xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit 96355ec971acd16480c9c22469a2a659c8ade994

Checkpoint
Author: Catalin(ux) M. BOIE
Author date (UTC): 2015-04-16 22:17
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2015-04-16 22:17
Parent(s): 93dd0b79cee0d857933155391fc3e96ba8609071
Signing key:
Tree: 4cf6578d6f1e7bacb0dbdbaf436c054bb60a9ee4
File Lines added Lines deleted
TODO 9 1
hooks/update 1 0
inc/bug.inc.php 10 3
inc/git.inc.php 64 27
inc/repo.inc.php 56 17
inc/rights.inc.php 36 9
inc/user.inc.php 40 8
inc/user/repo-page.php 49 14
inc/user/repo/bug/show/show.php 17 8
inc/util.inc.php 1 1
root/index.php 14 0
root/themes/default/hints/repo/anon_push.html 3 3
root/themes/default/hints/repo/clone_git.html 2 2
root/themes/default/hints/repo/clone_owner.html 25 0
root/themes/default/hints/repo/clone_ssh.html 2 2
root/themes/default/hints/repo/edit_repo_path_rights.html 12 4
root/themes/default/hints/repo/edit_repo_refs_rights.html 5 2
root/themes/default/hints/repo/git_setup.html 5 0
root/themes/default/hints/repo/merge.html 4 4
root/themes/default/hints/repo/remote_add.html 0 15
root/themes/default/hints/ssh/key.html 6 6
root/themes/default/mail/admin/report1.body.txt 1 1
root/themes/default/mail/user/key/del.body.txt 1 1
root/themes/default/mail/user/key/new.body.txt 1 1
root/themes/default/mail/user/repo/bug/new.body.txt 1 1
root/themes/default/mail/user/repo/bug/new_note.body.txt 1 1
root/themes/default/mail/user/repo/del.body.txt 1 1
root/themes/default/mail/user/repo/new.body.txt 1 1
root/themes/default/mail/user/repo/update.body.txt 1 1
root/themes/default/mail/user/welcome.body.txt 1 1
root/themes/default/main.css 4 2
root/themes/default/user/repo/deny_create.html 3 0
scripts/remote.php 12 4
spell_check.sh 4 2
tests/config.php 4 0
tests/hook_update.sh 1 0
tests/hook_update_help.php 3 0
tests/http.inc.php 1 1
tests/rights.php 33 10
File TODO changed (mode: 100644) (index 5977031..14b15a7)
1 1 == Where I stopped last time == == Where I stopped last time ==
2 2 [ ] Add "Spread the word!" on website. [ ] Add "Spread the word!" on website.
3 3
4 [ ] https access before first launch?
4 5 [ ] Check 'description_nice' and apply this everywhere. Maybe we should unset [ ] Check 'description_nice' and apply this everywhere. Maybe we should unset
5 6 'description', so people will not be tempted to use it. 'description', so people will not be tempted to use it.
6 7 Maybe just overwrite 'description'. Maybe just overwrite 'description'.
 
11 12 Nu e OK. Trebuie doar pentru anumite cazuri: la o descriere pe pagina Nu e OK. Trebuie doar pentru anumite cazuri: la o descriere pe pagina
12 13 proiectului, e nevoie. Dar intr-un form, in textarea, nu e nevoie. proiectului, e nevoie. Dar intr-un form, in textarea, nu e nevoie.
13 14 Apoi as putea elimina description_nice. Apoi as putea elimina description_nice.
15 Deci, cred ca trebuie sa auditez peste tot folosirea lui description.
14 16 [ ] Upload kvm image to downloads.rocketgit.com. Sign it? sha256 it? [ ] Upload kvm image to downloads.rocketgit.com. Sign it? sha256 it?
15 17 [ ] Security: validate sparas! [ ] Security: validate sparas!
16 18 [ ] Menus - change color for selected items, not the background color. [ ] Menus - change color for selected items, not the background color.
 
20 22 Probabil socket-ul nu mai e deschis pentru ca cache-ul s-a restartat? Probabil socket-ul nu mai e deschis pentru ca cache-ul s-a restartat?
21 23 [ ] I can do a select before write to be sure socket is open. [ ] I can do a select before write to be sure socket is open.
22 24 If I get a error signal from select, reopen the socket. If I get a error signal from select, reopen the socket.
25 [ ] Check search.
23 26 [ ] SPF? mail-ul ajunge in spam! [ ] SPF? mail-ul ajunge in spam!
24 27 [ ] Release virtual machine. [ ] Release virtual machine.
25 28 [ ] [ ]
26 29
27 30 == BEFORE NEXT RELEASE == == BEFORE NEXT RELEASE ==
31 [ ] When getting another IP, allow ssh on port 443(https)?
32 [ ] Investigate --decorate/--word-diff for git log.
33 [ ] client_win.html hint is not used.
34 [ ] merge.html hint is not used.
35 [ ] On create repo form if somebody puts a space, the message does not tell
36 what chars are invalid/permited (reported by Ionut).
28 37 [ ] Avoid alst two err- files at install time. Check if table state exists? [ ] Avoid alst two err- files at install time. Check if table state exists?
29 38 And cache this info? And cache this info?
30 39 [ ] Security: Link-uri + xss (Ionut) [ ] Security: Link-uri + xss (Ionut)
 
... ... them after processing is done.
732 741 [ ] Internal mailing list? Or internal mail? [ ] Internal mailing list? Or internal mail?
733 742 [ ] We should have a cron/q/remote for every config file! [ ] We should have a cron/q/remote for every config file!
734 743 Or, at least, to be host aware. Or, at least, to be host aware.
735 [ ] It may be needed to use preg_quote!
736 744 [ ] Install text files in /usr/share/doc [ ] Install text files in /usr/share/doc
737 745 [ ] JUNK1/JUNK2: http://rg.embedromix.ro:8000/user/catab/rocketgit/commit/afd1df2..f919c9b [ ] JUNK1/JUNK2: http://rg.embedromix.ro:8000/user/catab/rocketgit/commit/afd1df2..f919c9b
738 746 [ ] rg_log: why the fd is NULL?! [ ] rg_log: why the fd is NULL?!
File hooks/update changed (mode: 100755) (index 51c79a9..c195f30)
... ... $db = rg_sql_open($rg_sql);
37 37
38 38 $a = array(); $a = array();
39 39 $a['login_uid'] = sprintf("%u", getenv("ROCKETGIT_LOGIN_UID")); $a['login_uid'] = sprintf("%u", getenv("ROCKETGIT_LOGIN_UID"));
40 $a['login_username'] = getenv("ROCKETGIT_LOGIN_USERNAME");
40 41 $a['repo_id'] = sprintf("%u", getenv("ROCKETGIT_REPO_ID")); $a['repo_id'] = sprintf("%u", getenv("ROCKETGIT_REPO_ID"));
41 42 $a['ip'] = getenv("ROCKETGIT_IP"); $a['ip'] = getenv("ROCKETGIT_IP");
42 43 $a['namespace'] = getenv("GIT_NAMESPACE"); $a['namespace'] = getenv("GIT_NAMESPACE");
File inc/bug.inc.php changed (mode: 100644) (index a24d26a..4bdbb08)
... ... function rg_bug_edit_high_level($db, &$rg)
1267 1267 $errmsg = array(); $errmsg = array();
1268 1268 $show_form = FALSE; $show_form = FALSE;
1269 1269 while (1) { while (1) {
1270 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
1271 $rg['ri']['uid'], $rg['login_ui']['uid'], "B",
1272 $rg['ip'], "") !== TRUE) {
1270 $x = array();
1271 $x['obj_id'] = $rg['ri']['repo_id'];
1272 $x['type'] = 'repo';
1273 $x['owner'] = $rg['ri']['uid'];
1274 $x['uid'] = $rg['login_ui']['uid'];
1275 $x['username'] = $rg['login_ui']['username'];
1276 $x['needed_rights'] = 'B';
1277 $x['ip'] = $rg['ip'];
1278 $x['misc'] = '';
1279 if (rg_rights_allow($db, $x) !== TRUE) {
1273 1280 $ret .= rg_template("repo/bug/deny_edit.html", $rg); $ret .= rg_template("repo/bug/deny_edit.html", $rg);
1274 1281 break; break;
1275 1282 } }
File inc/git.inc.php changed (mode: 100644) (index f524c9d..02ffd73)
... ... function rg_git_rev($rev)
259 259 function rg_git_reference($refname) function rg_git_reference($refname)
260 260 { {
261 261 $pattern = "[a-zA-Z0-9^~\/_]"; $pattern = "[a-zA-Z0-9^~\/_]";
262 if (preg_match('/^' . $pattern . '$/uD', $refname) === FALSE) {
262 if (preg_match('/^' . $pattern . '$/uD', $refname) !== 1) {
263 263 $chars = preg_replace('/' . $pattern . '/', '', $refname); $chars = preg_replace('/' . $pattern . '/', '', $refname);
264 264 rg_log("git_reference: ref [$refname] contains invalid chars ($chars)"); rg_log("git_reference: ref [$refname] contains invalid chars ($chars)");
265 265 return ""; return "";
 
... ... function rg_git_update_tag($db, $a)
1021 1021 rg_prof_start("git_update_tag"); rg_prof_start("git_update_tag");
1022 1022 rg_log_enter("git_update_tag: " . rg_array2string($a)); rg_log_enter("git_update_tag: " . rg_array2string($a));
1023 1023
1024 $ip = $a['ip'];
1025 $uid = $a['login_uid'];
1024 $x = array();
1025 $x['obj_id'] = $a['repo_id'];
1026 $x['type'] = 'repo_refs';
1027 $x['owner'] = $a['repo::uid'];
1028 $x['uid'] = $a['login_uid'];
1029 $x['username'] = $a['login_username'];
1030 $x['needed_rights'] = '';
1031 $x['ip'] = $a['ip'];
1032 $x['misc'] = $a['refname'];
1026 1033
1027 1034 $history = array(); $history = array();
1028 1035 $history['ri::repo_id'] = $a['repo_id']; $history['ri::repo_id'] = $a['repo_id'];
1029 $history['ui::uid'] = $uid;
1036 $history['ui::uid'] = $a['login_uid'];
1030 1037
1031 1038 if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated
1032 1039 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
1033 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "S", $ip, $a['refname']))
1040 $x['needed_rights'] = 'S';
1041 if (rg_rights_allow($db, $x) !== TRUE)
1034 1042 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
1035 1043 . " create an annotated tag."); . " create an annotated tag.");
1036 1044 $history['history_category'] = REPO_CAT_GIT_ATAG_CREATE; $history['history_category'] = REPO_CAT_GIT_ATAG_CREATE;
 
... ... function rg_git_update_tag($db, $a)
1038 1046 rg_repo_history_insert($db, $history); rg_repo_history_insert($db, $history);
1039 1047 } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
1040 1048 rg_log("delete ann tag"); rg_log("delete ann tag");
1041 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "n", $ip, $a['refname']))
1049 $x['needed_rights'] = 'n';
1050 if (rg_rights_allow($db, $x) !== TRUE)
1042 1051 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
1043 1052 . " delete an annotated tag."); . " delete an annotated tag.");
1044 1053 $history['history_category'] = REPO_CAT_GIT_ATAG_DELETE; $history['history_category'] = REPO_CAT_GIT_ATAG_DELETE;
 
... ... function rg_git_update_tag($db, $a)
1046 1055 rg_repo_history_insert($db, $history); rg_repo_history_insert($db, $history);
1047 1056 } else { // change } else { // change
1048 1057 rg_log("This seems it cannot happen in recent git."); rg_log("This seems it cannot happen in recent git.");
1049 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "S", $ip, $a['refname']))
1058 $x['needed_rights'] = 'S';
1059 if (rg_rights_allow($db, $x) !== TRUE)
1050 1060 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
1051 1061 . " change an annotated tag."); . " change an annotated tag.");
1052 1062 $history['history_category'] = REPO_CAT_GIT_ATAG_UPDATE; $history['history_category'] = REPO_CAT_GIT_ATAG_UPDATE;
 
... ... function rg_git_update_tag($db, $a)
1055 1065 } }
1056 1066 } else { // Un-annotated } else { // Un-annotated
1057 1067 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
1058 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "Y", $ip, $a['refname']))
1068 $x['needed_rights'] = 'Y';
1069 if (rg_rights_allow($db, $x) !== TRUE)
1059 1070 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
1060 1071 . " create an un-annotated tag."); . " create an un-annotated tag.");
1061 1072 $history['history_category'] = REPO_CAT_GIT_UTAG_CREATE; $history['history_category'] = REPO_CAT_GIT_UTAG_CREATE;
1062 1073 $history['history_message'] = 'Un-annotated tag ' . $a['refname'] . ' created (' . $a['new_rev'] . ').'; $history['history_message'] = 'Un-annotated tag ' . $a['refname'] . ' created (' . $a['new_rev'] . ').';
1063 1074 rg_repo_history_insert($db, $history); rg_repo_history_insert($db, $history);
1064 1075 } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
1065 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "u", $ip, $a['refname']))
1076 $x['needed_rights'] = 'u';
1077 if (rg_rights_allow($db, $x) !== TRUE)
1066 1078 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
1067 1079 . " delete an un-annotated tag."); . " delete an un-annotated tag.");
1068 1080 $history['history_category'] = REPO_CAT_GIT_UTAG_DELETE; $history['history_category'] = REPO_CAT_GIT_UTAG_DELETE;
1069 1081 $history['history_message'] = 'Un-annotated tag ' . $a['refname'] . ' deleted (' . $a['old_rev'] . ').'; $history['history_message'] = 'Un-annotated tag ' . $a['refname'] . ' deleted (' . $a['old_rev'] . ').';
1070 1082 rg_repo_history_insert($db, $history); rg_repo_history_insert($db, $history);
1071 1083 } else { // change } else { // change
1072 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "U", $ip, $a['refname']))
1084 $x['needed_rights'] = 'U';
1085 if (rg_rights_allow($db, $x) !== TRUE)
1073 1086 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
1074 1087 . " change an un-annotated tag."); . " change an un-annotated tag.");
1075 1088 $history['history_category'] = REPO_CAT_GIT_UTAG_UPDATE; $history['history_category'] = REPO_CAT_GIT_UTAG_UPDATE;
 
... ... function rg_git_update_branch($db, $a)
1106 1119 rg_prof_start("git_update_branch"); rg_prof_start("git_update_branch");
1107 1120 rg_log("git_update_branch: " . rg_array2string($a)); rg_log("git_update_branch: " . rg_array2string($a));
1108 1121
1109 $ip = $a['ip'];
1110 $uid = $a['login_uid'];
1122 $_x = array();
1123 $_x['obj_id'] = $a['repo_id'];
1124 $_x['type'] = 'repo_refs';
1125 $_x['owner'] = $a['repo::uid'];
1126 $_x['uid'] = $a['login_uid'];
1127 $_x['username'] = $a['login_username'];
1128 $_x['needed_rights'] = '';
1129 $_x['ip'] = $a['ip'];
1130 $_x['misc'] = $a['refname'];
1111 1131
1112 1132 $history = array(); $history = array();
1113 1133 $history['ri::repo_id'] = $a['repo_id']; $history['ri::repo_id'] = $a['repo_id'];
1114 $history['ui::uid'] = $uid;
1134 $history['ui::uid'] = $a['login_uid'];
1115 1135
1116 1136 if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
1117 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "D", $ip, $a['refname']))
1137 $x = $_x;
1138 $x['needed_rights'] = 'D';
1139 if (rg_rights_allow($db, $x) !== TRUE)
1118 1140 rg_git_fatal($a['refname'] . "\nNo rights to delete" rg_git_fatal($a['refname'] . "\nNo rights to delete"
1119 1141 . " a branch."); . " a branch.");
1120 1142 $history['history_category'] = REPO_CAT_GIT_BRANCH_DELETE; $history['history_category'] = REPO_CAT_GIT_BRANCH_DELETE;
 
... ... function rg_git_update_branch($db, $a)
1126 1148 // If we have 'H' (anonymous push), we have also create branch // If we have 'H' (anonymous push), we have also create branch
1127 1149 $check_fast_forward = 1; $check_fast_forward = 1;
1128 1150 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
1129 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "H|C", $ip, $a['refname']))
1151 $x = $_x;
1152 $x['needed_rights'] = 'H|C';
1153 if (rg_rights_allow($db, $x) !== TRUE)
1130 1154 rg_git_fatal($a['refname'] . "\nYou have no rights" rg_git_fatal($a['refname'] . "\nYou have no rights"
1131 1155 . " to create a branch."); . " to create a branch.");
1132 1156 $check_fast_forward = 0; $check_fast_forward = 0;
 
... ... function rg_git_update_branch($db, $a)
1134 1158
1135 1159 // Create or change // Create or change
1136 1160 // Check for non fast-forward update // Check for non fast-forward update
1137 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "O", $ip, $a['refname'])
1138 && ($check_fast_forward == 1)) {
1161 $x = $_x;
1162 $x['needed_rights'] = 'O';
1163 if ((rg_rights_allow($db, $x) !== TRUE) && ($check_fast_forward == 1)) {
1139 1164 $merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']); $merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']);
1140 1165 if ($merge_base === FALSE) { if ($merge_base === FALSE) {
1141 1166 rg_log("Error in merge_base: " . rg_git_error()); rg_log("Error in merge_base: " . rg_git_error());
 
... ... function rg_git_update_branch($db, $a)
1150 1175
1151 1176 // Check if user pushes a merge commit // Check if user pushes a merge commit
1152 1177 // TODO: Check all commits, not only the last one! // TODO: Check all commits, not only the last one!
1153 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "M", $ip, $a['refname'])) {
1178 $x = $_x;
1179 $x['needed_rights'] = 'M';
1180 if (rg_rights_allow($db, $x) !== TRUE) {
1154 1181 if (rg_git_rev_ok($a['new_rev'] . "^2")) if (rg_git_rev_ok($a['new_rev'] . "^2"))
1155 1182 rg_git_fatal($a['refname'] . "\nNo rights to push merges."); rg_git_fatal($a['refname'] . "\nNo rights to push merges.");
1156 1183 } }
1157 1184
1158 1185 // Check for bad whitespace // Check for bad whitespace
1159 if (!rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "W", $ip, $a['refname'])) {
1186 $x = $_x;
1187 $x['needed_rights'] = 'W';
1188 if (rg_rights_allow($db, $x) !== TRUE) {
1160 1189 // TODO: add caching because we may check again below // TODO: add caching because we may check again below
1161 1190 $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']); $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);
1162 1191 if ($w !== TRUE) if ($w !== TRUE)
 
... ... function rg_git_update_branch($db, $a)
1169 1198 $r = rg_git_files($a['old_rev'], $a['new_rev']); $r = rg_git_files($a['old_rev'], $a['new_rev']);
1170 1199 if ($r === FALSE) if ($r === FALSE)
1171 1200 rg_git_fatal($a['refname'] . "\nInternal error, try again later\n"); rg_git_fatal($a['refname'] . "\nInternal error, try again later\n");
1201 $x = $_x;
1202 $x['type'] = 'repo_path';
1172 1203 foreach ($r as $file) { foreach ($r as $file) {
1173 if (rg_rights_allow($db, $a['repo_id'], "repo_path",
1174 $a['repo::uid'], $uid, "P", $ip, $file) !== TRUE) {
1204 $x['needed_rights'] = 'P';
1205 $x['misc'] = $file;
1206 if (rg_rights_allow($db, $x) !== TRUE) {
1175 1207 rg_git_fatal($a['refname'] rg_git_fatal($a['refname']
1176 1208 . "\nNo rights to push file [$file]\n"); . "\nNo rights to push file [$file]\n");
1177 1209 } }
1178 1210
1179 if (!rg_rights_allow($db, $a['repo_id'], "repo_path",
1180 $a['repo::uid'], $uid, "W", $ip, $a['refname'])) {
1211 $x['needed_rights'] = 'W';
1212 if (rg_rights_allow($db, $x) !== TRUE) {
1181 1213 $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']); $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);
1182 1214 if ($w !== TRUE) { if ($w !== TRUE) {
1183 1215 rg_git_fatal($a['refname'] rg_git_fatal($a['refname']
 
... ... function rg_git_update_branch($db, $a)
1187 1219 } }
1188 1220 } }
1189 1221
1190 if (rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "P", $ip, $a['refname']) !== TRUE) {
1222 $x = $_x;
1223 $x['type'] = 'repo_refs';
1224 $x['needed_rights'] = 'P';
1225 $x['misc'] = $a['refname'];
1226 if (rg_rights_allow($db, $x) !== TRUE) {
1191 1227 rg_log("\tPush is not allowed, let's see the anon one"); rg_log("\tPush is not allowed, let's see the anon one");
1192 if (rg_rights_allow($db, $a['repo_id'], "repo_refs", $a['repo::uid'], $uid, "H", $ip, $a['refname']) === FALSE) {
1193 $_x = array();
1194 $msg = rg_template("msg/push_not_allowed.txt", $_x);
1228 $x['needed_rights'] = 'H';
1229 if (rg_rights_allow($db, $x) !== TRUE) {
1230 $_z = array();
1231 $msg = rg_template("msg/push_not_allowed.txt", $_z);
1195 1232 rg_git_fatal($a['refname']. "\n" . $msg); rg_git_fatal($a['refname']. "\n" . $msg);
1196 1233 } }
1197 1234
File inc/repo.inc.php changed (mode: 100644) (index 8781f22..d83dd62)
... ... function rg_repo_compare_refs($misc, $ref)
158 158 $misc = rg_repo_ref_canon($misc); $misc = rg_repo_ref_canon($misc);
159 159 $ref = rg_repo_ref_canon($ref); $ref = rg_repo_ref_canon($ref);
160 160
161 $ret = preg_match('/^' . $misc . '/uD', $ref);
162 rg_log("repo_compare_refs: misc=$misc ref=$ref => " . ($ret ? "T" : "F"));
161 $qmisc = preg_quote($misc, '/');
162
163 $ret = preg_match('/^' . $qmisc . '/uD', $ref);
164 rg_log("repo_compare_refs: misc=$misc ref=$ref => "
165 . ($ret === 1 ? "match" : "no match"));
163 166
164 167 rg_prof_end("repo_compare_refs"); rg_prof_end("repo_compare_refs");
165 return $ret;
168 return $ret === 1;
166 169 } }
167 170
168 171 /* /*
 
... ... function rg_repo_compare_paths($misc, $path)
172 175 { {
173 176 rg_prof_start("repo_compare_paths"); rg_prof_start("repo_compare_paths");
174 177
175 $ret = preg_match('/' . $misc . '/uD', $path);
176 rg_log("repo_compare_paths: misc=$misc path=$path => " . ($ret ? "T" : "F"));
178 $qmisc = preg_quote($misc, '/');
179
180 $ret = preg_match('/' . $qmisc . '/uD', $path);
181 rg_log("repo_compare_paths: misc=$misc path=$path => " . ($ret === 1 ? "T" : "F"));
177 182
178 183 rg_prof_end("repo_compare_paths"); rg_prof_end("repo_compare_paths");
179 return $ret;
184 return $ret === 1;
180 185 } }
181 186
182 187 /* /*
 
... ... function rg_repo_ok($repo)
569 574 return FALSE; return FALSE;
570 575 } }
571 576
572 if (preg_match('/\.\./', $repo) > 0) {
577 if (preg_match('/\.\./', $repo) !== 0) {
573 578 rg_repo_set_error("invalid repository name (..)"); rg_repo_set_error("invalid repository name (..)");
574 579 return FALSE; return FALSE;
575 580 } }
 
... ... function rg_repo_info($db, $repo_id, $uid, $repo_name)
690 695 } else { } else {
691 696 $ret['exists'] = 0; $ret['exists'] = 0;
692 697 } }
693 rg_log_ml("CHECK: ret=" . print_r($ret, TRUE));
698 //rg_log_ml("CHECK: ret=" . print_r($ret, TRUE));
694 699
695 700 rg_cache_set("repo_by_id::$repo_id", $ret); rg_cache_set("repo_by_id::$repo_id", $ret);
696 701
 
... ... function rg_repo_list_query($db, $url, $sql, $params)
1024 1029
1025 1030 $_ui = rg_user_info($db, $row['uid'], "", ""); $_ui = rg_user_info($db, $row['uid'], "", "");
1026 1031 if ($_ui['exists'] != 1) { if ($_ui['exists'] != 1) {
1027 rg_repo_set_error("user associated with this repo not found");
1028 return FALSE;
1032 rg_log("uid " . $row['uid']
1033 . " associated with this repo not found");
1034 continue;
1029 1035 } }
1030 1036
1031 1037 $_line['owner'] = $_ui['username']; $_line['owner'] = $_ui['username'];
 
... ... function rg_repo_admin_rights($db, $rg, $type)
1209 1215 rg_log("rg_repo_admin_rights type=$type"); rg_log("rg_repo_admin_rights type=$type");
1210 1216
1211 1217 /* 'repo' is correct here, we test for granting rights on repo */ /* 'repo' is correct here, we test for granting rights on repo */
1212 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
1213 $rg['login_ui']['uid'], "G", $rg['ip'], "") !== TRUE)
1218 $x = array();
1219 $x['obj_id'] = $rg['ri']['repo_id'];
1220 $x['type'] = 'repo';
1221 $x['owner'] = $rg['ri']['uid'];
1222 $x['uid'] = $rg['login_ui']['uid'];
1223 $x['username'] = $rg['login_ui']['username'];
1224 $x['needed_rights'] = 'G';
1225 $x['ip'] = $rg['ip'];
1226 $x['misc'] = "";
1227 if (rg_rights_allow($db, $x) !== TRUE)
1214 1228 return rg_template("user/repo/rights/deny.html", $rg); return rg_template("user/repo/rights/deny.html", $rg);
1215 1229
1216 1230 $ret = ""; $ret = "";
 
... ... function rg_repo_admin_delete($db, $rg)
1361 1375 { {
1362 1376 $ret = ""; $ret = "";
1363 1377
1364 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
1365 $rg['login_ui']['uid'], "D", $rg['ip'], "") !== TRUE)
1378 $x = array();
1379 $x['obj_id'] = $rg['ri']['repo_id'];
1380 $x['type'] = 'repo';
1381 $x['owner'] = $rg['ri']['uid'];
1382 $x['uid'] = $rg['login_ui']['uid'];
1383 $x['username'] = $rg['login_ui']['username'];
1384 $x['needed_rights'] = 'D';
1385 $x['ip'] = $rg['ip'];
1386 $x['misc'] = "";
1387 if (rg_rights_allow($db, $x) !== TRUE)
1366 1388 return rg_template("user/repo/delete/deny.html", $rg); return rg_template("user/repo/delete/deny.html", $rg);
1367 1389
1368 1390 $are_you_sure = rg_var_uint("are_you_sure"); $are_you_sure = rg_var_uint("are_you_sure");
 
... ... function rg_repo_edit_high_level($db, &$rg)
1431 1453 else else
1432 1454 $edit = FALSE; $edit = FALSE;
1433 1455
1434 if ($edit && (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
1435 $rg['login_ui']['uid'], "E", $rg['ip'], "") !== TRUE)) {
1436 $ret .= rg_template("user/repo/deny_edit.html", $rg);
1456 // User is not logged in?
1457 if (!$edit && ($rg['login_ui']['uid'] == 0)) {
1458 $ret .= rg_template("user/repo/deny_create.html", $rg);
1437 1459 $load_form = FALSE; $load_form = FALSE;
1438 1460 break; break;
1439 1461 } }
1440 1462
1463 if ($edit) {
1464 $x = array();
1465 $x['obj_id'] = $rg['ri']['repo_id'];
1466 $x['type'] = 'repo';
1467 $x['owner'] = $rg['ri']['uid'];
1468 $x['uid'] = $rg['login_ui']['uid'];
1469 $x['username'] = $rg['login_ui']['username'];
1470 $x['needed_rights'] = 'E';
1471 $x['ip'] = $rg['ip'];
1472 $x['misc'] = "";
1473 if (rg_rights_allow($db, $x) !== TRUE) {
1474 $ret .= rg_template("user/repo/deny_edit.html", $rg);
1475 $load_form = FALSE;
1476 break;
1477 }
1478 }
1479
1441 1480 if ($rg['doit'] != 1) { if ($rg['doit'] != 1) {
1442 1481 if (!$edit) { if (!$edit) {
1443 1482 // Defaults // Defaults
File inc/rights.inc.php changed (mode: 100644) (index 8b1eab4..f45d8b0)
... ... function rg_rights_split_ip($ip)
443 443 if (strncasecmp($ip2, "::ffff:", 7) == 0) if (strncasecmp($ip2, "::ffff:", 7) == 0)
444 444 $ip2 = substr($ip2, 7); $ip2 = substr($ip2, 7);
445 445
446 if (preg_match('/^[a-fA-F0-9:]*$/D', $ip2)) { /* ipv6 */
446 if (preg_match('/^[a-fA-F0-9:]*$/D', $ip2) === 1) { /* ipv6 */
447 447 if ($ret['prefix_len'] == -1) { if ($ret['prefix_len'] == -1) {
448 448 $ret['prefix_len'] = 128; $ret['prefix_len'] = 128;
449 449 } else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 128)) { } else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 128)) {
 
... ... function rg_rights_split_ip($ip)
511 511 $new[$k] = sprintf("%x", $p); $new[$k] = sprintf("%x", $p);
512 512 $ret['ip'] = implode(":", $new); $ret['ip'] = implode(":", $new);
513 513 $ret['type'] = "ipv6"; $ret['type'] = "ipv6";
514 } else if (preg_match('/^[0-9\.]*$/D', $ip2)) { /* ipv4 */
514 } else if (preg_match('/^[0-9\.]*$/D', $ip2) === 1) { /* ipv4 */
515 515 if ($ret['prefix_len'] == -1) { if ($ret['prefix_len'] == -1) {
516 516 $ret['prefix_len'] = 32; $ret['prefix_len'] = 32;
517 517 } else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 32)) { } else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 32)) {
 
... ... function rg_rights_test($list, $needed_rights, $ip, $misc)
657 657 } }
658 658
659 659 // Test rights // Test rights
660 $have_a_match = FALSE;
660 661 foreach ($needed as $needed1) { foreach ($needed as $needed1) {
661 662 $r = rg_rights_mask($v['rights'], $needed1); $r = rg_rights_mask($v['rights'], $needed1);
662 663 if (strcmp($r, $needed1) != 0) { if (strcmp($r, $needed1) != 0) {
663 rg_log("rights_allow: [$r] != [$needed1]! Continue.");
664 rg_log("rights_test: [$r] != [$needed1]! Continue.");
664 665 continue; continue;
665 666 } }
666 rg_log("rights_allow: [$r] = [$needed1]! Allow.");
667 $ret = TRUE;
667 rg_log("rights_test: [$r] = [$needed1]! Allow.");
668 $have_a_match = TRUE;
668 669 break; break;
669 670 } }
670 if ($ret === FALSE)
671 if ($have_a_match === FALSE)
671 672 continue; continue;
672 673
673 674 // Test 'misc' match // Test 'misc' match
 
... ... function rg_rights_test($list, $needed_rights, $ip, $misc)
677 678
678 679 $cmp_func = $rg_rights_cmp_func[$v['type']]; $cmp_func = $rg_rights_cmp_func[$v['type']];
679 680 $r = $cmp_func($v['misc'], $misc); $r = $cmp_func($v['misc'], $misc);
680 if (!$r)
681 if ($r !== TRUE) {
682 rg_log("DEBUG: cmp function returned !TRUE");
681 683 continue; continue;
684 }
682 685 } }
683 686
687 $ret = TRUE;
684 688 break; break;
685 689 } }
686 690
687 691 break; break;
688 692 } }
693 rg_log("DEBUG: rights_test returns " . ($ret === FALSE ? "!allow" : "allow"));
689 694
690 695 rg_log_exit(); rg_log_exit();
691 696 return $ret; return $ret;
 
... ... function rg_rights_test($list, $needed_rights, $ip, $misc)
695 700 * Returns TRUE if all 'needed_rights' are included in 'rights' * Returns TRUE if all 'needed_rights' are included in 'rights'
696 701 * needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d) * needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
697 702 */ */
698 function rg_rights_allow($db, $obj_id, $type, $owner, $uid, $needed_rights,
699 $ip, $misc)
703 function rg_rights_allow($db, $a)
700 704 { {
705 $obj_id = $a['obj_id'];
706 $type = $a['type'];
707 $owner = $a['owner'];
708 $uid = $a['uid'];
709 $username = $a['username'];
710 $needed_rights = $a['needed_rights'];
711 $ip = $a['ip'];
712 $misc = $a['misc'];
713
701 714 $right_id = 0; $right_id = 0;
715 // TODO: we may pass $a?
702 716 $r = rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id); $r = rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id);
703 717 if ($r['ok'] != 1) if ($r['ok'] != 1)
704 718 return FALSE; return FALSE;
705 719
720 // We must replace @USER@ with the logged-in user
721 if ($uid > 0) {
722 foreach ($r['list'] as $index => &$e) {
723 if (!strstr($e['misc'], '@USER@'))
724 continue;
725
726 $_old = $e['misc'];
727 $e['misc'] = preg_replace('/@USER@/', $username, $e['misc']);
728 rg_log("DEBUG [" . $_old . "] -> [" . $e['misc'] . "]");
729 }
730 rg_log_ml("DEBUG: r[list]=" . print_r($r['list'], TRUE));
731 }
732
706 733 return rg_rights_test($r['list'], $needed_rights, $ip, $misc); return rg_rights_test($r['list'], $needed_rights, $ip, $misc);
707 734 } }
708 735
File inc/user.inc.php changed (mode: 100644) (index 2a05360..67cedfc)
... ... function rg_user_remove($db, $rg, $uid)
540 540
541 541 $ret = FALSE; $ret = FALSE;
542 542 while (1) { while (1) {
543 if (!rg_rights_allow($db, $uid, "user", $uid,
544 $rg['login_ui']['uid'], "R", $rg['ip'], ""))
543 $x = array();
544 $x['obj_id'] = $uid;
545 $x['type'] = 'user';
546 $x['owner'] = $uid;
547 $x['uid'] = $rg['login_ui']['uid'];
548 $x['username'] = $rg['login_ui']['username'];
549 $x['needed_rights'] = 'R';
550 $x['ip'] = $rg['ip'];
551 $x['misc'] = "";
552 if (rg_rights_allow($db, $x) !== TRUE)
545 553 break; break;
546 554
547 555 $params = array("uid" => $uid); $params = array("uid" => $uid);
 
... ... function rg_user_suspend($db, $rg, $uid, $op)
888 896
889 897 $ret = FALSE; $ret = FALSE;
890 898 while (1) { while (1) {
891 if (!rg_rights_allow($db, $uid, "user", $uid,
892 $rg['login_ui']['uid'], "S", $rg['ip'], ""))
899 $x = array();
900 $x['obj_id'] = $uid;
901 $x['type'] = 'user';
902 $x['owner'] = $uid;
903 $x['uid'] = $rg['login_ui']['uid'];
904 $x['username'] = $rg['login_ui']['username'];
905 $x['needed_rights'] = 'S';
906 $x['ip'] = $rg['ip'];
907 $x['misc'] = "";
908 if (rg_rights_allow($db, $x) !== TRUE)
893 909 break; break;
894 910
895 911 $now = time(); $now = time();
 
... ... function rg_user_make_admin($db, $rg, $uid, $op)
931 947
932 948 $ret = FALSE; $ret = FALSE;
933 949 while (1) { while (1) {
934 if (!rg_rights_allow($db, $uid, "user", $uid,
935 $rg['login_ui']['uid'], "M", $rg['ip'], ""))
950 $x = array();
951 $x['obj_id'] = $uid;
952 $x['type'] = 'user';
953 $x['owner'] = $uid;
954 $x['uid'] = $rg['login_ui']['uid'];
955 $x['username'] = $rg['login_ui']['username'];
956 $x['needed_rights'] = 'M';
957 $x['ip'] = $rg['ip'];
958 $x['misc'] = "";
959 if (rg_rights_allow($db, $x) !== TRUE)
936 960 break; break;
937 961
938 962 $params = array("op" => $op, "uid" => $uid); $params = array("op" => $op, "uid" => $uid);
 
... ... function rg_user_edit_high_level($db, &$rg)
1391 1415
1392 1416 $owner = $rg['target_ui']['uid']; $owner = $rg['target_ui']['uid'];
1393 1417 if ($owner > 0) { if ($owner > 0) {
1394 if (!rg_rights_allow($db, $rg['target_ui']['uid'], "user", $owner,
1395 $rg['login_ui']['uid'], "E", $rg['ip'], "")) {
1418 $x = array();
1419 $x['obj_id'] = $rg['target_ui']['uid'];
1420 $x['type'] = 'user';
1421 $x['owner'] = $owner;
1422 $x['uid'] = $rg['login_ui']['uid'];
1423 $x['username'] = $rg['login_ui']['username'];
1424 $x['needed_rights'] = 'E';
1425 $x['ip'] = $rg['ip'];
1426 $x['misc'] = "";
1427 if (rg_rights_allow($db, $x) !== TRUE) {
1396 1428 $ret .= rg_template("access_denied.html", $rg); $ret .= rg_template("access_denied.html", $rg);
1397 1429 return $ret; return $ret;
1398 1430 } }
File inc/user/repo-page.php changed (mode: 100644) (index 489ae5b..641bbdf)
... ... if ($rg['ri']['ok'] != 1) {
27 27 return; return;
28 28 } }
29 29
30 if (($rg['ri']['exists'] != 1)
31 || rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
32 $rg['login_ui']['uid'], "A", $rg['ip'], "") !== TRUE) {
30 $x = array();
31 $x['obj_id'] = $rg['ri']['repo_id'];
32 $x['type'] = 'repo';
33 $x['owner'] = $rg['ri']['uid'];
34 $x['uid'] = $rg['login_ui']['uid'];
35 $x['username'] = $rg['login_ui']['username'];
36 $x['needed_rights'] = 'A';
37 $x['ip'] = $rg['ip'];
38 $x['misc'] = "";
39 if (($rg['ri']['exists'] != 1) || (rg_rights_allow($db, $x) !== TRUE)) {
33 40 $_repo_page .= rg_template("user/repo/deny.html", $rg); $_repo_page .= rg_template("user/repo/deny.html", $rg);
34 41 return; return;
35 42 } }
 
... ... if (($rg['ri']['exists'] != 1)
37 44 if (!isset($rg['ri']['git_dir_done'])) if (!isset($rg['ri']['git_dir_done']))
38 45 $rg['ri']['git_dir_done'] = 0; $rg['ri']['git_dir_done'] = 0;
39 46
40 $can_admin = rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
41 $rg['ri']['uid'], $rg['login_ui']['uid'], "E", $rg['ip'], "") === TRUE ? 1 : 0;
47 $x['needed_rights'] = 'E';
48 $can_admin = rg_rights_allow($db, $x) === TRUE ? 1 : 0;
42 49
43 50 $rg['url_user'] = rg_re_userpage($rg['page_ui']); $rg['url_user'] = rg_re_userpage($rg['page_ui']);
44 51 $rg['url_repo'] = rg_re_repopage($rg['page_ui'], $repo); $rg['url_repo'] = rg_re_repopage($rg['page_ui'], $repo);
 
... ... if ($rg_git_port != 0)
64 71 $urls[]['HTML:url'] = '<a href="' . $rg['git'] . '">' . $rg['git'] . '</a>'; $urls[]['HTML:url'] = '<a href="' . $rg['git'] . '">' . $rg['git'] . '</a>';
65 72 $rg['HTML:urls'] = rg_template_table("repo/urls", $urls, $rg); $rg['HTML:urls'] = rg_template_table("repo/urls", $urls, $rg);
66 73
74 function rg_add_clone_hints($db, &$rg)
75 {
76 global $rg_ssh_port;
77 global $rg_git_port;
78
79 $hints = array();
80
81 $hints[]['HTML:hint'] = rg_template("hints/repo/git_setup.html", $rg);
82
83 if ($rg['ri']['uid'] == $rg['login_ui']['uid']) {
84 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_owner.html", $rg);
85 } else {
86 if ($rg_ssh_port != 0)
87 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $rg);
88
89 if ($rg_git_port != 0)
90 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $rg);
91
92 $x = array();
93 $x['obj_id'] = $rg['ri']['repo_id'];
94 $x['type'] = 'repo_refs';
95 $x['owner'] = $rg['ri']['uid'];
96 $x['uid'] = $rg['login_ui']['uid'];
97 $x['username'] = $rg['login_ui']['username'];
98 $x['needed_rights'] = 'H'; /* anon push */
99 $x['ip'] = $rg['ip'];
100 $x['misc'] = FALSE;
101 if (rg_rights_allow($db, $x) === TRUE)
102 $hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $rg);
103 }
104
105 $rg['HTML:hints'] = rg_template_table("hints/list", $hints, $rg);
106 }
107
67 108 // default tab // default tab
68 109 $_subop = empty($paras) ? "history" : array_shift($paras); $_subop = empty($paras) ? "history" : array_shift($paras);
69 110
70 111 if (strcmp($_subop, "history") == 0) { if (strcmp($_subop, "history") == 0) {
112 rg_add_clone_hints($db, $rg);
113
71 114 $hist = rg_repo_history_load($db, $rg['ri']['repo_id'], 0, 20, 0); $hist = rg_repo_history_load($db, $rg['ri']['repo_id'], 0, 20, 0);
72 115 if ($hist === FALSE) if ($hist === FALSE)
73 116 $_repo_body .= rg_warning("Cannot load history. Try again later."); $_repo_body .= rg_warning("Cannot load history. Try again later.");
 
... ... if (strcmp($_subop, "history") == 0) {
86 129 $type_ref['ref_url']); $type_ref['ref_url']);
87 130 $rg = array_merge($rg, $bt); $rg = array_merge($rg, $bt);
88 131
89 $hints = array();
90 if ($rg_ssh_port != 0)
91 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $rg);
92 if ($rg_git_port != 0)
93 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $rg);
94 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo_refs",
95 $rg['ri']['uid'], $rg['login_ui']['uid'], "H", $rg['ip'], FALSE)) /* H = anon push */
96 $hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $rg);
97 $rg['HTML:hints'] = rg_template_table("hints/list", $hints, $rg);
132 rg_add_clone_hints($db, $rg);
98 133
99 134 $_repo_body .= rg_template("repo/source.html", $rg); $_repo_body .= rg_template("repo/source.html", $rg);
100 135
File inc/user/repo/bug/show/show.php changed (mode: 100644) (index f04bfef..5898cb7)
... ... if ($ibug['exists'] != 1) {
18 18 return; return;
19 19 } }
20 20
21 $x = array();
22 $x['obj_id'] = $rg['ri']['repo_id'];
23 $x['type'] = 'repo';
24 $x['owner'] = $rg['ri']['uid'];
25 $x['uid'] = $rg['login_ui']['uid'];
26 $x['username'] = $rg['login_ui']['username'];
27 $x['ip'] = $rg['ip'];
28 $x['misc'] = '';
29
21 30 // If bug is deleted and the user does not have 'delete' rights, deny access. // If bug is deleted and the user does not have 'delete' rights, deny access.
22 31 if ($ibug['deleted'] > 0) { if ($ibug['deleted'] > 0) {
23 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
24 $rg['login_ui']['uid'], "d", $rg['ip'], "") !== TRUE) {
32 $x['needed_rights'] = 'd';
33 if (rg_rights_allow($db, $x) !== TRUE) {
25 34 $_bug_body .= rg_template("repo/bug/deleted.html", $rg); $_bug_body .= rg_template("repo/bug/deleted.html", $rg);
26 35 return; return;
27 36 } }
 
... ... while (1) {
50 59 $ibug['state_text'] = rg_bug_state($ibug['state']); $ibug['state_text'] = rg_bug_state($ibug['state']);
51 60
52 61 if ($ibug['state'] == 1) { // reopen if ($ibug['state'] == 1) { // reopen
53 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
54 $rg['ri']['uid'], $rg['login_ui']['uid'], "r", $rg['ip'], "") !== TRUE) {
62 $x['needed_rights'] = 'r';
63 if (rg_rights_allow($db, $x) !== TRUE) {
55 64 rg_template("repo/bug/deny_reopen.html", $rg); rg_template("repo/bug/deny_reopen.html", $rg);
56 65 break; break;
57 66 } }
58 67 } else { // close } else { // close
59 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo",
60 $rg['ri']['uid'], $rg['login_ui']['uid'], "C", $rg['ip'], "") !== TRUE) {
68 $x['needed_rights'] = 'C';
69 if (rg_rights_allow($db, $x) !== TRUE) {
61 70 rg_template("repo/bug/deny_close.html", $rg); rg_template("repo/bug/deny_close.html", $rg);
62 71 break; break;
63 72 } }
 
... ... while (1) {
146 155 if ($del_undel == 0) if ($del_undel == 0)
147 156 break; break;
148 157
149 if (rg_rights_allow($db, $rg['ri']['repo_id'], "repo", $rg['ri']['uid'],
150 $rg['login_ui']['uid'], "d", $rg['ip'], "") !== TRUE) {
158 $x['needed_rights'] = 'd';
159 if (rg_rights_allow($db, $x) !== TRUE) {
151 160 $delete_error = rg_template("repo/bug/deny_delete.html", $rg); $delete_error = rg_template("repo/bug/deny_delete.html", $rg);
152 161 break; break;
153 162 } }
File inc/util.inc.php changed (mode: 100644) (index 1292336..9d87bf6)
... ... function rg_var_cookie_re($name, $re)
321 321 */ */
322 322 function rg_chars_allow($name, $allowed_regexp) function rg_chars_allow($name, $allowed_regexp)
323 323 { {
324 if (preg_match($allowed_regexp, $name) === 0) {
324 if (preg_match($allowed_regexp, $name) !== 1) {
325 325 rg_log("chars_allow: [$name] does not match [$allowed_regexp]"); rg_log("chars_allow: [$name] does not match [$allowed_regexp]");
326 326 return FALSE; return FALSE;
327 327 } }
File root/index.php changed (mode: 100644) (index b6fd42d..90dadfc)
... ... rg_log("DEBUG: _REQUEST: " . rg_array2string($_REQUEST));
77 77 rg_log("DEBUG: _COOKIE: " . rg_array2string($_COOKIE)); rg_log("DEBUG: _COOKIE: " . rg_array2string($_COOKIE));
78 78 rg_log($rg['ip'] . " ver=$rocketgit_version"); rg_log($rg['ip'] . " ver=$rocketgit_version");
79 79
80 $service = isset($_REQUEST['service']) ? $_REQUEST['service'] : "";
81 rg_log("service=$service");
82
80 83
81 84 $good = 0; $good = 0;
82 85 $tries = 10; $tries = 10;
 
... ... if ($good == 0) {
100 103 rg_fatal_web("Internal error", $url); rg_fatal_web("Internal error", $url);
101 104 } }
102 105
106 if (strcmp($service, "git-upload-packXXX") == 0) {
107 rg_log("We have a fetch by http!");
108 // TODO: settimelimit to a resonable value
109 putenv("GIT_HTTP_EXPORT_ALL=1");
110 $run = "/usr/libexec/git-core/git-http-backend";
111 rg_log("Running $run...");
112 passthru($run, $ret);
113 rg_log("returned $ret");
114 exit(0);
115 }
116
103 117 rg_user_login_by_sid($db, $rg); rg_user_login_by_sid($db, $rg);
104 118 rg_log("After login_by_sid, login_ui=" . rg_array2string($rg['login_ui'])); rg_log("After login_by_sid, login_ui=" . rg_array2string($rg['login_ui']));
105 119 // If user provided an old/expired sid, we generate a new one, pre-login // If user provided an old/expired sid, we generate a new one, pre-login
File root/themes/default/hints/repo/anon_push.html changed (mode: 100644) (index 111ce60..3c54e1f)
1 1 You are allowed to anonymously push to this repository.<br /> You are allowed to anonymously push to this repository.<br />
2 2 This means that your pushed commits will automatically be transformed into a This means that your pushed commits will automatically be transformed into a
3 3 merge request:<br /> merge request:<br />
4 <code>
4 <div class="xcode">
5 5 ... clone the repository ...<br /> ... clone the repository ...<br />
6 6 ... make some changes and some commits ...<br /> ... make some changes and some commits ...<br />
7 git push<br />
8 </code>
7 git push origin master<br />
8 </div>
File root/themes/default/hints/repo/clone_git.html changed (mode: 100644) (index c8e45d5..fa41883)
1 1 Clone this repository using git:<br /> Clone this repository using git:<br />
2 <code>
2 <div class="xcode">
3 3 git clone @@git@@ local_dir<br /> git clone @@git@@ local_dir<br />
4 4 cd local_dir<br /> cd local_dir<br />
5 </code>
5 </div>
File root/themes/default/hints/repo/clone_owner.html added (mode: 100644) (index 0000000..572f649)
1 If you have the project locally, but not versioned with Git:<br />
2 <div class="xcode">
3 cd local_project_dir<br />
4 git init<br />
5 git remote add origin @@ssh@@<br />
6 git push origin --all<br />
7 git push origin --tags<br />
8 </div>
9 <br />
10
11 If you are switching from another Git hosting provider:<br />
12 <div class="xcode">
13 cd local_project_dir<br />
14 git remote change origin @@ssh@@<br />
15 git push origin --all<br />
16 git push origin --tags<br />
17 </div>
18 <br />
19
20 If you do not have the project locally, and want to clone it:<br />
21 <div class="xcode">
22 mkdir local_project_dir<br />
23 git clone @@ssh@@ local_project_dir<br />
24 cd local_project_dir
25 </div>
File root/themes/default/hints/repo/clone_ssh.html changed (mode: 100644) (index f0ed3ee..424f43d)
1 1 Clone this repository using ssh (do not forget to upload a key first):<br /> Clone this repository using ssh (do not forget to upload a key first):<br />
2 <code>
2 <div class="xcode">
3 3 git clone @@ssh@@ local_dir<br /> git clone @@ssh@@ local_dir<br />
4 4 cd local_dir<br /> cd local_dir<br />
5 </code>
5 </div>
File root/themes/default/hints/repo/edit_repo_path_rights.html changed (mode: 100644) (index fc5ad3c..a5384ff)
1 Example rights for paths:<br />
2 User=[*] Path=[.*\.iso] Rights=[] - means that no user is allowed to push .iso files<br />
3 User=[friend] Path=[^doc/.*] Rights=[Push] - means that only user 'friend' is allowed to push commits that
4 alter some files/dirs in root doc folder.
1 Example rights for paths:
2 <br />
3
4 User=[*] Path=[.*\.iso] Rights=[] - means that no user is allowed to push .iso files
5 <br />
6
7 User=[friend] Path=[^doc/.*] Rights=[Push] - means that only user 'friend' is
8 allowed to push commits that alter some files/dirs in root doc folder
9 <br />
10
11 User=[*] Path=[^users/@USER@/] Rights=[Push] - means that any user can push
12 to his folder inside 'users/'
File root/themes/default/hints/repo/edit_repo_refs_rights.html changed (mode: 100644) (index 0028d72..b328cae)
... ... If your 'Reference' field does not start with '/', '/refs/heads/' will be
7 7 <br /> <br />
8 8
9 9 Example rights for references:<br /> Example rights for references:<br />
10 User=[friend] Reference=[refs/heads/x] Rights=[Fetch,Push] - means that user
10 User=[friend] Reference=[/refs/heads/x] Rights=[Fetch,Push] - means that user
11 11 friend is allowed to fetch and push into branch x.<br /> friend is allowed to fetch and push into branch x.<br />
12 12 User=[user1] Reference=[release-.*] Rights=[Non fast-forward] - means that User=[user1] Reference=[release-.*] Rights=[Non fast-forward] - means that
13 13 user1 is allowed to force push (non fast-forward) in any branch user1 is allowed to force push (non fast-forward) in any branch
 
... ... User=[user1] Reference=[release-.*] Rights=[Non fast-forward] - means that
15 15 User=[*] Reference=[] Rights=[Anonymous push] Priority=[10] - means that any User=[*] Reference=[] Rights=[Anonymous push] Priority=[10] - means that any
16 16 user can anonymously push changes that will be automatically user can anonymously push changes that will be automatically
17 17 transformed in a merge request. We recommend to activate it because transformed in a merge request. We recommend to activate it because
18 it will allow easy contributions to your project.
18 it will allow easy contributions to your project.<br />
19 User=[*] Reference=[users/@USER@/] Rights=[Push] Priority=[10]
20 - means that any user can push to his private ref
21 '/refs/heads/users/username_of_the_pushing_user'
19 22
File root/themes/default/hints/repo/git_setup.html added (mode: 100644) (index 0000000..5d6e8cf)
1 Before first commit, do not forget to setup your git environment:<br />
2 <div class="xcode">
3 git config --global user.name "your name here"<br />
4 git config --global user.email "your@email_here"
5 </div>
File root/themes/default/hints/repo/merge.html changed (mode: 100644) (index 7b81089..559eb36)
1 1 How to merge?<br /> How to merge?<br />
2 2
3 <code>
3 <div class="xcode">
4 4 git fetch @@url@@ refs/mr/rg_xxxxxxxx<br /> git fetch @@url@@ refs/mr/rg_xxxxxxxx<br />
5 5 git merge ???<br /> git merge ???<br />
6 </code>
6 </div>
7 7 <br /> <br />
8 8
9 9 How to "see" all merge requests as branches:<br /> How to "see" all merge requests as branches:<br />
10 10 Add, in config file, under the remote you want, a line like this:<br /> Add, in config file, under the remote you want, a line like this:<br />
11 <code>
11 <div class="xcode">
12 12 fetch = +refs/namespaces/*:refs/remotes/your_remote_name_for_example_origin/mr/*<br /> fetch = +refs/namespaces/*:refs/remotes/your_remote_name_for_example_origin/mr/*<br />
13 </code>
13 </div>
14 14 After you run a git fetch, you will have all the merge requests locally.<br /> After you run a git fetch, you will have all the merge requests locally.<br />
15 15 You can do ??? You can do ???
File root/themes/default/hints/repo/remote_add.html deleted (index c48004d..0000000)
1 If you have the project locally, but not versioned with Git:<br />
2 <code>
3 cd local_dir<br />
4 git init<br />
5 git remote add origin @@ssh@@<br />
6 git push origin master<br />
7 </code>
8 <br />
9
10 If you are switching from another Git hosting provider:<br />
11 <code>
12 cd local_dir<br />
13 git remote change origin @@ssh@@<br />
14 git push origin master<br />
15 </code>
File root/themes/default/hints/ssh/key.html changed (mode: 100644) (index 35cd647..a488684)
1 1 How to create a SSH key for RocketGit:<br /> How to create a SSH key for RocketGit:<br />
2 <code>
2 <div class="xcode">
3 3 ssh-keygen -C "Key for RocketGit" -f ~/.ssh/rocketgit1<br /> ssh-keygen -C "Key for RocketGit" -f ~/.ssh/rocketgit1<br />
4 4 cat ~/.ssh/rocketgit1.pub<br /> cat ~/.ssh/rocketgit1.pub<br />
5 </code>
5 </div>
6 6 Now, copy in clipboard starting with "ssh-...", including the comment Now, copy in clipboard starting with "ssh-...", including the comment
7 7 and paste it in the form above.<br /> and paste it in the form above.<br />
8 8 <br /> <br />
9 9
10 10 To force the use of this key when you connect to the server,<br /> To force the use of this key when you connect to the server,<br />
11 11 add the following lines to your ~/.ssh/config (use tab to indent):<br /> add the following lines to your ~/.ssh/config (use tab to indent):<br />
12 <code>
12 <div class="xcode">
13 13 Host @@rg_ssh_host@@<br /> Host @@rg_ssh_host@@<br />
14 14 &nbsp;&nbsp; User rocketgit<br /> &nbsp;&nbsp; User rocketgit<br />
15 15 &nbsp;&nbsp; Port @@rg_ssh_port@@<br /> &nbsp;&nbsp; Port @@rg_ssh_port@@<br />
16 16 &nbsp;&nbsp; IdentityFile ~/.ssh/rocketgit1<br /> &nbsp;&nbsp; IdentityFile ~/.ssh/rocketgit1<br />
17 </code>
17 </div>
18 18 <br /> <br />
19 19
20 20 To see the fingerprint of your local key (for comparison):<br /> To see the fingerprint of your local key (for comparison):<br />
21 <code>
21 <div class="xcode">
22 22 ssh-keygen -f ~/.ssh/rocketgit1 -l<br /> ssh-keygen -f ~/.ssh/rocketgit1 -l<br />
23 </code>
23 </div>
File root/themes/default/mail/admin/report1.body.txt changed (mode: 100644) (index cfac7aa..b8eecd5)
2 2
3 3 -- --
4 4 RocketGit Team RocketGit Team
5 http://rocketgit.net
5 http://rocketgit.com/
File root/themes/default/mail/user/key/del.body.txt changed (mode: 100644) (index b4b4b57..e58d6c3)
... ... IP: @@IP@@
6 6
7 7 -- --
8 8 RocketGit Team RocketGit Team
9 http://rocketgit.net
9 http://rocketgit.com/
File root/themes/default/mail/user/key/new.body.txt changed (mode: 100644) (index 3e2e4a8..85f573e)
... ... IP: @@IP@@
6 6
7 7 -- --
8 8 RocketGit Team RocketGit Team
9 http://rocketgit.net
9 http://rocketgit.com/
File root/themes/default/mail/user/repo/bug/new.body.txt changed (mode: 100644) (index 87b151d..a5d32d0)
... ... Link to bug: @@bug::url@@
14 14
15 15 -- --
16 16 RocketGit Team RocketGit Team
17 http://rocketgit.net
17 http://rocketgit.com/
File root/themes/default/mail/user/repo/bug/new_note.body.txt changed (mode: 100644) (index c452da7..bc2fda9)
... ... Link to bug: @@bug::url@@
11 11
12 12 -- --
13 13 RocketGit Team RocketGit Team
14 http://rocketgit.net
14 http://rocketgit.com/
File root/themes/default/mail/user/repo/del.body.txt changed (mode: 100644) (index f1b9ec5..b81b6bc)
... ... IP: @@IP@@
6 6
7 7 -- --
8 8 RocketGit Team RocketGit Team
9 http://rocketgit.net
9 http://rocketgit.com/
File root/themes/default/mail/user/repo/new.body.txt changed (mode: 100644) (index 26fbb55..c35600b)
... ... IP: @@IP@@
10 10
11 11 -- --
12 12 RocketGit Team RocketGit Team
13 http://rocketgit.net
13 http://rocketgit.com/
File root/themes/default/mail/user/repo/update.body.txt changed (mode: 100644) (index ad475f6..3d07e32)
... ... IP: @@IP@@
11 11
12 12 -- --
13 13 RocketGit Team RocketGit Team
14 http://rocketgit.net
14 http://rocketgit.com/
File root/themes/default/mail/user/welcome.body.txt changed (mode: 100644) (index 19c1cd7..7a29e9e)
... ... Thank you!
15 15
16 16 -- --
17 17 RocketGit Team RocketGit Team
18 http://rocketgit.net/
18 http://rocketgit.com/
File root/themes/default/main.css changed (mode: 100644) (index 9d10c0e..fa3aa3d)
... ... th, td {
32 32 word-wrap: break-word; word-wrap: break-word;
33 33 } }
34 34
35 code {
35 .xcode {
36 margin-left: 5px;
37 border-left: 1px solid #000;
36 38 font-size: 9pt; font-size: 9pt;
37 font-weight: bold;
39 padding-left: 5px;
38 40 } }
39 41
40 42 form input[type="text"], form input[type="password"], form textarea, form select, form checkbox { form input[type="text"], form input[type="password"], form textarea, form select, form checkbox {
File root/themes/default/user/repo/deny_create.html added (mode: 100644) (index 0000000..6ecf740)
1 <div class="error">
2 You are not allowed to create an anonymous repo. Please login first.
3 </div>
File scripts/remote.php changed (mode: 100644) (index 0a39673..c462394)
... ... if ($login_uid > 0) {
179 179 if ($conn_ui['exists'] != 1) if ($conn_ui['exists'] != 1)
180 180 fatal("User does not exists (conn)."); fatal("User does not exists (conn).");
181 181 } else { } else {
182 $conn_ui = array("uid" => 0);
182 $conn_ui = array('uid' => 0, 'username' => '');
183 183 } }
184 184
185 185 // Loading info about the repository // Loading info about the repository
 
... ... rg_log("repo_path=$repo_path.");
198 198
199 199 // TODO: signal user that the repo moved and provide a hint how to follow // TODO: signal user that the repo moved and provide a hint how to follow
200 200
201 $misc = FALSE;
202 $ret = rg_rights_allow($db, $ri['repo_id'], "repo_refs", $ri['uid'],
203 $conn_ui['uid'], $needed_rights, $ip, $misc);
201 $x = array();
202 $x['obj_id'] = $ri['repo_id'];
203 $x['type'] = 'repo_refs';
204 $x['owner'] = $ri['uid'];
205 $x['uid'] = $conn_ui['uid'];
206 $x['username'] = $conn_ui['username'];
207 $x['needed_rights'] = $needed_rights;
208 $x['ip'] = $ip;
209 $x['misc'] = FALSE;
210 $ret = rg_rights_allow($db, $x);
204 211 if ($ret !== TRUE) if ($ret !== TRUE)
205 212 fatal("You have no rights to access this repo!"); fatal("You have no rights to access this repo!");
206 213
 
... ... if (($push == 1) && rg_user_over_limit($db, $owner_ui, $max))
217 224
218 225 // Put in environment all we need // Put in environment all we need
219 226 putenv("ROCKETGIT_LOGIN_UID=" . $login_uid); putenv("ROCKETGIT_LOGIN_UID=" . $login_uid);
227 putenv("ROCKETGIT_LOGIN_USERNAME=" . $conn_ui['username']);
220 228 putenv("ROCKETGIT_KEY_ID=" . $key_id); putenv("ROCKETGIT_KEY_ID=" . $key_id);
221 229 putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']); putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']);
222 230 putenv("ROCKETGIT_REPO_PATH=" . $repo_path); putenv("ROCKETGIT_REPO_PATH=" . $repo_path);
File spell_check.sh changed (mode: 100755) (index 55b754e..bfcfb00)
2 2
3 3 cdir=${PWD} cdir=${PWD}
4 4
5 # TODO not yet, is full of romanian...
6 # -name 'TODO' \
7
5 8 find . \ find . \
6 -name 'TODO' \
7 -o -name '*.html' \
9 -name '*.html' \
8 10 -o -name '*.txt' \ -o -name '*.txt' \
9 11 -o -name '*.spec.in' \ -o -name '*.spec.in' \
10 12 -o -name README \ -o -name README \
File tests/config.php changed (mode: 100644) (index 84f052f..230b1b7)
... ... $rg_theme = "util";
29 29 $rg_lang = "en"; $rg_lang = "en";
30 30 $rg_cache_enable = FALSE; $rg_cache_enable = FALSE;
31 31 $rg_event_socket = ""; $rg_event_socket = "";
32 $rg_ssh_host = 'localhost';
33 $rg_ssh_port = 22;
34 $rg_git_host = 'localhost';
35 $rg_git_port = 9418;
32 36
33 37 // For http testing // For http testing
34 38 $test_url = "http://r1i:9000"; $test_url = "http://r1i:9000";
File tests/hook_update.sh changed (mode: 100755) (index ec53c82..45a3e65)
... ... tests=`pwd`
4 4
5 5 export ROCKETGIT_CONF_FILE="`pwd`/config.php" export ROCKETGIT_CONF_FILE="`pwd`/config.php"
6 6 export ROCKETGIT_LOGIN_UID=1234 export ROCKETGIT_LOGIN_UID=1234
7 export ROCKETGIT_LOGIN_USERNAME=cutu
7 8 export ROCKETGIT_REPO_ID=5678 export ROCKETGIT_REPO_ID=5678
8 9 export ROCKETGIT_IP="127.0.0.1" export ROCKETGIT_IP="127.0.0.1"
9 10 export ROCKETGIT_REPO_PATH="`pwd`/hook_update_dest.git" export ROCKETGIT_REPO_PATH="`pwd`/hook_update_dest.git"
File tests/hook_update_help.php changed (mode: 100644) (index a8f9bc8..97d4e86)
... ... if ($repo_uid === FALSE)
31 31 $uid = getenv("ROCKETGIT_LOGIN_UID"); $uid = getenv("ROCKETGIT_LOGIN_UID");
32 32 if ($uid === FALSE) if ($uid === FALSE)
33 33 $uid = 1234; $uid = 1234;
34 $username = getenv("ROCKETGIT_LOGIN_USERNAME");
35 if ($username === FALSE)
36 $username = 'cutu';
34 37 $rights = getenv("ROCKETGIT_REPO_RIGHTS"); $rights = getenv("ROCKETGIT_REPO_RIGHTS");
35 38 if ($rights === FALSE) if ($rights === FALSE)
36 39 $rights = ""; $rights = "";
File tests/http.inc.php changed (mode: 100644) (index c7b4cf2..d323c52)
... ... function do_req($url, &$data, &$headers)
80 80 } }
81 81
82 82 $x = preg_match('/Location: (.*)\s/', $ret['header'], $matches); $x = preg_match('/Location: (.*)\s/', $ret['header'], $matches);
83 if ($x > 0) {
83 if ($x === 1) {
84 84 if (strncmp($url, "http://", 7) == 0) if (strncmp($url, "http://", 7) == 0)
85 85 $url = substr($url, 7); $url = substr($url, 7);
86 86 rg_log("redirect to url=$url"); rg_log("redirect to url=$url");
File tests/rights.php changed (mode: 100644) (index 87dc084..b1f853a)
... ... $rg_sql_debug = 1;
16 16 // Defaults // Defaults
17 17 $rg_admin_email = "rg@embedromix.ro"; $rg_admin_email = "rg@embedromix.ro";
18 18
19 $type1_rights = array('d' => 'Delete', 'x' => 'XXX', 'y' => 'YYY',
20 'a' => 'AAA', 'b' => 'BBB', 'c' => 'CCC',
21 'A' => 'aaa', 'B' => 'bbb', 'C' => 'ccc');
22 rg_rights_register('type1', $type1_rights, "", "rg_repo_compare_refs", FALSE);
19 23
20 24 $sql = "DELETE FROM rights"; $sql = "DELETE FROM rights";
21 25 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
 
... ... $a['who'] = 90;
71 75 $a['obj_id'] = 333; $a['obj_id'] = 333;
72 76 $a['uid'] = 200; $a['uid'] = 200;
73 77 $a['rights'] = "abc"; $a['rights'] = "abc";
74 $a['misc'] = "misc1";
78 $a['misc'] = "misc1/@USER@/";
75 79 $a['ip'] = "1.1.1.1 2.2.2.2 10.0.0.0/8"; $a['ip'] = "1.1.1.1 2.2.2.2 10.0.0.0/8";
76 80 $a['prio'] = 13; $a['prio'] = 13;
77 81 $a['description'] = "desc1"; $a['description'] = "desc1";
 
... ... if ($r !== TRUE) {
80 84 rg_log("Seems I cannot set rights 1 (" . rg_rights_error() . ")"); rg_log("Seems I cannot set rights 1 (" . rg_rights_error() . ")");
81 85 exit(1); exit(1);
82 86 } }
83 $a['rights'] = "d"; $a['misc'] = "misc2"; $a['prio'] = 14;
84 $r = rg_rights_set($db, "type1", $a);
87 $b = $a;
88 $b['rights'] = "d"; $b['misc'] = "some_misc"; $b['prio'] = 14;
89 $r = rg_rights_set($db, "type1", $b);
85 90 if ($r !== TRUE) { if ($r !== TRUE) {
86 91 rg_log("Seems I cannot set rights 2 (" . rg_rights_error() . ")"); rg_log("Seems I cannot set rights 2 (" . rg_rights_error() . ")");
87 92 exit(1); exit(1);
88 93 } }
89 $a['rights'] = "E"; $a['misc'] = "misc3"; $a['prio'] = 14;
90 $r = rg_rights_set($db, "type2", $a);
94 $b['rights'] = "E"; $b['misc'] = "some_other_misc"; $b['prio'] = 14;
95 $r = rg_rights_set($db, "type2", $b);
91 96 if ($r !== TRUE) { if ($r !== TRUE) {
92 rg_log("Seems I cannot set rights 2 (" . rg_rights_error() . ")");
97 rg_log("Seems I cannot set rights 3 (" . rg_rights_error() . ")");
93 98 exit(1); exit(1);
94 99 } }
95 100
 
... ... $right_id = 0;
98 103 $r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id); $r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id);
99 104 if (($r['ok'] !== 1) || (strcmp($r['list'][1]['rights'], "d") != 0)) { if (($r['ok'] !== 1) || (strcmp($r['list'][1]['rights'], "d") != 0)) {
100 105 rg_log("Seems I cannot get rights (" . rg_rights_error() . ")"); rg_log("Seems I cannot get rights (" . rg_rights_error() . ")");
101 print_r($r);
106 rg_log_ml("r: " . print_r($r, TRUE));
102 107 exit (1); exit (1);
103 108 } }
104 109 // 'get' again, to see if cache works // 'get' again, to see if cache works
105 110 $r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id); $r = rg_rights_get($db, $a['obj_id'], "type1", $a['who'], $a['uid'], $right_id);
106 111 if (($r['ok'] !== 1) || (strcmp($r['list'][1]['rights'], "d") != 0)) { if (($r['ok'] !== 1) || (strcmp($r['list'][1]['rights'], "d") != 0)) {
107 112 rg_log("Seems I cannot get rights (" . rg_rights_error() . ")"); rg_log("Seems I cannot get rights (" . rg_rights_error() . ")");
108 print_r($r);
109 exit (1);
113 rg_log_ml("r: " . print_r($r, TRUE));
114 exit(1);
115 }
116 $for_delete_list = $r['list'];
117
118 rg_log("Testing allow with @USER@ token...");
119 $x = array();
120 $x['obj_id'] = $a['obj_id'];
121 $x['type'] = 'type1';
122 $x['owner'] = 90;
123 $x['uid'] = 200;
124 $x['username'] = 'user_gen';
125 $x['needed_rights'] = 'a';
126 $x['ip'] = '10.2.3.4';
127 $x['misc'] = 'misc1/user_gen/a';
128 $r = rg_rights_allow($db, $x);
129 if ($r === FALSE) {
130 rg_log("We should have access because of @USER@");
131 exit(1);
110 132 } }
111 133
112 134 rg_log("Testing delete_list..."); rg_log("Testing delete_list...");
113 135 $list = array(); $list = array();
114 foreach ($r['list'] as $junk => $i)
136 foreach ($for_delete_list as $junk => $i)
115 137 $list[] = $i['right_id']; $list[] = $i['right_id'];
116 138 $r = rg_rights_delete_list($db, "type1", $a['obj_id'], $list); $r = rg_rights_delete_list($db, "type1", $a['obj_id'], $list);
117 139 if ($r !== TRUE) { if ($r !== TRUE) {
 
... ... if ($r !== TRUE) {
166 188 exit(1); exit(1);
167 189 } }
168 190
191
169 192 rg_log("Finish"); rg_log("Finish");
170 193
171 194 // TODO: test if a user can read other rights // TODO: test if a user can read other rights
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master