xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Commit 2e47afcc8a0ad846a724ec902d1647156a885c62

Limit bug editing to users with bug delete right
Author: xaizek
Author date (UTC): 2019-07-07 16:25
Committer name: xaizek
Committer date (UTC): 2019-07-07 20:34
Parent(s): 1073e421bc7cc717c3bcfd56cba373cdaa644071
Signing key: 99DC5E4DB05F6BE2
Tree: 50dbad3a690f5e21888fe56197bd0d5fa39e047e
File Lines added Lines deleted
inc/user/repo/bug/main.php 3 0
inc/user/repo/bug/show/show.php 9 0
root/themes/default/repo/bug/b_edit.html 7 5
root/themes/reversed.top/repo/bug/b_edit.html 7 5
File inc/user/repo/bug/main.php changed (mode: 100644) (index b725b54..fb7999d)
... ... $x['needed_rights'] = 'r';
22 22 $rg['allow_bug_reopen'] = (rg_rights_allow($db, $x) === TRUE ? 1 : 0); $rg['allow_bug_reopen'] = (rg_rights_allow($db, $x) === TRUE ? 1 : 0);
23 23 $x['needed_rights'] = 'd'; $x['needed_rights'] = 'd';
24 24 $rg['allow_bug_delete'] = (rg_rights_allow($db, $x) === TRUE ? 1 : 0); $rg['allow_bug_delete'] = (rg_rights_allow($db, $x) === TRUE ? 1 : 0);
25 // Editing loses information, so give this ability only to those who is allowed
26 // to delete bugs.
27 $rg['allow_bug_edit'] = $rg['allow_bug_delete'];
25 28
26 29 $_op = empty($paras) ? "list" : array_shift($paras); $_op = empty($paras) ? "list" : array_shift($paras);
27 30 $rg['menu']['sub2'][$_op] = 1; $rg['menu']['sub2'][$_op] = 1;
File inc/user/repo/bug/show/show.php changed (mode: 100644) (index a354652..9ff7e03)
... ... if ($ibug['deleted'] > 0) {
38 38 } }
39 39 } }
40 40
41 // If bug is edited and the user does not have 'delete' rights, deny access.
42 if (rg_var_uint("edit")) {
43 $x['needed_rights'] = 'd';
44 if (rg_rights_allow($db, $x) !== TRUE) {
45 $_bug_body .= rg_template("repo/bug/deny_edit.html", $rg, TRUE /*xss*/);
46 return;
47 }
48 }
49
41 50 // load labels // load labels
42 51 $labels = rg_bug_label_get($db, $rg['ri']['repo_id'], $rg['bug']['bug_id']); $labels = rg_bug_label_get($db, $rg['ri']['repo_id'], $rg['bug']['bug_id']);
43 52 if ($labels === FALSE) if ($labels === FALSE)
File root/themes/default/repo/bug/b_edit.html changed (mode: 100644) (index a51b0a8..a7ee459)
1 <form method="post" action="@@bug::url@@">
2 <input type="hidden" name="edit" value="1" />
3 <!-- no need for token -->
4 <input type="submit" name="button" value="Edit" />
5 </form>
1 @@if(@@allow_bug_edit@@ == 1){{
2 <form method="post" action="@@bug::url@@">
3 <input type="hidden" name="edit" value="1" />
4 <!-- no need for token -->
5 <input type="submit" name="button" value="Edit" />
6 </form>
7 }}
File root/themes/reversed.top/repo/bug/b_edit.html changed (mode: 100644) (index a51b0a8..a7ee459)
1 <form method="post" action="@@bug::url@@">
2 <input type="hidden" name="edit" value="1" />
3 <!-- no need for token -->
4 <input type="submit" name="button" value="Edit" />
5 </form>
1 @@if(@@allow_bug_edit@@ == 1){{
2 <form method="post" action="@@bug::url@@">
3 <input type="hidden" name="edit" value="1" />
4 <!-- no need for token -->
5 <input type="submit" name="button" value="Edit" />
6 </form>
7 }}
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master