added code_read_access and file_read_access

2016-12-01 12:57:50 +00:00 · 2016-12-01 12:57:50 +00:00 · 272f67d1d5
commit 272f67d1d5
parent 0e962bbce4
11 changed files with 296 additions and 112 deletions
--- a/codepot/etc/codepot.ini.in
+++ b/codepot/etc/codepot.ini.in
@ -92,9 +92,25 @@ language = "auto"
 index_page = "index.php"
 ;------------------------------------------------------------------------------
-; When set to yes, viewing pages require a user to sign in.
+; When set to yes, viewing pages requires a user to sign in.
 ;------------------------------------------------------------------------------
-singin_compulsory = "no"
+signin_compulsory = "no"
 ;------------------------------------------------------------------------------
 ; Code read access is limited to the specified user type. The types 
 ; include anonymous, authenticated, member. This applies to a public project 
 ; only. Write access to any projects and read access to a non-public project
 ; require membership regardless of this item.
 ;------------------------------------------------------------------------------
 code_read_access = "anonymous"
 ;------------------------------------------------------------------------------
 ; File read access is limited to the specified user type. The types 
 ; include anonymous, authenticated, member. This applies to a public project 
 ; only. Write access to any projects and read access to a non-public project
 ; require membership regardless of this item.
 ;------------------------------------------------------------------------------
 file_read_access = "anonymous"
 ;------------------------------------------------------------------------------
 ; When set to yes, non-http access is diverted to https using 
--- a/codepot/src/codepot/config/config.php
+++ b/codepot/src/codepot/config/config.php
@ -245,7 +245,7 @@ $config['cache_path'] = CODEPOT_CACHE_DIR;
 | enabled you MUST set an encryption key.  See the user guide for info.
 |
 */
-$config['encryption_key'] = "";
+$config['encryption_key'] = "codepot";
 /*
 |--------------------------------------------------------------------------
@ -261,7 +261,7 @@ $config['encryption_key'] = "";
 */
 $config['sess_cookie_name']     = 'codepot_session';
 $config['sess_expiration']      = 72000;
-$config['sess_encrypt_cookie']  = FALSE;
+$config['sess_encrypt_cookie']  = TRUE;
 $config['sess_use_database']    = FALSE;
 $config['sess_table_name']      = 'codepot_sessions';
 $config['sess_match_ip']        = FALSE;
--- a/codepot/src/codepot/controllers/code.php
+++ b/codepot/src/codepot/controllers/code.php
@ -26,6 +26,57 @@ class Code extends Controller
 		$this->lang->load ('code', CODEPOT_LANG); 
 	}
 	private function _can_read ($pm, $projectid, $login)
 	{
 		if ($login['sysadmin?']) return TRUE;
 		$userid = $login['id'];
 		if ($pm->projectIsPublic($projectid)) 
 		{
 			if (strcasecmp(CODEPOT_CODE_READ_ACCESS, 'anonymous') == 0) return TRUE;
 			else if (strcasecmp(CODEPOT_CODE_READ_ACCESS, 'authenticated') == 0)
 			{
 				if ($userid != '') return TRUE;
 			}
 			else if (strcasecmp(CODEPOT_CODE_READ_ACCESS, 'member') == 0)
 			{
 				if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
 			}
 		}
 		else
 		{
 			// non-public project.
 			if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
 		}
 		return FALSE;
 	}
 	private function _can_write ($pm, $projectid, $login)
 	{
 		if ($login['sysadmin?']) return TRUE;
 		$userid = $login['id'];
 		if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
 		return FALSE;
 	}
 	private function _redirect_to_signin ($conv, $login, $project = NULL)
 	{
 		$userid = $login['id'];
 		if ($userid == '')
 		{
 			redirect (CODEPOT_SIGNIN_REDIR_PATH . $conv->AsciiTohex(current_url()));
 		}
 		else
 		{
 			$data['login'] = $login;
 			$data['project'] = $project;
 			$data['message'] = 'Disallowed';
 			$this->load->view ($this->VIEW_ERROR, $data);
 		}
 	}
 	function home ($projectid = '', $subdir = '', $rev = SVN_REVISION_HEAD)
 	{
 		return $this->file ($projectid, $subdir, $rev);
@ -39,7 +90,11 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -61,10 +116,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getFile ($projectid, $path, $rev);
@ -173,7 +230,10 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -195,10 +255,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getBlame ($projectid, $path, $rev);
@ -251,7 +313,10 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -273,10 +338,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getFile ($projectid, $path, $rev);
@ -447,10 +514,11 @@ class Code extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//        $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -515,10 +583,11 @@ class Code extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -574,10 +643,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$tag = $this->converter->HexToAscii ($tag);
@ -623,10 +694,11 @@ class Code extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else if ($login['id'] != $this->subversion->getRevProp($projectid, $rev, 'svn:author'))
 			{
@ -681,10 +753,11 @@ class Code extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			//else if ($login['id'] != $this->subversion->getRevProp($projectid, $rev, 'svn:author'))
 			//{
@ -744,10 +817,11 @@ class Code extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -812,10 +886,11 @@ class Code extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -924,7 +999,10 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -946,10 +1024,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getHistory ($projectid, $path, $rev);
@ -993,8 +1073,6 @@ class Code extends Controller
 				$data['next_revision'] =
 					$this->subversion->getNextRev ($projectid, $path, $rev);
 				$data['review_count'] = 
 				$this->load->view ($this->VIEW_HISTORY, $data);
 			}
 		}
@ -1008,7 +1086,10 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -1035,10 +1116,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getRevHistory ($projectid, $path, $rev);
@ -1156,7 +1239,10 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -1178,10 +1264,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getDiff ($projectid, $path, $rev1, $rev2, $full);
@ -1248,7 +1336,10 @@ class Code extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$path = $this->converter->HexToAscii ($path);
@ -1270,10 +1361,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->subversion->getFile ($projectid, $path, $rev);
@ -1414,10 +1507,13 @@ class Code extends Controller
 	{
 		$this->load->model ('ProjectModel', 'projects');
 		$this->load->model ('SubversionModel', 'subversion');
-	
+
 		$login = $this->login->getUser ();
 		if ((CODEPOT_SIGNIN_COMPULSORY || CODEPOT_SIGNIN_FOR_CODE_SEARCH) && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$project = $this->projects->get ($projectid);
 		if ($project === FALSE)
@ -1436,10 +1532,12 @@ class Code extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			//if ($project->public !== 'Y' && $login['id'] == '')
 			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return 0;
 			}
 			$this->_search_code ($project, $login);
@ -1465,7 +1563,8 @@ class Code extends Controller
 		}
 		$project = $this->projects->get ($projectid);
-		if ($project === FALSE || ($project->public !== 'Y' && $login['id'] == ''))
+		//if ($project === FALSE || ($project->public !== 'Y' && $login['id'] == ''))
 		if ($project === FALSE || !$this->_can_read ($this->projects, $projectid, $login))
 		{
 			header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found'); 
 			return;
@ -1477,7 +1576,6 @@ class Code extends Controller
 		if ($path == '.') $path = ''; /* treat a period specially */
 		$path = $this->_normalize_path ($path);
 		if ($type == 'cloc-file')
 		{
 			// number of lines in a single file
--- a/codepot/src/codepot/controllers/file.php
+++ b/codepot/src/codepot/controllers/file.php
@ -19,6 +19,57 @@ class File extends Controller
 		$this->lang->load ('file', CODEPOT_LANG);
 	}
 	private function _can_read ($pm, $projectid, $login)
 	{
 		if ($login['sysadmin?']) return TRUE;
 		$userid = $login['id'];
 		if ($pm->projectIsPublic($projectid)) 
 		{
 			if (strcasecmp(CODEPOT_FILE_READ_ACCESS, 'anonymous') == 0) return TRUE;
 			else if (strcasecmp(CODEPOT_FILE_READ_ACCESS, 'authenticated') == 0)
 			{
 				if ($userid != '') return TRUE;
 			}
 			else if (strcasecmp(CODEPOT_FILE_READ_ACCESS, 'member') == 0)
 			{
 				if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
 			}
 		}
 		else
 		{
 			// non-public project.
 			if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
 		}
 		return FALSE;
 	}
 	private function _can_write ($pm, $projectid, $login)
 	{
 		if ($login['sysadmin?']) return TRUE;
 		$userid = $login['id'];
 		if ($userid != '' && $pm->projectHasMember($projectid, $userid)) return TRUE;
 		return FALSE;
 	}
 	private function _redirect_to_signin ($conv, $login, $project = NULL)
 	{
 		$userid = $login['id'];
 		if ($userid == '')
 		{
 			redirect (CODEPOT_SIGNIN_REDIR_PATH . $conv->AsciiTohex(current_url()));
 		}
 		else
 		{
 			$data['login'] = $login;
 			$data['project'] = $project;
 			$data['message'] = 'Disallowed';
 			$this->load->view ($this->VIEW_ERROR, $data);
 		}
 	}
 	function home ($projectid = '')
 	{
 		$this->load->model ('ProjectModel', 'projects');
@ -26,7 +77,10 @@ class File extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$project = $this->projects->get ($projectid);
@ -44,10 +98,11 @@ class File extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$files = $this->files->getAll ($login['id'], $project);
@ -73,7 +128,10 @@ class File extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$name = $this->converter->HexToAscii ($name);
@ -93,10 +151,11 @@ class File extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->files->get ($login['id'], $project, $name);
@ -129,7 +188,10 @@ class File extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+		{
 			$this->_redirect_to_signin($this->converter, $login);
 			return;
 		}
 		$data['login'] = $login;
 		$name = $this->converter->HexToAscii ($name);
@ -149,10 +211,11 @@ class File extends Controller
 		}
 		else
 		{
-			if ($project->public !== 'Y' && $login['id'] == '')
+			if (!$this->_can_read ($this->projects, $projectid, $login))
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				$this->_redirect_to_signin($this->converter, $login, $project);
 				return;
 			}
 			$file = $this->files->fetchFile ($login['id'], $project, $name);
@ -260,10 +323,11 @@ class File extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -362,10 +426,11 @@ class File extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -444,10 +509,11 @@ class File extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -528,10 +594,11 @@ class File extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -540,7 +607,6 @@ class File extends Controller
 				$file->tag = $this->input->post('file_edit_tag');
 				$file->description = $this->input->post('file_edit_description');
 				if ($file->name === FALSE || ($file->name = trim($file->name)) == '')
 				{
 					$status = 'error - no name';
@ -594,10 +660,11 @@ class File extends Controller
 			{
 				$status = "error - no such project {$projectid}";
 			}
-			else if (!$login['sysadmin?'] && 
+			//else if (!$login['sysadmin?'] && 
-			         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
+			//         $this->projects->projectHasMember($projectid, $login['id']) === FALSE)
 			else if (!$this->_can_write ($this->projects, $projectid, $login))
 			{
-				$status = "error - not a member {$login['id']}";
+				$status = "error - disallowed";
 			}
 			else
 			{
@ -623,8 +690,6 @@ class File extends Controller
 		print $status;
 	}
 }
 ?>
--- a/codepot/src/codepot/controllers/graph.php
+++ b/codepot/src/codepot/controllers/graph.php
@ -37,7 +37,7 @@ class Graph extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		//$path = $this->converter->HexToAscii ($path);
@ -62,7 +62,7 @@ class Graph extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$data['project'] = $project;
--- a/codepot/src/codepot/controllers/issue.php
+++ b/codepot/src/codepot/controllers/issue.php
@ -28,7 +28,7 @@ class Issue extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		$project = $this->projects->get ($projectid);
@ -49,7 +49,7 @@ class Issue extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			if ($filter == '')
@ -150,7 +150,7 @@ class Issue extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		if ($hexid == '')
@ -827,7 +827,7 @@ class Issue extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$att = $this->wikis->getAttachment ($login['id'], $project, $wikiname, $name);
@ -914,7 +914,7 @@ class Issue extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$att = $this->issues->getFile ($login['id'], $project, $issueid, $filename);
@ -985,7 +985,7 @@ class Issue extends Controller
 		//
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		if ($issueid == '' || $filename == '')
 		{
--- a/codepot/src/codepot/controllers/project.php
+++ b/codepot/src/codepot/controllers/project.php
@ -32,7 +32,7 @@ class Project extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		if ($filter == '')
@ -125,7 +125,7 @@ class Project extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '') 
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
@ -147,7 +147,7 @@ class Project extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$log_entries = $this->logs->getEntries (
@ -275,7 +275,7 @@ class Project extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$project = new stdClass();
 		$project->id = $projectid;
@ -295,7 +295,7 @@ class Project extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$project = $this->projects->get ($projectid);
 		if ($project === FALSE)
@ -394,7 +394,7 @@ class Project extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$project = $this->projects->get ($projectid);
 		if ($project === FALSE)
--- a/codepot/src/codepot/controllers/site.php
+++ b/codepot/src/codepot/controllers/site.php
@ -37,7 +37,7 @@ class Site extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$this->load->model ('SiteModel', 'sites');
 		$this->load->model ('ProjectModel', 'projects');
@ -149,7 +149,7 @@ class Site extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$this->load->model ('SiteModel', 'sites');
@ -173,7 +173,7 @@ class Site extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$this->load->model ('SiteModel', 'sites');
@ -280,7 +280,7 @@ class Site extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		if (!$login['sysadmin?'])
 		{
@ -305,7 +305,7 @@ class Site extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$site = $this->sites->get ($siteid);
 		if ($site === FALSE)
@ -397,7 +397,7 @@ class Site extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$site = $this->sites->get ($siteid);
 		if ($site === FALSE)
@ -566,7 +566,7 @@ class Site extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
@ -588,7 +588,7 @@ class Site extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
--- a/codepot/src/codepot/controllers/wiki.php
+++ b/codepot/src/codepot/controllers/wiki.php
@ -31,7 +31,7 @@ class Wiki extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		$project = $this->projects->get ($projectid);
@ -52,7 +52,7 @@ class Wiki extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$wikis = $this->wikis->getAll ($login['id'], $project);
@ -78,7 +78,7 @@ class Wiki extends Controller
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		if ($name == '')
@ -108,7 +108,7 @@ class Wiki extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$link = $this->wikihelper->parseLink (
@ -186,7 +186,7 @@ class Wiki extends Controller
 		$login = $this->login->getUser ();
 		if ($login['id'] == '') 
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		$data['login'] = $login;
 		$name = $this->converter->HexToAscii ($name);
@ -319,7 +319,7 @@ class Wiki extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$att = $this->wikis->getAttachment ($login['id'], $project, $wikiname, $name);
@ -406,7 +406,7 @@ class Wiki extends Controller
 			if ($project->public !== 'Y' && $login['id'] == '')
 			{
 				// non-public projects require sign-in.
-				redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+				redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 			}
 			$att = $this->issues->getFile ($login['id'], $project, $issueid, $filename);
@ -472,7 +472,7 @@ class Wiki extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		if ($target == '')
 		{
@ -519,7 +519,7 @@ class Wiki extends Controller
 	{
 		$login = $this->login->getUser ();
 		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
-			redirect ("main/signin/" . $this->converter->AsciiTohex(current_url()));
+			redirect (CODEPOT_SIGNIN_REDIR_PATH . $this->converter->AsciiTohex(current_url()));
 		if ($wikiname == '' || $filename == '')
 		{
--- a/codepot/src/config.php.in
+++ b/codepot/src/config.php.in
@ -7,6 +7,8 @@ define ('CODEPOT_WWW_DIR',   '@WWWDIR@');
 define ('CODEPOT_LOG_DIR',   '@LOGDIR@/'); // this requires a trailing slash
 define ('CODEPOT_CACHE_DIR', '@CACHEDIR@');
 define ('CODEPOT_SIGNIN_REDIR_PATH', 'main/signin/');
 function load_ini ($file)
 {
 	if (defined('INI_SCANNER_RAW'))
@ -31,6 +33,9 @@ function load_ini ($file)
 		array ('index_page',                   'string',     'index.php'),
 		array ('signin_compulsory',            'boolean',    FALSE),
 		array ('code_read_access',             'string',     'anonymous'),
 		array ('file_read_access',             'string',     'anonymous'),
 		array ('https_compulsory',             'boolean',    FALSE),
 		array ('https_url',                    'string',     'https://${SERVER_NAME}${REQUEST_URI}'),
 		array ('api_base_url',                 'string',     'http://127.0.0.1'),
@ -108,6 +113,7 @@ function load_ini ($file)
 		array ('svn_restriction_allowed_subdir_depth_min', 'integer',     0),
 		array ('svn_restriction_allowed_subdir_depth_max', 'integer',     0),
 		// this item is used by the codepot-user command.
 		array ('codepot_user_executor',                    'string',      'root'),
 	);
--- a/codepot/src/js/Makefile.in
+++ b/codepot/src/js/Makefile.in
@ -186,7 +186,6 @@ www_DATA = \
 	pdf.worker.min.js \
 	webodf.js
 EXTRA_DIST = $(www_DATA)
 all: all-recursive