added code_read_access and file_read_access

This commit is contained in:
hyung-hwan 2016-12-01 12:57:50 +00:00
parent 0e962bbce4
commit 272f67d1d5
11 changed files with 296 additions and 112 deletions

View File

@ -92,9 +92,25 @@ language = "auto"
index_page = "index.php" index_page = "index.php"
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
; When set to yes, viewing pages require a user to sign in. ; When set to yes, viewing pages requires a user to sign in.
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
singin_compulsory = "no" signin_compulsory = "no"
;------------------------------------------------------------------------------
; Code read access is limited to the specified user type. The types
; include anonymous, authenticated, member. This applies to a public project
; only. Write access to any projects and read access to a non-public project
; require membership regardless of this item.
;------------------------------------------------------------------------------
code_read_access = "anonymous"
;------------------------------------------------------------------------------
; File read access is limited to the specified user type. The types
; include anonymous, authenticated, member. This applies to a public project
; only. Write access to any projects and read access to a non-public project
; require membership regardless of this item.
;------------------------------------------------------------------------------
file_read_access = "anonymous"
;------------------------------------------------------------------------------ ;------------------------------------------------------------------------------
; When set to yes, non-http access is diverted to https using ; When set to yes, non-http access is diverted to https using

View File

@ -245,7 +245,7 @@ $config['cache_path'] = CODEPOT_CACHE_DIR;
| enabled you MUST set an encryption key. See the user guide for info. | enabled you MUST set an encryption key. See the user guide for info.
| |
*/ */
$config['encryption_key'] = ""; $config['encryption_key'] = "codepot";
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
@ -261,7 +261,7 @@ $config['encryption_key'] = "";
*/ */
$config['sess_cookie_name'] = 'codepot_session'; $config['sess_cookie_name'] = 'codepot_session';
$config['sess_expiration'] = 72000; $config['sess_expiration'] = 72000;
$config['sess_encrypt_cookie'] = FALSE; $config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = FALSE; $config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'codepot_sessions'; $config['sess_table_name'] = 'codepot_sessions';
$config['sess_match_ip'] = FALSE; $config['sess_match_ip'] = FALSE;

View File

@ -26,6 +26,57 @@ class Code extends Controller
$this->lang->load ('code', CODEPOT_LANG); $this->lang->load ('code', CODEPOT_LANG);
} }
private function _can_read ($pm, $projectid, $login)
{
if ($login['sysadmin?']) return TRUE;
$userid = $login['id'];
if ($pm->projectIsPublic($projectid))
{
if (strcasecmp(CODEPOT_CODE_READ_ACCESS, 'anonymous') == 0) return TRUE;
else if (strcasecmp(CODEPOT_CODE_READ_ACCESS, 'authenticated') == 0)
{
if ($userid != '') return TRUE;
}
else if (strcasecmp(CODEPOT_CODE_READ_ACCESS, 'member') == 0)
{
if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
}
}
else
{
// non-public project.
if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
}
return FALSE;
}
private function _can_write ($pm, $projectid, $login)
{
if ($login['sysadmin?']) return TRUE;
$userid = $login['id'];
if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
return FALSE;
}
private function _redirect_to_signin ($conv, $login, $project = NULL)
{
$userid = $login['id'];
if ($userid == '')
{
redirect (CODEPOT_SIGNIN_REDIR_PATH . $conv->AsciiTohex(current_url()));
}
else
{
$data['login'] = $login;
$data['project'] = $project;
$data['message'] = 'Disallowed';
$this->load->view ($this->VIEW_ERROR, $data);
}
}
function home ($projectid = '', $subdir = '', $rev = SVN_REVISION_HEAD) function home ($projectid = '', $subdir = '', $rev = SVN_REVISION_HEAD)
{ {
return $this->file ($projectid, $subdir, $rev); return $this->file ($projectid, $subdir, $rev);
@ -39,7 +90,11 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -61,10 +116,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getFile ($projectid, $path, $rev); $file = $this->subversion->getFile ($projectid, $path, $rev);
@ -173,7 +230,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -195,10 +255,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getBlame ($projectid, $path, $rev); $file = $this->subversion->getBlame ($projectid, $path, $rev);
@ -251,7 +313,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -273,10 +338,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getFile ($projectid, $path, $rev); $file = $this->subversion->getFile ($projectid, $path, $rev);
@ -447,10 +514,11 @@ class Code extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -515,10 +583,11 @@ class Code extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -574,10 +643,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$tag = $this->converter->HexToAscii ($tag); $tag = $this->converter->HexToAscii ($tag);
@ -623,10 +694,11 @@ class Code extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else if ($login['id'] != $this->subversion->getRevProp($projectid, $rev, 'svn:author')) else if ($login['id'] != $this->subversion->getRevProp($projectid, $rev, 'svn:author'))
{ {
@ -681,10 +753,11 @@ class Code extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
//else if ($login['id'] != $this->subversion->getRevProp($projectid, $rev, 'svn:author')) //else if ($login['id'] != $this->subversion->getRevProp($projectid, $rev, 'svn:author'))
//{ //{
@ -744,10 +817,11 @@ class Code extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -812,10 +886,11 @@ class Code extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -924,7 +999,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -946,10 +1024,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getHistory ($projectid, $path, $rev); $file = $this->subversion->getHistory ($projectid, $path, $rev);
@ -993,8 +1073,6 @@ class Code extends Controller
$data['next_revision'] = $data['next_revision'] =
$this->subversion->getNextRev ($projectid, $path, $rev); $this->subversion->getNextRev ($projectid, $path, $rev);
$data['review_count'] =
$this->load->view ($this->VIEW_HISTORY, $data); $this->load->view ($this->VIEW_HISTORY, $data);
} }
} }
@ -1008,7 +1086,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -1035,10 +1116,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getRevHistory ($projectid, $path, $rev); $file = $this->subversion->getRevHistory ($projectid, $path, $rev);
@ -1156,7 +1239,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -1178,10 +1264,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getDiff ($projectid, $path, $rev1, $rev2, $full); $file = $this->subversion->getDiff ($projectid, $path, $rev1, $rev2, $full);
@ -1248,7 +1336,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$path = $this->converter->HexToAscii ($path); $path = $this->converter->HexToAscii ($path);
@ -1270,10 +1361,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->subversion->getFile ($projectid, $path, $rev); $file = $this->subversion->getFile ($projectid, $path, $rev);
@ -1417,7 +1510,10 @@ class Code extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ((CODEPOT_SIGNIN_COMPULSORY || CODEPOT_SIGNIN_FOR_CODE_SEARCH) && $login['id'] == '') if ((CODEPOT_SIGNIN_COMPULSORY || CODEPOT_SIGNIN_FOR_CODE_SEARCH) && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
if ($project === FALSE) if ($project === FALSE)
@ -1436,10 +1532,12 @@ class Code extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') //if ($project->public !== 'Y' && $login['id'] == '')
if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return 0;
} }
$this->_search_code ($project, $login); $this->_search_code ($project, $login);
@ -1465,7 +1563,8 @@ class Code extends Controller
} }
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
if ($project === FALSE || ($project->public !== 'Y' && $login['id'] == '')) //if ($project === FALSE || ($project->public !== 'Y' && $login['id'] == ''))
if ($project === FALSE || !$this->_can_read ($this->projects, $projectid, $login))
{ {
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found'); header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found');
return; return;
@ -1477,7 +1576,6 @@ class Code extends Controller
if ($path == '.') $path = ''; /* treat a period specially */ if ($path == '.') $path = ''; /* treat a period specially */
$path = $this->_normalize_path ($path); $path = $this->_normalize_path ($path);
if ($type == 'cloc-file') if ($type == 'cloc-file')
{ {
// number of lines in a single file // number of lines in a single file

View File

@ -19,6 +19,57 @@ class File extends Controller
$this->lang->load ('file', CODEPOT_LANG); $this->lang->load ('file', CODEPOT_LANG);
} }
private function _can_read ($pm, $projectid, $login)
{
if ($login['sysadmin?']) return TRUE;
$userid = $login['id'];
if ($pm->projectIsPublic($projectid))
{
if (strcasecmp(CODEPOT_FILE_READ_ACCESS, 'anonymous') == 0) return TRUE;
else if (strcasecmp(CODEPOT_FILE_READ_ACCESS, 'authenticated') == 0)
{
if ($userid != '') return TRUE;
}
else if (strcasecmp(CODEPOT_FILE_READ_ACCESS, 'member') == 0)
{
if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
}
}
else
{
// non-public project.
if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
}
return FALSE;
}
private function _can_write ($pm, $projectid, $login)
{
if ($login['sysadmin?']) return TRUE;
$userid = $login['id'];
if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
return FALSE;
}
private function _redirect_to_signin ($conv, $login, $project = NULL)
{
$userid = $login['id'];
if ($userid == '')
{
redirect (CODEPOT_SIGNIN_REDIR_PATH . $conv->AsciiTohex(current_url()));
}
else
{
$data['login'] = $login;
$data['project'] = $project;
$data['message'] = 'Disallowed';
$this->load->view ($this->VIEW_ERROR, $data);
}
}
function home ($projectid = '') function home ($projectid = '')
{ {
$this->load->model ('ProjectModel', 'projects'); $this->load->model ('ProjectModel', 'projects');
@ -26,7 +77,10 @@ class File extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
@ -44,10 +98,11 @@ class File extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$files = $this->files->getAll ($login['id'], $project); $files = $this->files->getAll ($login['id'], $project);
@ -73,7 +128,10 @@ class File extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$name = $this->converter->HexToAscii ($name); $name = $this->converter->HexToAscii ($name);
@ -93,10 +151,11 @@ class File extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->files->get ($login['id'], $project, $name); $file = $this->files->get ($login['id'], $project, $name);
@ -129,7 +188,10 @@ class File extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); {
$this->_redirect_to_signin($this->converter, $login);
return;
}
$data['login'] = $login; $data['login'] = $login;
$name = $this->converter->HexToAscii ($name); $name = $this->converter->HexToAscii ($name);
@ -149,10 +211,11 @@ class File extends Controller
} }
else else
{ {
if ($project->public !== 'Y' && $login['id'] == '') if (!$this->_can_read ($this->projects, $projectid, $login))
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); $this->_redirect_to_signin($this->converter, $login, $project);
return;
} }
$file = $this->files->fetchFile ($login['id'], $project, $name); $file = $this->files->fetchFile ($login['id'], $project, $name);
@ -260,10 +323,11 @@ class File extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -362,10 +426,11 @@ class File extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -444,10 +509,11 @@ class File extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -528,10 +594,11 @@ class File extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -540,7 +607,6 @@ class File extends Controller
$file->tag = $this->input->post('file_edit_tag'); $file->tag = $this->input->post('file_edit_tag');
$file->description = $this->input->post('file_edit_description'); $file->description = $this->input->post('file_edit_description');
if ($file->name === FALSE || ($file->name = trim($file->name)) == '') if ($file->name === FALSE || ($file->name = trim($file->name)) == '')
{ {
$status = 'error - no name'; $status = 'error - no name';
@ -594,10 +660,11 @@ class File extends Controller
{ {
$status = "error - no such project {$projectid}"; $status = "error - no such project {$projectid}";
} }
else if (!$login['sysadmin?'] && //else if (!$login['sysadmin?'] &&
$this->projects->projectHasMember($projectid, $login['id']) === FALSE) // $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
else if (!$this->_can_write ($this->projects, $projectid, $login))
{ {
$status = "error - not a member {$login['id']}"; $status = "error - disallowed";
} }
else else
{ {
@ -623,8 +690,6 @@ class File extends Controller
print $status; print $status;
} }
} }
?> ?>

View File

@ -37,7 +37,7 @@ class Graph extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
//$path = $this->converter->HexToAscii ($path); //$path = $this->converter->HexToAscii ($path);
@ -62,7 +62,7 @@ class Graph extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$data['project'] = $project; $data['project'] = $project;

View File

@ -28,7 +28,7 @@ class Issue extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
@ -49,7 +49,7 @@ class Issue extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
if ($filter == '') if ($filter == '')
@ -150,7 +150,7 @@ class Issue extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
if ($hexid == '') if ($hexid == '')
@ -827,7 +827,7 @@ class Issue extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$att = $this->wikis->getAttachment ($login['id'], $project, $wikiname, $name); $att = $this->wikis->getAttachment ($login['id'], $project, $wikiname, $name);
@ -914,7 +914,7 @@ class Issue extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$att = $this->issues->getFile ($login['id'], $project, $issueid, $filename); $att = $this->issues->getFile ($login['id'], $project, $issueid, $filename);
@ -985,7 +985,7 @@ class Issue extends Controller
// //
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
if ($issueid == '' || $filename == '') if ($issueid == '' || $filename == '')
{ {

View File

@ -32,7 +32,7 @@ class Project extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
if ($filter == '') if ($filter == '')
@ -125,7 +125,7 @@ class Project extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
@ -147,7 +147,7 @@ class Project extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$log_entries = $this->logs->getEntries ( $log_entries = $this->logs->getEntries (
@ -275,7 +275,7 @@ class Project extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$project = new stdClass(); $project = new stdClass();
$project->id = $projectid; $project->id = $projectid;
@ -295,7 +295,7 @@ class Project extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
if ($project === FALSE) if ($project === FALSE)
@ -394,7 +394,7 @@ class Project extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
if ($project === FALSE) if ($project === FALSE)

View File

@ -37,7 +37,7 @@ class Site extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$this->load->model ('SiteModel', 'sites'); $this->load->model ('SiteModel', 'sites');
$this->load->model ('ProjectModel', 'projects'); $this->load->model ('ProjectModel', 'projects');
@ -149,7 +149,7 @@ class Site extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$this->load->model ('SiteModel', 'sites'); $this->load->model ('SiteModel', 'sites');
@ -173,7 +173,7 @@ class Site extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$this->load->model ('SiteModel', 'sites'); $this->load->model ('SiteModel', 'sites');
@ -280,7 +280,7 @@ class Site extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
if (!$login['sysadmin?']) if (!$login['sysadmin?'])
{ {
@ -305,7 +305,7 @@ class Site extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$site = $this->sites->get ($siteid); $site = $this->sites->get ($siteid);
if ($site === FALSE) if ($site === FALSE)
@ -397,7 +397,7 @@ class Site extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$site = $this->sites->get ($siteid); $site = $this->sites->get ($siteid);
if ($site === FALSE) if ($site === FALSE)
@ -566,7 +566,7 @@ class Site extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
@ -588,7 +588,7 @@ class Site extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;

View File

@ -31,7 +31,7 @@ class Wiki extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
$project = $this->projects->get ($projectid); $project = $this->projects->get ($projectid);
@ -52,7 +52,7 @@ class Wiki extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$wikis = $this->wikis->getAll ($login['id'], $project); $wikis = $this->wikis->getAll ($login['id'], $project);
@ -78,7 +78,7 @@ class Wiki extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
if ($name == '') if ($name == '')
@ -108,7 +108,7 @@ class Wiki extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$link = $this->wikihelper->parseLink ( $link = $this->wikihelper->parseLink (
@ -186,7 +186,7 @@ class Wiki extends Controller
$login = $this->login->getUser (); $login = $this->login->getUser ();
if ($login['id'] == '') if ($login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
$data['login'] = $login; $data['login'] = $login;
$name = $this->converter->HexToAscii ($name); $name = $this->converter->HexToAscii ($name);
@ -319,7 +319,7 @@ class Wiki extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$att = $this->wikis->getAttachment ($login['id'], $project, $wikiname, $name); $att = $this->wikis->getAttachment ($login['id'], $project, $wikiname, $name);
@ -406,7 +406,7 @@ class Wiki extends Controller
if ($project->public !== 'Y' && $login['id'] == '') if ($project->public !== 'Y' && $login['id'] == '')
{ {
// non-public projects require sign-in. // non-public projects require sign-in.
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
} }
$att = $this->issues->getFile ($login['id'], $project, $issueid, $filename); $att = $this->issues->getFile ($login['id'], $project, $issueid, $filename);
@ -472,7 +472,7 @@ class Wiki extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
if ($target == '') if ($target == '')
{ {
@ -519,7 +519,7 @@ class Wiki extends Controller
{ {
$login = $this->login->getUser (); $login = $this->login->getUser ();
if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
redirect ("main/signin/" . $this->converter->AsciiTohex(current_url())); redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
if ($wikiname == '' || $filename == '') if ($wikiname == '' || $filename == '')
{ {

View File

@ -7,6 +7,8 @@ define ('CODEPOT_WWW_DIR', '@WWWDIR@');
define ('CODEPOT_LOG_DIR', '@LOGDIR@/'); // this requires a trailing slash define ('CODEPOT_LOG_DIR', '@LOGDIR@/'); // this requires a trailing slash
define ('CODEPOT_CACHE_DIR', '@CACHEDIR@'); define ('CODEPOT_CACHE_DIR', '@CACHEDIR@');
define ('CODEPOT_SIGNIN_REDIR_PATH', 'main/signin/');
function load_ini ($file) function load_ini ($file)
{ {
if (defined('INI_SCANNER_RAW')) if (defined('INI_SCANNER_RAW'))
@ -31,6 +33,9 @@ function load_ini ($file)
array ('index_page', 'string', 'index.php'), array ('index_page', 'string', 'index.php'),
array ('signin_compulsory', 'boolean', FALSE), array ('signin_compulsory', 'boolean', FALSE),
array ('code_read_access', 'string', 'anonymous'),
array ('file_read_access', 'string', 'anonymous'),
array ('https_compulsory', 'boolean', FALSE), array ('https_compulsory', 'boolean', FALSE),
array ('https_url', 'string', 'https://${SERVER_NAME}${REQUEST_URI}'), array ('https_url', 'string', 'https://${SERVER_NAME}${REQUEST_URI}'),
array ('api_base_url', 'string', 'http://127.0.0.1'), array ('api_base_url', 'string', 'http://127.0.0.1'),
@ -108,6 +113,7 @@ function load_ini ($file)
array ('svn_restriction_allowed_subdir_depth_min', 'integer', 0), array ('svn_restriction_allowed_subdir_depth_min', 'integer', 0),
array ('svn_restriction_allowed_subdir_depth_max', 'integer', 0), array ('svn_restriction_allowed_subdir_depth_max', 'integer', 0),
// this item is used by the codepot-user command. // this item is used by the codepot-user command.
array ('codepot_user_executor', 'string', 'root'), array ('codepot_user_executor', 'string', 'root'),
); );

View File

@ -186,7 +186,6 @@ www_DATA = \
pdf.worker.min.js \ pdf.worker.min.js \
webodf.js webodf.js
EXTRA_DIST = $(www_DATA) EXTRA_DIST = $(www_DATA)
all: all-recursive all: all-recursive