked it is "true"
00189 dbg("accept permission (B): role found value:$value, asked flag_level:$flag_level");
00190 return true;
00191 }
00192 elseif (!$strict && (2 == $flag_level && (1 == $value || 3 == $value)))
00193 {
00194 # if the value is equal to 3 (manager) or 1 (techn) if tech and
00195 # manager (2) is asked it is "true"
00196 dbg("accept permission (C): role found value:$value, asked flag_level:$flag_level");
00197 return true;
00198 }
00199 else
00200 {
00201 # any other case, false.
00202 dbg("reject permission: role found value:$value, asked flag_level:$flag_level");
00203 return false;
00204 }
00205 }
00206 }
00207 # Additional function to check whether a member is pending for a group
00208 # (partly member, so)
00209 function member_check_pending ($user_id=0, $group_id)
00210 {
00211 if (!$user_id) { $user_id = user_getid(); }
00212
00213 $result = db_query("SELECT user_id FROM user_group WHERE user_id='$user_id' AND group_id='$group_id' AND admin_flags='P'");
00214
00215 if (db_numrows($result))
00216 { return true; }
00217 else
00218 { return false; }
00219 }
00220
00221 # Function like member_check() only checking if one specific user is allowed
00222 # to read private content.
00223 # This stuff was not included in member_check() to ease development, nothing
00224 # else.
00225 function member_check_private ($user_id=0, $group_id)
00226 {
00227 # get the current user_id if missing
00228 if (!$user_id)
00229 {
00230 if (!user_isloggedin())
00231 {
00232 # not able to get a valid user id
00233 return false;
00234 }
00235 else
00236 {
00237 if (user_is_super_user())
00238 {
00239 # site admins always return true
00240 return true;
00241 }
00242 else
00243 {
00244 # any other case, define the user_id needed later.
00245 $user_id = user_getid();
00246 }
00247 }
00248 }
00249
00250 # check if its a project admin. If so, give access
00251 if (member_check($user_id, $group_id, 'A'))
00252 {
00253 return true;
00254 }
00255
00256 # determine whether someone is member allowed to read private date
00257 # of a project or not
00258 if (db_numrows(db_query("SELECT user_id FROM user_group WHERE user_id='$user_id' AND group_id='$group_id' AND admin_flags<>'P' AND privacy_flags='1'")))
00259 {
00260 return true;
00261 }
00262
00263 # if we end up here, it must be false
00264 return false;
00265 }
00266
00267
00268 # permit to keep the "simple" syntax of member_check but also
00269 # to be able to generate this simple syntax on-fly depending on
00270 # artifact.
00271 # (well, I admit, it's a bit strange...,
00272 # it could be directly inside member_check)
00273 function member_create_tracker_flag ($artifact)
00274 {
00275 switch ($artifact)
00276 {
00277 case 'bugs': { return "B"; }
00278 case 'patch': { return "P"; }
00279 case 'task': { return "T"; }
00280 case 'support': { return "S"; }
00281 case 'news': { return "N"; }
00282 case 'cookbook': { return "C"; }
00283 }
00284 }
00285
00286 # Check if a user belongs to a group and is pending
00287 # Return value: The whole row of user_group
00288 function member_check_is_pending ($user_id, $group_id)
00289 {
00290 return member_check($user_id, $group_id, 'P');
00291 }
00292
00293
00294 function member_explain_roles ($role=5)
00295 {
00296 html_member_explain_roles ($role);
00297 }
00298
00299
00300 ?>
