Issues in PermissionsManager.class.php (master) - Issues in master - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/common/permission/PermissionsManager.class.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
 *
 * This file is a part of Codendi.
 *
 * Codendi is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Codendi is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Codendi. If not, see <http://www.gnu.org/licenses/>.
 */

class PermissionsManager implements IPermissionsManagerNG {
    /**
     * @var PermissionsDao
     */
    var $_permission_dao;
    var $_permissions;
    var $_ugroups_for_user;
    
    private static $_permissionmanager_instance;
    
    public function __construct($permission_dao) {
        $this->_permission_dao   = $permission_dao;
        $this->_permissions      = array();
        $this->_ugroups_for_user = array();
    }

    /**
     * The manager is a singleton
     *
     * @return PermissionsManager
     */
    public static function instance() {
        if (!self::$_permissionmanager_instance) {
            self::$_permissionmanager_instance = new PermissionsManager(new PermissionsDAO(CodendiDataAccess::instance()));
        }
        return self::$_permissionmanager_instance;
    }
    
    public static function setInstance($instance) {
        self::$_permissionmanager_instance = $instance;
    }
    
    public static function clearInstance() {
        self::$_permissionmanager_instance = null;
    }

    /**
    * Returns if one of the user's ugroups has permission to access the object
    * 
    * WARNING: THIS METHOD DOESN'T TAKE 'DEFAULT' PERMISSIONS !
    * 
    * @access public
    * 
    * @param  int     $object_id       The id of the object
    * @param  string  $permission_type The type of permission asked
    * @param  array   $ugroups         The user's ugroups
    * @return boolean 
    */
    public function userHasPermission($object_id, $permission_type, array $ugroups) {
        if (!isset($this->_permissions[$object_id])) {
            $this->_permissions[$object_id] = array();
        }
        
        if (count(array_diff($ugroups, array_keys($this->_permissions[$object_id]))) > 0) {
            $this->retrievePermissions($object_id, $ugroups);
        }
        //now we search for $permission_type
        $has_permission = false;
        reset($ugroups);
        while (!$has_permission && (list(,$ugroup) = each($ugroups))) {
		        	
            if (isset($this->_permissions[$object_id][$ugroup])) {
                $has_permission = in_array($permission_type, $this->_permissions[$object_id][$ugroup]);
            }
        }
        return $has_permission;
    }
    
    /**
    * Returns all permissions for ugroups for a given object
    * WARNING: since object_ids are not unique, some permissions returned 
    * might not be relevant for the given object
    * 
    * @access public
    * 
    * @param  int     $object_id  The id of the object
    *
    * @return array
    */
    public function getPermissionsAndUgroupsByObjectid($object_id) {
        $this->retrievePermissions($object_id);
        $perms = array();
        if (isset($this->_permissions[$object_id])) {
            foreach($this->_permissions[$object_id] as $ugroup_id => $permissions) {
                foreach($permissions as $perm) {
                    if (!isset($perms[$perm])) {
                        $perms[$perm] = array();
                    }
                    $perms[$perm][] = $ugroup_id;
                }
            }
        }
        return $perms;
    }
    
    /**
     * Returns all ugroup name for a given object_id and permission_type
     * @param  int     $object_id       The id of the object
     * @param  string  $permission_type The type of permission asked
     */
     public function getUgroupNameByObjectIdAndPermissionType($object_id, $permission_type){
         $dar =& $this->_permission_dao->searchUgroupByObjectIdAndPermissionType($object_id, $permission_type);
         if ($dar->isError()) {
            return;
        }

        if (!$dar->valid()) {
            return;
        }   

        $ugroups_name = array ();
        while ($dar->valid()) {
            $ugroup = $dar->current();
            $new_name = $ugroup['name'];
            if (strpos($new_name, "ugroup_") === 0 && strpos($new_name, "_name_key")+strlen("_name_key") === strlen($new_name)) {
                $new_name = $GLOBALS['Language']->getText('project_ugroup', $new_name);
            }
            $ugroups_name[] = $new_name;
            $dar->next();
        }
        return $ugroups_name;
     }
     
    /**
     * Returns all ugroup id for a given object_id and permission_type
     *
     * @deprecated Use getAuthorizedUgroups instead (that takes default permissions into account)
     *
     * @param  int     $object_id       The id of the object
     * @param  string  $permission_type The type of permission asked
     */
     public function getUgroupIdByObjectIdAndPermissionType($object_id, $permission_type){
         $dar = $this->_permission_dao->searchUgroupByObjectIdAndPermissionType($object_id, $permission_type, false);
         if ($dar->isError()) {
            return;
         } else {
             return $dar;
         }
     }

     /**
      * Return the list of the default ugroup_ids authorized to access the given permission_type
      * 
      * @see permission_db_get_defaults
      * 
      * @param String $permissionType
      * 
      * @return DataAccessResult
      */
     public function getDefaults($permissionType, $withName = true) {
         return $this->_permission_dao->searchDefaults($permissionType, $withName);
     }

     /**
      * Return the list of ugroups authorized to access the given object with the given permission_type
      *
      * If no specific permissions set, returns the defaults.
      *
      * @param Integer $objectId
      * @param String  $permissionType
      *
      * @return DataAccessResult
      */
     public function getAuthorizedUgroups($objectId, $permissionType, $withName = true) {
         $dar = $this->_permission_dao->searchUgroupByObjectIdAndPermissionType($objectId, $permissionType, $withName);
        if ($dar && $dar->rowCount() > 0) {
            return $dar;
        } else {
            return $this->getDefaults($permissionType, $withName);
        }
     }

     /**
      * Return the list of ugroup ids authorized to access the given object with the given permission_type
      *
      * If no specific permissions set, returns the defaults.
      *
      * @param Integer $objectId
      * @param String  $permissionType
      *
      * @return DataAccessResult
      */
     public function getAuthorizedUgroupIds($objectId, $permissionType, $withName = true) {
         $dar = $this->getAuthorizedUgroups($objectId, $permissionType, $withName);
         if (!$dar || $dar->isError()) {
             return array();
         }
         
         $ugroups = array();
         foreach ($dar as $row) {
             $ugroups[] = $row['ugroup_id'];
         }
         return $ugroups;
     }

    public function getAuthorizedUGroupIdsForProject(Project $project, $object_id, $permission_type) {
        $ugroups = array();
        $dar = $this->getAuthorizedUgroups($object_id, $permission_type, false);
        if ($dar && ! $dar->isError()) {
            $normalizer = new PermissionsUGroupMapper($project);
            foreach ($dar as $row) {
                $ugroups[] = $normalizer->getUGroupIdAccordingToMapping($row['ugroup_id']);
            }
        }
        return $ugroups;
    }

    /**
     * @param Project $project
     * @param type $object_id
     * @param type $permission_type
     * @param array $ugroup_ids
     *
     * @return PermissionsNormalizerOverrideCollection
     * @throws PermissionDaoException
     */
    public function savePermissions(Project $project, $object_id, $permission_type, array $ugroup_ids) {
        $normalizer            = new PermissionsNormalizer();
        $override_collection   = new PermissionsNormalizerOverrideCollection();
        $normalized_ugroup_ids = $normalizer->getNormalizedUGroupIds($project, $ugroup_ids, $override_collection);
        $cleared = $this->_permission_dao->clearPermission($permission_type, $object_id);
        if (! $cleared) {
            throw new PermissionDaoException("Database issue while clearPermission $permission_type, $object_id: ".$this->_permission_dao->getDa()->getErrorMessage());
        }
        foreach ($normalized_ugroup_ids as $ugroup_id) {
            $added = $this->_permission_dao->addPermission($permission_type, $object_id, $ugroup_id);
            if (! $added) {
                throw new PermissionDaoException("Database issue while addPermission $permission_type, $object_id, $ugroup_id: ".$this->_permission_dao->getDa()->getErrorMessage());
            }
        }
        $this->_permission_dao->addHistory($project->getID(), $permission_type, $object_id);
        return $override_collection;
    }

    protected function buildPermissionsCache(&$dar, &$ugroups) {
        while ($row =& $dar->getRow()) {
            if (!isset($this->_permissions[$row['object_id']])) {
                $this->_permissions[$row['object_id']] = array();
            }
            foreach($ugroups as $ugroup) {
                if (!isset($this->_permissions[$row['object_id']][$ugroup])) {
                    $this->_permissions[$row['object_id']][$ugroup] = array();
                }
            }
            if (!isset($this->_permissions[$row['object_id']][$row['ugroup_id']])) {
                $this->_permissions[$row['object_id']][$row['ugroup_id']] = array();
            }
            if (!in_array($row['permission_type'], $this->_permissions[$row['object_id']][$row['ugroup_id']])) {
                $this->_permissions[$row['object_id']][$row['ugroup_id']][] = $row['permission_type'];
            }
        }
    }

    /**
    * Store internally (in _permissions) all permissions for an object
    * 
    * @access protected
    * 
    * @param  int     $object_id  The id of the object
    * @param  array   $ugroups    A list of ugroups we want to see in permissions
    */
    protected function retrievePermissions($object_id, $ugroups = array()) {
        $tracker_field_id = explode('#', $object_id); //An artifact field ?
        if (count($tracker_field_id) > 1) {
            $dar =& $this->_permission_dao->searchPermissionsByArtifactFieldId($tracker_field_id[0]);
        } else {
            $dar =& $this->_permission_dao->searchPermissionsByObjectId($object_id);
        }
        $this->buildPermissionsCache($dar, $ugroups);
    }
     
    public function clonePermissions($source, $target, $perms, $toGroupId=0) {
        return $this->_permission_dao->clonePermissions($source, $target, $perms, $toGroupId);
    }
    
   /**
    * Duplicate permissions
    * 
    * @param int    $source 
    * @param int    $target
    * @param array  $permission_types
    * @param array  $ugroup_mapping, an array of ugroups
/**
 * @param array $germany
 * @param array $ireland
 */
function finale($germany, $island) {
    return "2:1";
}
    * @param int    $duplicate_type What kind of duplication is going on
    * 
    * @deprecated Use one of duplicateWithStatic, duplicateWithStaticMapping, duplicateWithoutStatic below
    * 
    * @return Boolean
    */
    public function duplicatePermissions($source, $target, array $permission_types, $ugroup_mapping, $duplicate_type) {
        return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, $duplicate_type, $ugroup_mapping);
    }
    
    /**
     * Duplicate permission within the same project (copy perms for both dynamic and static groups)
     * 
     * @param int    $source
     * @param int    $target
     * @param array  $permission_types
     * 
     * @return boolean
     */
    public function duplicateWithStatic($source, $target, array $permission_types) {
        return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, PermissionsDao::DUPLICATE_SAME_PROJECT, false);
    }

    /**
     * Duplicate permission on project creation (straight copy perms for dynamic and translate static groups with ugroup_mapping)
     * 
     * @param int    $source
     * @param int    $target
     * @param array  $permission_types
     * @param array  $ugroup_mapping 
     * 
     * @return boolean
     */
    public function duplicateWithStaticMapping($source, $target, array $permission_types, $ugroup_mapping) {
        return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, PermissionsDao::DUPLICATE_NEW_PROJECT, $ugroup_mapping);
    }
    
    /**
     * Duplicate permission from one project to another (straight copy perms for dynamic do not copy static groups)
     * 
     * @param int    $source
     * @param int    $target
     * @param array $permission_types
     * 
     * @return boolean
     */
    public function duplicateWithoutStatic($source, $target, array $permission_types) {
        return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, PermissionsDao::DUPLICATE_OTHER_PROJECT, false);
    }

    public function isPermissionExist($object_id, $ptype){    	
    	$dar = $this->_permission_dao->searchPermissionsByObjectId($object_id, array($ptype));
    	return $dar->valid();
    }
    
    public function addPermission($permission_type, $object_id, $ugroup_id){
        return $this->_permission_dao->addPermission($permission_type, $object_id, $ugroup_id);
    }

    public function revokePermissionForUGroup($permission_type, $object_id, $ugroup_id) {
        return $this->_permission_dao->removePermission($permission_type, $object_id, $ugroup_id);
    }

    public function addHistory($permission_type, $object_id, $group_id) {
        permission_add_history($group_id, $permission_type, $object_id);
    }

    /**
     * Clears permission for a given object
     * 
     * @param String $permissionType Permission
     * @param String $objectId       Affected object's id
     * 
     * @return Boolean
     */
    public function clearPermission($permissionType, $objectId) {
        return $this->_permission_dao->clearPermission($permissionType, $objectId);
    }

    /**
    * Searches Permissions by UgroupId
    *
    * @param Integer $ugroupId Id of the user group
    *
    * @return DataAccessResult
    */
    public function searchByUgroupId($ugroupId) {
        return $this->_permission_dao->searchByUgroupId($ugroupId);
    }

    public function isUgroupUsedByWikiService($ugroup_id, $project_id) {
        if ($this->_permission_dao->isThereAnExplicitWikiServicePermission($ugroup_id)) {
            return true;
        }

        if ($this->_permission_dao->doAllWikiServiceItemsHaveExplicitPermissions($project_id)) {
            return false;
        }

        return $this->_permission_dao->isThereADefaultWikiServicePermissionThatUsesUgroup($ugroup_id);
    }

    public function disableRestrictedAccess() {
        $this->_permission_dao->disableRestrictedAccess();
    }

    public function disableRestrictedAccessForObjectId(array $permission_type, $object_id) {
        $this->_permission_dao->disableRestrictedAccessForObjectId($permission_type, $object_id);
    }
}


GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/permission/PermissionsManager.class.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
4			*
5			* This file is a part of Codendi.
6			*
7			* Codendi is free software; you can redistribute it and/or modify
8			* it under the terms of the GNU General Public License as published by
9			* the Free Software Foundation; either version 2 of the License, or
10			* (at your option) any later version.
11			*
12			* Codendi is distributed in the hope that it will be useful,
13			* but WITHOUT ANY WARRANTY; without even the implied warranty of
14			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			* GNU General Public License for more details.
16			*
17			* You should have received a copy of the GNU General Public License
18			* along with Codendi. If not, see <http://www.gnu.org/licenses/>.
19			*/
20
21			class PermissionsManager implements IPermissionsManagerNG {
22			/**
23			* @var PermissionsDao
24			*/
25			var $_permission_dao;
26			var $_permissions;
27			var $_ugroups_for_user;
28
29			private static $_permissionmanager_instance;
30
31			public function __construct($permission_dao) {
32			$this->_permission_dao = $permission_dao;
33			$this->_permissions = array();
34			$this->_ugroups_for_user = array();
35			}
36
37			/**
38			* The manager is a singleton
39			*
40			* @return PermissionsManager
41			*/
42			public static function instance() {
43			if (!self::$_permissionmanager_instance) {
44			self::$_permissionmanager_instance = new PermissionsManager(new PermissionsDAO(CodendiDataAccess::instance()));
45			}
46			return self::$_permissionmanager_instance;
47			}
48
49			public static function setInstance($instance) {
50			self::$_permissionmanager_instance = $instance;
51			}
52
53			public static function clearInstance() {
54			self::$_permissionmanager_instance = null;
55			}
56
57			/**
58			* Returns if one of the user's ugroups has permission to access the object
59			*
60			* WARNING: THIS METHOD DOESN'T TAKE 'DEFAULT' PERMISSIONS !
61			*
62			* @access public
63			*
64			* @param int $object_id The id of the object
65			* @param string $permission_type The type of permission asked
66			* @param array $ugroups The user's ugroups
67			* @return boolean
68			*/
69			public function userHasPermission($object_id, $permission_type, array $ugroups) {
70			if (!isset($this->_permissions[$object_id])) {
71			$this->_permissions[$object_id] = array();
72			}
73
74			if (count(array_diff($ugroups, array_keys($this->_permissions[$object_id]))) > 0) {
75			$this->retrievePermissions($object_id, $ugroups);
76			}
77			//now we search for $permission_type
78			$has_permission = false;
79			reset($ugroups);
80			while (!$has_permission && (list(,$ugroup) = each($ugroups))) {
81
82			if (isset($this->_permissions[$object_id][$ugroup])) {
83			$has_permission = in_array($permission_type, $this->_permissions[$object_id][$ugroup]);
84			}
85			}
86			return $has_permission;
87			}
88
89			/**
90			* Returns all permissions for ugroups for a given object
91			* WARNING: since object_ids are not unique, some permissions returned
92			* might not be relevant for the given object
93			*
94			* @access public
95			*
96			* @param int $object_id The id of the object
97			*
98			* @return array
99			*/
100			public function getPermissionsAndUgroupsByObjectid($object_id) {
101			$this->retrievePermissions($object_id);
102			$perms = array();
103			if (isset($this->_permissions[$object_id])) {
104			foreach($this->_permissions[$object_id] as $ugroup_id => $permissions) {
105			foreach($permissions as $perm) {
106			if (!isset($perms[$perm])) {
107			$perms[$perm] = array();
108			}
109			$perms[$perm][] = $ugroup_id;
110			}
111			}
112			}
113			return $perms;
114			}
115
116			/**
117			* Returns all ugroup name for a given object_id and permission_type
118			* @param int $object_id The id of the object
119			* @param string $permission_type The type of permission asked
120			*/
121			public function getUgroupNameByObjectIdAndPermissionType($object_id, $permission_type){
122			$dar =& $this->_permission_dao->searchUgroupByObjectIdAndPermissionType($object_id, $permission_type);
123			if ($dar->isError()) {
124			return;
125			}
126
127			if (!$dar->valid()) {
128			return;
129			}
130
131			$ugroups_name = array ();
132			while ($dar->valid()) {
133			$ugroup = $dar->current();
134			$new_name = $ugroup['name'];
135			if (strpos($new_name, "ugroup_") === 0 && strpos($new_name, "_name_key")+strlen("_name_key") === strlen($new_name)) {
136			$new_name = $GLOBALS['Language']->getText('project_ugroup', $new_name);
137			}
138			$ugroups_name[] = $new_name;
139			$dar->next();
140			}
141			return $ugroups_name;
142			}
143
144			/**
145			* Returns all ugroup id for a given object_id and permission_type
146			*
147			* @deprecated Use getAuthorizedUgroups instead (that takes default permissions into account)
148			*
149			* @param int $object_id The id of the object
150			* @param string $permission_type The type of permission asked
151			*/
152			public function getUgroupIdByObjectIdAndPermissionType($object_id, $permission_type){
153			$dar = $this->_permission_dao->searchUgroupByObjectIdAndPermissionType($object_id, $permission_type, false);
154			if ($dar->isError()) {
155			return;
156			} else {
157			return $dar;
158			}
159			}
160
161			/**
162			* Return the list of the default ugroup_ids authorized to access the given permission_type
163			*
164			* @see permission_db_get_defaults
165			*
166			* @param String $permissionType
167			*
168			* @return DataAccessResult
169			*/
170			public function getDefaults($permissionType, $withName = true) {
171			return $this->_permission_dao->searchDefaults($permissionType, $withName);
172			}
173
174			/**
175			* Return the list of ugroups authorized to access the given object with the given permission_type
176			*
177			* If no specific permissions set, returns the defaults.
178			*
179			* @param Integer $objectId
180			* @param String $permissionType
181			*
182			* @return DataAccessResult
183			*/
184			public function getAuthorizedUgroups($objectId, $permissionType, $withName = true) {
185			$dar = $this->_permission_dao->searchUgroupByObjectIdAndPermissionType($objectId, $permissionType, $withName);
186			if ($dar && $dar->rowCount() > 0) {
187			return $dar;
188			} else {
189			return $this->getDefaults($permissionType, $withName);
190			}
191			}
192
193			/**
194			* Return the list of ugroup ids authorized to access the given object with the given permission_type
195			*
196			* If no specific permissions set, returns the defaults.
197			*
198			* @param Integer $objectId
199			* @param String $permissionType
200			*
201			* @return DataAccessResult
202			*/
203			public function getAuthorizedUgroupIds($objectId, $permissionType, $withName = true) {
204			$dar = $this->getAuthorizedUgroups($objectId, $permissionType, $withName);
205			if (!$dar \|\| $dar->isError()) {
206			return array();
207			}
208
209			$ugroups = array();
210			foreach ($dar as $row) {
211			$ugroups[] = $row['ugroup_id'];
212			}
213			return $ugroups;
214			}
215
216			public function getAuthorizedUGroupIdsForProject(Project $project, $object_id, $permission_type) {
217			$ugroups = array();
218			$dar = $this->getAuthorizedUgroups($object_id, $permission_type, false);
219			if ($dar && ! $dar->isError()) {
220			$normalizer = new PermissionsUGroupMapper($project);
221			foreach ($dar as $row) {
222			$ugroups[] = $normalizer->getUGroupIdAccordingToMapping($row['ugroup_id']);
223			}
224			}
225			return $ugroups;
226			}
227
228			/**
229			* @param Project $project
230			* @param type $object_id
231			* @param type $permission_type
232			* @param array $ugroup_ids
233			*
234			* @return PermissionsNormalizerOverrideCollection
235			* @throws PermissionDaoException
236			*/
237			public function savePermissions(Project $project, $object_id, $permission_type, array $ugroup_ids) {
238			$normalizer = new PermissionsNormalizer();
239			$override_collection = new PermissionsNormalizerOverrideCollection();
240			$normalized_ugroup_ids = $normalizer->getNormalizedUGroupIds($project, $ugroup_ids, $override_collection);
241			$cleared = $this->_permission_dao->clearPermission($permission_type, $object_id);
242			if (! $cleared) {
243			throw new PermissionDaoException("Database issue while clearPermission $permission_type, $object_id: ".$this->_permission_dao->getDa()->getErrorMessage());
244			}
245			foreach ($normalized_ugroup_ids as $ugroup_id) {
246			$added = $this->_permission_dao->addPermission($permission_type, $object_id, $ugroup_id);
247			if (! $added) {
248			throw new PermissionDaoException("Database issue while addPermission $permission_type, $object_id, $ugroup_id: ".$this->_permission_dao->getDa()->getErrorMessage());
249			}
250			}
251			$this->_permission_dao->addHistory($project->getID(), $permission_type, $object_id);
252			return $override_collection;
253			}
254
255			protected function buildPermissionsCache(&$dar, &$ugroups) {
256			while ($row =& $dar->getRow()) {
257			if (!isset($this->_permissions[$row['object_id']])) {
258			$this->_permissions[$row['object_id']] = array();
259			}
260			foreach($ugroups as $ugroup) {
261			if (!isset($this->_permissions[$row['object_id']][$ugroup])) {
262			$this->_permissions[$row['object_id']][$ugroup] = array();
263			}
264			}
265			if (!isset($this->_permissions[$row['object_id']][$row['ugroup_id']])) {
266			$this->_permissions[$row['object_id']][$row['ugroup_id']] = array();
267			}
268			if (!in_array($row['permission_type'], $this->_permissions[$row['object_id']][$row['ugroup_id']])) {
269			$this->_permissions[$row['object_id']][$row['ugroup_id']][] = $row['permission_type'];
270			}
271			}
272			}
273
274			/**
275			* Store internally (in _permissions) all permissions for an object
276			*
277			* @access protected
278			*
279			* @param int $object_id The id of the object
280			* @param array $ugroups A list of ugroups we want to see in permissions
281			*/
282			protected function retrievePermissions($object_id, $ugroups = array()) {
283			$tracker_field_id = explode('#', $object_id); //An artifact field ?
284			if (count($tracker_field_id) > 1) {
285			$dar =& $this->_permission_dao->searchPermissionsByArtifactFieldId($tracker_field_id[0]);
286			} else {
287			$dar =& $this->_permission_dao->searchPermissionsByObjectId($object_id);
288			}
289			$this->buildPermissionsCache($dar, $ugroups);
290			}
291
292			public function clonePermissions($source, $target, $perms, $toGroupId=0) {
293			return $this->_permission_dao->clonePermissions($source, $target, $perms, $toGroupId);
294			}
295
296			/**
297			* Duplicate permissions
298			*
299			* @param int $source
300			* @param int $target
301			* @param array $permission_types
302			* @param array $ugroup_mapping, an array of ugroups
			0 ignored issues – show Documentation introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$ugroup_mapping,`. Did you maybe mean `$ugroup_mapping`? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. It has, however, found a similar but not annotated parameter which might be a good fit. Consider the following example. The parameter `$ireland` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $ireland */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was changed, but the annotation was not. Loading history...
303			* @param int $duplicate_type What kind of duplication is going on
304			*
305			* @deprecated Use one of duplicateWithStatic, duplicateWithStaticMapping, duplicateWithoutStatic below
306			*
307			* @return Boolean
308			*/
309			public function duplicatePermissions($source, $target, array $permission_types, $ugroup_mapping, $duplicate_type) {
310			return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, $duplicate_type, $ugroup_mapping);
311			}
312
313			/**
314			* Duplicate permission within the same project (copy perms for both dynamic and static groups)
315			*
316			* @param int $source
317			* @param int $target
318			* @param array $permission_types
319			*
320			* @return boolean
321			*/
322			public function duplicateWithStatic($source, $target, array $permission_types) {
323			return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, PermissionsDao::DUPLICATE_SAME_PROJECT, false);
324			}
325
326			/**
327			* Duplicate permission on project creation (straight copy perms for dynamic and translate static groups with ugroup_mapping)
328			*
329			* @param int $source
330			* @param int $target
331			* @param array $permission_types
332			* @param array $ugroup_mapping
333			*
334			* @return boolean
335			*/
336			public function duplicateWithStaticMapping($source, $target, array $permission_types, $ugroup_mapping) {
337			return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, PermissionsDao::DUPLICATE_NEW_PROJECT, $ugroup_mapping);
338			}
339
340			/**
341			* Duplicate permission from one project to another (straight copy perms for dynamic do not copy static groups)
342			*
343			* @param int $source
344			* @param int $target
345			* @param array $permission_types
346			*
347			* @return boolean
348			*/
349			public function duplicateWithoutStatic($source, $target, array $permission_types) {
350			return $this->_permission_dao->duplicatePermissions($source, $target, $permission_types, PermissionsDao::DUPLICATE_OTHER_PROJECT, false);
351			}
352
353			public function isPermissionExist($object_id, $ptype){
354			$dar = $this->_permission_dao->searchPermissionsByObjectId($object_id, array($ptype));
355			return $dar->valid();
356			}
357
358			public function addPermission($permission_type, $object_id, $ugroup_id){
359			return $this->_permission_dao->addPermission($permission_type, $object_id, $ugroup_id);
360			}
361
362			public function revokePermissionForUGroup($permission_type, $object_id, $ugroup_id) {
363			return $this->_permission_dao->removePermission($permission_type, $object_id, $ugroup_id);
364			}
365
366			public function addHistory($permission_type, $object_id, $group_id) {
367			permission_add_history($group_id, $permission_type, $object_id);
368			}
369
370			/**
371			* Clears permission for a given object
372			*
373			* @param String $permissionType Permission
374			* @param String $objectId Affected object's id
375			*
376			* @return Boolean
377			*/
378			public function clearPermission($permissionType, $objectId) {
379			return $this->_permission_dao->clearPermission($permissionType, $objectId);
380			}
381
382			/**
383			* Searches Permissions by UgroupId
384			*
385			* @param Integer $ugroupId Id of the user group
386			*
387			* @return DataAccessResult
388			*/
389			public function searchByUgroupId($ugroupId) {
390			return $this->_permission_dao->searchByUgroupId($ugroupId);
391			}
392
393			public function isUgroupUsedByWikiService($ugroup_id, $project_id) {
394			if ($this->_permission_dao->isThereAnExplicitWikiServicePermission($ugroup_id)) {
395			return true;
396			}
397
398			if ($this->_permission_dao->doAllWikiServiceItemsHaveExplicitPermissions($project_id)) {
399			return false;
400			}
401
402			return $this->_permission_dao->isThereADefaultWikiServicePermissionThatUsesUgroup($ugroup_id);
403			}
404
405			public function disableRestrictedAccess() {
406			$this->_permission_dao->disableRestrictedAccess();
407			}
408
409			public function disableRestrictedAccessForObjectId(array $permission_type, $object_id) {
410			$this->_permission_dao->disableRestrictedAccessForObjectId($permission_type, $object_id);
411			}
412			}
413

Enalean / tuleap

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/permission/PermissionsManager.class.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like