xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit 8aa274777cd39834ea3467399ec8b072a136e525

Checkpoint
Author: Catalin(ux) M. BOIE
Author date (UTC): 2014-10-24 20:41
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2014-10-24 20:41
Parent(s): af5c3e9e60264219565f682fa909b9f829e0fa9d
Signing key:
Tree: 9a139e29b5dde34d8bb071a383856341a82c3357
File Lines added Lines deleted
TODO 5 2
hooks/update 3 19
inc/bug.inc.php 3 1
inc/git.inc.php 17 17
inc/keys.inc.php 7 4
inc/repo.inc.php 28 69
inc/rights.inc.php 91 72
inc/user.inc.php 13 32
inc/user/repo-page.php 6 3
inc/user/repo/bug/show/show.php 8 4
root/themes/default/user/repo/rights/list_repo/line.html 1 1
root/themes/default/user/repo/rights/list_repo_path/line.html 1 1
root/themes/default/user/repo/rights/list_repo_refs/line.html 1 1
scripts/cache.php 2 2
scripts/cache.sh 1 1
scripts/events.sh 1 1
scripts/q.sh 1 1
scripts/remote.php 3 1
tests/repo.php 1 1
tests/rights.php 4 3
File TODO changed (mode: 100644) (index 92734f4..53e52a8)
1 1 == Where I stopped last time == == Where I stopped last time ==
2 [ ] Use can_be_deleted when showing delete checkboxes for rights.
2 [ ] Important: only the owner of a repo must see all rights!
3 Probably also for user.
4 But, 'Admin' can be access only by the owner!
5 [ ] Use can_be_deleted when showing delete checkboxes for rights. Done. Test.
3 6 [ ] For delete, do not show checkboxes for injected items. [ ] For delete, do not show checkboxes for injected items.
4 [ ] We should pass 'owner' to rg_rights_get/rg_repo_rights_inject
5 7 [ ] Add unit test for inject functions. [ ] Add unit test for inject functions.
6 8 [ ] When changing rights, invalidate/update cache. [ ] When changing rights, invalidate/update cache.
7 9 [ ] Retest repo rename. Better, add an unit test. [ ] Retest repo rename. Better, add an unit test.
 
33 35 that user sees the repo as public. that user sees the repo as public.
34 36
35 37 == BEFORE NEXT RELEASE == == BEFORE NEXT RELEASE ==
38 [ ] Add rights 'allow non-ascii file names'.
36 39 [ ] Add 'desc' to rights. [ ] Add 'desc' to rights.
37 40 [ ] We should not show delete checkboxes/buttons if a user is not allowed [ ] We should not show delete checkboxes/buttons if a user is not allowed
38 41 to delete items. to delete items.
File hooks/update changed (mode: 100755) (index 9a3dd1d..f83fd37)
... ... rg_log_set_file($rg_log_dir . "/hook_update.log");
35 35 $db = rg_sql_open($rg_sql); $db = rg_sql_open($rg_sql);
36 36
37 37 $a = array(); $a = array();
38
39 38 $a['login_uid'] = @sprintf("%u", getenv("ROCKETGIT_LOGIN_UID")); $a['login_uid'] = @sprintf("%u", getenv("ROCKETGIT_LOGIN_UID"));
40 39 $a['repo_id'] = getenv("ROCKETGIT_REPO_ID"); $a['repo_id'] = getenv("ROCKETGIT_REPO_ID");
41 40 $a['ip'] = getenv("ROCKETGIT_IP"); $a['ip'] = getenv("ROCKETGIT_IP");
42 41 $a['namespace'] = getenv("GIT_NAMESPACE"); $a['namespace'] = getenv("GIT_NAMESPACE");
43 42 $a['repo_path'] = getenv("ROCKETGIT_REPO_PATH"); $a['repo_path'] = getenv("ROCKETGIT_REPO_PATH");
43 $a['repo.uid'] = getenv("ROCKETGIT_REPO_UID");
44 44
45 45 rg_log("Start " . rg_array2string($a)); rg_log("Start " . rg_array2string($a));
46 46 rg_log("_SERVER: " . rg_array2string($_SERVER)); rg_log("_SERVER: " . rg_array2string($_SERVER));
 
... ... else
64 64 $a['new_rev_type'] = rg_git_type($a['new_rev']); $a['new_rev_type'] = rg_git_type($a['new_rev']);
65 65 rg_log("new_rev_type=" . $a['new_rev_type']); rg_log("new_rev_type=" . $a['new_rev_type']);
66 66
67 $ri = rg_repo_info($db, $a['repo_id'], 0, "");
68 if ($ri['ok'] != 1)
69 rg_git_fatal("Internal error (repo). Try again later.");
70
71 $r = rg_rights_get($db, $ri['repo_id'], "repo_refs", $ri['uid'],
72 $a['login_uid'], 0);
73 if ($r['ok'] != 1)
74 rg_git_fatal("Internal error (refs rights). Try again later.");
75 $a['refs_rights'] = $r['list'];
76
77 $r = rg_rights_get($db, $ri['repo_id'], "repo_path", $ri['uid'],
78 $a['login_uid'], 0);
79 if ($r['ok'] != 1)
80 rg_git_fatal("Internal error (path rights). Try again later.");
81 $a['repo_path'] = $r['list'];
82
83 67 if (strncmp($a['refname'], "refs/tags/", 10) == 0) { if (strncmp($a['refname'], "refs/tags/", 10) == 0) {
84 rg_git_update_tag($a);
68 rg_git_update_tag($db, $a);
85 69 } else if (strncmp($a['refname'], "refs/heads/", 11) == 0) { } else if (strncmp($a['refname'], "refs/heads/", 11) == 0) {
86 rg_git_update_branch($a);
70 rg_git_update_branch($db, $a);
87 71 } else if (strncmp($a['refname'], "refs/remotes/", 13) == 0) { } else if (strncmp($a['refname'], "refs/remotes/", 13) == 0) {
88 72 rg_git_fatal("No action for remotes for now!"); rg_git_fatal("No action for remotes for now!");
89 73 } else { } else {
File inc/bug.inc.php changed (mode: 100644) (index 90ee6d2..3eb0f63)
... ... function rg_bug_edit_high_level($db, $rg)
1230 1230 $errmsg = array(); $errmsg = array();
1231 1231 $show_form = FALSE; $show_form = FALSE;
1232 1232 while (1) { while (1) {
1233 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "B", $rg['ip'], "") !== TRUE) {
1233 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
1234 $rg['ri']['uid'], $rg['login_ui']['uid'], "B",
1235 $rg['ip'], "") !== TRUE) {
1234 1236 $ret .= rg_template("repo/bug/deny_edit.html", $rg); $ret .= rg_template("repo/bug/deny_edit.html", $rg);
1235 1237 break; break;
1236 1238 } }
File inc/git.inc.php changed (mode: 100644) (index 65abdab..7e47161)
... ... function rg_git_files_stats($a, $dir)
885 885 /* /*
886 886 * Helper for 'update' hook - tags (un-annotated or annotated) * Helper for 'update' hook - tags (un-annotated or annotated)
887 887 */ */
888 function rg_git_update_tag($a)
888 function rg_git_update_tag($db, $a)
889 889 { {
890 890 global $rg_git_zero; global $rg_git_zero;
891 891
 
... ... function rg_git_update_tag($a)
896 896
897 897 if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated
898 898 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
899 if (!rg_rights_allow($a['rights'], "S", $ip, $a['refname']))
899 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "S", $ip, $a['refname']))
900 900 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
901 901 . " create an annotated tag."); . " create an annotated tag.");
902 902 } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
903 903 rg_log("delete ann tag"); rg_log("delete ann tag");
904 if (!rg_rights_allow($a['rights'], "n", $ip, $a['refname']))
904 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "n", $ip, $a['refname']))
905 905 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
906 906 . " delete an annotated tag."); . " delete an annotated tag.");
907 907 } else { // change } else { // change
908 908 rg_log("This seems it cannot happen in recent git."); rg_log("This seems it cannot happen in recent git.");
909 if (!rg_rights_allow($a['rights'], "S", $ip, $a['refname']))
909 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "S", $ip, $a['refname']))
910 910 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
911 911 . " change an annotated tag."); . " change an annotated tag.");
912 912 } }
913 913 } else { // Un-annotated } else { // Un-annotated
914 914 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
915 if (!rg_rights_allow($a['rights'], "Y", $ip, $a['refname']))
915 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "Y", $ip, $a['refname']))
916 916 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
917 917 . " create an un-annotated tag."); . " create an un-annotated tag.");
918 918 } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
919 if (!rg_rights_allow($a['rights'], "u", $ip, $a['refname']))
919 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "u", $ip, $a['refname']))
920 920 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
921 921 . " delete an un-annotated tag."); . " delete an un-annotated tag.");
922 922 } else { // change } else { // change
923 if (!rg_rights_allow($a['rights'], "U", $ip, $a['refname']))
923 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "U", $ip, $a['refname']))
924 924 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
925 925 . " change an un-annotated tag."); . " change an un-annotated tag.");
926 926 } }
 
... ... function rg_git_update_tag($a)
946 946 /* /*
947 947 * *
948 948 */ */
949 function rg_git_update_branch($a)
949 function rg_git_update_branch($db, $a)
950 950 { {
951 951 global $rg_git_zero; global $rg_git_zero;
952 952
 
... ... function rg_git_update_branch($a)
956 956 $ip = $a['ip']; $ip = $a['ip'];
957 957
958 958 if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
959 if (!rg_rights_allow($a['refs_rights'], "D", $ip, $a['refname']))
959 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "D", $ip, $a['refname']))
960 960 rg_git_fatal($a['refname'] . "\nNo rights to delete" rg_git_fatal($a['refname'] . "\nNo rights to delete"
961 961 . " a branch."); . " a branch.");
962 962 return; return;
 
... ... function rg_git_update_branch($a)
965 965 // If we have 'H' (anonymous push), we have also create branch // If we have 'H' (anonymous push), we have also create branch
966 966 $check_fast_forward = 1; $check_fast_forward = 1;
967 967 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
968 if (!rg_rights_allow($a['refs_rights'], "H|C", $ip, $a['refname']))
968 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "H|C", $ip, $a['refname']))
969 969 rg_git_fatal($a['refname'] . "\nYou have no rights" rg_git_fatal($a['refname'] . "\nYou have no rights"
970 970 . " to create a branch."); . " to create a branch.");
971 971 $check_fast_forward = 0; $check_fast_forward = 0;
 
... ... function rg_git_update_branch($a)
973 973
974 974 // Create or change // Create or change
975 975 // Check for non fast-forward update // Check for non fast-forward update
976 if (!rg_rights_allow($a['refs_rights'], "O", $ip, $a['refname'])
976 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "O", $ip, $a['refname'])
977 977 && ($check_fast_forward == 1)) { && ($check_fast_forward == 1)) {
978 978 $merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']); $merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']);
979 979 if ($merge_base === FALSE) { if ($merge_base === FALSE) {
 
... ... function rg_git_update_branch($a)
989 989
990 990 // Check if user pushes a merge commit // Check if user pushes a merge commit
991 991 // TODO: Check all commits, not only the last one! // TODO: Check all commits, not only the last one!
992 if (!rg_rights_allow($a['refs_rights'], "M", $ip, $a['refname'])) {
992 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "M", $ip, $a['refname'])) {
993 993 if (rg_git_rev_ok($a['new_rev'] . "^2")) if (rg_git_rev_ok($a['new_rev'] . "^2"))
994 994 rg_git_fatal($a['refname'] . "\nNo rights to push merges."); rg_git_fatal($a['refname'] . "\nNo rights to push merges.");
995 995 } }
996 996
997 997 // Check for bad whitespace // Check for bad whitespace
998 if (!rg_rights_allow($a['refs_rights'], "W", $ip, $a['refname'])) {
998 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "W", $ip, $a['refname'])) {
999 999 // TODO: add caching because we may check again below // TODO: add caching because we may check again below
1000 1000 $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']); $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);
1001 1001 if ($w !== TRUE) if ($w !== TRUE)
 
... ... function rg_git_update_branch($a)
1009 1009 if ($r === FALSE) if ($r === FALSE)
1010 1010 rg_git_fatal($a['refname'] . "\nInternal error, try again later\n"); rg_git_fatal($a['refname'] . "\nInternal error, try again later\n");
1011 1011 foreach ($r as $file) { foreach ($r as $file) {
1012 if (rg_rights_allow($a['repo_path'], "P", $ip, $file) !== TRUE) {
1012 if (rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "P", $ip, $file) !== TRUE) {
1013 1013 rg_git_fatal($a['refname'] rg_git_fatal($a['refname']
1014 1014 . "\nNo rights to push file [$path]\n"); . "\nNo rights to push file [$path]\n");
1015 1015 } }
1016 1016
1017 if (!rg_rights_allow($a['repo_path'], "W", $ip, $a['refname'])) {
1017 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "W", $ip, $a['refname'])) {
1018 1018 $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']); $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);
1019 1019 if ($w !== TRUE) { if ($w !== TRUE) {
1020 1020 rg_git_fatal($a['refname'] rg_git_fatal($a['refname']
 
... ... function rg_git_update_branch($a)
1024 1024 } }
1025 1025 } }
1026 1026
1027 if (rg_rights_allow($a['refs_rights'], "P", $ip, $a['refname']) !== TRUE) {
1027 if (rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "P", $ip, $a['refname']) !== TRUE) {
1028 1028 rg_log("\tPush is not allowed, let's see the anon one"); rg_log("\tPush is not allowed, let's see the anon one");
1029 if (rg_rights_allow($a['refs_rights'], "H", $ip, $a['refname']) === FALSE) {
1029 if (rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo.uid'], $a['uid'], "H", $ip, $a['refname']) === FALSE) {
1030 1030 $_x = array(); $_x = array();
1031 1031 $msg = rg_template("msg/push_not_allowed.txt", $_x); $msg = rg_template("msg/push_not_allowed.txt", $_x);
1032 1032 rg_git_fatal($a['refname']. "\n" . $msg); rg_git_fatal($a['refname']. "\n" . $msg);
File inc/keys.inc.php changed (mode: 100644) (index 111fb12..479af50)
... ... function rg_keys_list($db, $ui)
465 465
466 466 $t = $ki; $t = $ki;
467 467 $t['key_id'] = $row['key_id']; $t['key_id'] = $row['key_id'];
468 $t['itime'] = gmdate("Y-m-d H:i", $row['itime']);
468 if ($row['itime'] == 0)
469 $t['itime'] = "N/A";
470 else
471 $t['itime'] = gmdate("Y-m-d H:i", $row['itime']);
469 472
470 473 if ($row['first_use'] == 0) if ($row['first_use'] == 0)
471 $t['first_use'] = "-";
474 $t['first_use'] = "N/A";
472 475 else else
473 476 $t['first_use'] = gmdate("Y-m-d H:i", $row['first_use']); $t['first_use'] = gmdate("Y-m-d H:i", $row['first_use']);
474 477
475 478 if (empty($row['last_ip'])) if (empty($row['last_ip']))
476 $t['last_ip'] = "-";
479 $t['last_ip'] = "N/A";
477 480 else else
478 481 $t['last_ip'] = $row['last_ip']; $t['last_ip'] = $row['last_ip'];
479 482
480 483 if ($row['last_use'] == 0) if ($row['last_use'] == 0)
481 $t['last_use'] = "-";
484 $t['last_use'] = "N/A";
482 485 else else
483 486 $t['last_use'] = gmdate("Y-m-d H:i", $row['last_use']); $t['last_use'] = gmdate("Y-m-d H:i", $row['last_use']);
484 487
File inc/repo.inc.php changed (mode: 100644) (index 093908b..373eef3)
... ... rg_rights_register("repo", $rg_repo_rights, "AB", FALSE, "rg_repo_rights_inject"
55 55 */ */
56 56 function rg_repo_rights_inject($db, $obj_id, $type, $owner, $uid) function rg_repo_rights_inject($db, $obj_id, $type, $owner, $uid)
57 57 { {
58 $ret = array();
58 rg_log_enter("repo_rights_inject: obj_id=$obj_id type=$type"
59 . " owner=$owner uid=$uid");
59 60
61 $ret = array();
60 62 while (1) { while (1) {
61 63 $ui = rg_user_info($db, $uid, "", ""); $ui = rg_user_info($db, $uid, "", "");
62 64 if ($ui['exists'] != 1) if ($ui['exists'] != 1)
 
... ... function rg_repo_rights_inject($db, $obj_id, $type, $owner, $uid)
69 71 $a['itime'] = 0; $a['itime'] = 0;
70 72 $a['misc'] = ""; $a['misc'] = "";
71 73 $a['prio'] = 0; $a['prio'] = 0;
72 $a['who'] = $owner;
74 $a['who'] = $owner; // TODO: not clear if correct/good
73 75 $a['right_id'] = 0; $a['right_id'] = 0;
74 76 $a['ip'] = ""; $a['ip'] = "";
75 77 $a['can_be_deleted'] = 0; $a['can_be_deleted'] = 0;
 
... ... function rg_repo_rights_inject($db, $obj_id, $type, $owner, $uid)
99 101 break; break;
100 102 } }
101 103
104 rg_log_exit();
102 105 return $ret; return $ret;
103 106 } }
104 107
 
... ... function rg_repo_history_insert($db, $event)
449 452 function rg_repo_history_load($db, $repo_id, $category, $number, $max_seconds) function rg_repo_history_load($db, $repo_id, $category, $number, $max_seconds)
450 453 { {
451 454 rg_prof_start("repo_history_load"); rg_prof_start("repo_history_load");
452 rg_log("repo_history_load: repo_id=$repo_id, category=$category"
455 rg_log_enter("repo_history_load: repo_id=$repo_id, category=$category"
453 456 . ", number=$number max_seconds=$max_seconds"); . ", number=$number max_seconds=$max_seconds");
454 457
455 458 $ret = FALSE; $ret = FALSE;
456 do {
459 while (1) {
457 460 $now = time(); $now = time();
458 461
459 462 $category_sql = ""; $category_sql = "";
 
... ... function rg_repo_history_load($db, $repo_id, $category, $number, $max_seconds)
482 485
483 486 $ret = array(); $ret = array();
484 487 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
485 $row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
488 if ($row['itime'] == 0)
489 $row['itime_text'] = "N/A";
490 else
491 $row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
486 492 $ret[] = $row; $ret[] = $row;
487 493 } }
488 494
489 495 rg_sql_free_result($res); rg_sql_free_result($res);
490 } while (0);
496 break;
497 }
491 498
499 rg_log_exit();
492 500 rg_prof_end("repo_history_load"); rg_prof_end("repo_history_load");
493 501 return $ret; return $ret;
494 502 } }
 
... ... function rg_repo_stats_push2file($a)
1125 1133 return $file; return $file;
1126 1134 } }
1127 1135
1128 /*
1129 * Add some useful fileds to rights
1130 */
1131 function rg_repo_rights_cosmetic($db, &$a)
1132 {
1133 if (isset($a['username'])) {
1134 if (strcmp($a['username'], "*") == 0) {
1135 $a['uid'] = 0;
1136 } else if (!isset($a['uid'])) {
1137 $ui = rg_user_info($db, 0, $a['username'], "");
1138 if ($ui['exists'] != 1)
1139 $a['uid'] = "?";
1140 else
1141 $a['uid'] = $ui['uid'];
1142 }
1143 }
1144
1145 if ($a['uid'] == 0) {
1146 $a['username'] = "*";
1147 } else if (!isset($a['username'])) {
1148 $ui = rg_user_info($db, $a['uid'], "", "");
1149 if ($ui['exists'] != 1)
1150 $a['username'] = "?" . $a['uid'] . "?";
1151 else
1152 $a['username'] = $ui['username'];
1153 }
1154
1155 if (!isset($a['who_name'])) {
1156 $ui = rg_user_info($db, $a['who'], "", "");
1157 if ($ui['exists'] != 1)
1158 $a['who_name'] = "?" . $a['who'] . "?";
1159 else
1160 $a['who_name'] = $ui['username'];
1161 }
1162
1163 if (empty($a['ip']))
1164 $a['ip'] = "Any";
1165
1166 return TRUE;
1167 }
1168
1169 /*
1170 * Add some useful fileds to rights
1171 */
1172 function rg_repo_rights_cosmetic_list($db, &$a)
1173 {
1174 foreach ($a as $k => &$v)
1175 rg_repo_rights_cosmetic($db, $v);
1176 }
1177
1178 1136 /* /*
1179 1137 * High level function to delete rights ids * High level function to delete rights ids
1180 1138 */ */
 
... ... function rg_repo_admin_delete_rights($db, $rg, $obj_id, &$errmsg)
1201 1159 */ */
1202 1160 function rg_repo_admin_rights($db, $rg, $type) function rg_repo_admin_rights($db, $rg, $type)
1203 1161 { {
1204 rg_log("rg_repo_admin_repo_rights type=$type");
1162 rg_log("rg_repo_admin_rights type=$type");
1205 1163
1206 1164 /* 'repo' is correct here, we test for granting rights on repo */ /* 'repo' is correct here, we test for granting rights on repo */
1207 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "G", $rg['ip'], "") !== TRUE)
1165 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
1166 $rg['login_ui']['uid'], "G", $rg['ip'], "") !== TRUE)
1208 1167 return rg_template("user/repo/rights/deny.html", $rg); return rg_template("user/repo/rights/deny.html", $rg);
1209 1168
1210 1169 $ret = ""; $ret = "";
 
... ... function rg_repo_admin_rights($db, $rg, $type)
1265 1224
1266 1225 $a = $r['list'][0]; $a = $r['list'][0];
1267 1226
1268 rg_repo_rights_cosmetic($db, $a);
1269
1270 1227 $load_defaults = 0; $load_defaults = 0;
1271 1228 break; break;
1272 1229 } }
 
... ... function rg_repo_admin_rights($db, $rg, $type)
1286 1243 break; break;
1287 1244 } }
1288 1245
1289 // lookup user
1290 rg_repo_rights_cosmetic($db, $a);
1291
1292 1246 $a['obj_id'] = $rg['ri']['repo_id']; $a['obj_id'] = $rg['ri']['repo_id'];
1293 1247 $a['who'] = $rg['login_ui']['uid']; $a['who'] = $rg['login_ui']['uid'];
1294 1248 $r = rg_rights_set($db, $type, $a); $r = rg_rights_set($db, $type, $a);
 
... ... function rg_repo_admin_rights($db, $rg, $type)
1297 1251 break; break;
1298 1252 } }
1299 1253
1254 // lookup users
1255 rg_rights_cosmetic($db, $a);
1256
1300 1257 $ret .= rg_template("user/repo/rights/grant_ok.html", $rg); $ret .= rg_template("user/repo/rights/grant_ok.html", $rg);
1301 1258
1302 1259 $load_defaults = 1; $load_defaults = 1;
 
... ... function rg_repo_admin_rights($db, $rg, $type)
1321 1278 $rg['rights']); $rg['rights']);
1322 1279
1323 1280 // list rights // list rights
1324 $rights_list = rg_rights_load($db, $type, $rg['ri']['repo_id']);
1325 rg_repo_rights_cosmetic_list($db, $rights_list);
1326 if ($rights_list === FALSE)
1281 $rights_list = rg_rights_load($db, $rg['ri']['repo_id'], $type);
1282 $r = rg_rights_get($db, $rg['ri']['repo_id'], $type, $rg['ri']['uid'], -1, 0);
1283 if ($r['ok'] != 1)
1327 1284 $ret .= rg_warning("Cannot load rights. Try later."); $ret .= rg_warning("Cannot load rights. Try later.");
1328 1285 else else
1329 1286 $ret .= rg_template_table("user/repo/rights/list_" . $type, $ret .= rg_template_table("user/repo/rights/list_" . $type,
1330 $rights_list, $rg);
1287 $r['list'], $rg);
1331 1288
1332 1289 $ret .= rg_template("user/repo/rights/form_" . $type . ".html", $rg); $ret .= rg_template("user/repo/rights/form_" . $type . ".html", $rg);
1333 1290
 
... ... function rg_repo_admin_delete($db, $rg)
1347 1304 { {
1348 1305 $ret = ""; $ret = "";
1349 1306
1350 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "D", $rg['ip'], "") !== TRUE)
1307 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
1308 $rg['login_ui']['uid'], "D", $rg['ip'], "") !== TRUE)
1351 1309 return rg_template("user/repo/delete/deny.html", $rg); return rg_template("user/repo/delete/deny.html", $rg);
1352 1310
1353 1311 $are_you_sure = rg_var_uint("are_you_sure"); $are_you_sure = rg_var_uint("are_you_sure");
 
... ... function rg_repo_edit_high_level($db, $rg)
1398 1356 { {
1399 1357 rg_log("rg_repo_edit_high_level"); rg_log("rg_repo_edit_high_level");
1400 1358
1401 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "E", $rg['ip'], "") !== TRUE)
1359 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
1360 $rg['login_ui']['uid'], "E", $rg['ip'], "") !== TRUE)
1402 1361 return rg_template("user/repo/deny_edit.html", $rg); return rg_template("user/repo/deny_edit.html", $rg);
1403 1362
1404 1363 $ret = ""; $ret = "";
File inc/rights.inc.php changed (mode: 100644) (index ff0be6f..edf7d4e)
... ... function rg_rights_a2s($a)
168 168
169 169 /* /*
170 170 * Improves a little bit the items of a right * Improves a little bit the items of a right
171 * TODO: we have a circular dependency on user.inc. Remove the lookup and break
172 * the dependency.
171 173 */ */
172 174 function rg_rights_cosmetic($db, &$row) function rg_rights_cosmetic($db, &$row)
173 175 { {
 
... ... function rg_rights_cosmetic($db, &$row)
194 196 $_r = rg_rights_text($row['type'], $row['rights']); $_r = rg_rights_text($row['type'], $row['rights']);
195 197 $row['rights_text'] = implode(", ", $_r); $row['rights_text'] = implode(", ", $_r);
196 198
197 $row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
199 if ($row['itime'] == 0)
200 $row['itime_text'] = "N/A";
201 else
202 $row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
203
204 if (strcmp($row['ip'], "*") == 0)
205 $row['ip'] = "";
206
207 if (empty($row['ip']))
208 $row['nice.ip'] = "Any";
209 else
210 $row['nice.ip'] = $row['ip'];
211 }
212
213 /*
214 * Returns the rights from db
215 */
216 function rg_rights_load($db, $obj_id, $type)
217 {
218 rg_prof_start("rights_load");
219 rg_log_enter("rights_load: obj_id=$obj_id type=$type");
220
221 $ret = FALSE;
222 while (1) {
223 $params = array("type" => $type, "obj_id" => $obj_id);
224 $sql = "SELECT * FROM rights"
225 . " WHERE type = @@type@@"
226 . " AND obj_id = @@obj_id@@"
227 . " ORDER BY prio";
228 $res = rg_sql_query_params($db, $sql, $params);
229 if ($res === FALSE) {
230 rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!");
231 break;
232 }
233
234 $ret = array();
235 while (($row = rg_sql_fetch_array($res))) {
236 rg_rights_cosmetic($db, $row);
237 $row['can_be_deleted'] = 1;
238 $ret[] = $row;
239 }
240 rg_sql_free_result($res);
241
242 break;
243 }
244
245 rg_log_exit();
246 rg_prof_end("rights_load");
247 return $ret;
198 248 } }
199 249
200 250 /* /*
201 251 * Get rights for an object * Get rights for an object
202 * @uid - the uid of the (normally) logged in user.
252 * @uid - the uid of the (normally) logged in user. If -1, do not filter by uid.
203 253 * @right_id - optional id (used by edit) * @right_id - optional id (used by edit)
204 254 */ */
205 255 function rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id) function rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id)
 
... ... function rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id)
223 273 $r = array(); $r = array();
224 274
225 275 // Inject rights for owner // Inject rights for owner
226 if ($owner == $uid) {
276 if ($owner > 0) {
227 277 $a = array(); $a = array();
228 278 $a['type'] = $type; $a['type'] = $type;
229 279 $a['obj_id'] = $obj_id; $a['obj_id'] = $obj_id;
 
... ... function rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id)
239 289 $a['desc'] = "Autogenerated"; $a['desc'] = "Autogenerated";
240 290 rg_rights_cosmetic($db, $a); rg_rights_cosmetic($db, $a);
241 291
292 rg_log_ml("rights_get: inject right for owner: " . print_r($a, TRUE));
242 293 $r[] = $a; $r[] = $a;
243 294 } }
244 295
245 296 // Inject specific rights // Inject specific rights
246 297 if (isset($rg_rights_inject[$type])) { if (isset($rg_rights_inject[$type])) {
247 $rows = $rg_rights_inject($db, $obj_id, $type, $owner, $uid);
298 $f = $rg_rights_inject[$type];
299 $rows = $f($db, $obj_id, $type, $owner, $uid);
300 rg_log_ml("rights_get: rows:" . print_r($rows, TRUE));
248 301 foreach ($rows as $row) { foreach ($rows as $row) {
249 302 rg_rights_cosmetic($db, $row); rg_rights_cosmetic($db, $row);
303 rg_log_ml("rights_get: inject specific rights: " . print_r($row, TRUE));
250 304 $r[] = $row; $r[] = $row;
251 305 } }
306 } else {
307 rg_log("rights_get: no inject function for type [$type]");
252 308 } }
253 309
254 $params = array("type" => $type, "obj_id" => $obj_id);
255 $sql = "SELECT * FROM rights"
256 . " WHERE type = @@type@@"
257 . " AND obj_id = @@obj_id@@"
258 . " ORDER BY prio";
259 $res = rg_sql_query_params($db, $sql, $params);
260 if ($res === FALSE) {
261 rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!");
310 $x = rg_rights_load($db, $obj_id, $type);
311 if ($x === FALSE)
262 312 break; break;
263 }
264 313
265 while (($row = rg_sql_fetch_array($res))) {
266 rg_rights_cosmetic($db, $row);
267 $row['can_be_deleted'] = 1;
268 $r[] = $row;
269 }
270 rg_sql_free_result($res);
314 $r = array_merge($r, $x);
271 315 $from_cache = FALSE; $from_cache = FALSE;
272 316 } else { } else {
273 317 rg_log("CHECK: rights returned from cache for key $key"); rg_log("CHECK: rights returned from cache for key $key");
 
... ... function rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id)
281 325 break; break;
282 326 } }
283 327
284 if (($v['uid'] == $uid) || ($v['uid'] == 0))
328 if (($uid == -1) || ($v['uid'] == $uid) || ($v['uid'] == 0))
285 329 $ret['list'][] = $v; $ret['list'][] = $v;
286 330 } }
287 331 $ret['ok'] = 1; $ret['ok'] = 1;
 
... ... function rg_rights_set($db, $type, $a)
351 395 return TRUE; return TRUE;
352 396 } }
353 397
354 /*
355 * Returns an array with the rights, for all users
356 * TODO: we have a circular dependency on user.inc. Remove the lookup and break
357 * the dependency.
358 * TODO: We have a similar query in rights_get!
359 */
360 function rg_rights_load($db, $type, $obj_id)
361 {
362 global $rg_rights;
363
364 rg_prof_start("rights_list");
365 rg_log_enter("rg_rights_list: type=$type obj_id=$obj_id");
366
367 $ret = FALSE;
368 while (1) {
369 $params = array("obj_id" => $obj_id,
370 "type" => $type);
371
372 $sql = "SELECT * FROM rights"
373 . " WHERE obj_id = @@obj_id@@";
374
375 if (strcmp($type, "*") != 0)
376 $sql .= " AND type = @@type@@";
377
378 $res = rg_sql_query_params($db, $sql, $params);
379 if ($res === FALSE) {
380 rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!");
381 break;
382 }
383
384 $ret = array();
385 while (($row = rg_sql_fetch_array($res))) {
386 rg_rights_cosmetic($db, $row);
387 $ret[] = $row;
388 }
389 rg_sql_free_result($res);
390
391 break;
392 }
393
394 rg_log_exit();
395 rg_prof_end("rights_list");
396 return $ret;
397 }
398
399 398 /* /*
400 399 * Filters var using mask * Filters var using mask
401 400 * Example ("ABCDE", "AEZ") => "AE" * Example ("ABCDE", "AEZ") => "AE"
 
... ... function rg_rights_test_ip($list, $ip)
578 577 } }
579 578
580 579 $list = explode(" ", $list); $list = explode(" ", $list);
580 $ret = FALSE;
581 581 foreach ($list as $junk => $ip0) { foreach ($list as $junk => $ip0) {
582 if (empty($ip0))
583 continue;
582 if (empty($ip0)) {
583 $ret = TRUE;
584 break;
585 }
584 586
585 587 $r0 = rg_rights_split_ip($ip0); $r0 = rg_rights_split_ip($ip0);
586 588 if ($r0 === FALSE) { if ($r0 === FALSE) {
 
... ... function rg_rights_test_ip($list, $ip)
594 596
595 597 if (strcmp($new_ip['ip'], $r0['ip']) == 0) { if (strcmp($new_ip['ip'], $r0['ip']) == 0) {
596 598 rg_log("$ip matches $ip0"); rg_log("$ip matches $ip0");
597 return TRUE;
599 $ret = TRUE;
600 break;
598 601 } }
599 602
600 603 rg_log("no match " . $new_ip['ip'] . " != " . $r0['ip']); rg_log("no match " . $new_ip['ip'] . " != " . $r0['ip']);
601 604 } }
602 605
603 return FALSE;
606 return $ret;
604 607 } }
605 608
606 609 /* /*
607 610 * Returns TRUE if all 'needed_rights' are included in 'rights' * Returns TRUE if all 'needed_rights' are included in 'rights'
608 611 * @list - an array of rights * @list - an array of rights
609 612 * needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d) * needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
613 * @misc - if FALSE, we will ignore the 'misc' from db. Is needed in remote access.
610 614 */ */
611 function rg_rights_allow($list, $needed_rights, $ip, $misc)
615 function rg_rights_test($list, $needed_rights, $ip, $misc)
612 616 { {
613 617 global $rg_rights_cmp_func; global $rg_rights_cmp_func;
614 618
615 rg_log_enter("rg_rights_allow: needed_rights=$needed_rights ip=$ip"
619 rg_log_enter("rg_rights_test: needed_rights=$needed_rights ip=$ip"
616 620 . " misc=$misc list:" . rg_array2string($list)); . " misc=$misc list:" . rg_array2string($list));
617 621
618 622 $ret = FALSE; $ret = FALSE;
 
... ... function rg_rights_allow($list, $needed_rights, $ip, $misc)
632 636 foreach ($list as $k => $v) { foreach ($list as $k => $v) {
633 637 // Test IP // Test IP
634 638 if (rg_rights_test_ip($v['ip'], $ip) !== TRUE) { if (rg_rights_test_ip($v['ip'], $ip) !== TRUE) {
635 rg_log("CHECK: ip does not match with [" . $v['ip'] . "]");
639 rg_log("CHECK: ip [$ip] does not match with [" . $v['ip'] . "]");
636 640 continue; continue;
637 641 } }
638 642
 
... ... function rg_rights_allow($list, $needed_rights, $ip, $misc)
671 675 return $ret; return $ret;
672 676 } }
673 677
678 /*
679 * Returns TRUE if all 'needed_rights' are included in 'rights'
680 * needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
681 */
682 function rg_rights_allow($db, $obj_id, $type, $owner, $uid, $needed_rights,
683 $ip, $misc)
684 {
685 $right_id = 0;
686 $r = rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id);
687 if ($r['ok'] != 1)
688 return FALSE;
689
690 return rg_rights_test($r['list'], $needed_rights, $ip, $misc);
691 }
692
674 693 /* /*
675 694 * Delete a list of rights * Delete a list of rights
676 695 * Caller must be sure that the user is allowed to operate on 'obj_id'. * Caller must be sure that the user is allowed to operate on 'obj_id'.
File inc/user.inc.php changed (mode: 100644) (index b00c65c..89c8b97)
... ... function rg_user_remove($db, $rg, $uid)
533 533
534 534 $ret = FALSE; $ret = FALSE;
535 535 while (1) { while (1) {
536 if (!rg_rights_allow($rg['login_ui']['rights'], "R", $rg['ip'], ""))
536 if (!rg_rights_allow($db, $uid, "user", $uid,
537 $rg['login_ui']['uid'], "R", $rg['ip'], ""))
537 538 break; break;
538 539
539 540 $params = array("uid" => $uid); $params = array("uid" => $uid);
 
... ... function rg_user_suspend($db, $rg, $uid, $op)
838 839
839 840 $ret = FALSE; $ret = FALSE;
840 841 while (1) { while (1) {
841 if (!rg_rights_allow($rg['login_ui']['rights'], "S", $rg['ip'], ""))
842 if (!rg_rights_allow($db, $uid, "user", $uid,
843 $rg['login_ui']['uid'], "S", $rg['ip'], ""))
842 844 break; break;
843 845
844 846 $now = time(); $now = time();
 
... ... function rg_user_make_admin($db, $rg, $uid, $op)
880 882
881 883 $ret = FALSE; $ret = FALSE;
882 884 while (1) { while (1) {
883 // We need to do a rg_rights_get to obtain the list of rights
884 if (!rg_rights_allow($rg['login_ui']['rights'], "M", $rg['ip'], ""))
885 if (!rg_rights_allow($db, $uid, "user", $uid,
886 $rg['login_ui']['uid'], "M", $rg['ip'], ""))
885 887 break; break;
886 888
887 889 $params = array("op" => $op, "uid" => $uid); $params = array("op" => $op, "uid" => $uid);
 
... ... function rg_user_over_limit($db, $ui, &$max)
1347 1349 return FALSE; return FALSE;
1348 1350 } }
1349 1351
1350 /*
1351 * Test access of a login_user to an uid
1352 * TODO: Admin will have access...
1353 */
1354 function rg_user_allow_access($login_ui, $uid, $ip)
1355 {
1356 /* uid 0 does not exists */
1357 if ($uid == 0)
1358 return TRUE;
1359
1360 if ($login_ui['uid'] == $uid)
1361 return TRUE;
1362
1363 if (rg_rights_allow($login_ui['rights'], "U", $ip, ""))
1364 return TRUE;
1365
1366 rg_security_violation_no_exit("uid " . $login_ui['uid']
1367 . " has no access to uid $uid!");
1368 return FALSE;
1369 }
1370
1371 1352 /* /*
1372 1353 * High level functions * High level functions
1373 1354 */ */
 
... ... function rg_user_edit_high_level($db, $rg)
1381 1362
1382 1363 $ret = ""; $ret = "";
1383 1364
1384 // TODO: what this means?! it is not clear what below function does
1385 if (!rg_user_allow_access($rg['login_ui'], $rg['target_ui']['uid'],
1386 $rg['ip'])) {
1387 $ret .= rg_template("access_denied.html", $rg);
1388 return $ret;
1389 }
1390
1391 1365 if (($rg['target_ui']['uid'] == 0) if (($rg['target_ui']['uid'] == 0)
1392 1366 && ($rg['rg_account_allow_creation'] != 1)) { && ($rg['rg_account_allow_creation'] != 1)) {
1393 1367 $ret .= rg_template("user/create_na.html", $rg); $ret .= rg_template("user/create_na.html", $rg);
1394 1368 return $ret; return $ret;
1395 1369 } }
1396 1370
1371 $owner = $rg['target_ui']['uid'];
1372 if (!rg_rights_allow($db, $rg['target_ui']['uid'], "user", $owner,
1373 $rg['login_ui']['uid'], "E", $rg['ip'], "")) {
1374 $ret .= rg_template("access_denied.html", $rg);
1375 return $ret;
1376 }
1377
1397 1378 if ($rg['target_ui']['uid'] > 0) if ($rg['target_ui']['uid'] > 0)
1398 1379 $rg['create_mode'] = 0; $rg['create_mode'] = 0;
1399 1380 else else
File inc/user/repo-page.php changed (mode: 100644) (index 783ad42..f21ee40)
... ... if ($rg['ri']['ok'] != 1) {
28 28 } }
29 29
30 30 if (($rg['ri']['exists'] != 1) if (($rg['ri']['exists'] != 1)
31 || rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "A", $rg['ip'], "") !== TRUE) {
31 || rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
32 $rg['login_ui']['uid'], "A", $rg['ip'], "") !== TRUE) {
32 33 $_repo_page .= rg_template("user/repo/deny.html", $rg); $_repo_page .= rg_template("user/repo/deny.html", $rg);
33 34 return; return;
34 35 } }
 
... ... if ($rg['ri']['git_dir_done'] == 0) {
49 50 } }
50 51
51 52 // TODO: should we test against $ri?! // TODO: should we test against $ri?!
52 $can_admin = rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "E", $rg['ip'], "") === TRUE ? 1 : 0;
53 $can_admin = rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
54 $rg['ri']['uid'], $rg['login_ui']['uid'], "E", $rg['ip'], "") === TRUE ? 1 : 0;
53 55
54 56 $rg['url_user'] = rg_re_userpage($rg['page_ui']); $rg['url_user'] = rg_re_userpage($rg['page_ui']);
55 57 $rg['url_repo'] = rg_re_repopage($rg['page_ui'], $repo); $rg['url_repo'] = rg_re_repopage($rg['page_ui'], $repo);
 
... ... if (strcmp($_subop, "history") == 0) {
106 108 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $repo_more); $hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $repo_more);
107 109 if ($rg_git_port != 0) if ($rg_git_port != 0)
108 110 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $repo_more); $hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $repo_more);
109 if (rg_repo_allow($db, "repo_refs", $rg['ri'], $rg['login_ui'], "H", $rg['ip'], FALSE)) /* H = anon push */
111 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo_refs",
112 $rg['ri']['uid'], $rg['login_ui']['uid'], "H", $rg['ip'], FALSE)) /* H = anon push */
110 113 $hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $repo_more); $hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $repo_more);
111 114 $repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more); $repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more);
112 115
File inc/user/repo/bug/show/show.php changed (mode: 100644) (index e9b9051..f8baf29)
... ... if ($ibug['exists'] != 1) {
22 22
23 23 // If bug is deleted and the user does not have 'delete' rights, deny access. // If bug is deleted and the user does not have 'delete' rights, deny access.
24 24 if ($ibug['deleted'] > 0) { if ($ibug['deleted'] > 0) {
25 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "d", $rg['ip'], "") !== TRUE) {
25 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
26 $rg['login_ui']['uid'], "d", $rg['ip'], "") !== TRUE) {
26 27 $_bug_body .= rg_template("repo/bug/deleted.html", $repo_bug_show_more); $_bug_body .= rg_template("repo/bug/deleted.html", $repo_bug_show_more);
27 28 return; return;
28 29 } }
 
... ... do {
54 55 $ibug['state_text'] = rg_bug_state($ibug['state']); $ibug['state_text'] = rg_bug_state($ibug['state']);
55 56
56 57 if ($ibug['state'] == 1) { // reopen if ($ibug['state'] == 1) { // reopen
57 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "r", $rg['ip'], "") !== TRUE) {
58 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
59 $rg['ri']['uid'], $rg['login_ui']['uid'], "r", $rg['ip'], "") !== TRUE) {
58 60 rg_template("repo/bug/deny_reopen.html", $rg); rg_template("repo/bug/deny_reopen.html", $rg);
59 61 break; break;
60 62 } }
61 63 } else { // close } else { // close
62 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "C", $rg['ip'], "") !== TRUE) {
64 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
65 $rg['ri']['uid'], $rg['login_ui']['uid'], "C", $rg['ip'], "") !== TRUE) {
63 66 rg_template("repo/bug/deny_close.html", $rg); rg_template("repo/bug/deny_close.html", $rg);
64 67 break; break;
65 68 } }
 
... ... do {
143 146 if ($del_undel == 0) if ($del_undel == 0)
144 147 break; break;
145 148
146 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "d", $rg['ip'], "") !== TRUE) {
149 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
150 $rg['login_ui']['uid'], "d", $rg['ip'], "") !== TRUE) {
147 151 rg_template("repo/bug/deny_delete.html", $rg); rg_template("repo/bug/deny_delete.html", $rg);
148 152 break; break;
149 153 } }
File root/themes/default/user/repo/rights/list_repo/line.html changed (mode: 100644) (index 96a64c5..1b1ab70)
4 4 <td>@@who_name@@</td> <td>@@who_name@@</td>
5 5 <td>@@itime_text@@</td> <td>@@itime_text@@</td>
6 6 <td>@@username@@</td> <td>@@username@@</td>
7 <td>@@ip@@</td>
7 <td>@@nice.ip@@</td>
8 8 <td>@@rights_text@@</td> <td>@@rights_text@@</td>
9 9 <td> <td>
10 10 <a href="@@url_repo@@/admin/repo_rights?edit_id=@@right_id@@">Edit</a> <a href="@@url_repo@@/admin/repo_rights?edit_id=@@right_id@@">Edit</a>
File root/themes/default/user/repo/rights/list_repo_path/line.html changed (mode: 100644) (index 8a55710..7e29b40)
4 4 <td>@@who_name@@</td> <td>@@who_name@@</td>
5 5 <td>@@itime_text@@</td> <td>@@itime_text@@</td>
6 6 <td>@@username@@</td> <td>@@username@@</td>
7 <td>@@ip@@</td>
7 <td>@@nice.ip@@</td>
8 8 <td>@@misc@@</td> <td>@@misc@@</td>
9 9 <td>@@rights_text@@</td> <td>@@rights_text@@</td>
10 10 <td> <td>
File root/themes/default/user/repo/rights/list_repo_refs/line.html changed (mode: 100644) (index c067049..4d459cd)
4 4 <td>@@who_name@@</td> <td>@@who_name@@</td>
5 5 <td>@@itime_text@@</td> <td>@@itime_text@@</td>
6 6 <td>@@username@@</td> <td>@@username@@</td>
7 <td>@@ip@@</td>
7 <td>@@nice.ip@@</td>
8 8 <td>@@misc@@</td> <td>@@misc@@</td>
9 9 <td>@@rights_text@@</td> <td>@@rights_text@@</td>
10 10 <td> <td>
File scripts/cache.php changed (mode: 100644) (index ac6438e..137935e)
... ... function rg_handle_command($k, &$conn_table, $cmd)
86 86 $value = trim($ns_var_value[1]); $value = trim($ns_var_value[1]);
87 87 $value = unserialize($value); $value = unserialize($value);
88 88 if ($value !== FALSE) { if ($value !== FALSE) {
89 rg_cache_core_set("normal::" . $ns_var, $value);
89 rg_cache_core_merge("normal::" . $ns_var, $value);
90 90 $buf = "OK\n"; $buf = "OK\n";
91 91 } else { } else {
92 92 $buf = "ER cannot unserialize data\n"; $buf = "ER cannot unserialize data\n";
 
... ... function rg_handle_command($k, &$conn_table, $cmd)
105 105 if ($ret === FALSE) if ($ret === FALSE)
106 106 $buf = "NOT_FOUND\n"; $buf = "NOT_FOUND\n";
107 107 else else
108 $buf = "OK " . $ret . "\n";
108 $buf = "OK " . serialize($ret) . "\n";
109 109 break; break;
110 110 } }
111 111
File scripts/cache.sh changed (mode: 100755) (index ab95c68..fb9cc89)
... ... while [ 1 ]; do
26 26
27 27 # in case of errors, we will wait, to not go into an infinite loop # in case of errors, we will wait, to not go into an infinite loop
28 28 if [ "${?}" != "0" ]; then if [ "${?}" != "0" ]; then
29 sleep 30
29 sleep 10
30 30 fi fi
31 31 done done
32 32
File scripts/events.sh changed (mode: 100755) (index 33b5174..b500018)
... ... while [ 1 ]; do
18 18
19 19 # in case of errors, we will wait, to not go into an infinite loop # in case of errors, we will wait, to not go into an infinite loop
20 20 if [ "${?}" != "0" ]; then if [ "${?}" != "0" ]; then
21 sleep 30
21 sleep 10
22 22 fi fi
23 23 done done
24 24
File scripts/q.sh changed (mode: 100755) (index 34a8317..1dfd826)
... ... while [ 1 ]; do
18 18
19 19 # in case of errors, we will wait, to not go into an infinite loop # in case of errors, we will wait, to not go into an infinite loop
20 20 if [ "${?}" != "0" ]; then if [ "${?}" != "0" ]; then
21 sleep 30
21 sleep 10
22 22 fi fi
23 23 done done
24 24
File scripts/remote.php changed (mode: 100644) (index f2f055e..f0bd2cd)
... ... rg_log("repo_path=$repo_path.");
193 193 // TODO: signal user that the repo moved and provide a hint how to follow // TODO: signal user that the repo moved and provide a hint how to follow
194 194
195 195 $misc = FALSE; $misc = FALSE;
196 $ret = rg_repo_allow($db, "repo_refs", $ri, $conn_ui, $needed_rights, $ip, $misc);
196 $ret = rg_rights_allow($db, $ri['repo_id'], "repo_refs", $ri['uid'],
197 $conn_ui['uid'], $needed_rights, $ip, $misc);
197 198 if ($ret !== TRUE) if ($ret !== TRUE)
198 199 fatal("You have no rights to access this repo!"); fatal("You have no rights to access this repo!");
199 200
 
... ... putenv("ROCKETGIT_LOGIN_UID=" . $login_uid);
213 214 putenv("ROCKETGIT_KEY_ID=" . $key_id); putenv("ROCKETGIT_KEY_ID=" . $key_id);
214 215 putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']); putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']);
215 216 putenv("ROCKETGIT_REPO_PATH=" . $repo_path); putenv("ROCKETGIT_REPO_PATH=" . $repo_path);
217 putenv("ROCKETGIT_REPO_UID=" . $ri['uid']);
216 218 putenv("ROCKETGIT_IP=$ip"); putenv("ROCKETGIT_IP=$ip");
217 219 putenv("ROCKETGIT_ITIME=" . microtime(TRUE)); putenv("ROCKETGIT_ITIME=" . microtime(TRUE));
218 220 if ($push == 1) { if ($push == 1) {
File tests/repo.php changed (mode: 100644) (index f617d01..4f3a648)
... ... if ($v === FALSE) {
195 195 } }
196 196
197 197 rg_log("list1"); rg_log("list1");
198 $r = rg_rights_load($db, "repo", $ri['repo_id']);
198 $r = rg_rights_load($db, $ri['repo_id'], "repo");
199 199 if ($r === FALSE) { if ($r === FALSE) {
200 200 rg_log("Cannot list rights (" . rg_repo_error() . ")"); rg_log("Cannot list rights (" . rg_repo_error() . ")");
201 201 exit(1); exit(1);
File tests/rights.php changed (mode: 100644) (index 65b0b3d..c509cdd)
... ... if (strcmp($e, $e) != 0) {
48 48 exit(1); exit(1);
49 49 } }
50 50
51 rg_log("rights: testing allow...");
51 rg_log("rights: testing 'test'...");
52 52 $rights = array(array("rights" => "ABC", "ip" => "")); $rights = array(array("rights" => "ABC", "ip" => ""));
53 $needed_rights = "BCD"; $ip = "1.2.3.4";
53 $needed_rights = "BCD";
54 $ip = "1.2.3.4";
54 55 $misc = FALSE; $misc = FALSE;
55 $r = rg_rights_allow($rights, $needed_rights, $ip, $misc);
56 $r = rg_rights_test($rights, $needed_rights, $ip, $misc);
56 57 if ($r !== FALSE) { if ($r !== FALSE) {
57 58 echo "allow is not working right!\n"; echo "allow is not working right!\n";
58 59 exit(1); exit(1);
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master