catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)
Main RocketGit repo
Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 v0.71 v0.72 v0.73 v0.77 v0.78 v0.79 v0.80 group1/branch1 group2/subgroup1/branch2 main master release
List of commits:
Subject Hash Author Date (UTC)
Checkpoint c4115b92bd328d7b6931d2854f63d0fe7e685aad Catalin(ux) M. BOIE 2014-10-09 17:35:54
Checkpoint d27058ed0323fbe336584a1155c4c02489ee641d Catalin(ux) M. BOIE 2014-10-08 18:52:24
WIP c393b624a4544dd58b7c3a6c9e09bf5d94fba6c1 Catalin(ux) M. BOIE 2014-09-23 03:01:33
Checkpoint: added path rights and fixed mail sending 24aa6660e6ee2530739545da09869b116c77df3b Catalin(ux) M. BOIE 2014-09-07 07:12:43
Checkpoint c769943b7cd003725a18731a1723616010582d50 Catalin(ux) M. BOIE 2014-09-06 05:43:17
Checkpoint after a lot of pause 53c17f78a3d70e22165de311ff56b094cb3b1096 Catalin(ux) M. BOIE 2014-04-14 18:23:27
Checkpoint - mostly fixes for tests and switch to sql_params 28830fcf28cf8f3ae0f59bf1205281820df1307a Catalin(ux) M. BOIE 2013-07-16 19:42:15
Bulk changes all over the place. 69bd7667ac66a02ae3734ddb2f1eb8eec526e3bf Catalin(ux) M. BOIE 2013-04-21 06:40:27
Fixed repo search: ui['admin'] may not be defined 48794821cb9a4ea8fa793144256ac916b1554bf2 Catalin(ux) M. BOIE 2013-02-18 19:37:31
Several changes. Bump version to 0.18 57269df7b88cd6cbb0c2569c6e14d94887c6ca40 Catalin(ux) M. BOIE 2013-02-17 10:10:48
Bump the version 753abba3b1f6caac8f96d801e5a5d1786023aa2f Catalin(ux) M. BOIE 2013-02-05 19:40:38
Checkpoint 16a893cae9b7754a3e9ff9a0f380c00ccc52a907 Catalin(ux) M. BOIE 2013-02-05 19:35:48
Bulk fixes 30f559c9d7701b0a06344f286f113e154a39805b Catalin(ux) M. BOIE 2013-01-06 00:24:33
Removed some debug stuff. d17e0d454e7e1cad1b350139e0770e7450ee9331 Catalin(ux) M. BOIE 2012-12-02 21:00:30
Apply conditionals before replacing variables! 3d5b7d5fcc11734f9623a3d6ff0aaa8a332b6bdb Catalin(ux) M. BOIE 2012-12-02 20:58:43
More fixes for 'fixes' infrastructure 831af837ca9e7fcf56bef81d1831c3150afa7de8 Catalin(ux) M. BOIE 2012-12-01 21:58:30
Fixes infrastructure; bug fixing c282b19dcb975b1e90a4eaacfe4c126364f6e054 Catalin(ux) M. BOIE 2012-12-01 21:01:23
First round of notifications 561943c9bfd37fcf2b3c53724af2c8145d76d664 Catalin(ux) M. BOIE 2012-11-18 12:03:28
Repo history added 888934152ff5c2f2dafae9e598cf93ab6f377dba Catalin(ux) M. BOIE 2012-11-09 22:39:08
git clone fixes and other stuff dbe6ddaddfc735c8a6fef126ba90cdb2a98fe631 Catalin(ux) M. BOIE 2012-11-07 19:19:38
Commit c4115b92bd328d7b6931d2854f63d0fe7e685aad - Checkpoint
Author: Catalin(ux) M. BOIE
Author date (UTC): 2014-10-09 17:35
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2014-10-13 16:16
Parent(s): d27058ed0323fbe336584a1155c4c02489ee641d
Signer:
Signing key:
Signing status: N
Tree: 5d0aa522a4b85a57325b2d1c9f9f05bc4ef45c67
File Lines added Lines deleted
README 6 5
TODO 105 36
TODO-plans 1 1
docs/rights.txt 27 0
hooks/post-receive 1 0
hooks/pre-commit 1 0
hooks/pre-receive 1 0
hooks/update 17 1
inc/admin/admin.php 7 21
inc/admin/plans/plans.php 6 17
inc/admin/repos/repos.php 2 2
inc/admin/users/users.php 8 8
inc/bug.inc.php 247 168
inc/dispatch/dispatch.php 9 7
inc/events.inc.php 6 4
inc/feedback/suggestion.php 8 7
inc/fixes.inc.php 44 0
inc/git.inc.php 60 21
inc/init.inc.php 8 4
inc/keys.inc.php 19 16
inc/log.inc.php 2 1
inc/login/login.php 6 5
inc/mr.inc.php 15 9
inc/plan.inc.php 46 51
inc/repo.inc.php 613 267
inc/repo/repo.php 14 82
inc/rights.inc.php 369 75
inc/sess.inc.php 28 23
inc/sql.inc.php 22 1
inc/ssh.inc.php 11 6
inc/state.inc.php 6 6
inc/struct.inc.php 54 4
inc/token.inc.php 11 11
inc/user.inc.php 151 143
inc/user/confirm.php 4 4
inc/user/forgot.php 9 10
inc/user/forgot_send.php 3 3
inc/user/home-page.php 3 3
inc/user/keys/keys.php 13 8
inc/user/pass/pass.php 12 14
inc/user/repo-page.php 29 42
inc/user/repo/bug/main.php 20 15
inc/user/repo/bug/search/search.php 7 6
inc/user/repo/bug/show/add_note.php 6 5
inc/user/repo/bug/show/show.php 81 22
inc/user/settings.php 9 24
inc/util.inc.php 77 102
inc/watch.inc.php 27 23
root/index.php 32 64
root/themes/default/admin/menu.html 7 0
root/themes/default/admin/plans/add_edit.html 20 21
root/themes/default/admin/plans/menu.html 2 3
root/themes/default/hints/repo/edit_repo_path_rights.html 2 6
root/themes/default/hints/repo/edit_repo_refs_rights.html 4 9
root/themes/default/hints/repo/edit_repo_rights.html 1 11
root/themes/default/hints/repo/merge.html 0 1
root/themes/default/hints/ssh/key.html 1 1
root/themes/default/index.html 16 3
root/themes/default/mail/user/key/del.body.txt 0 2
root/themes/default/mail/user/key/new.body.txt 0 2
root/themes/default/mail/user/repo/bug/new.body.txt 0 2
root/themes/default/mail/user/repo/bug/new_note.body.txt 0 2
root/themes/default/mail/user/repo/del.body.txt 0 2
root/themes/default/mail/user/repo/new.body.txt 0 2
root/themes/default/mail/user/repo/update.body.txt 0 2
root/themes/default/mail/user/welcome.body.txt 1 1
root/themes/default/repo/add_edit.html 15 14
root/themes/default/repo/bug/b_close.html 1 1
root/themes/default/repo/bug/b_edit.html 1 1
root/themes/default/repo/bug/b_reopen.html 1 1
root/themes/default/repo/bug/b_unwatch.html 1 1
root/themes/default/repo/bug/b_watch.html 1 1
root/themes/default/repo/bug/bug_add_edit.html 12 10
root/themes/default/repo/bug/deleted.html 1 1
root/themes/default/repo/bug/deny_close.html 1 1
root/themes/default/repo/bug/deny_delete.html 1 1
root/themes/default/repo/bug/deny_edit.html 1 1
root/themes/default/repo/bug/deny_reopen.html 1 1
root/themes/default/repo/bug/list/line.html 7 7
root/themes/default/repo/bug/list/nodata.html 1 1
root/themes/default/repo/bug/not_found.html 1 1
root/themes/default/repo/bug/note_add.html 1 1
root/themes/default/repo/bug/search/search.html 1 1
root/themes/default/repo/bug/show.html 17 7
root/themes/default/repo/create_ok.html 2 1
root/themes/default/repo/edit_ok.html 1 0
root/themes/default/repo/fstat/nodata.html 1 1
root/themes/default/repo/history/header.html 4 0
root/themes/default/repo/history/nodata.html 1 1
root/themes/default/repo/list/header.html 1 1
root/themes/default/repo/list/line.html 1 1
root/themes/default/repo/list/nodata.html 2 2
root/themes/default/repo/log/nodata.html 1 1
root/themes/default/repo/main.html 3 2
root/themes/default/repo/menu.html 13 4
root/themes/default/repo/mr/list/nodata.html 1 1
root/themes/default/repo/not_init.html 1 3
root/themes/default/repo/search.html 1 1
root/themes/default/repo/tree/nodata.html 1 1
root/themes/default/suggestion.html 9 1
root/themes/default/suggestion_sent.html 1 1
root/themes/default/user/add_edit.html 4 3
root/themes/default/user/create_na.html 1 1
root/themes/default/user/keys/add.html 1 1
root/themes/default/user/keys/list/header.html 2 1
root/themes/default/user/keys/list/nodata.html 1 1
root/themes/default/user/keys/remove_ok.html 1 1
root/themes/default/user/login.html 1 1
root/themes/default/user/pass.html 1 1
root/themes/default/user/pass_changed.html 1 1
root/themes/default/user/repo/delete/deny.html 3 0
root/themes/default/user/repo/delete/done.html 2 0
root/themes/default/user/repo/delete/no.html 3 1
root/themes/default/user/repo/delete/sure.html 1 1
root/themes/default/user/repo/deny.html 1 1
root/themes/default/user/repo/deny_edit.html 1 1
root/themes/default/user/repo/menu.html 5 3
root/themes/default/user/repo/rights/delete_ok.html 1 1
root/themes/default/user/repo/rights/deny.html 1 1
root/themes/default/user/repo/rights/form_repo.html 8 23
root/themes/default/user/repo/rights/form_repo_path.html 5 5
root/themes/default/user/repo/rights/form_repo_refs.html 12 23
root/themes/default/user/repo/rights/grant_ok.html 3 0
root/themes/default/user/repo/rights/list_repo/header.html 7 4
root/themes/default/user/repo/rights/list_repo/line.html 6 4
root/themes/default/user/repo/rights/list_repo_path/header.html 2 2
root/themes/default/user/repo/rights/list_repo_path/line.html 1 2
root/themes/default/user/repo/rights/list_repo_refs/footer.html 0 0
root/themes/default/user/repo/rights/list_repo_refs/header.html 0 0
root/themes/default/user/repo/rights/list_repo_refs/line.html 0 1
root/themes/default/user/repo/rights/list_repo_refs/nodata.html 0 0
root/themes/default/user/settings/menu.html 7 0
scripts/remote.php 12 20
selinux/rocketgit.fc 1 1
selinux/rocketgit.te 3 1
tests/Makefile 1 1
tests/bug.php 9 40
tests/cache.php 2 0
tests/common.php 35 0
tests/event.php 0 30
tests/keys.php 0 35
tests/repo.php 48 59
tests/rights.php 93 7
tests/sql.php 19 9
tests/state.php 0 18
tests/themes/util/t3/c6b 1 1
tests/themes/util/t3/c9 7 12
tests/user.php 0 30
tests/util.php 50 3
File README changed (mode: 100644) (index 98557b0..bac3d29)
19 19 - It is recommended to NOT install rocketgit on a multiuser machine. - It is recommended to NOT install rocketgit on a multiuser machine.
20 20 There are some things that should be fixed first. We are working on it. There are some things that should be fixed first. We are working on it.
21 21
22 . Prepare SELinux
23 # setsebool -P \
24 httpd_can_network_connect_db=on \
25 httpd_can_network_memcache=on \
26 httpd_can_sendmail=on
27
22 28 . Edit /etc/rocketgit/config.php . Edit /etc/rocketgit/config.php
23 29 . Edit /etc/httpd/conf.d/rocketgit.conf . Edit /etc/httpd/conf.d/rocketgit.conf
24 30
 
67 73 . Run instalation script . Run instalation script
68 74 # php /usr/share/rocketgit/admin/init.php # php /usr/share/rocketgit/admin/init.php
69 75
70 . SELinux
71 # setsebool -P httpd_can_network_connect_db on
72 # setsebool -P httpd_can_network_memcache on
73 # setsebool -P httpd_can_sendmail on
74
75 76 . Edit firewall to permit port ssh, git, http and https . Edit firewall to permit port ssh, git, http and https
76 77 In /etc/sysconfig/iptables (IPv4) or ip6tables (IPv6), add something In /etc/sysconfig/iptables (IPv4) or ip6tables (IPv6), add something
77 78 like this: like this:
File TODO changed (mode: 100644) (index c41a4fb..ab5038b)
1 == Where I stopped last time ==
2 [ ] rg_git_files
3 [ ] We must test in HL functions if we have rights, not in rg_user_remove & co.
4 [ ] For repo_refs, we must test also the ref. Sometime, we do not have it,
5 so, test it for FALSE.
6 [ ] Not clear what uid we have in:
7 "$a['uid'] = @sprintf("%u", getenv("ROCKETGIT_UID"));"
8 [ ] I should set 'display_errors' to OFF.
9 [ ] remote.php: what rights need to check?
10 ROCKETGIT_REPO_RIGHTS is gone. We must use rg_repo_allow (a['rights'])
11 Probably all hooks need db connection and loading rights.
12 [ ] The caller of rg_user_make_admin must check rights for administering repo.
13 [ ] What right is "Access repo"?!
14 [ ] We must return error if a user tries to drop 'fetch' for a public repo.
15 But if the user switch it to be private repo? It's the user problem.
16 [ ] Special case: rights are empty and repo is public. Should I test
17 default rights only? Same with private repos.
18 [ ] Remove rg_menu stuff (replaced with templates).
19 [ ] The rights stuff is a mess. Redesign it.
20 [ ] Still checking rights stuff of a simple user for a repo.
21 [ ] Run hook_update.sh test. It not passes anymore.
22 [ ] In progress of adding 'public' to repo and removing 'default_rights'.
23 [ ] I have to define what means a 'public' repo: fetch + see bugtracker?
24 [ ] In the process to remove 'ri.rights_text' and replace by 'public'.
25 [ ] How to prevent a user to cut his access from an IP? Maybe admin should not
26 filter by IP.
27 [ ] Entering an IP for rights: must allow multiple IPs, comma/enter separated.
28 [ ] If a project is private and the admin gives "Access repo" to a user,
29 that user sees the repo as public.
30 [ ] Maybe add db.users.last_ip_failed? Or the history is enough?
31 [ ] db.users.last_ip is used for last IP used for login?
32 [ ] repos.disk_quota_mb must be dropped and do a lookup in plan.
1 33 [ ] Integrate max_public/private_repos into HL. [ ] Integrate max_public/private_repos into HL.
2 34 [ ] Allow specifying base language for a project. [ ] Allow specifying base language for a project.
3 35 [ ] Allow specifying license for a project. [ ] Allow specifying license for a project.
4 36 [ ] When changind db structure, invalidate all caches. [ ] When changind db structure, invalidate all caches.
5 37 [ ] Check with owasp about html escaping. I do now htmlspecialchars -> [ ] Check with owasp about html escaping. I do now htmlspecialchars ->
6 db -> HTML:nl2br()
7 [ ] Log also the last IP used.
8
9 == Plans for repo redesign ==
10 Because we can have a project without a repository, for example only with
11 bugtracker, we need to redesign the interface.
12
13 We need to have projects, where you can attach: a repo, a bugtracker
14 and/or a mailing list.
15
16 We need rights to admin/create/delete/grant_rights against repo/bugtracker/mailing list.
17 Pay attention. A project has an owner. Without "admin" rights, you cannot
18 deal with the rest of
19 A project is public/private.
20 A repository/bt/ml link with a project.
21
22 We begin with an admin user. We have no projects, so no repo/bt/ml.
23 Admin user will create a user for a team-leader.
24 Two cases:
25 1. Allow user to create project
26 So, we need "CREATE PROJECTS" right.
27 2. Create project for him
28 So, what rights should we give to him? "ADMIN PROJECT"?
29 We should split"ADMIN" in finer rights: "DELETE PROJECT",
30 "CREATE/DELETE/LOCK REPO",
31 "CREATE/DELETE/LOCK BT",
32 "CREATE/DELETE/LOCK ML".
33 "LOCK" means that it will become read-only.
34
35 Now, team-leader has a project.
36 Two cases:
37 1. Give "CREATE REPO" rights to a team member.
38 2. Creates the repo and give rights to user.
38 db -> HTML:nl2br()
39 [ ] When we will switch to C, check UTF-8 validation.
40 [ ] Log also the last IP used. Where? For push? This will be in history.
41 [ ] Check http://blog.wikichoon.com/2014/04/github-doesnt-support-pull-request.html
39 42
40 43 == BEFORE NEXT RELEASE == == BEFORE NEXT RELEASE ==
44 [ ] Implement a basic regular expression parser.
45 [ ] Use an 'indent' string per repo and (optionally) enforce it.
46 [ ] Should we use a more restrictive umask?
47 [ ] In some places we have rg_event_add and then COMMIT. The event processing
48 loop may loose the last transaction. :(
49 [ ] Remove rg_repo_rights_*. Seems we cannot because we test if
50 ri.uid == login_ui.uid, that we cannot do in rg_rights_get.
51 Maybe if we pass the owner of a resource to rg_rights_get.
52 [ ] $user -> $rg['user']
53 [ ] $repo -> $rg['repo']
54 [ ] $org... -> $rg['org...']
55 [ ] Seems that for tests we do not have a log file, but is specified in the file!
56 [ ] Doar unele functii high-level ar trebui sa aiba pasat $rg-ul.
57 Restul, nu!
58 [ ] rg_re_repopage($rg)?
59 [ ] We may have a problem creating bugs. We must test for failures at every
60 step.
61 [ ] Rights: for public repos, we make a prio 0 rule to allow fetch (maybe other rights).
62 It will not be in database, it will be generated if repo is public.
63 If repo is becoming private, that rule will not be inserted anymore.
64 [ ] When listing repos, check the rights!
65 For example, a user is allowed to edit a repo, but is not the owner.
66 It is not enough to check 'public = 1'. This may generate a lots
67 of lookups for rights. :( Not if we cache the whole rights list.
68 [ ] Add a reason for suspended accounts? Maybe also for other operations?
69 [ ] We should add 'rights.who' to record who gave that right. May be more
70 admins for the same repo.
71 [ ] 'users.rights' is still used?!
41 72 [ ] Maybe add an indirection level: Projects. Because an admin may use [ ] Maybe add an indirection level: Projects. Because an admin may use
42 73 rocketgit only for the bug tracker, for example. Or only for mailing rocketgit only for the bug tracker, for example. Or only for mailing
43 74 list. So, "Repositories" will become "Projects". Hm. list. So, "Repositories" will become "Projects". Hm.
 
... ... Admin user will create a user for a team-leader.
73 104 - Should I add "Create users right"? - Should I add "Create users right"?
74 105 - Repo rights: I should split admin into: "edit repo", "delete repo", - Repo rights: I should split admin into: "edit repo", "delete repo",
75 106 "give rights" (should limit to his rights), "fill bugs", "give rights" (should limit to his rights), "fill bugs",
76 "close bugs",
107 "close bugs",
77 108 - Repo rights: allow "*" as user: default rights. - Repo rights: allow "*" as user: default rights.
78 109 - Very tempting to give up "register_rights" function and have the - Very tempting to give up "register_rights" function and have the
79 110 form as template. But I have to list them, join them etc. Hm. form as template. But I have to list them, join them etc. Hm.
 
... ... Admin user will create a user for a team-leader.
92 123 [ ] Allow comma separated users for grant rights. [ ] Allow comma separated users for grant rights.
93 124 [ ] Loading defaults for refs_rights seems to not working. [ ] Loading defaults for refs_rights seems to not working.
94 125 [ ] Secure transport X in configuratia de apache. Sau in index.php? [ ] Secure transport X in configuratia de apache. Sau in index.php?
95 [ ]
96 126
97 127 == BEFORE NEXT-NEXT RELEASE == == BEFORE NEXT-NEXT RELEASE ==
128 [ ] mcr@sandelman.ca: It would be nice if github could be told to reject
129 and/or mark files that have whitespace errors.
130 [ ] Transform user/bug/* into high level functions.
131 [ ] Maybe, when user is not logged in, on the "Repositories" main menu
132 show most active projects, the bigest ones, recent ones and
133 search form. And remove menu "List" + "Search".
134 Or, maybe the first page to contain best repos and search form.
135 [ ] Add possibility to change user time zone.
136 [ ] At least for notes, add also y/m/d/h/m/s 'ago' next to exact time
137 [ ] We need a matrix testing with:
138 unlogged in user, loggedin user, owner
139 vs
140 public_repo, private_repo, private_repo_with_rights for logged in user
141 We can use a custom theme dir that contains IDs to be able to
142 detect if we give errors. Or just match the english string.
143 [ ] I may check in the main php if doit == 1 nad token is valid!
144 [ ] I may do a function rg_generic_edit_high_level with an array, as parameter,
145 with functions to call for different stuff.
146 [ ] Do not redirect to login page if the user is logged in!
147 [ ] 'Contact owner'
148 [ ] When editing a repo, we should not pass 'master' as parameter!
149 [ ] Delay events processing if load is too big. Maybe same with crons?
150 [ ] Test (EXPLAIN) that rights_i_type_obj_id is used.
151 [ ] Admin should be able to stop queue processing.
152 [ ] When we delete a repo, we must delete also rights and bugs etc. Same
153 for a user deletion.
154 [ ] rights.misc2 is not used now. Drop it.
155 [ ] How do we set rg_git_host? Now it shows r1i!
156 [ ] bugs: when I edit a bug, if I wrongly insert a field, description is
157 htmlized again (< -> &lt;)! Probably in many other places.
158 [ ] bugs: we must be able to delete bugs.
159 [ ] Do not test if we watch a bug if the bug is new.
160 [ ] repo-home->"Lock repo" + hint=(options to block fetches/commits/bug/etc.)
161 and with reason that is logged in history and shown on access.
162 Also, admin must have lock power and a reason.
163 [ ] When sending mails, add also who did the operation. For example, delete
164 repo. It may not be the same person that created it!
165 [ ] Add a description field for rights and keys. Maybe other places.
166 [ ] Check http://nvie.com/posts/a-successful-git-branching-model/
98 167 [ ] After resetting password, go to the login form, with user prefiled so the user can cache the password. [ ] After resetting password, go to the login form, with user prefiled so the user can cache the password.
99 168 [ ] Add number of bugs multiplied with a value to total disk space. [ ] Add number of bugs multiplied with a value to total disk space.
100 169 [ ] How should I verify repo rights? [ ] How should I verify repo rights?
 
... ... Admin user will create a user for a team-leader.
162 231 Maybe redirect to user page? Only if there is no need to confirm. Maybe redirect to user page? Only if there is no need to confirm.
163 232 What about lock_ip? What about lock_ip?
164 233 [ ] Where to check if plan exists (rg_user_edit_high_level)? [ ] Where to check if plan exists (rg_user_edit_high_level)?
234 [ ] SSH keys: add from what IP the key was uploaded?
165 235
166 236 == Medium == == Medium ==
167 237 [ ] Add hit/miss stats to caches. [ ] Add hit/miss stats to caches.
 
... ... Admin user will create a user for a team-leader.
259 329 [ ] We should have a log with logins, not only last_login per user. [ ] We should have a log with logins, not only last_login per user.
260 330 So, we should have an event on login and explode it in several queries. So, we should have an event on login and explode it in several queries.
261 331 Also session may be updated from this event, but still with a 1 min gap. Also session may be updated from this event, but still with a 1 min gap.
262 [ ] Max commit size must be added per repo.
263 332 [ ] A script to check if all CSS classes in templates are present in css file. [ ] A script to check if all CSS classes in templates are present in css file.
264 333 [ ] Export/import a repo (xml maybe). [ ] Export/import a repo (xml maybe).
265 334 [ ] Add groups. [ ] Add groups.
File TODO-plans changed (mode: 100644) (index 36bd2a4..5faef51)
... ... and/or a mailing list.
15 15
16 16 We need rights to admin/create/delete/grant_rights against repo/bugtracker/mailing list. We need rights to admin/create/delete/grant_rights against repo/bugtracker/mailing list.
17 17 Pay attention. A project has an owner. Without "admin" rights, you cannot Pay attention. A project has an owner. Without "admin" rights, you cannot
18 deal with the rest of
18 deal with the rest of
19 19 A project is public/private. A project is public/private.
20 20 A repository/bt/ml link with a project. A repository/bt/ml link with a project.
21 21
File docs/rights.txt changed (mode: 100644) (index e69de29..8108f52)
1 This document tries to explain the rights management.
2
3 We have a table for all rights types.
4 There are types for user, repo, refs etc.
5
6 The table has the following fields:
7 right_id - auto increment field, needed for editing and deletion.
8 rights - text, one letter means one right
9 misc, misc2: these are used for refs and path for 'refs' type.
10 Other types may used these fields.
11 who - Who gave the rights (uid).
12 prio - Priority of the right (for evaluation ascending ordering)
13 uid - uid of the user that the rights were granted to.
14 obj_id - opaque id of a resource. It may be the repo_id or the user_id.
15
16 We have some function to manage the rights:
17 -rg_rights_set($db, $right_id, $who, $type, $obj_id, $uid, $rights,
18 $misc, $ip, $prio)
19 Sets the rights for a type-uid-obj_id combination.
20
21 - rg_rights_load($db, $type, $obj_id)
22 Loads all rights for an object, identified by
23 type and obj_id; type may be '*' for all rights type.
24
25 - rg_rights_delete_list($db, $obj_id, $list)
26 Deletes a list of rights,
27 obtained by selecting them in the form.
File hooks/post-receive changed (mode: 100755) (index f3094ab..45cc7a2)
... ... if (empty($conf))
22 22 require_once($conf); require_once($conf);
23 23
24 24 $INC = $rg_scripts . "/inc"; $INC = $rg_scripts . "/inc";
25 require_once($INC . "/init.inc.php");
25 26 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
26 27 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
27 28 require_once($INC . "/sql.inc.php"); require_once($INC . "/sql.inc.php");
File hooks/pre-commit changed (mode: 100755) (index afb9431..b7b8ea0)
... ... if (empty($conf))
13 13 require_once($conf); require_once($conf);
14 14
15 15 $INC = $rg_scripts . "/inc"; $INC = $rg_scripts . "/inc";
16 require_once($INC . "/init.inc.php");
16 17 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
17 18 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
18 19 require_once($INC . "/sql.inc.php"); require_once($INC . "/sql.inc.php");
File hooks/pre-receive changed (mode: 100755) (index 0676a5e..3fcbce3)
... ... if (empty($conf))
19 19 require_once($conf); require_once($conf);
20 20
21 21 $INC = $rg_scripts . "/inc"; $INC = $rg_scripts . "/inc";
22 require_once($INC . "/init.inc.php");
22 23 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
23 24 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
24 25 require_once($INC . "/sql.inc.php"); require_once($INC . "/sql.inc.php");
File hooks/update changed (mode: 100755) (index b229745..068029b)
... ... if (empty($conf))
20 20 require_once($conf); require_once($conf);
21 21
22 22 $INC = $rg_scripts . "/inc"; $INC = $rg_scripts . "/inc";
23 require_once($INC . "/init.inc.php");
23 24 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
24 25 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
25 26 require_once($INC . "/sql.inc.php"); require_once($INC . "/sql.inc.php");
 
... ... rg_prof_start("hook-update");
31 32
32 33 rg_log_set_file($rg_log_dir . "/hook_update.log"); rg_log_set_file($rg_log_dir . "/hook_update.log");
33 34
35 $db = rg_sql_open($rg_sql);
36
34 37 $a = array(); $a = array();
35 38
36 39 $a['uid'] = @sprintf("%u", getenv("ROCKETGIT_UID")); $a['uid'] = @sprintf("%u", getenv("ROCKETGIT_UID"));
37 $a['rights'] = getenv("ROCKETGIT_REPO_RIGHTS");
38 40 $a['repo_id'] = getenv("ROCKETGIT_REPO_ID"); $a['repo_id'] = getenv("ROCKETGIT_REPO_ID");
39 41 $a['ip'] = getenv("ROCKETGIT_IP"); $a['ip'] = getenv("ROCKETGIT_IP");
40 42 $a['namespace'] = getenv("GIT_NAMESPACE"); $a['namespace'] = getenv("GIT_NAMESPACE");
 
... ... else
62 64 $a['new_rev_type'] = rg_git_type($a['new_rev']); $a['new_rev_type'] = rg_git_type($a['new_rev']);
63 65 rg_log("new_rev_type=" . $a['new_rev_type']); rg_log("new_rev_type=" . $a['new_rev_type']);
64 66
67 $ri = rg_repo_info($db, $a['repo_id'], 0, "");
68 if ($ri['ok'] != 1)
69 rg_git_fatal("Internal error (repo). Try again later.");
70
71 $r = rg_repo_rights_get($db, "repo_refs", $ri, $a['uid']);
72 if ($r['ok'] != 1)
73 rg_git_fatal("Internal error (refs rights). Try again later.");
74 $a['refs_rights'] = $r['list'];
75
76 $r = rg_repo_rights_get($db, "repo_path", $ri, $a['uid']);
77 if ($r['ok'] != 1)
78 rg_git_fatal("Internal error (path rights). Try again later.");
79 $a['repo_path'] = $r['list'];
80
65 81 if (strncmp($a['refname'], "refs/tags/", 10) == 0) { if (strncmp($a['refname'], "refs/tags/", 10) == 0) {
66 82 rg_git_update_tag($a); rg_git_update_tag($a);
67 83 } else if (strncmp($a['refname'], "refs/heads/", 11) == 0) { } else if (strncmp($a['refname'], "refs/heads/", 11) == 0) {
File inc/admin/admin.php changed (mode: 100644) (index 195b1a8..706e05f)
1 1 <?php <?php
2 rg_log("/inc/admin/admin");
2 rg_log("FILE: /inc/admin/admin");
3 3
4 $admin_more = $more;
4 $admin_more = $rg;
5 5 $_admin = ""; $_admin = "";
6 6
7 if ($login_ui['is_admin'] != 1) {
8 $_admin .= rg_warning("You do not have access here!");
7 if ($rg['login_ui']['is_admin'] != 1) {
8 $_admin .= rg_template("access_denied.html", $rg);
9 9 return; return;
10 10 } }
11 11
12 12 $_subop = empty($paras) ? "" : array_shift($paras); $_subop = empty($paras) ? "" : array_shift($paras);
13 13
14 // menu
15 $_m = array(
16 "plans" => array(
17 "text" => "Plans",
18 "op" => "plans"
19 ),
20 "users" => array(
21 "text" => "Users",
22 "op" => "users"
23 ),
24 "repos" => array(
25 "text" => "Repositories",
26 "op" => "repos"
27 )
28 );
29 rg_menu_add($rg_menu, $_m, $_subop);
30
31 14 switch ($_subop) { switch ($_subop) {
32 15 case 'plans': case 'plans':
33 16 include($INC . "/admin/plans/plans.php"); include($INC . "/admin/plans/plans.php");
 
... ... case 'repos': // repos
45 28 break; break;
46 29 } }
47 30
31 $rg['menu']['sub1'][$_subop] = 1;
32 $rg['HTML:submenu1'] = rg_template("admin/menu.html", $rg);
33
48 34 ?> ?>
File inc/admin/plans/plans.php changed (mode: 100644) (index 3c8a6e9..cee1baa)
1 1 <?php <?php
2 rg_log("/inc/admin/plans/plans");
2 rg_log("FILE: /inc/admin/plans/plans");
3 3
4 4 $_admin_plans = ""; $_admin_plans = "";
5 5
6 6 $_op = empty($paras) ? "list" : array_shift($paras); $_op = empty($paras) ? "list" : array_shift($paras);
7
8 // menu
9 $_m = array(
10 "list" => array(
11 "text" => "List plans",
12 "op" => "list"
13 ),
14 "add" => array(
15 "text" => "Add plan",
16 "op" => "add"
17 )
18 );
19 rg_menu_add($rg_menu, $_m, $_op);
20
21 7 switch ($_op) { switch ($_op) {
22 8 case 'list': // list case 'list': // list
23 $_admin_plans .= rg_plan_list_high_level($db, $sid, $admin_more);
9 $_admin_plans .= rg_plan_list_high_level($db, $rg);
24 10 break; break;
25 11
26 12 case 'edit': // edit case 'edit': // edit
27 13 $admin_more['id'] = empty($paras) ? 0 : array_shift($paras); $admin_more['id'] = empty($paras) ? 0 : array_shift($paras);
28 14 // no break here // no break here
29 15 case 'add': // add case 'add': // add
30 $_admin_plans .= rg_plan_edit_high_level($db, $sid, $admin_more);
16 $_admin_plans .= rg_plan_edit_high_level($db, $rg);
31 17 break; break;
32 18 } }
33 19
20 $rg['menu']['sub2'][$_op] = 1;
21 $rg['HTML:submenu2'] = rg_template("admin/plans/menu.html", $rg);
22
34 23 ?> ?>
File inc/admin/repos/repos.php changed (mode: 100644) (index 7d45a3c..3c1288c)
1 1 <?php <?php
2 rg_log("/admin/repos");
2 rg_log("FILE: /admin/repos");
3 3
4 4 $_admin_repos = ""; $_admin_repos = "";
5 5
 
... ... rg_menu_add($rg_menu, $_m, $_op);
21 21 switch ($_op) { switch ($_op) {
22 22 case 'list': // list case 'list': // list
23 23 $_uid = 0; $_uid = 0;
24 $_admin_repos .= rg_repo_list($db, "TODO: fix url", $_uid);
24 $_admin_repos .= rg_repo_list($db, $rg, "TODO: fix url", $_uid);
25 25 break; break;
26 26 } }
27 27
File inc/admin/users/users.php changed (mode: 100644) (index 92ac5e2..f43d53f)
1 1 <?php <?php
2 rg_log("/inc/admin/users/users");
2 rg_log("FILE: /inc/admin/users/users");
3 3
4 4 $_admin_users = ""; $_admin_users = "";
5 5
 
... ... $_show_list = 1;
25 25 switch ($_op) { switch ($_op) {
26 26 case 'add': // add case 'add': // add
27 27 case 'edit': // edit case 'edit': // edit
28 $more['ask_for_pass'] = 1;
29 $_admin_users .= rg_user_edit_high_level($db, $sid, $more);
28 $rg['ask_for_pass'] = 1;
29 $_admin_users .= rg_user_edit_high_level($db, $rg);
30 30 $_show_list = 0; $_show_list = 0;
31 31 break; break;
32 32
33 33 case 'suspend': case 'suspend':
34 if (!rg_user_suspend($db, $target_ui, 1))
34 if (!rg_user_suspend($db, $rg, $target_ui, 1))
35 35 $_admin_users .= rg_template("admin/users/bad_suspend.html"); $_admin_users .= rg_template("admin/users/bad_suspend.html");
36 36 break; break;
37 37
38 38 case 'unsuspend': case 'unsuspend':
39 if (!rg_user_suspend($db, $target_ui, 0))
39 if (!rg_user_suspend($db, $rg, $target_ui, 0))
40 40 $_admin_users .= rg_template("admin/users/bad_unsuspend.html"); $_admin_users .= rg_template("admin/users/bad_unsuspend.html");
41 41 break; break;
42 42
43 43 case 'make_admin': case 'make_admin':
44 if (!rg_user_make_admin($db, $target_ui, 1))
44 if (!rg_user_make_admin($db, $rg, $target_ui, 1))
45 45 $_admin_users .= rg_template("admin/users/bad_admin.html"); $_admin_users .= rg_template("admin/users/bad_admin.html");
46 46 break; break;
47 47
48 48 case 'remove_admin': case 'remove_admin':
49 if (!rg_user_make_admin($db, $target_ui, 0))
49 if (!rg_user_make_admin($db, $rg, $target_ui, 0))
50 50 $_admin_users .= rg_template("admin/users/bad_unadmin.html"); $_admin_users .= rg_template("admin/users/bad_unadmin.html");
51 51 break; break;
52 52
53 53 case 'remove': case 'remove':
54 if (!rg_user_remove($db, $target_ui))
54 if (!rg_user_remove($db, $rg, $target_ui))
55 55 $_admin_users .= rg_template("admin/users/bad_remove.html"); $_admin_users .= rg_template("admin/users/bad_remove.html");
56 56 break; break;
57 57 } }
File inc/bug.inc.php changed (mode: 100644) (index fadfa1a..3bc5292)
... ... require_once($INC . "/util.inc.php");
3 3 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/sql.inc.php"); require_once($INC . "/sql.inc.php");
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 require_once($INC . "/repo.inc.php");
6 7 require_once($INC . "/prof.inc.php"); require_once($INC . "/prof.inc.php");
7 8 require_once($INC . "/events.inc.php"); require_once($INC . "/events.inc.php");
8 9 require_once($INC . "/watch.inc.php"); require_once($INC . "/watch.inc.php");
 
... ... function rg_bug_state_select($value, $exclude)
199 200 } }
200 201
201 202 /* /*
202 * We want the bug number to be consecutive per repo.
203 * This is why we use a separate table (bugs_max) to track last id.
204 * This function must called from inside a transaction.
203 * We want the bug numbers to be consecutive per repo.
205 204 */ */
206 205 function rg_bug_next_id($db, $repo_id) function rg_bug_next_id($db, $repo_id)
207 206 { {
 
... ... function rg_bug_next_id($db, $repo_id)
209 208 rg_log("bug_next_id: repo_id=$repo_id"); rg_log("bug_next_id: repo_id=$repo_id");
210 209
211 210 $next_bug_id = FALSE; $next_bug_id = FALSE;
212 do {
213 $params = array($repo_id);
214 $sql = "UPDATE bugs_max SET last_bug_id = last_bug_id + 1"
215 . " WHERE repo_id = $1"
211 while (1) {
212 $params = array("repo_id" => $repo_id);
213 $sql = "UPDATE repos SET last_bug_id = last_bug_id + 1"
214 . " WHERE repo_id = @@repo_id@@"
216 215 . " RETURNING last_bug_id AS next_bug_id"; . " RETURNING last_bug_id AS next_bug_id";
217 216 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
218 217 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_bug_next_id($db, $repo_id)
220 219 break; break;
221 220 } }
222 221
223 $rows = rg_sql_num_rows($res);
224 if ($rows == 1) {
225 $row = rg_sql_fetch_array($res);
226 $next_bug_id = $row['next_bug_id'];
227 }
228 rg_sql_free_result($res);
229
230 if ($rows == 1)
231 break;
232
233 /* If we are here, it means that we have no entry in bugs_max. */
234
235 $sql = "LOCK TABLE bugs_max IN ACCESS EXCLUSIVE MODE";
236 $res = rg_sql_query($db, $sql);
237 if ($res === FALSE) {
238 rg_bug_set_error("cannot lock max table (" . rg_sql_error() . ")");
239 break;
240 }
241 rg_sql_free_result($res);
242
243 /*
244 * Here, another client may just did the insert and commited
245 * and we obtain the lock. So, we have to check if a insert
246 * took place.
247 */
248 $params = array($repo_id);
249 $sql = "SELECT 1 FROM bugs_max WHERE repo_id = $1";
250 $res = rg_sql_query_params($db, $sql, $params);
251 if ($res === FALSE) {
252 rg_bug_set_error("cannot select 1 from max table (" . rg_sql_error() . ")");
253 break;
254 }
255 $rows = rg_sql_num_rows($res);
222 $row = rg_sql_fetch_array($res);
223 $next_bug_id = $row['next_bug_id'];
256 224 rg_sql_free_result($res); rg_sql_free_result($res);
257
258 if ($rows == 0) {
259 // We were faster, just insert.
260 $params = array($repo_id);
261 $sql = "INSERT INTO bugs_max (repo_id, last_bug_id)"
262 . " VALUES ($1, 1)";
263 $res = rg_sql_query_params($db, $sql, $params);
264 if ($res === FALSE) {
265 rg_bug_set_error("cannot insert into max table (" . rg_sql_error() . ")");
266 break;
267 }
268 rg_sql_free_result($res);
269 $next_bug_id = 1;
270 }
271
272 /*
273 * The other client was faster than us. Just repeat
274 * the whole operation.
275 */
276 } while ($next_bug_id === FALSE);
225 break;
226 };
277 227
278 228 rg_log("\tDEBUG: next_bug_id=" . $next_bug_id); rg_log("\tDEBUG: next_bug_id=" . $next_bug_id);
279 229
 
... ... function rg_bug_vars_defaults()
303 253 function rg_bug_vars() function rg_bug_vars()
304 254 { {
305 255 $ret = array(); $ret = array();
306 $ret['bug_id'] = rg_var_str("bug_id");
307 256 $ret['title'] = rg_var_str("title"); $ret['title'] = rg_var_str("title");
308 257 $ret['body'] = rg_var_str("body"); $ret['body'] = rg_var_str("body");
309 258 $ret['state'] = rg_var_uint("state"); $ret['state'] = rg_var_uint("state");
 
... ... function rg_bug_cosmetic($db, &$row)
339 288 $row['assigned_to'] = $_ui['username']; $row['assigned_to'] = $_ui['username'];
340 289 } }
341 290
291 $row['deleted_text'] = "";
292 $row['deleted_who_text'] = "";
293 if (isset($row['deleted_who']) && ($row['deleted_who'] > 0)) {
294 $_ui = rg_user_info($db, $row['deleted_who'], "", "");
295 if ($_ui['exists'] == 1)
296 $row['deleted_who_text'] = $_ui['username'];
297
298 $row['deleted_text'] = gmdate("Y-m-d H:i", $row['deleted']);
299 }
300
342 301 $row['state_text'] = rg_bug_state($row['state']); $row['state_text'] = rg_bug_state($row['state']);
343 302 } }
344 303
304 /*
305 * Invalidate bug cache
306 * TODO: really use it! And update it in bug_edit!
307 */
308 function rg_bug_invalidate_cache($repo_id, $bug_id)
309 {
310 global $rg_bug_info_cache;
311
312 $key = $repo_id . " " . $bug_id;
313 if (isset($rg_bug_info_cache[$key]))
314 unset($rg_bug_info_cache[$key]);
315 }
316
345 317 /* /*
346 318 * Return info about a bug * Return info about a bug
347 319 */ */
 
... ... function rg_bug_info($db, $repo_id, $bug_id)
353 325 rg_prof_start("bug_info"); rg_prof_start("bug_info");
354 326 rg_log("rg_bug_info: repo_id=$repo_id bug_id=$bug_id"); rg_log("rg_bug_info: repo_id=$repo_id bug_id=$bug_id");
355 327
356 $ret = FALSE;
328 $ret = array();
329 $ret['ok'] = 0;
330 $ret['exists'] = 0;
357 331 do { do {
358 $key = $repo_id . "-" . $bug_id;
332 $key = $repo_id . " " . $bug_id;
359 333 if (isset($rg_bug_info_cache[$key])) { if (isset($rg_bug_info_cache[$key])) {
360 334 $ret = $rg_bug_info_cache[$key]; $ret = $rg_bug_info_cache[$key];
361 335 break; break;
362 336 } }
363 337
364 $params = array($repo_id, $bug_id);
338 $params = array("repo_id" => $repo_id,
339 "bug_id" => $bug_id);
365 340 $sql = "SELECT * FROM bugs" $sql = "SELECT * FROM bugs"
366 . " WHERE repo_id = $1"
367 . " AND bug_id = $2";
341 . " WHERE repo_id = @@repo_id@@"
342 . " AND bug_id = @@bug_id@@";
368 343 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
369 344 if ($res === FALSE) { if ($res === FALSE) {
370 345 rg_bug_set_error("cannot list bugs (" . rg_sql_error() . ")"); rg_bug_set_error("cannot list bugs (" . rg_sql_error() . ")");
 
... ... function rg_bug_info($db, $repo_id, $bug_id)
374 349 $rows = rg_sql_num_rows($res); $rows = rg_sql_num_rows($res);
375 350 if ($rows == 1) if ($rows == 1)
376 351 $ret = rg_sql_fetch_array($res); $ret = rg_sql_fetch_array($res);
352 $ret['ok'] = 1;
377 353 rg_sql_free_result($res); rg_sql_free_result($res);
378 354
379 355 $ret['exists'] = $rows; $ret['exists'] = $rows;
 
... ... function rg_bug_info($db, $repo_id, $bug_id)
393 369 * Add/edit a bug * Add/edit a bug
394 370 * If bug_id > 0 - edit, else add * If bug_id > 0 - edit, else add
395 371 */ */
396 function rg_bug_edit($db, $ri, $login_ui, $data)
372 function rg_bug_edit($db, $login_ui, $ri, $data)
397 373 { {
374 global $rg_bug_info_cache;
375
398 376 rg_prof_start("bug_edit"); rg_prof_start("bug_edit");
399 377 rg_log("bug_edit: data: " . rg_array2string($data)); rg_log("bug_edit: data: " . rg_array2string($data));
400 378
401 // TODO: test if user is allowed to add/edit a bug
402
403 379 $data['labels'] = isset($data['labels']) ? $data['labels'] : ""; $data['labels'] = isset($data['labels']) ? $data['labels'] : "";
404 380
405 $itime = time();
381 $now = time();
406 382 $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
407 383
408 384 $ret = FALSE; $ret = FALSE;
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
424 400 } }
425 401
426 402 if (empty($data['assigned_to'])) { if (empty($data['assigned_to'])) {
427 $assigned_uid = 0;
403 $data['assigned_uid'] = 0;
428 404 $assigned_to_text = "N/A"; $assigned_to_text = "N/A";
429 405 } else { } else {
430 406 $aui = rg_user_info($db, 0, $data['assigned_to'], ""); $aui = rg_user_info($db, 0, $data['assigned_to'], "");
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
432 408 rg_bug_set_error("user you assigned to does not exists"); rg_bug_set_error("user you assigned to does not exists");
433 409 break; break;
434 410 } }
435 $assigned_uid = $aui['uid'];
411 $data['assigned_uid'] = $aui['uid'];
436 412 $assigned_to_text = $aui['username']; $assigned_to_text = $aui['username'];
437 413 } }
438 414
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
443 419
444 420 $rollback = 1; $rollback = 1;
445 421
446 $bug_id = $data['bug_id'];
447 if ($bug_id == 0) {
448 $bug_id = rg_bug_next_id($db, $ri['repo_id']);
449 if ($bug_id === FALSE)
422 $add = 0;
423 if ($data['bug_id'] == 0) {
424 $add = 1;
425 $data['bug_id'] = rg_bug_next_id($db, $ri['repo_id']);
426 if ($data['bug_id'] === FALSE)
450 427 break; break;
451 428 } }
452 429
453 430 if (!empty($data['labels'])) { if (!empty($data['labels'])) {
454 $err = rg_bug_label_insert($db, $ri['repo_id'], $bug_id,
455 $data['labels']);
431 $err = rg_bug_label_insert($db, $ri['repo_id'],
432 $data['bug_id'], $data['labels']);
456 433 if ($err !== TRUE) if ($err !== TRUE)
457 434 break; break;
458 435 } }
459 436
460 if ($data['bug_id'] == 0) {
461 $params = array($bug_id, $itime, $ri['repo_id'],
462 $login_ui['uid'], $ip, $data['title'],
463 $data['body'], $data['state'], $assigned_uid);
437 $data['itime'] = $now;
438 $data['utime'] = $now;
439 $data['ip'] = $ip;
440 $data['repo_id'] = $ri['repo_id'];
441 $data['uid'] = $login_ui['uid'];
442 if ($add == 1) {
464 443 $sql = "INSERT INTO bugs (bug_id, itime, utime, repo_id" $sql = "INSERT INTO bugs (bug_id, itime, utime, repo_id"
465 444 . ", uid, ip, title, body, state, assigned_uid" . ", uid, ip, title, body, state, assigned_uid"
466 445 . ", deleted)" . ", deleted)"
467 . " VALUES ($1, $2, 0, $3, $4, $5, $6, $7, $8, $9, 0)";
446 . " VALUES (@@bug_id@@, @@itime@@, 0, @@repo_id@@"
447 . ", @@uid@@, @@ip@@, @@title@@, @@body@@"
448 . ", @@state@@, @@assigned_uid@@, 0)";
468 449 } else { } else {
469 $params = array($itime, $data['title'], $data['body'],
470 $data['state'], $assigned_uid, $ri['repo_id'],
471 $bug_id);
472 $sql = "UPDATE bugs SET utime = $1"
473 . ", title = $2"
474 . ", body = $3"
475 . ", state = $4"
476 . ", assigned_uid = $5"
477 . " WHERE repo_id = $6"
478 . " AND bug_id = $7";
450 $sql = "UPDATE bugs SET utime = @@itime@@"
451 . ", title = @@title@@"
452 . ", body = @@body@@"
453 . ", state = @@state@@"
454 . ", assigned_uid = @@assigned_uid@@"
455 . " WHERE repo_id = @@repo_id@@"
456 . " AND bug_id = @@bug_id@@";
479 457 } }
480 $res = rg_sql_query_params($db, $sql, $params);
458 $res = rg_sql_query_params($db, $sql, $data);
481 459 if ($res === FALSE) { if ($res === FALSE) {
482 460 rg_bug_set_error("cannot insert bug (" . rg_sql_error() . ")"); rg_bug_set_error("cannot insert bug (" . rg_sql_error() . ")");
483 461 break; break;
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
486 464
487 465 // Add reporter and assignee to the watch list // Add reporter and assignee to the watch list
488 466 $r = rg_watch_add($db, "bug", $login_ui['uid'], $ri['repo_id'], $r = rg_watch_add($db, "bug", $login_ui['uid'], $ri['repo_id'],
489 $bug_id);
467 $data['bug_id']);
490 468 if ($r === FALSE) { if ($r === FALSE) {
491 469 rg_bug_set_error("cannot add to watch list" rg_bug_set_error("cannot add to watch list"
492 470 . " (" . rg_watch_error() . ")"); . " (" . rg_watch_error() . ")");
493 471 break; break;
494 472 } }
495 473
496 if ($assigned_uid > 0) {
497 $r = rg_watch_add($db, "bug", $assigned_uid,
498 $ri['repo_id'], $bug_id);
474 if ($data['assigned_uid'] > 0) {
475 $r = rg_watch_add($db, "bug", $data['assigned_uid'],
476 $ri['repo_id'], $data['bug_id']);
499 477 if ($r === FALSE) { if ($r === FALSE) {
500 478 rg_bug_set_error("cannot add to watch list" rg_bug_set_error("cannot add to watch list"
501 479 . " (" . rg_watch_error() . ")"); . " (" . rg_watch_error() . ")");
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
503 481 } }
504 482 } }
505 483
506 $data['bug_id'] = $bug_id;
507 484 $event = array("category" => 4100, "prio" => 200, $event = array("category" => 4100, "prio" => 200,
508 485 "repo.repo_id" => $ri['repo_id'], "repo.repo_id" => $ri['repo_id'],
509 486 "repo.name" => $ri['name'], "repo.name" => $ri['name'],
510 487 "bug.who_added" => $login_ui['uid'], "bug.who_added" => $login_ui['uid'],
511 488 "bug.who_added_text" => $login_ui['username'], "bug.who_added_text" => $login_ui['username'],
512 "bug.url" => rg_base_url() . rg_re_bugpage($login_ui, $ri['name'], $bug_id),
489 "bug.url" => rg_base_url() . rg_re_bugpage($login_ui, $ri['name'], $data['bug_id']),
513 490 "bug.assigned_to_text" => $assigned_to_text, "bug.assigned_to_text" => $assigned_to_text,
514 491 "bug.state_text" => rg_bug_state($data['state']), "bug.state_text" => rg_bug_state($data['state']),
515 492 "IP" => rg_var_str("REMOTE_ADDR")); "IP" => rg_var_str("REMOTE_ADDR"));
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
526 503 break; break;
527 504 } }
528 505
529 $ret = $bug_id;
506 // update cache
507 $key = $ri['repo_id'] . " " . $data['bug_id'];
508 rg_bug_cosmetic($db, $data);
509 $rg_bug_info_cache[$key] = $data;
510
511 $ret = $data['bug_id'];
530 512 $rollback = 0; $rollback = 0;
531 513 } while (0); } while (0);
532 514
 
... ... function rg_bug_edit($db, $ri, $login_ui, $data)
538 520 } }
539 521
540 522 /* /*
541 * Delete a bug
523 * Delete/undelete a bug
524 * @op: 1=delete, 2=undelete
542 525 */ */
543 function rg_bug_delete($db, $repo_id, $bug_id)
526 function rg_bug_delete_undelete($db, $who, $repo_id, $bug_id, $op)
544 527 { {
528 global $rg_bug_info_cache;
529
545 530 rg_prof_start("bug_delete"); rg_prof_start("bug_delete");
546 rg_log("bug_delete: $repo_id=$repo_id bug_id=$bug_id");
531 rg_log("bug_delete_undelete: who=$who repo_id=$repo_id bug_id=$bug_id op=$op");
547 532
548 533 $ret = FALSE; $ret = FALSE;
549 534 do { do {
550 // TODO: Check rights
551
552 535 $now = time(); $now = time();
536 if ($op == 1)
537 $deleted = $now;
538 else
539 $deleted = 0;
553 540
554 541 // Only mark it as such, deletion will happen in background // Only mark it as such, deletion will happen in background
555 $params = array($now, $repo_id, $bug_id);
556 $sql = "UPDATE bugs SET deleted = $1"
557 . " WHERE repo_id = $2"
558 . " AND bug_id = $3";
542 $params = array("deleted" => $deleted,
543 "repo_id" => $repo_id,
544 "bug_id" => $bug_id,
545 "utime" => $now,
546 "deleted_who" => $who);
547 $sql = "UPDATE bugs SET deleted = @@deleted@@"
548 . ", utime = @@utime@@"
549 . ", deleted_who = @@deleted_who@@"
550 . " WHERE repo_id = @@repo_id@@"
551 . " AND bug_id = @@bug_id@@";
559 552 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
560 553 if ($res === FALSE) { if ($res === FALSE) {
561 rg_bug_set_error("Cannot delete bug (" . rg_sql_error() . ")");
554 rg_bug_set_error("cannot delete bug (" . rg_sql_error() . ")");
562 555 break; break;
563 556 } }
564 557 rg_sql_free_result($res); rg_sql_free_result($res);
558
559 // update cache
560 $key = $repo_id . " " . $bug_id;
561 $new = $rg_bug_info_cache[$key];
562 $new['deleted'] = $deleted;
563 $new['deleted_who'] = $who;
564 $new['utime'] = $now;
565 rg_bug_cosmetic($db, $new);
566 $rg_bug_info_cache[$key] = $new;
567
565 568 $ret = TRUE; $ret = TRUE;
566 569 } while (0); } while (0);
567 570
 
... ... function rg_bug_list_query($db, $sql, $params)
588 591 $ret = array(); $ret = array();
589 592 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
590 593 rg_bug_cosmetic($db, $row); rg_bug_cosmetic($db, $row);
591 $ret[] = $row;
594 $ret[] = array("bug" => $row);
592 595 } }
593 596 rg_sql_free_result($res); rg_sql_free_result($res);
594 597 } while (0); } while (0);
 
... ... function rg_bug_search_load_all($db, $repo_id, $uid)
608 611
609 612 $ret = FALSE; $ret = FALSE;
610 613 do { do {
611 $params = array($repo_id, $uid);
614 $params = array("repo_id" => $repo_id, "uid" => $uid);
612 615 $sql = "SELECT name FROM bug_search" $sql = "SELECT name FROM bug_search"
613 . " WHERE (repo_id = $1 OR repo_id = 0)"
614 . " AND uid = $2"
616 . " WHERE (repo_id = @@repo_id@@ OR repo_id = 0)"
617 . " AND uid = @@uid@@"
615 618 . " ORDER BY repo_id, name"; . " ORDER BY repo_id, name";
616 619 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
617 620 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_bug_search_load($db, $repo_id, $uid, $name)
683 686 break; break;
684 687 } }
685 688
686 $params = array($repo_id, $uid, $name);
689 $params = array("repo_id" => $repo_id,
690 "uid" => $uid,
691 "name" => $name);
687 692 $sql = "SELECT uid, name, data, for_all_users" $sql = "SELECT uid, name, data, for_all_users"
688 693 . " FROM bug_search" . " FROM bug_search"
689 . " WHERE (repo_id = $1 OR repo_id = 0)"
690 . " AND (uid = $2 OR for_all_users = 1)"
691 . " AND name = $3"
694 . " WHERE (repo_id = @@repo_id@@ OR repo_id = 0)"
695 . " AND (uid = @@uid@@ OR for_all_users = 1)"
696 . " AND name = @@name@@"
692 697 . " ORDER BY name"; . " ORDER BY name";
693 698 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
694 699 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_bug_search_save($db, $repo_id, $uid, $q)
755 760 // We will not overwrite somebody else's search // We will not overwrite somebody else's search
756 761 // TODO: race? // TODO: race?
757 762 rg_log("DEBUG: old: " . rg_array2string($old)); rg_log("DEBUG: old: " . rg_array2string($old));
763 $params = array("repo_id" => $repo_id,
764 "uid" => $uid,
765 "name" => $name,
766 "data" => $data,
767 "for_all_users" => $for_all_users);
758 768 if (empty($old) || ($old['uid'] != $uid)) { if (empty($old) || ($old['uid'] != $uid)) {
759 $params = array($repo_id, $uid, $name, $data, $for_all_users);
760 769 $sql = "INSERT INTO bug_search (repo_id, uid, name" $sql = "INSERT INTO bug_search (repo_id, uid, name"
761 770 . ", data, for_all_users)" . ", data, for_all_users)"
762 . " VALUES ($1, $2, $3, $4, $5)";
771 . " VALUES (@@repo_id@@, @@uid@@, @@name@@"
772 . ", @@data@@, @@for_all_users@@)";
763 773 } else { } else {
764 $params = array($data, $for_all_users, $repo_id, $uid, $name);
765 774 $sql = "UPDATE bug_search" $sql = "UPDATE bug_search"
766 . " SET data = $1"
767 . ", for_all_users = $2"
768 . " WHERE repo_id = $3"
769 . " AND uid = $4"
770 . " AND name = $5";
775 . " SET data = @@data@@"
776 . ", for_all_users = @@for_all_users@@"
777 . " WHERE repo_id = @@repo_id@@"
778 . " AND uid = @@uid@@"
779 . " AND name = @@name@@";
771 780 } }
772 781 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
773 782 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_bug_search($db, $repo_id, $uid, $q)
791 800 rg_log("bug_search: repo_id=$repo_id uid=$uid" rg_log("bug_search: repo_id=$repo_id uid=$uid"
792 801 . " q=" . rg_array2string($q)); . " q=" . rg_array2string($q));
793 802
794 $params = array($repo_id); $index = 2;
803 $params = array("repo_id" => $repo_id);
795 804 $add = array(); $add = array();
796 805 $limit = 25; $limit = 25;
797 806 $ret = FALSE; $ret = FALSE;
 
... ... function rg_bug_search($db, $repo_id, $uid, $q)
803 812 rg_bug_set_error("cannot lookup user (reported_by)"); rg_bug_set_error("cannot lookup user (reported_by)");
804 813 break; break;
805 814 } }
806 $add[] = "AND uid = \$" . $index;
807 $params[] = $_ui['uid'];
808 $index++;
815 $add[] = "AND uid = @@reported_by@@";
816 $params['reported_by'] = $_ui['uid'];
809 817 } }
810 818
811 819 // assigned to // assigned to
 
... ... function rg_bug_search($db, $repo_id, $uid, $q)
815 823 rg_bug_set_error("cannot lookup user (assigned_to)"); rg_bug_set_error("cannot lookup user (assigned_to)");
816 824 break; break;
817 825 } }
818 $add[] = "AND assigned_uid = \$" . $index;
819 $params[] = $_ui['uid'];
820 $index++;
826 $add[] = "AND assigned_uid = @@assigned_uid@@";
827 $params['assigned_uid'] = $_ui['uid'];
821 828 } }
822 829
823 830 // state // state
824 831 if (isset($q['state']) && ($q['state'] > 0)) { if (isset($q['state']) && ($q['state'] > 0)) {
825 $add[] = "AND state = \$" . $index;
826 $params[] = $q['state'];
827 $index++;
832 $add[] = "AND state = @@state@@";
833 $params['state'] = $q['state'];
828 834 } }
829 835
830 836 // start // start
 
... ... function rg_bug_search($db, $repo_id, $uid, $q)
834 840 rg_bug_set_error("invalid start date format"); rg_bug_set_error("invalid start date format");
835 841 break; break;
836 842 } }
837 $add[] = "AND itime >= \$" . $index;
838 $params[] = $ts;
839 $index++;
843 $add[] = "AND itime >= @@start@@";
844 $params['start'] = $ts;
840 845 } }
841 846
842 847 // end // end
 
... ... function rg_bug_search($db, $repo_id, $uid, $q)
846 851 rg_bug_set_error("invalid end date format"); rg_bug_set_error("invalid end date format");
847 852 break; break;
848 853 } }
849 $add[] = "AND itime <= \$" . $index;
850 $params[] = $ts;
851 $index++;
854 $add[] = "AND itime <= @@end@@";
855 $params['end'] = $ts;
852 856 } }
853 857
854 858 // title_string // title_string
855 859 if (!empty($q['title_string'])) { if (!empty($q['title_string'])) {
856 $add[] = "AND title ILIKE \$" . $index;
857 $params[] = "%" . $q['title_string'] . "%";
858 $index++;
860 $add[] = "AND title ILIKE @@title@@";
861 $params['title'] = "%" . $q['title_string'] . "%";
859 862 } }
860 863
861 864 // body_string // body_string
862 865 if (!empty($q['body_string'])) { if (!empty($q['body_string'])) {
863 $add[] = "AND body ILIKE \$" . $index;
864 $params[] = "%" . $q['body_string'] . "%";
865 $index++;
866 $add[] = "AND body ILIKE @@body@@";
867 $params['body'] = "%" . $q['body_string'] . "%";
866 868 } }
867 869
868 870 // bugs_per_page // bugs_per_page
 
... ... function rg_bug_search($db, $repo_id, $uid, $q)
877 879 } }
878 880
879 881 $sql = "SELECT * FROM bugs" $sql = "SELECT * FROM bugs"
880 . " WHERE repo_id = $1"
882 . " WHERE repo_id = @@repo_id@@"
881 883 . " AND deleted = 0" . " AND deleted = 0"
882 884 . " " . implode(" ", $add) . " " . implode(" ", $add)
883 885 . " ORDER BY itime" . " ORDER BY itime"
 
... ... function rg_bug_search_remove($db, $repo_id, $uid, $name)
905 907
906 908 $ret = FALSE; $ret = FALSE;
907 909 do { do {
908 $params = array($repo_id, $uid, $name);
910 $params = array("repo_id" => $repo_id,
911 "uid" => $uid,
912 "name" => $name);
909 913 $sql = "DELETE FROM bug_search" $sql = "DELETE FROM bug_search"
910 . " WHERE repo_id = $1"
911 . " AND uid = $2"
912 . " AND name = $3";
914 . " WHERE repo_id = @@repo_id@@"
915 . " AND uid = @@uid@@"
916 . " AND name = @@name@@";
913 917 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
914 918 if ($res === FALSE) { if ($res === FALSE) {
915 919 rg_bug_set_error("cannot remove search (" . rg_sql_error() . ")"); rg_bug_set_error("cannot remove search (" . rg_sql_error() . ")");
 
... ... function rg_bug_note_add($db, $repo_id, $bug_id, $login_uid, $data)
941 945 $itime = time(); $itime = time();
942 946 $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "?"; $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "?";
943 947
944 $params = array($repo_id, $bug_id, $itime, $login_uid, $ip,
945 $data['note']);
948 $params = array("repo_id" => $repo_id,
949 "bug_id" => $bug_id,
950 "itime" => $itime,
951 "uid" => $login_uid,
952 "ip" => $ip,
953 "note" => $data['note']);
946 954 $sql = "INSERT INTO bug_notes (repo_id, bug_id, itime, uid, ip" $sql = "INSERT INTO bug_notes (repo_id, bug_id, itime, uid, ip"
947 955 . ", note)" . ", note)"
948 . " VALUES ($1, $2, $3, $4, $5, $6)";
956 . " VALUES (@@repo_id@@, @@bug_id@@, @@itime@@, @@uid@@"
957 . ", @@ip@@, @@note@@)";
949 958 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
950 959 if ($res === FALSE) { if ($res === FALSE) {
951 960 rg_bug_set_error("Cannot insert bug note (" . rg_sql_error() . ")"); rg_bug_set_error("Cannot insert bug note (" . rg_sql_error() . ")");
 
... ... function rg_bug_note_add($db, $repo_id, $bug_id, $login_uid, $data)
962 971 rg_log_ml("_ri: " . print_r($_ri, TRUE)); rg_log_ml("_ri: " . print_r($_ri, TRUE));
963 972
964 973 $_bi = rg_bug_info($db, $repo_id, $bug_id); $_bi = rg_bug_info($db, $repo_id, $bug_id);
965 if ($_bi === FALSE)
974 if ($_bi['exists'] != 1) {
975 rg_bug_set_error("bug does not exists");
966 976 break; break;
977 }
967 978
968 979 $_ui = rg_user_info($db, $login_uid, "", ""); $_ui = rg_user_info($db, $login_uid, "", "");
969 980 if ($_ui['exists'] != 1) { if ($_ui['exists'] != 1) {
 
... ... function rg_bug_note_list($db, $repo_id, $bug_id, $offset)
1008 1019 do { do {
1009 1020 // TODO: test if user is allowed to see a note // TODO: test if user is allowed to see a note
1010 1021
1011 $params = array($repo_id, $bug_id);
1022 $params = array("repo_id" => $repo_id,
1023 "bug_id" => $bug_id);
1012 1024 $sql = "SELECT * FROM bug_notes" $sql = "SELECT * FROM bug_notes"
1013 . " WHERE repo_id = $1"
1014 . " AND bug_id = $2"
1025 . " WHERE repo_id = @@repo_id@@"
1026 . " AND bug_id = @@bug_id@@"
1015 1027 . " ORDER BY itime" . " ORDER BY itime"
1016 1028 . " OFFSET $offset"; . " OFFSET $offset";
1017 1029 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
 
... ... function rg_bug_label_get($db, $repo_id, $bug_id)
1103 1115
1104 1116 $ret = FALSE; $ret = FALSE;
1105 1117 do { do {
1106 $params = array($repo_id, $bug_id);
1118 $params = array("repo_id" => $repo_id,
1119 "bug_id" => $bug_id);
1107 1120 $sql = "SELECT DISTINCT label FROM bug_labels" $sql = "SELECT DISTINCT label FROM bug_labels"
1108 . " WHERE repo_id = $1"
1109 . " AND bug_id = $2"
1121 . " WHERE repo_id = @@repo_id@@"
1122 . " AND bug_id = @@bug_id@@"
1110 1123 . " ORDER BY label"; . " ORDER BY label";
1111 1124 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1112 1125 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_bug_label_insert($db, $repo_id, $bug_id, $labels)
1152 1165 break; break;
1153 1166 } }
1154 1167
1155 // TODO: switch to params
1156 $params = array(); $index = 1;
1168 $params = array("repo_id" => $repo_id,
1169 "bug_id" => $bug_id);
1170 $index = 1;
1157 1171 $list = array(); $list = array();
1158 1172 foreach ($diff as $label) { foreach ($diff as $label) {
1159 $params[] = $label;
1160 $list[] = "($repo_id, $bug_id, \$" . $index . ")";
1173 $params["label_" . $index] = $label;
1174 $list[] = "(@@repo_id@@, @@bug_id@@, @@label_" . $index . "@@)";
1161 1175 $index++; $index++;
1162 1176 } }
1163 1177 $sql = "INSERT INTO bug_labels (repo_id, bug_id, label)" $sql = "INSERT INTO bug_labels (repo_id, bug_id, label)"
 
... ... function rg_bug_label_html($db, $labels)
1194 1208 return $ret; return $ret;
1195 1209 } }
1196 1210
1211 /* High level functions */
1212
1213 /*
1214 * High level function for adding/creating a bug
1215 */
1216 function rg_bug_edit_high_level($db, $rg)
1217 {
1218 rg_log("rg_bug_edit_high_level");
1219 //rg_log_ml("rg[bug]=" . print_r($rg['bug'], TRUE));
1220
1221 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "B", $rg['ip'], "") !== TRUE)
1222 return rg_template("repo/bug/deny_edit.html", $rg);
1223
1224 $ret = "";
1225
1226 $errmsg = array();
1227 $show_form = TRUE;
1228 do {
1229 if ($rg['doit'] == 0) {
1230 if ($rg['bug']['bug_id'] == 0)
1231 $rg['bug'] = rg_bug_vars_defaults();
1232 break;
1233 }
1234
1235 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1236 $errmsg[] = "invalid token; try again";
1237 break;
1238 }
1239
1240 $rg['bug'] = rg_array_merge($rg['bug'], "", rg_bug_vars());
1241
1242 $bug_id = rg_bug_edit($db, $rg['login_ui'], $rg['ri'],
1243 $rg['bug']);
1244 if ($bug_id === FALSE) {
1245 $errmsg[] = rg_bug_error();
1246 break;
1247 }
1248 $rg['bug']['bug_id'] = $bug_id;
1249
1250 $url = rg_re_bugpage($rg['page_ui'],
1251 $rg['ri']['name'], $bug_id);
1252 rg_redirect($url);
1253
1254 $show_form = FALSE;
1255 } while (0);
1256
1257 if ($show_form) {
1258 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
1259 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
1260
1261 $exclude = array(0);
1262 $rg['bug']['HTML:state_select'] =
1263 rg_bug_state_select($rg['bug']['state'], $exclude);
1264
1265 $hints = array();
1266 $hints[]['HTML:hint'] = rg_template("hints/repo/bug/add.html", $rg);
1267 $rg['HTML:hints'] = rg_template_table("hints/list", $hints, $rg);
1268
1269 $ret .= rg_template("repo/bug/bug_add_edit.html", $rg);
1270 }
1271
1272 return $ret;
1273 }
1274
1275
1197 1276 ?> ?>
File inc/dispatch/dispatch.php changed (mode: 100644) (index cc670b5..f93b237)
1 1 <?php <?php
2 rg_log("/inc/dispatch/dispatch");
2 rg_log("FILE: /inc/dispatch/dispatch");
3
4 $rg['menu'][$_op] = 1;
3 5
4 6 switch ($_op) { switch ($_op) {
5 7 case 'login': case 'login':
 
... ... case 'login':
8 10 break; break;
9 11
10 12 case 'logout': case 'logout':
11 if (rg_sess_destroy($db, $sid, $login_ui)) {
12 $body .= rg_template("user/logout.html", $more);
13 if (rg_sess_destroy($db, $rg['sid'], $rg['login_ui'])) {
14 $body .= rg_template("user/logout.html", $rg);
13 15 } else { } else {
14 $body .= rg_template("user/logout_err.html", $more);
16 $body .= rg_template("user/logout_err.html", $rg);
15 17 } }
16 18 break; break;
17 19
 
... ... case 'forgot_send': // forgot pass - send mail
41 43 break; break;
42 44
43 45 case 'create_account': case 'create_account':
44 $more['ask_for_pass'] = 1;
45 $body .= rg_user_edit_high_level($db, $sid, $more);
46 $rg['ask_for_pass'] = 1;
47 $body .= rg_user_edit_high_level($db, $rg);
46 48 break; break;
47 49
48 50 case 'confirm': case 'confirm':
 
... ... default: // can be the main page or user page or repo page
69 71 $user = empty($paras) ? "" : array_shift($paras); $user = empty($paras) ? "" : array_shift($paras);
70 72 $repo = empty($paras) ? "" : array_shift($paras); $repo = empty($paras) ? "" : array_shift($paras);
71 73 } else if (empty($type)) { } else if (empty($type)) {
72 $body .= rg_template("main.html", $more);
74 $body .= rg_template("main.html", $rg);
73 75 } else { } else {
74 76 // organization // organization
75 77 $organization = 1; $organization = 1;
File inc/events.inc.php changed (mode: 100644) (index a334332..9f4ea26)
... ... function rg_event_add($db, $event)
81 81 do { do {
82 82 $now = time(); $now = time();
83 83 $prio = $event['prio']; unset($event['prio']); $prio = $event['prio']; unset($event['prio']);
84 $params = array($now, $prio, serialize($event));
84 $params = array("now" => $now,
85 "prio" => $prio,
86 "data" => serialize($event));
85 87 $sql = "INSERT INTO events (itime, prio, data)" $sql = "INSERT INTO events (itime, prio, data)"
86 . " VALUES ($1, $2, $3)";
88 . " VALUES (@@now@@, @@prio@@, @@data@@)";
87 89 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
88 90 if ($res === FALSE) { if ($res === FALSE) {
89 91 rg_event_set_error("Could not add event (" . rg_sql_error() . ")"); rg_event_set_error("Could not add event (" . rg_sql_error() . ")");
 
... ... function rg_event_process_queue($db, &$notify_list)
254 256 if (isset($ev['notification'])) if (isset($ev['notification']))
255 257 rg_event_notify($notify_list, $ev['notification'], ""); rg_event_notify($notify_list, $ev['notification'], "");
256 258
257 $params = array($row['id']);
258 $sql = "DELETE FROM events WHERE id = $1";
259 $params = array("id" => $row['id']);
260 $sql = "DELETE FROM events WHERE id = @@id@@";
259 261 $res2 = rg_sql_query_params($db, $sql, $params); $res2 = rg_sql_query_params($db, $sql, $params);
260 262 rg_sql_free_result($res2); rg_sql_free_result($res2);
261 263 } }
File inc/feedback/suggestion.php changed (mode: 100644) (index c77d9f1..585d3a7)
1 1 <?php <?php
2 rg_log("/feedback/suggestion");
2 rg_log("FILE: /feedback/suggestion");
3 3
4 $suggestion_more = $more;
4 $suggestion_more = $rg;
5 5 $_suggestion = ""; $_suggestion = "";
6 6
7 7 $errmsg = array(); $errmsg = array();
8 8 $show_form = 1; $show_form = 1;
9 9
10 10 do { do {
11 if ($doit != 1) {
11 if ($rg['doit'] != 1) {
12 12 // defaults // defaults
13 13 $suggestion = ""; $suggestion = "";
14 14 break; break;
 
... ... do {
16 16
17 17 $suggestion = rg_var_str("suggestion"); $suggestion = rg_var_str("suggestion");
18 18
19 if (!rg_token_valid($db, $sid, $token)) {
19 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
20 20 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
21 21 break; break;
22 22 } }
 
... ... do {
26 26 break; break;
27 27 } }
28 28
29 $r = rg_user_suggestion($db, $login_ui['uid'], $suggestion);
29 $r = rg_user_suggestion($db, $rg['login_ui']['uid'],
30 $rg['login_ui']['email'], $suggestion);
30 31 if ($r === FALSE) { if ($r === FALSE) {
31 32 $errmsg[] = "could not add suggestion (" . rg_user_error() . ")!"; $errmsg[] = "could not add suggestion (" . rg_user_error() . ")!";
32 33 break; break;
33 34 } }
34 35
35 36 $show_form = 0; $show_form = 0;
36 $_suggestion .= "Thank you very much!";
37 $_suggestion .= rg_template("suggestion_sent.html", $rg);
37 38 } while (0); } while (0);
38 39
39 40 if ($show_form == 1) { if ($show_form == 1) {
40 41 $suggestion_more['suggestion'] = $suggestion; $suggestion_more['suggestion'] = $suggestion;
41 42 $suggestion_more['HTML:errmsg'] = rg_template_errmsg($errmsg); $suggestion_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
42 $suggestion_more['rg_form_token'] = rg_token_get($db, $sid);
43 $suggestion_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
43 44 $_suggestion .= rg_template("suggestion.html", $suggestion_more); $_suggestion .= rg_template("suggestion.html", $suggestion_more);
44 45 } }
45 46
File inc/fixes.inc.php changed (mode: 100644) (index 6e3f8f8..4ed3a9b)
... ... $rg_fixes = array();
15 15 $rg_fixes[1] = array("rg_fixes_user_index_by_id"); $rg_fixes[1] = array("rg_fixes_user_index_by_id");
16 16 $rg_fixes[2] = array("rg_fixes_repo_index_by_id"); $rg_fixes[2] = array("rg_fixes_repo_index_by_id");
17 17 $rg_fixes[3] = array("rg_fixes_keys_regen"); $rg_fixes[3] = array("rg_fixes_keys_regen");
18 $rg_fixes[4] = array("rg_fixes_repos_last_bug_id");
18 19
19 20 // This must be the last line // This must be the last line
20 21 $rg_fixes_ver = count($rg_fixes); $rg_fixes_ver = count($rg_fixes);
21 22
23 /*
24 * Get rid of bugs_max database
25 */
26 function rg_fixes_repos_last_bug_id($db)
27 {
28 rg_log("rg_fixes_repos_last_bug_id");
29
30 $res = rg_sql_begin($db);
31 if (!$res)
32 return FALSE;
33
34 $sql = "SELECT * FROM bugs_max";
35 $res = rg_sql_query($db, $sql);
36 if (!$res)
37 return FALSE;
38
39 while (($row = rg_sql_fetch_array($res))) {
40 $repo_id = $row['repo_id'];
41 $last = $row['last_bug_id'];
42
43 $params = array("repo_id" => $repo_id, "last" => $last);
44 $sql = "UPDATE repos SET last_bug_id = @@last@@"
45 . " WHERE repo_id = @@repo_id@@";
46 $res2 = rg_sql_query_params($db, $sql, $params);
47 if (!$res2)
48 return FALSE;
49 rg_sql_free_result($res2);
50 }
51 rg_sql_free_result($res);
52
53 $sql = "DROP TABLE bugs_max";
54 $res = rg_sql_query($db, $sql);
55 if (!$res)
56 return FALSE;
57
58 $res = rg_sql_commit($db);
59 if (!$res)
60 return FALSE;
61
62 rg_log("Done!");
63 return TRUE;
64 }
65
22 66 /* /*
23 67 * Just regenerate the keys * Just regenerate the keys
24 68 */ */
File inc/git.inc.php changed (mode: 100644) (index f6d6de8..59e7a1b)
... ... function rg_git_log($path, $max, $from, $to, $also_patch)
665 665 * Outputs the result of replacing variables in a template with real variables * Outputs the result of replacing variables in a template with real variables
666 666 * @log = TODO (output of rg_git_log?) * @log = TODO (output of rg_git_log?)
667 667 */ */
668 function rg_git_log_template($log, $dir, $more)
668 function rg_git_log_template($log, $dir, $rg)
669 669 { {
670 670 $t = array(); $t = array();
671 671
 
... ... function rg_git_log_template($log, $dir, $more)
678 678 } }
679 679 } }
680 680
681 return rg_template_table($dir, $t, $more);
681 return rg_template_table($dir, $t, $rg);
682 682 } }
683 683
684 684 /* /*
 
... ... function rg_git_stats($log)
731 731 return $ret; return $ret;
732 732 } }
733 733
734 /*
735 * Returns a list with the filenames changed between two revisions
736 * TODO: what if old is empty?
737 */
738 function rg_git_files($old, $new)
739 {
740 rg_log("rg_git_files old=$old new=$new");
741
742 // TODO: Here we can deny non ascii file names. Move to update_branch?
743 // git diff --cached --name-only --diff-filter=A -z $against | LC_ALL=C tr -d '[ -~]\0')
744
745 $cmd = "git diff --name-only " . escapeshellarg($old) . " " . escapeshellarg($new);
746 rg_log("DEBUG: cmd=$cmd");
747 $a = rg_exec($cmd);
748 if ($a['ok'] != 1) {
749 rg_git_set_error("error on ls-tree (" . $a['errmsg'] . ")");
750 break;
751 }
752
753 if (empty($a['data'])) {
754 rg_git_set_error("error on ls-tree: empty answer");
755 break;
756 }
757
758 $output = explode("\n", trim($a['data']));
759 $ret = array();
760 foreach ($output as $line) {
761 rg_log("FILE: $line");
762 }
763 }
764
734 765 /* /*
735 766 * Nice diff per file * Nice diff per file
736 767 * Outputs the result of replacing variables in a template with real variables * Outputs the result of replacing variables in a template with real variables
 
... ... function rg_git_files_stats($a, $dir)
842 873 $t[] = $line; $t[] = $line;
843 874 } }
844 875
845 $more = array();
846 return rg_template_table($dir, $t, $more);
876 $rg = array();
877 return rg_template_table($dir, $t, $rg);
847 878 } }
848 879
849 880 /* /*
 
... ... function rg_git_update_tag($a)
855 886
856 887 rg_log("git_update_tag: " . rg_array2string($a)); rg_log("git_update_tag: " . rg_array2string($a));
857 888
889 $ip = $a['ip'];
890
858 891 if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated if (strcmp($a['new_rev_type'], "tag") == 0) { // Annotated
859 892 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
860 if (!rg_rights_allow($a['rights'], "S"))
893 if (!rg_rights_allow($a['rights'], "S", $ip, $a['refname']))
861 894 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
862 895 . " create an annotated tag."); . " create an annotated tag.");
863 896 } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
864 897 rg_log("delete ann tag"); rg_log("delete ann tag");
865 if (!rg_rights_allow($a['rights'], "n"))
898 if (!rg_rights_allow($a['rights'], "n", $ip, $a['refname']))
866 899 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
867 900 . " delete an annotated tag."); . " delete an annotated tag.");
868 901 } else { // change } else { // change
869 902 rg_log("This seems it cannot happen in recent git."); rg_log("This seems it cannot happen in recent git.");
870 if (!rg_rights_allow($a['rights'], "S"))
903 if (!rg_rights_allow($a['rights'], "S", $ip, $a['refname']))
871 904 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
872 905 . " change an annotated tag."); . " change an annotated tag.");
873 906 } }
874 907 } else { // Un-annotated } else { // Un-annotated
875 908 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
876 if (!rg_rights_allow($a['rights'], "Y"))
909 if (!rg_rights_allow($a['rights'], "Y", $ip, $a['refname']))
877 910 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
878 911 . " create an un-annotated tag."); . " create an un-annotated tag.");
879 912 } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete } else if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
880 if (!rg_rights_allow($a['rights'], "u"))
913 if (!rg_rights_allow($a['rights'], "u", $ip, $a['refname']))
881 914 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
882 915 . " delete an un-annotated tag."); . " delete an un-annotated tag.");
883 916 } else { // change } else { // change
884 if (!rg_rights_allow($a['rights'], "U"))
917 if (!rg_rights_allow($a['rights'], "U", $ip, $a['refname']))
885 918 rg_git_fatal($a['refname'] . "\nNo rights to" rg_git_fatal($a['refname'] . "\nNo rights to"
886 919 . " change an un-annotated tag."); . " change an un-annotated tag.");
887 920 } }
 
... ... function rg_git_update_tag($a)
902 935 } }
903 936 } }
904 937
938 /*
939 *
940 */
905 941 function rg_git_update_branch($a) function rg_git_update_branch($a)
906 942 { {
907 943 global $rg_git_zero; global $rg_git_zero;
908 944
909 945 rg_log("git_update_branch: " . rg_array2string($a)); rg_log("git_update_branch: " . rg_array2string($a));
910 946
911 // If we have anonymous push rights, we should add also create branch
912 if (rg_rights_allow($a['rights'], "H") === TRUE)
913 $a['rights'] .= "C";
947 $ip = $a['ip'];
914 948
915 949 if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete if (strcmp($a['new_rev'], $rg_git_zero) == 0) { // delete
916 if (!rg_rights_allow($a['rights'], "D"))
950 if (!rg_rights_allow($a['refs_rights'], "D", $ip, $a['refname']))
917 951 rg_git_fatal($a['refname'] . "\nNo rights to delete" rg_git_fatal($a['refname'] . "\nNo rights to delete"
918 952 . " a branch."); . " a branch.");
919 953 return; return;
920 954 } }
921 955
956 // If we have 'H' (anonymous push), we have also create branch
922 957 $check_fast_forward = 1; $check_fast_forward = 1;
923 958 if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create if (strcmp($a['old_rev'], $rg_git_zero) == 0) { // create
924 if (!rg_rights_allow($a['rights'], "C"))
959 if (!rg_rights_allow($a['refs_rights'], "H|C", $ip, $a['refname']))
925 960 rg_git_fatal($a['refname'] . "\nYou have no rights" rg_git_fatal($a['refname'] . "\nYou have no rights"
926 961 . " to create a branch."); . " to create a branch.");
927 962 $check_fast_forward = 0; $check_fast_forward = 0;
 
... ... function rg_git_update_branch($a)
929 964
930 965 // Create or change // Create or change
931 966 // Check for non fast-forward update // Check for non fast-forward update
932 if (!rg_rights_allow($a['rights'], "O") && ($check_fast_forward == 1)) {
967 if (!rg_rights_allow($a['refs_rights'], "O", $ip, $a['refname'])
968 && ($check_fast_forward == 1)) {
933 969 $merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']); $merge_base = rg_git_merge_base($a['old_rev'], $a['new_rev']);
934 970 if ($merge_base === FALSE) { if ($merge_base === FALSE) {
935 971 rg_log("Error in merge_base: " . rg_git_error()); rg_log("Error in merge_base: " . rg_git_error());
 
... ... function rg_git_update_branch($a)
944 980
945 981 // Check if user pushes a merge commit // Check if user pushes a merge commit
946 982 // TODO: Check all commits, not only the last one! // TODO: Check all commits, not only the last one!
947 if (!rg_rights_allow($a['rights'], "M")) {
983 if (!rg_rights_allow($a['refs_rights'], "M", $ip, $a['refname'])) {
948 984 if (rg_git_rev_ok($a['new_rev'] . "^2")) if (rg_git_rev_ok($a['new_rev'] . "^2"))
949 985 rg_git_fatal($a['refname'] . "\nNo rights to push merges."); rg_git_fatal($a['refname'] . "\nNo rights to push merges.");
950 986 } }
951 987
952 // Check whitespace
953 if (!rg_rights_allow($a['rights'], "W")) {
988 // Check for bad whitespace
989 if (!rg_rights_allow($a['refs_rights'], "W", $ip, $a['refname'])) {
954 990 $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']); $w = rg_git_whitespace_ok($a['old_rev'], $a['new_rev']);
955 991 if ($w !== TRUE) if ($w !== TRUE)
956 992 rg_git_fatal($a['refname'] rg_git_fatal($a['refname']
 
... ... function rg_git_update_branch($a)
958 994 . "\n" . $w); . "\n" . $w);
959 995 } }
960 996
961 if (rg_rights_allow($a['rights'], "P") !== TRUE) {
997 // Check repo_path rights TODO
998 $r = rg_git_files($a['old_rev'], $a['new_rev']);
999
1000 if (rg_rights_allow($a['refs_rights'], "P", $ip, $a['refname']) !== TRUE) {
962 1001 rg_log("\tPush is not allowed, let's see the anon one"); rg_log("\tPush is not allowed, let's see the anon one");
963 if (rg_rights_allow($a['rights'], "H") === FALSE) {
1002 if (rg_rights_allow($a['refs_rights'], "H", $ip, $a['refname']) === FALSE) {
964 1003 $_x = array(); $_x = array();
965 1004 $msg = rg_template("msg/push_not_allowed.txt", $_x); $msg = rg_template("msg/push_not_allowed.txt", $_x);
966 1005 rg_git_fatal($a['refname']. "\n" . $msg); rg_git_fatal($a['refname']. "\n" . $msg);
File inc/init.inc.php changed (mode: 100644) (index e610a03..d7f2495)
3 3
4 4 require_once($INC . "/ver.php"); require_once($INC . "/ver.php");
5 5
6 $more = array();
6 $rg = array();
7 7
8 8 // For escapeshellarg to work with UTF-8, we are forced to set a locale // For escapeshellarg to work with UTF-8, we are forced to set a locale
9 9 setlocale(LC_CTYPE, "en_US.UTF-8"); setlocale(LC_CTYPE, "en_US.UTF-8");
 
... ... if (empty($rg_ssh_host)) {
13 13 $rg_ssh_port = 22; $rg_ssh_port = 22;
14 14 } }
15 15
16 $more['rg_ssh_host'] = $rg_ssh_host;
17 $more['rg_ssh_port'] = $rg_ssh_port;
16 $rg['rg_ssh_host'] = $rg_ssh_host;
17 $rg['rg_ssh_port'] = $rg_ssh_port;
18
19 $rg['rg_version'] = $rocketgit_version;
20
21 if (!isset($rg_theme_dir))
22 $rg_theme_dir = $rg_scripts . "/root/themes";
18 23
19 $more['rg_version'] = $rocketgit_version;
20 24 ?> ?>
File inc/keys.inc.php changed (mode: 100644) (index 8636b86..111fb12)
... ... function rg_keys_remove($db, $ui, $list)
168 168 foreach ($list as $key_id => $junk) foreach ($list as $key_id => $junk)
169 169 $my_list[] = sprintf("%u", $key_id); $my_list[] = sprintf("%u", $key_id);
170 170
171 $params = array($ui['uid']);
171 $params = array("uid" => $ui['uid']);
172 172 $sql_list = implode(", ", $my_list); $sql_list = implode(", ", $my_list);
173 173 $sql = "DELETE FROM keys" $sql = "DELETE FROM keys"
174 . " WHERE uid = $1"
174 . " WHERE uid = @@uid@@"
175 175 . " AND key_id IN (" . $sql_list . ")"; . " AND key_id IN (" . $sql_list . ")";
176 176 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
177 177 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_keys_count($db, $uid)
208 208
209 209 $ret = FALSE; $ret = FALSE;
210 210 do { do {
211 $params = array($uid);
211 $params = array("uid" => $uid);
212 212 $sql = "SELECT COUNT(*) AS count FROM keys" $sql = "SELECT COUNT(*) AS count FROM keys"
213 . " WHERE uid = $1";
213 . " WHERE uid = @@uid@@";
214 214 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
215 215 if ($res === FALSE) { if ($res === FALSE) {
216 216 rg_keys_set_error("cannot query (" . rg_sql_error() . ")"); rg_keys_set_error("cannot query (" . rg_sql_error() . ")");
 
... ... function rg_keys_add($db, $ui, $key)
268 268 } }
269 269 $do_rollback = 1; $do_rollback = 1;
270 270
271 $params = array($itime, $ui['uid'], $key);
271 $params = array("itime" => $itime,
272 "uid" => $ui['uid'],
273 "key" => $key);
272 274 $sql = "INSERT INTO keys (itime, uid, key)" $sql = "INSERT INTO keys (itime, uid, key)"
273 . " VALUES ($1, $2, $3)"
275 . " VALUES (@@itime@@, @@uid@@, @@key@@)"
274 276 . " RETURNING key_id"; . " RETURNING key_id";
275 277 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
276 278 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_keys_add($db, $ui, $key)
317 319 function rg_keys_update_use($db, $key_id, $ip) function rg_keys_update_use($db, $key_id, $ip)
318 320 { {
319 321 rg_prof_start("keys_update_use"); rg_prof_start("keys_update_use");
320 rg_log("keys_update_use: key_id=$key_id, $ip=$ip");
322 rg_log("keys_update_use: key_id=$key_id, ip=$ip");
321 323
322 324 $ret = FALSE; $ret = FALSE;
323 325 do { do {
324 326 $now = time(); $now = time();
325 327
326 $params = array($now, $key_id);
327 $sql = "UPDATE keys SET first_use = $1"
328 $params = array("now" => $now,
329 "key_id" => $key_id,
330 "ip" => $ip);
331 $sql = "UPDATE keys SET first_use = @@now@@"
328 332 . " WHERE first_use = 0" . " WHERE first_use = 0"
329 . " AND key_id = $2";
333 . " AND key_id = @@key_id@@";
330 334 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
331 335 if ($res === FALSE) { if ($res === FALSE) {
332 336 rg_keys_set_error("cannot update key's first use" rg_keys_set_error("cannot update key's first use"
 
... ... function rg_keys_update_use($db, $key_id, $ip)
334 338 break; break;
335 339 } }
336 340
337 $params = array($now, $ip, $key_id);
338 $sql = "UPDATE keys SET last_use = $1"
339 . ", last_ip = $2"
341 $sql = "UPDATE keys SET last_use = @@now@@"
342 . ", last_ip = @@ip@@"
340 343 . ", count = count + 1" . ", count = count + 1"
341 . " WHERE key_id = $3";
344 . " WHERE key_id = @@key_id@@";
342 345 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
343 346 if ($res === FALSE) { if ($res === FALSE) {
344 347 rg_keys_set_error("cannot update key" rg_keys_set_error("cannot update key"
 
... ... function rg_keys_list($db, $ui)
443 446
444 447 $ret = FALSE; $ret = FALSE;
445 448 do { do {
446 $params = array($ui['uid']);
447 $sql = "SELECT * FROM keys WHERE uid = $1"
449 $params = array("uid" => $ui['uid']);
450 $sql = "SELECT * FROM keys WHERE uid = @@uid@@"
448 451 . " ORDER BY itime DESC"; . " ORDER BY itime DESC";
449 452 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
450 453 if ($res === FALSE) { if ($res === FALSE) {
File inc/log.inc.php changed (mode: 100644) (index 5fab0c4..3beda30)
... ... function rg_error_core($msg)
142 142 return; return;
143 143
144 144 $r = file_put_contents($dir . "/err-" . $key, $r = file_put_contents($dir . "/err-" . $key,
145 "Script: " . $me . "\n" . rg_log_buffer() . "\n\n" . $bt);
145 "Script: " . $me . "\n" . rg_log_buffer() . "\n\n" . $bt,
146 FILE_APPEND);
146 147 if ($r === FALSE) if ($r === FALSE)
147 148 return; return;
148 149 chmod($dir . "/err-" . $key, 0600); chmod($dir . "/err-" . $key, 0600);
File inc/login/login.php changed (mode: 100644) (index da927b1..e608671)
1 1 <?php <?php
2 rg_log("/inc/login/login");
2 rg_log("FILE: /inc/login/login");
3 3
4 $login_more = $more;
4 $login_more = $rg;
5 5
6 6 $user = rg_var_str("user"); $user = rg_var_str("user");
7 7 $pass = rg_var_str("pass"); $pass = rg_var_str("pass");
 
... ... $_login = "";
11 11
12 12 $errmsg = array(); $errmsg = array();
13 13
14 if ($doit == 1) {
15 $r = rg_user_login_by_user_pass($db, $user, $pass, $lock_ip, $login_ui);
14 if ($rg['doit'] == 1) {
15 $r = rg_user_login_by_user_pass($db, $user, $pass, $lock_ip,
16 $rg['login_ui']);
16 17 if ($r === FALSE) { if ($r === FALSE) {
17 18 $errmsg[] = rg_user_error(); $errmsg[] = rg_user_error();
18 19 } else { } else {
19 20 // redirect to home page // redirect to home page
20 $url = rg_re_userpage($login_ui);
21 $url = rg_re_userpage($rg['login_ui']);
21 22 rg_redirect($url); rg_redirect($url);
22 23 } }
23 24 } }
File inc/mr.inc.php changed (mode: 100644) (index c0afc90..6363762)
... ... function rg_mr_create($db, $repo_id, $namespace, $old_rev, $new_rev, $refname,
69 69 . " ip=$ip"); . " ip=$ip");
70 70
71 71 $now = time(); $now = time();
72 $params = array($repo_id, $now, $namespace, $refname, $old_rev, $new_rev,
73 $ip);
72 $params = array("repo_id" => $repo_id,
73 "now" => $now,
74 "namespace" => $namespace,
75 "refname" => $refname,
76 "old_rev" => $old_rev,
77 "new_rev" => $new_rev,
78 "ip" => $ip);
74 79 $sql = "INSERT INTO merge_requests (repo_id, itime, namespace" $sql = "INSERT INTO merge_requests (repo_id, itime, namespace"
75 80 . ", refname, old_rev, new_rev, done, ip)" . ", refname, old_rev, new_rev, done, ip)"
76 . " VALUES ($1, $2, $3, $4, $5, $6, 0, $7)";
81 . " VALUES (@@repo_id@@, @@now@@, @@namespace@@, @@refname@@"
82 . ", @@old_rev@@, @@new_rev@@, 0, @@ip@@)";
77 83 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
78 84 if ($res === FALSE) { if ($res === FALSE) {
79 85 rg_mr_set_error("cannot insert merge request" rg_mr_set_error("cannot insert merge request"
 
... ... function rg_mr_load($db, $repo_id, $limit)
171 177 { {
172 178 rg_log("rg_mr_load: repo_id=$repo_id limit=$limit"); rg_log("rg_mr_load: repo_id=$repo_id limit=$limit");
173 179
174 $params = array($repo_id, $limit);
180 $params = array("repo_id" => $repo_id);
175 181 $sql = "SELECT * FROM merge_requests" $sql = "SELECT * FROM merge_requests"
176 . " WHERE repo_id = $1"
182 . " WHERE repo_id = @@repo_id@@"
177 183 . " AND done = 0" . " AND done = 0"
178 184 . " ORDER BY itime" . " ORDER BY itime"
179 . " LIMIT $2";
185 . " LIMIT " . $limit;
180 186 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
181 187 if ($res === FALSE) { if ($res === FALSE) {
182 188 rg_mr_set_error("Cannot load merge requests (" . rg_sql_error() . ")"); rg_mr_set_error("Cannot load merge requests (" . rg_sql_error() . ")");
 
... ... function rg_mr_load_one($db, $repo_id, $namespace)
200 206 { {
201 207 rg_log("rg_mr_load_one: repo_id=$repo_id namespace=$namespace"); rg_log("rg_mr_load_one: repo_id=$repo_id namespace=$namespace");
202 208
203 $params = array($repo_id, $namespace);
209 $params = array("repo_id" => $repo_id, "namespace" => $namespace);
204 210 $sql = "SELECT * FROM merge_requests" $sql = "SELECT * FROM merge_requests"
205 . " WHERE repo_id = $1"
206 . " AND namespace = $2";
211 . " WHERE repo_id = @@repo_id@@"
212 . " AND namespace = @@namespace@@";
207 213 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
208 214 if ($res === FALSE) { if ($res === FALSE) {
209 215 rg_mr_set_error("cannot load a merge request" rg_mr_set_error("cannot load a merge request"
File inc/plan.inc.php changed (mode: 100644) (index c48167c..989312b)
... ... function rg_plan_edit($db, $d)
44 44 if (rg_plan_ok($d['name']) !== TRUE) if (rg_plan_ok($d['name']) !== TRUE)
45 45 break; break;
46 46
47 $params = array($d['name'], $d['description'], $d['disk_mb'],
48 $d['users'], $d['bw'], $d['speed'], $d['position'],
49 $d['max_public_repos'], $d['max_private_repos']);
50 47 if ($d['id'] == 0) { // add if ($d['id'] == 0) { // add
51 48 $sql = "INSERT INTO plans (name, description, disk_mb" $sql = "INSERT INTO plans (name, description, disk_mb"
52 49 . ", users, bw, speed, position" . ", users, bw, speed, position"
53 50 . ", max_public_repos, max_private_repos)" . ", max_public_repos, max_private_repos)"
54 . " VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)"
51 . " VALUES (@@name@@, @@description@@"
52 . ", @@disk_mb@@, @@users@@, @@bw@@"
53 . ", @@speed@@, @@position@@"
54 . ", @@max_public_repos@@, @@max_private_repos@@)"
55 55 . " RETURNING id"; . " RETURNING id";
56 56 } else { // edit } else { // edit
57 $params[] = $d['id'];
58 57 $sql = "UPDATE plans" $sql = "UPDATE plans"
59 . " SET name = $1"
60 . ", description = $2"
61 . ", disk_mb = $3"
62 . ", users = $4"
63 . ", bw = $5"
64 . ", speed = $6"
65 . ", position = $7"
66 . ", max_public_repos = $8"
67 . ", max_private_repos = $9"
68 . " WHERE id = $10"
58 . " SET name = @@name@@"
59 . ", description = @@description@@"
60 . ", disk_mb = @@disk_mb@@"
61 . ", users = @@users@@"
62 . ", bw = @@bw@@"
63 . ", speed = @@speed@@"
64 . ", position = @@position@@"
65 . ", max_public_repos = @@max_public_repos@@"
66 . ", max_private_repos = @@max_private_repos@@"
67 . " WHERE id = @@id@@"
69 68 . " RETURNING id"; . " RETURNING id";
70 69 } }
71 70
72 $res = rg_sql_query_params($db, $sql, $params);
71 $res = rg_sql_query_params($db, $sql, $d);
73 72 if ($res === FALSE) { if ($res === FALSE) {
74 73 rg_plan_set_error("cannot insert/update plan" rg_plan_set_error("cannot insert/update plan"
75 74 . " (" . rg_sql_error() . ")"); . " (" . rg_sql_error() . ")");
 
... ... function rg_plan_select($db, $plan_id)
226 225 /* /*
227 226 * High-level function for rg_plan_list * High-level function for rg_plan_list
228 227 */ */
229 function rg_plan_list_high_level($db, $sid, $more)
228 function rg_plan_list_high_level($db, $rg)
230 229 { {
231 230 $ret = ""; $ret = "";
232 231
 
... ... function rg_plan_list_high_level($db, $sid, $more)
238 237 if ($delete != 1) if ($delete != 1)
239 238 break; break;
240 239
241 $token = rg_var_str("token");
242 if (!rg_token_valid($db, $sid, $token)) {
240 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
243 241 $del_errmsg[] = "Invalid token. Try again."; $del_errmsg[] = "Invalid token. Try again.";
244 242 break; break;
245 243 } }
 
... ... function rg_plan_list_high_level($db, $sid, $more)
247 245 $list = rg_var_str("delete_list"); $list = rg_var_str("delete_list");
248 246 $r = rg_plan_remove($db, $list); $r = rg_plan_remove($db, $list);
249 247 if ($r !== TRUE) { if ($r !== TRUE) {
250 $more['errmsg'] = rg_plan_error();
251 $del_errmsg[] = rg_template("admin/plans/delete_err.html", $more);
248 $rg['errmsg'] = rg_plan_error();
249 $del_errmsg[] = rg_template("admin/plans/delete_err.html", $rg);
252 250 break; break;
253 251 } }
254 252 } while (0); } while (0);
255 253
256 254 $list = rg_plan_list($db); $list = rg_plan_list($db);
257 255 if ($list === FALSE) { if ($list === FALSE) {
258 $more['errmsg'] = rg_plan_error();
259 return rg_template("admin/plans/list_err.html", $more);
256 $rg['errmsg'] = rg_plan_error(); // TODO: really? no array append?!
257 return rg_template("admin/plans/list_err.html", $rg);
260 258 } }
261 259
262 $more['rg_form_token'] = rg_token_get($db, $sid);
263 $more['HTML:del_errmsg'] = rg_template_errmsg($del_errmsg);
264 $ret .= rg_template_table("admin/plans/list", $list, $more);
260 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
261 $rg['HTML:del_errmsg'] = rg_template_errmsg($del_errmsg);
262 $ret .= rg_template_table("admin/plans/list", $list, $rg);
265 263 return $ret; return $ret;
266 264 } }
267 265
268 266 /* /*
269 267 * High-level function for rg_plan_edit. * High-level function for rg_plan_edit.
270 268 */ */
271 function rg_plan_edit_high_level($db, $sid, $more)
269 function rg_plan_edit_high_level($db, $rg)
272 270 { {
273 rg_log("plan_edit_high_level more:" . rg_array2string($more));
271 rg_log("plan_edit_high_level rg:" . rg_array2string($rg));
274 272
275 $doit = rg_var_uint("doit");
276 $id = isset($more['id']) ? sprintf("%u", $more['id']) : 0;
273 $id = rg_var_uint("pi.id");
277 274
278 275 $ret = ""; $ret = "";
279 276 $pi = array(); $pi = array();
280 277
281 if ($doit == 0) {
278 if ($rg['doit'] == 0) {
282 279 if ($id > 0) { if ($id > 0) {
283 280 $pi = rg_plan_info($db, $id); $pi = rg_plan_info($db, $id);
284 281 if ($pi['exists'] != 1) { if ($pi['exists'] != 1) {
 
... ... function rg_plan_edit_high_level($db, $sid, $more)
303 300 $errmsg = array(); $errmsg = array();
304 301 $load_form = TRUE; $load_form = TRUE;
305 302 do { do {
306 if ($doit != 1)
303 if ($rg['doit'] != 1)
307 304 break; break;
308 305
309 306 $pi = array(); $pi = array();
310 307 $pi['id'] = $id; $pi['id'] = $id;
311 $pi['name'] = rg_var_str("name");
312 $pi['description'] = rg_var_str("description");
313 $pi['disk_mb'] = rg_var_uint("disk_mb");
314 $pi['users'] = rg_var_uint("users");
315 $pi['bw'] = rg_var_uint("bw");
316 $pi['speed'] = rg_var_uint("speed");
317 $pi['position'] = rg_var_uint("position");
318 $pi['max_public_repos'] = rg_var_uint("max_public_repos");
319 $pi['max_private_repos'] = rg_var_uint("max_private_repos");
320 $token = rg_var_str("token");
321
322 if (!rg_token_valid($db, $sid, $token)) {
323 $errmsg[] = "Invalid token. Try again.";
308 $pi['name'] = rg_var_str("pi.name");
309 $pi['description'] = rg_var_str("pi.description");
310 $pi['disk_mb'] = rg_var_uint("pi.disk_mb");
311 $pi['users'] = rg_var_uint("pi.users");
312 $pi['bw'] = rg_var_uint("pi.bw");
313 $pi['speed'] = rg_var_uint("pi.speed");
314 $pi['position'] = rg_var_uint("pi.position");
315 $pi['max_public_repos'] = rg_var_uint("pi.max_public_repos");
316 $pi['max_private_repos'] = rg_var_uint("pi.max_private_repos");
317
318 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
319 $errmsg[] = "invalid token; try again";
324 320 break; break;
325 321 } }
326 322
 
... ... function rg_plan_edit_high_level($db, $sid, $more)
330 326 break; break;
331 327 } }
332 328
333 // TODO: move to template.
334 $ret .= rg_template("admin/plans/add_ok.html", $more);
329 $ret .= rg_template("admin/plans/add_ok.html", $rg);
335 330 $load_form = FALSE; $load_form = FALSE;
336 331 } while (0); } while (0);
337 332
338 333 if ($load_form) { if ($load_form) {
339 $more = array_merge($more, $pi);
340 $more['HTML:errmsg'] = rg_template_errmsg($errmsg);
341 $more['rg_form_token'] = rg_token_get($db, $sid);
342 $ret .= rg_template("admin/plans/add_edit.html", $more);
334 $rg['pi'] = $pi;
335 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
336 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
337 $ret .= rg_template("admin/plans/add_edit.html", $rg);
343 338 } }
344 339
345 340 return $ret; return $ret;
File inc/repo.inc.php changed (mode: 100644) (index 0b9f210..2af0cee)
... ... $rg_repo_refs_rights = array(
24 24 "W" => "Bad whitespace" "W" => "Bad whitespace"
25 25 ); );
26 26
27 // Admin = edit name/description/etc.
27 $rg_repo_path_rights = array(
28 "P" => "Push",
29 "W" => "Bad whitespace"
30 );
31
28 32 $rg_repo_rights = array( $rg_repo_rights = array(
29 "A" => "Access repo (read-only)", // this also define public/private
30 "E" => "Edit repo",
33 "A" => "Access repo",
34 "E" => "Edit repo", /* also create */
31 35 "D" => "Delete repo", "D" => "Delete repo",
32 36 "G" => "Grant rights", "G" => "Grant rights",
33 37 "a" => "Access bug tracker", "a" => "Access bug tracker",
34 "X" => "Delete bug tracker",
35 38 "B" => "Add bugs", "B" => "Add bugs",
39 "r" => "Reopen bugs",
40 "d" => "Delete bugs",
36 41 "C" => "Close bugs" "C" => "Close bugs"
37 42 ); );
38 43
39 // What rights are on by default
40 // TODO: this should go into conf file?
44 // TODO: default rights should go into conf file?
41 45 // TODO: better move all config to database (modulo db conn info)? // TODO: better move all config to database (modulo db conn info)?
42 $rg_repo_refs_rights_default = "FMH";
43 $rg_repo_rights_default = "B";
44 46
45 rg_rights_register("repo_refs", $rg_repo_refs_rights);
46 rg_rights_register("repo", $rg_repo_rights);
47 rg_rights_register("repo_refs", $rg_repo_refs_rights, "FMH");
48 rg_rights_register("repo_path", $rg_repo_path_rights, "P");
49 rg_rights_register("repo", $rg_repo_rights, "AB");
47 50
48 51
49 52 // Repo history categories // Repo history categories
 
... ... define('REPO_CAT_CREATE', 1);
51 54 define('REPO_CAT_CLONED', 2); define('REPO_CAT_CLONED', 2);
52 55 define('REPO_CAT_PUSH', 3); define('REPO_CAT_PUSH', 3);
53 56 define('REPO_CAT_RENAME', 4); define('REPO_CAT_RENAME', 4);
57 define('REPO_CAT_UPDATE', 5);
54 58 define('REPO_CAT_BUG_ADDED', 10); define('REPO_CAT_BUG_ADDED', 10);
55 59 define('REPO_CAT_BUG_CLOSED', 11); define('REPO_CAT_BUG_CLOSED', 11);
56 60
 
... ... $rg_repo_functions = array(
78 82 3002 => "rg_repo_event_update", 3002 => "rg_repo_event_update",
79 83 3003 => "rg_repo_event_notify_user", 3003 => "rg_repo_event_notify_user",
80 84 3004 => "rg_repo_event_symlink_by_name", 3004 => "rg_repo_event_symlink_by_name",
81 3005 => "rg_repo_event_storage_create"
85 3005 => "rg_repo_event_storage_create",
86 3006 => "rg_repo_history_insert"
82 87 ); );
83 88 rg_event_register_functions($rg_repo_functions); rg_event_register_functions($rg_repo_functions);
84 89
 
... ... function rg_repo_event_del($db, $event)
135 140
136 141 /* /*
137 142 * Make a symlink by name (by_name/name -> ../by_id/xx/xx/xx/xx/xxxxxxxx.git) * Make a symlink by name (by_name/name -> ../by_id/xx/xx/xx/xx/xxxxxxxx.git)
143 * TODO: why return may be an array?!
138 144 */ */
139 145 function rg_repo_event_symlink_by_name($db, $e) function rg_repo_event_symlink_by_name($db, $e)
140 146 { {
 
... ... function rg_repo_event_symlink_by_name($db, $e)
145 151 $new_path = rg_repo_path_by_name($e['ui.uid'], $e['ri.name']); $new_path = rg_repo_path_by_name($e['ui.uid'], $e['ri.name']);
146 152
147 153 $ret = FALSE; $ret = FALSE;
148 rg_repo_set_error("internal error"); // TODO: we should do this everywhere?
149 154 do { do {
150 155 // Check if we already did the rename // Check if we already did the rename
151 156 if (file_exists($new_path)) { if (file_exists($new_path)) {
152 157 if (!is_link($new_path)) { if (!is_link($new_path)) {
153 rg_internal_error("$new_path is not a link!");
158 rg_internal_error("$new_path is not a link");
154 159 break; break;
155 160 } }
156 161
157 162 $v = readlink($new_path); $v = readlink($new_path);
158 163 if ($v === FALSE) { if ($v === FALSE) {
159 rg_internal_error("Cannot read link $new_path!");
164 rg_internal_error("cannot read link $new_path");
160 165 break; break;
161 166 } }
162 167 rg_log("new_path points to [$v]"); rg_log("new_path points to [$v]");
 
... ... function rg_repo_event_symlink_by_name($db, $e)
170 175 // Seems that new_path points to other place // Seems that new_path points to other place
171 176 $r = rename($new_path, $new_path . ".BOGUS." . time()); $r = rename($new_path, $new_path . ".BOGUS." . time());
172 177 if ($r !== TRUE) { if ($r !== TRUE) {
173 rg_internal_error("Cannot rename bogus!");
178 rg_internal_error("cannot rename bogus");
174 179 break; break;
175 180 } }
176 181 } }
 
... ... function rg_repo_event_symlink_by_name($db, $e)
188 193 // Now, the new name is free, do the link // Now, the new name is free, do the link
189 194 $r = symlink($id_path_rel, $new_path); $r = symlink($id_path_rel, $new_path);
190 195 if ($r !== TRUE) { if ($r !== TRUE) {
191 rg_internal_error("Cannot symlink $id_path -> $new_path ($php_errormsg)!");
196 rg_internal_error("cannot symlink $id_path -> $new_path ($php_errormsg)!");
192 197 break; break;
193 198 } }
194 199
 
... ... function rg_repo_event_notify_user($db, $event)
295 300 /* /*
296 301 * Inserts an event into repo_history table * Inserts an event into repo_history table
297 302 */ */
298 function rg_repo_history_insert($db, $repo_id, $category, $message)
303 function rg_repo_history_insert($db, $event)
299 304 { {
300 305 rg_prof_start("repo_history_insert"); rg_prof_start("repo_history_insert");
301 rg_log("repo_history_insert: repo_id=$repo_id, category=$category"
302 . ", message=$message");
306 rg_log("repo_history_insert: event=" . rg_array2string($event));
303 307
304 308 $ret = FALSE; $ret = FALSE;
305 309 do { do {
306 310 $now = time(); $now = time();
307 $params = array($now, $repo_id, $category, $message);
311 $params = array("now" => $now,
312 "repo_id" => $event['ri.repo_id'],
313 "cat" => $event['history_category'],
314 "mess" => $event['history_message']);
308 315 $sql = "INSERT INTO repo_history_" . gmdate("Y_m", $now) $sql = "INSERT INTO repo_history_" . gmdate("Y_m", $now)
309 316 . " (itime, repo_id, category, message)" . " (itime, repo_id, category, message)"
310 . " VALUES ($1, $2, $3, $4)";
317 . " VALUES (@@now@@, @@repo_id@@, @@cat@@, @@mess@@)";
311 318 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
312 319 if ($res === FALSE) if ($res === FALSE)
313 320 break; break;
314 321
315 322 rg_sql_free_result($res); rg_sql_free_result($res);
316 $ret = TRUE;
323 $ret = array();
317 324 } while (0); } while (0);
318 325
319 326 rg_prof_end("repo_history_insert"); rg_prof_end("repo_history_insert");
 
... ... function rg_repo_info($db, $repo_id, $uid, $repo_name)
463 470 $ret['exists'] = 0; $ret['exists'] = 0;
464 471 do { do {
465 472 if ($repo_id > 0) { if ($repo_id > 0) {
466 +$key = $repo_id;
473 $key = $repo_id;
467 474 if (isset($rg_repo_info_cache[$key])) { if (isset($rg_repo_info_cache[$key])) {
468 475 $ret = $rg_repo_info_cache[$key]; $ret = $rg_repo_info_cache[$key];
469 476 $ret['from_cache'] = 1; $ret['from_cache'] = 1;
 
... ... function rg_repo_info($db, $repo_id, $uid, $repo_name)
471 478 } }
472 479 } }
473 480
481 $params = array("uid" => $uid,
482 "repo_id" => $repo_id,
483 "repo_name" => $repo_name);
484
474 485 if ($repo_id > 0) { if ($repo_id > 0) {
475 $params = array($repo_id);
476 $sql = "SELECT * FROM repos WHERE repo_id = $1";
486 $sql = "SELECT * FROM repos WHERE repo_id = @@repo_id@@";
477 487 } else if (!empty($repo_name)) { } else if (!empty($repo_name)) {
478 $params = array($uid, $repo_name);
479 $sql = "SELECT * FROM repos WHERE uid = $1 AND name = $2";
488 $sql = "SELECT * FROM repos WHERE uid = @@uid@@"
489 . " AND name = @@repo_name@@";
480 490 } else { } else {
481 491 rg_repo_set_error("no repo_id or user/repo specified!"); rg_repo_set_error("no repo_id or user/repo specified!");
482 492 break; break;
 
... ... function rg_repo_info($db, $repo_id, $uid, $repo_name)
521 531
522 532 /* /*
523 533 * Check if a user has access to a repository * Check if a user has access to a repository
534 * @ui - most of the time is the logged in user
524 535 */ */
525 function rg_repo_allow($db, $ri, $ui, $needed_rights)
536 $rg_repo_allow_cache = array();
537 function rg_repo_allow($db, $type, $ri, $ui, $needed_rights, $ip, $misc)
526 538 { {
527 rg_prof_start("repo_allow");
539 global $rg_repo_allow_cache;
528 540
529 rg_log("repo_allow: repo_id=" . $ri['repo_id']
530 . " uid=" . $ui['uid']
531 . ", needed_rights=$needed_rights...");
532
533 if ($ui['is_admin'] == 1) {
534 rg_log("\tUser is admin, allow!");
541 if (empty($needed_rights))
535 542 return TRUE; return TRUE;
536 }
537 543
538 if (empty($needed_rights)) {
539 rg_internal_error("You asked for no rights!");
540 return FALSE;
541 }
544 if ($misc === FALSE)
545 $kmisc = ""; // TODO: not clear if good enough - security wise
546 else
547 $kmisc = $misc;
542 548
543 // anonymous acess (git://...)
544 if ($ui['uid'] == 0) {
545 $db_rights = $ri['default_rights'];
546 } else {
547 $rr = rg_repo_rights_get($db, $ri, $ui['uid'], 0);
548 if ($rr['ok'] != 1) {
549 rg_repo_set_error("cannot get rights from db");
550 return FALSE;
551 }
552 $db_rights = $rr['rights'];
553 }
554 rg_log("\tdb rights: " . $db_rights);
549 $key = $type ."|" . $ri['repo_id'] . "|" . $ui['uid']
550 . "|" . $needed_rights . "|" . $ip . "|" . $kmisc;
555 551
556 if (rg_rights_allow($db_rights, $needed_rights) !== TRUE) {
557 rg_repo_set_error("no rights ($needed_rights) vs ($db_rights)");
558 return FALSE;
552 if (isset($rg_repo_allow_cache[$key])) {
553 rg_log("CHECK: repo_allow got data from cache");
554 return $rg_repo_allow_cache[$key];
559 555 } }
560 556
561 rg_log("\tAllow access!");
562
563 rg_prof_end("repo_allow");
564
565 return TRUE;
566 }
567
568 /*
569 * Add a repository
570 * @master - makes sense only for clones: who is the master repo.
571 * TODO: put all fields into an array!
572 * TODO: unify this function with rg_repo_update.
573 */
574 function rg_repo_create($db, $master, $ui, $name, $max_commit_size,
575 $description, $rights)
576 {
577 rg_prof_start("repo_create");
578
579 // TODO: reorder parameters - are not logical
580 rg_log("repo_create: uid=" . $ui['uid']
581 . ", name=[$name], master=$master"
582 . ", max_commit_size=$max_commit_size"
583 . ", description=[$description]"
584 . ", rights=$rights");
585
586 // TODO: test if user is allowed to add a repository
557 rg_prof_start("repo_allow");
558 rg_log("repo_allow: type=$type repo_id=" . $ri['repo_id']
559 . " repo_owner=" . $ri['uid']
560 . " uid=" . $ui['uid']
561 . " needed_rights=$needed_rights ip=$ip misc=$misc");
587 562
588 563 $ret = FALSE; $ret = FALSE;
589 do {
590 if (rg_repo_ok($name) === FALSE)
564 while (1) {
565 if ($ui['is_admin'] == 1) {
566 rg_log("\tUser is admin, allow.");
567 $ret = TRUE;
591 568 break; break;
569 }
592 570
593 // First, test if it already exists
594 $ri = rg_repo_info($db, 0, $ui['uid'], $name);
595 if ($ri['ok'] != 1)
596 break;
597 if ($ri['exists'] == 1) {
598 rg_repo_set_error("Repository already exists.");
571 if ($ri['uid'] == $ui['uid']) {
572 rg_log("\tUser is the owner, allow.");
573 $ret = TRUE;
599 574 break; break;
600 575 } }
601 576
602 $description = trim($description);
603 $itime = time();
604
605 $params = array($ui['uid'], $master, $name, $itime,
606 $max_commit_size, $description, $rights);
607 $sql = "INSERT INTO repos (uid, master, name"
608 . ", itime, max_commit_size, description, git_dir_done"
609 . ", default_rights)"
610 . " VALUES ($1, $2, $3, $4, $5, $6, 0, $7)"
611 . " RETURNING repo_id";
612 $res = rg_sql_query_params($db, $sql, $params);
613 if ($res === FALSE) {
614 rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")");
615 break;
577 if ($ui['uid'] > 0) {
578 $rr = rg_repo_rights_get($db, $type, $ri, $ui['uid']);
579 if ($rr['ok'] != 1) {
580 rg_repo_set_error("cannot get rights from db");
581 break;
582 }
583 $db_rights = $rr['list'];
584 } else {
585 // anonymous acess (git://...)
586 $db_rights = array();
616 587 } }
617 $row = rg_sql_fetch_array($res);
618 rg_sql_free_result($res);
619 588
620 $event = array("category" => 3000, "prio" => 50,
621 "notification" => "repo_create-" . $ui['uid'] . "-" . $row['repo_id'],
622 "ui.uid" => $ui['uid'],
623 "ui.email" => $ui['email'],
624 "ri.name" => $name,
625 "ri.master" => $master,
626 "ri.description" => $description,
627 "ri.rights_text" => rg_implode("\t", rg_rights_text("repo", $rights), "\n"),
628 "ri.repo_id" => $row['repo_id'],
629 "ri.url" => rg_base_url() . rg_re_repopage($ui, $name),
630 "IP" => rg_var_str("REMOTE_ADDR"));
631 $r = rg_event_add($db, $event);
632 if ($r !== TRUE) {
633 rg_repo_set_error("cannot add event"
634 . " (" . rg_event_error() . ")");
589 rg_log("\tdb_rights: " . rg_array2string($db_rights));
590
591 if (rg_rights_allow($db_rights, $type, $needed_rights, $ip, $misc) === TRUE) {
592 $ret = TRUE;
635 593 break; break;
636 594 } }
637 595
638 // TODO: This will go with events
639 rg_repo_history_insert($db, $row['repo_id'], REPO_CAT_CREATE,
640 "Repo " . $name . " created.");
641
642 $ret = $row['repo_id'];
643 } while (0);
596 break;
597 }
598 $rg_repo_allow_cache[$key] = $ret;
644 599
645 rg_prof_end("repo_create");
600 rg_prof_end("repo_allow");
646 601 return $ret; return $ret;
647 602 } }
648 603
 
... ... function rg_repo_delete($db, $repo_id, $ui)
668 623 } }
669 624
670 625 // Only mark it as such, deletion will happen in background // Only mark it as such, deletion will happen in background
671 $params = array($repo_id);
672 $sql = "UPDATE repos SET deleted = 1 WHERE repo_id = $1";
626 $params = array("repo_id" => $repo_id);
627 $sql = "UPDATE repos SET deleted = 1 WHERE repo_id = @@repo_id@@";
673 628 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
674 629 if ($res === FALSE) { if ($res === FALSE) {
675 630 rg_repo_set_error("Cannot delete (" . rg_sql_error() . ")"); rg_repo_set_error("Cannot delete (" . rg_sql_error() . ")");
 
... ... function rg_repo_lookup_by_old_name($db, $uid, $old_name)
706 661
707 662 $ret = FALSE; $ret = FALSE;
708 663 do { do {
709 $params = array($uid, $old_name);
664 $params = array("uid" => $uid, "old_name" => $old_name);
710 665 $sql = "SELECT repo_id FROM repos_renames" $sql = "SELECT repo_id FROM repos_renames"
711 . " WHERE uid = $1"
712 . " AND old_name = $2";
666 . " WHERE uid = @@uid@@"
667 . " AND old_name = @@old_name@@";
713 668 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
714 669 if ($res === FALSE) { if ($res === FALSE) {
715 670 rg_repo_set_error("cannot lookup old name (" rg_repo_set_error("cannot lookup old name ("
 
... ... function rg_repo_insert_rename($db, $uid, $repo_id, $old_name)
744 699 $r = rg_repo_lookup_by_old_name($db, $uid, $old_name); $r = rg_repo_lookup_by_old_name($db, $uid, $old_name);
745 700 if ($r === FALSE) if ($r === FALSE)
746 701 break; break;
702
703 $params = array("repo_id" => $repo_id,
704 "uid" => $uid,
705 "old_name" => $old_name,
706 "now" => time());
707
747 708 if ($r > 0) { if ($r > 0) {
748 $params = array($repo_id, $uid, $old_name);
749 709 $sql = "UPDATE repos_renames" $sql = "UPDATE repos_renames"
750 . " SET repo_id = $1"
751 . " WHERE uid = $2"
752 . " AND old_name = $3";
710 . " SET repo_id = @@repo_id@@"
711 . " WHERE uid = @@uid@@"
712 . " AND old_name = @@old_name@@";
753 713 } else { } else {
754 $now = time();
755 $params = array($uid, $old_name, $repo_id, $now);
756 714 $sql = "INSERT INTO repos_renames (uid, old_name" $sql = "INSERT INTO repos_renames (uid, old_name"
757 715 . ", repo_id, itime)" . ", repo_id, itime)"
758 . " VALUES ($1, $2, $3, $4)";
716 . " VALUES (@@uid@@, @@old_name@@, @@repo_id@@"
717 . ", @@now@@)";
759 718 } }
760 719 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
761 720 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_repo_insert_rename($db, $uid, $repo_id, $old_name)
772 731 } }
773 732
774 733 /* /*
775 * Updates a repository
734 * Creates/updates a repository
776 735 * @login_ui - info of the user doing the update. * @login_ui - info of the user doing the update.
777 * Warning, it may not be the owner.
736 * TODO: Warning, it may not be the owner.
778 737 * TODO: check rights - also for create? * TODO: check rights - also for create?
738 * TODO: where do we validate if the user has enough public/private slots?
779 739 */ */
780 function rg_repo_update($db, $login_ui, &$new)
740 function rg_repo_edit($db, $login_ui, $new)
781 741 { {
782 rg_prof_start("repo_update");
783 rg_log("repo_update: login_uid=" . $login_ui['uid']
742 rg_prof_start("repo_edit");
743 rg_log("repo_edit: login_uid=" . $login_ui['uid']
784 744 . " new=" . rg_array2string($new)); . " new=" . rg_array2string($new));
785 745
746 // TODO: test if user is allowed to add a repository
747 // TODO: test if user did not cross the limit for number of repos
748
786 749 $ret = FALSE; $ret = FALSE;
787 rg_repo_set_error(""); // TODO: should we do this anywhere?
788 750 do { do {
789 751 if (rg_repo_ok($new['name']) !== TRUE) if (rg_repo_ok($new['name']) !== TRUE)
790 752 break; break;
791 753
792 // TODO: Something is strange here, why we need to lookup the repo?!
793 // First, test if it already exists
794 $ri = rg_repo_info($db, $new['repo_id'], $login_ui['uid'], $new['name']);
795 if ($ri['ok'] != 1)
796 break;
797 if (($ri['exists'] == 1) && ($ri['repo_id'] != $new['repo_id'])) {
798 rg_repo_set_error("Name already taken.");
799 break;
800 }
801
802 // Second, test if repo_id is valid
803 $ri = rg_repo_info($db, $new['repo_id'], $login_ui['uid'], "");
804 if ($ri['ok'] != 1)
805 break;
806 if ($ri['exists'] == 0) {
807 rg_repo_set_error("Repo " . $new['repo_id'] . " does not exists.");
808 break;
754 if ($new['repo_id'] == 0) {
755 // Check if name is already taken
756 $ri = rg_repo_info($db, 0, $login_ui['uid'], $new['name']);
757 if ($ri['ok'] != 1)
758 break;
759 if ($ri['exists'] == 1) {
760 rg_repo_set_error("name already taken; choose a different one");
761 break;
762 }
763 } else {
764 // Test if repo_id is valid
765 $ri = rg_repo_info($db, $new['repo_id'],
766 $login_ui['uid'], "");
767 if ($ri['ok'] != 1)
768 break;
769 if ($ri['exists'] != 1) {
770 rg_repo_set_error("repo " . $new['repo_id'] . " does not exists.");
771 break;
772 }
809 773 } }
810 774
811 // Check if the user renamed the repo
812 775 $renamed = 0; $renamed = 0;
813 if (strcmp($new['name'], $ri['name']) != 0) {
814 $renamed = 1;
815 $r = rg_repo_insert_rename($db, $login_ui['uid'],
816 $new['repo_id'], $ri['name']);
817 if ($r !== TRUE)
818 break;
776 if ($new['repo_id'] > 0) {
777 // Check if the user renamed the repo
778 if (strcmp($new['name'], $ri['name']) != 0) {
779 $renamed = 1;
780 $r = rg_repo_insert_rename($db, $login_ui['uid'],
781 $new['repo_id'], $ri['name']);
782 if ($r !== TRUE)
783 break;
784 }
819 785 } }
820 786
821 $params = array($new['name'], $new['max_commit_size'],
822 trim($new['description']), $new['default_rights'],
823 $new['repo_id']);
824 $sql = "UPDATE repos SET name = $1"
825 . ", max_commit_size = $2"
826 . ", description = $3"
827 . ", default_rights = $4"
828 . " WHERE repo_id = $5";
829 $res = rg_sql_query_params($db, $sql, $params);
787 //TODO: master may be not accessible to this user. check.
788
789 // Small fixes
790 $new['description'] = trim($new['description']);
791 $new['itime'] = time();
792 $new['uid'] = $login_ui['uid'];
793
794 if ($new['repo_id'] == 0) {
795 $sql = "INSERT INTO repos (uid, master, name"
796 . ", itime, max_commit_size, description"
797 . ", git_dir_done, public)"
798 . " VALUES (@@uid@@, @@master@@, @@name@@"
799 . ", @@itime@@, @@max_commit_size@@"
800 . ", @@description@@, 0, @@public@@)"
801 . " RETURNING repo_id";
802 } else {
803 $sql = "UPDATE repos SET name = @@name@@"
804 . ", max_commit_size = @@max_commit_size@@"
805 . ", description = @@description@@"
806 . ", public = @@public@@"
807 . " WHERE repo_id = @@repo_id@@";
808 }
809 $res = rg_sql_query_params($db, $sql, $new);
830 810 if ($res === FALSE) { if ($res === FALSE) {
831 rg_repo_set_error("Cannot update (" . rg_sql_error() . ")");
811 rg_repo_set_error("cannot update: " . rg_sql_error());
832 812 break; break;
833 813 } }
814 if ($new['repo_id'] == 0) {
815 $row = rg_sql_fetch_array($res);
816 if ($row === FALSE) {
817 rg_repo_set_error("cannot fetch row: " . rg_sql_error());
818 break;
819 }
820 }
834 821 rg_sql_free_result($res); rg_sql_free_result($res);
835 822
836 $event = array("category" => 3002, "prio" => 50,
823 if ($new['repo_id'] == 0) {
824 $cat = 3000;
825 $hcat = REPO_CAT_UPDATE;
826 $hmess = "Repository was updated";
827 $notification = "repo_create-" . $login_ui['uid']
828 . "-" . $row['repo_id'];
829 $old_description = "";
830 $new['repo_id'] = $row['repo_id'];
831 } else {
832 $cat = 3002;
833 $hcat = REPO_CAT_CREATE;
834 $hmess = "Repository was created";
835 $notification = "";
836 $old_description = $ri['description'];
837 }
838
839 $event = array("category" => $cat, "prio" => 50,
840 "notification" => $notification,
837 841 "ui.uid" => $login_ui['uid'], "ui.uid" => $login_ui['uid'],
838 842 "ui.email" => $login_ui['email'], "ui.email" => $login_ui['email'],
839 843 "ri.url" => rg_base_url() . rg_re_repopage($login_ui, $new['name']), "ri.url" => rg_base_url() . rg_re_repopage($login_ui, $new['name']),
844 "history_category" => $hcat,
845 "history_message" => $hmess,
840 846 "IP" => rg_var_str("REMOTE_ADDR")); "IP" => rg_var_str("REMOTE_ADDR"));
841 847 $event = rg_array_merge($event, "ri.old", $ri); $event = rg_array_merge($event, "ri.old", $ri);
842 848 $event = rg_array_merge($event, "ri", $new); $event = rg_array_merge($event, "ri", $new);
843 $event['ri.old.description_md5'] = md5($ri['description']);
849 $event['ri.old.description_md5'] = md5($old_description);
844 850 $event['ri.description_md5'] = md5($new['description']); $event['ri.description_md5'] = md5($new['description']);
845 $event['ri.rights_text'] = rg_implode("\t", rg_rights_text("repo", $new['default_rights']), "\n");
846 851 $r = rg_event_add($db, $event); $r = rg_event_add($db, $event);
847 852 if ($r !== TRUE) { if ($r !== TRUE) {
848 853 rg_repo_set_error("cannot add event" rg_repo_set_error("cannot add event"
 
... ... function rg_repo_update($db, $login_ui, &$new)
853 858 $ret = array("renamed" => $renamed); $ret = array("renamed" => $renamed);
854 859 } while (0); } while (0);
855 860
856 rg_prof_end("repo_update");
861 rg_prof_end("repo_edit");
857 862 return $ret; return $ret;
858 863 } }
859 864
 
... ... function rg_repo_list_query($db, $url, $sql, $params)
898 903 } }
899 904 $_line['clone_of'] = $master_repo; $_line['clone_of'] = $master_repo;
900 905 $_line['creation'] = gmdate("Y-m-d", $row['itime']); $_line['creation'] = gmdate("Y-m-d", $row['itime']);
901
902 // rights
903 $_line['rights'] = implode(", ", rg_rights_text("repo", $row['default_rights']));
904
905 906 $_line['disk_used'] = rg_1024($row['disk_used_mb'] * 1024 * 1024); $_line['disk_used'] = rg_1024($row['disk_used_mb'] * 1024 * 1024);
906 907
907 908 $d[] = $_line; $d[] = $_line;
 
... ... function rg_repo_list_query($db, $url, $sql, $params)
913 914 } }
914 915
915 916 /* /*
916 * List repos of user 'ui'.
917 * List repos of page user 'ui'.
917 918 */ */
918 function rg_repo_list($db, $url, $ui)
919 function rg_repo_list($db, $rg, $url, $ui)
919 920 { {
920 rg_log("repo_list: url=$url, uid=" . $ui['uid']);
921 rg_log("repo_list: url=$url uid=" . $ui['uid']
922 . " login_uid=" . $rg['login_ui']['uid']);
921 923
922 $params = array();
923 $index = 1;
924 $params = array("uid" => $ui['uid']);
924 925
925 926 $add = ""; $add = "";
926 if ($ui['uid'] > 0) {
927 $add = " AND uid = \$" . $index;
928 $params[] = $ui['uid'];
929 $index++;
930 }
927 if ($ui['uid'] > 0)
928 $add = " AND uid = @@uid@@";
929
930 // TODO: also admin must be able to see them?
931 if (($rg['login_ui']['uid'] == 0)
932 || ($rg['login_ui']['uid'] != $ui['uid']))
933 $add .= " AND public = 1";
931 934
932 935 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
933 936 . " WHERE deleted = 0" . " WHERE deleted = 0"
 
... ... function rg_repo_search($db, $login_ui, $q)
950 953 if (isset($login_ui['admin']) && ($login_ui['admin'] == 1)) if (isset($login_ui['admin']) && ($login_ui['admin'] == 1))
951 954 $admin = 1; $admin = 1;
952 955
953 $params = array("%" . $q . "%", $login_ui['uid']);
956 $params = array("q" => "%" . $q . "%",
957 "uid" => $login_ui['uid']);
958
954 959 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
955 960 . " WHERE deleted = 0" . " WHERE deleted = 0"
956 . " AND (name ILIKE $1 OR description ILIKE $1)"
957 . " AND (uid = $2 OR default_rights LIKE '%F%' OR " . $admin . " = 1)"
961 . " AND (uid = @@uid@@ OR public = 1 OR " . $admin . " = 1)"
962 . " AND (name ILIKE @@q@@ OR description ILIKE @@q@@)"
958 963 . " ORDER BY master, name" . " ORDER BY master, name"
959 . " LIMIT 10";
960
964 . " LIMIT 20";
961 965 $r = rg_repo_list_query($db, "", $sql, $params); $r = rg_repo_list_query($db, "", $sql, $params);
962 966
963 967 rg_prof_end("repo_search"); rg_prof_end("repo_search");
 
... ... function rg_repo_git_done($db, $repo_id)
1034 1038
1035 1039 $ret = FALSE; $ret = FALSE;
1036 1040 do { do {
1037 $params = array($repo_id);
1041 $params = array("repo_id" => $repo_id);
1038 1042 $sql = "UPDATE repos SET git_dir_done = 1" $sql = "UPDATE repos SET git_dir_done = 1"
1039 . " WHERE repo_id = $1";
1043 . " WHERE repo_id = @@repo_id@@";
1040 1044 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1041 1045 if ($res === FALSE) { if ($res === FALSE) {
1042 1046 rg_repo_set_error("Cannot query (" . rg_sql_error() . ")"); rg_repo_set_error("Cannot query (" . rg_sql_error() . ")");
 
... ... function rg_repo_git_done($db, $repo_id)
1054 1058 /* /*
1055 1059 * Get rights for a user * Get rights for a user
1056 1060 */ */
1057 function rg_repo_rights_get($db, $ri, $uid, $flags)
1061 function rg_repo_rights_get($db, $type, $ri, $uid)
1058 1062 { {
1059 1063 rg_prof_start("repo_rights_get"); rg_prof_start("repo_rights_get");
1060
1061 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid"
1062 . " flags=$flags...");
1064 rg_log("rg_repo_rights_get: type=$type repo_id=" . $ri['repo_id']
1065 . ", uid=$uid");
1063 1066
1064 1067 $ret = array(); $ret = array();
1065 1068 $ret['ok'] = 0; $ret['ok'] = 0;
 
... ... function rg_repo_rights_get($db, $ri, $uid, $flags)
1067 1070
1068 1071 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
1069 1072
1070 // Give all rights to owner
1071 if ($ri['uid'] == $uid) {
1072 rg_log("\tuid $uid is the owner.");
1073 $rights = rg_rights_all("repo");
1074 if (($flags & RG_RIGHTS_FILL_EXISTS) == 0) {
1075 rg_log("\tNo need to fill 'exists' field. Return.");
1076 $ret['rights'] = $rights;
1073 while (1) {
1074 // Give all rights to owner
1075 if ($ri['uid'] == $uid) {
1076 rg_log("\tuid $uid is the owner.");
1077 $a = array();
1078 $a['rights'] = rg_rights_all($type);
1079 $a['rights_text'] = implode(", ",
1080 rg_rights_text($type, $a['rights']));
1081 $a['ip'] = "0.0.0.0/0 ::/0";
1082 $ret['list'][] = $a;
1077 1083 $ret['ok'] = 1; $ret['ok'] = 1;
1078 return $ret;
1084 break;
1079 1085 } }
1080 } else {
1081 rg_log("\tuid $uid is NOT the owner (" . $ri['uid'] . ");"
1082 . " assign default rights.");
1083 $rights = $ri['default_rights'];
1084 }
1085
1086 $r = rg_rights_get($db, "repo", $repo_id, $uid);
1087 if ($r['ok'] !== 1) {
1088 rg_repo_set_error("cannot get rights (" . rg_rights_error() . ")!");
1089 return FALSE;
1090 }
1091 1086
1092 $ret['rights'] = rg_rights_combine($rights, $r['rights']);
1093 rg_log("\tFinal rights($rights + "
1094 . $r['rights'] . ")=" . $ret['rights']);
1095 $ret['ok'] = 1;
1087 $r = rg_rights_get($db, $type, $repo_id, $uid, 0);
1088 if ($r['ok'] !== 1) {
1089 rg_repo_set_error("cannot get rights (" . rg_rights_error() . ")!");
1090 break;
1091 }
1096 1092
1097 // add misc stuff
1098 $ret = array_merge($ret, $r['misc']);
1093 rg_log_ml("rights: " . print_r($r, TRUE));
1094 $ret['list'] = $r['list'];
1095 $ret['ok'] = 1;
1096 break;
1097 }
1099 1098
1100 1099 rg_prof_end("repo_rights_get"); rg_prof_end("repo_rights_get");
1101
1102 1100 return $ret; return $ret;
1103 1101 } }
1104 1102
1105 1103 /* /*
1106 * Add rights for a repo
1104 * Add in queue a statistic file
1107 1105 */ */
1108 function rg_repo_rights_set($db, $ri, $uid, $rights, $misc)
1106 function rg_repo_stats_push2file($a)
1109 1107 { {
1110 if (!isset($ri['repo_id'])) {
1111 rg_internal_error("repo_id is not defined!");
1108 global $rg_state_dir;
1109
1110 $q = $rg_state_dir . "/qstats";
1111 if (!is_dir($q)) {
1112 $r = @mkdir($q, 0700);
1113 if ($r !== TRUE) {
1114 rg_internal_error("Cannot create dir [$q] ($php_errormsg)!");
1115 return FALSE;
1116 }
1117 }
1118
1119 $buf = serialize($a);
1120 $file = sha1($buf);
1121 $r = file_put_contents($q . "/" . $file, $buf);
1122 if ($r === FALSE) {
1123 rg_internal_error("Cannot store file in qstats ($php_errormsg)!");
1112 1124 return FALSE; return FALSE;
1113 1125 } }
1114 1126
1115 rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id']
1116 . " uid=$uid rights=$rights misc=" . rg_array2string($misc));
1127 return $file;
1128 }
1117 1129
1118 $r = rg_rights_set($db, "repo", $ri['repo_id'], $uid, $rights, $misc);
1119 if ($r !== TRUE) {
1120 rg_repo_set_error("cannot alter rights (" . rg_rights_error() . ")!");
1121 return FALSE;
1130 /*
1131 * Add some useful fileds to rights
1132 */
1133 function rg_repo_rights_cosmetic($db, &$a)
1134 {
1135 if (isset($a['target_user'])) {
1136 if (strcmp($a['target_user'], "*") == 0) {
1137 $a['uid'] = 0;
1138 } else {
1139 $ui = rg_user_info($db, 0, $a['target_user'], "");
1140 if ($ui['exists'] != 1)
1141 $a['uid'] = "?";
1142 else
1143 $a['uid'] = $ui['uid'];
1144 }
1145 } else {
1146 if ($a['target_uid'] == 0) {
1147 $a['target_user'] = "*";
1148 } else {
1149 $ui = rg_user_info($db, $a['target_uid'], "", "");
1150 if ($ui['exists'] != 1)
1151 $a['target_user'] = "?" . $a['target_uid'] . "?";
1152 else
1153 $a['target_user'] = $ui['username'];
1154 }
1155 }
1156
1157 if (isset($a['who'])) {
1158 $ui = rg_user_info($db, $a['who'], "", "");
1159 if ($ui['exists'] != 1)
1160 $a['who_name'] = "?" . $a['who'] . "?";
1161 else
1162 $a['who_name'] = $ui['username'];
1122 1163 } }
1123 1164
1165 if (empty($a['ip']))
1166 $a['ip'] = "Any";
1167
1124 1168 return TRUE; return TRUE;
1125 1169 } }
1126 1170
1127 1171 /* /*
1128 * List rights for a repo
1172 * Add some useful fileds to rights
1129 1173 */ */
1130 function rg_repo_rights_load($db, $ri)
1174 function rg_repo_rights_cosmetic_list($db, &$a)
1131 1175 { {
1132 rg_log("rg_repo_rights_load: repo_id=" . $ri['repo_id']);
1176 foreach ($a as $k => &$v)
1177 rg_repo_rights_cosmetic($db, $v);
1178 }
1133 1179
1134 $r = rg_rights_load($db, "repo", $ri['repo_id']);
1135 if ($r === FALSE) {
1136 rg_repo_set_error("Cannot list rights (" . rg_rights_error() . ")");
1137 return FALSE;
1180 /*
1181 * High level function to delete rights ids
1182 */
1183 function rg_repo_admin_delete_rights($db, $rg, $obj_id, &$errmsg)
1184 {
1185 $errmsg = array();
1186
1187 $list = rg_var_str("rights_delete_ids");
1188
1189 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1190 $errmsg[] = "invalid token; try again";
1191 return;
1138 1192 } }
1139 1193
1140 return $r;
1194 $r = rg_repo_rights_delete_list($db, $obj_id, $list);
1195 if ($r === FALSE) {
1196 $errmsg[] = rg_rights_error();
1197 return;
1198 }
1141 1199 } }
1142 1200
1143 1201 /* /*
1144 * Add in queue a statistic file
1202 * High level function for Repo -> Admin -> Rights -> Repo/Refs rights menu.
1145 1203 */ */
1146 function rg_repo_stats_push2file($a)
1204 function rg_repo_admin_rights($db, $rg, $type)
1147 1205 { {
1148 global $rg_state_dir;
1206 rg_log("rg_repo_admin_repo_rights type=$type");
1207
1208 /* 'repo' is correct here, we test for granting rights on repo */
1209 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "G", $rg['ip'], "") !== TRUE)
1210 return rg_template("user/repo/rights/deny.html", $rg);
1211
1212 $ret = "";
1213
1214 $a = array();
1215 $a['right_id'] = rg_var_uint("right_id");
1216 $a['edit_id'] = rg_var_uint("edit_id");
1217 $a['target_user'] = rg_var_str("target_user");
1218 $a['rights'] = rg_rights_a2s(rg_var_str("rights"));
1219 $a['misc'] = rg_var_str("misc");
1220 $a['ip'] = rg_var_str("ip");
1221 $a['prio'] = rg_var_uint("prio");
1222 rg_log_ml("CHECK: a(POST)=" . print_r($a, TRUE));
1223
1224 $errmsg = array();
1225 $list_errmsg = array();
1226
1227 $load_defaults = 1;
1228
1229 $delete = rg_var_bool("delete");
1230 while ($delete == 1) {
1231 $list = rg_var_uint("rights_delete_ids");
1232 if (empty($list)) {
1233 $list_errmsg[] = "please select at least one item";
1234 break;
1235 }
1149 1236
1150 $q = $rg_state_dir . "/qstats";
1151 if (!is_dir($q)) {
1152 $r = @mkdir($q, 0700);
1237 $my_list = array();
1238 foreach ($list as $k => $junk)
1239 $my_list[] = $k;
1240
1241 $r = rg_rights_delete_list($db, $rg['ri']['repo_id'], $my_list);
1153 1242 if ($r !== TRUE) { if ($r !== TRUE) {
1154 rg_internal_error("Cannot create dir [$q] ($php_errormsg)!");
1155 return FALSE;
1243 $list_errmsg[] = "cannot delete rights: " . rg_rights_error();
1244 break;
1156 1245 } }
1246
1247 $ret .= rg_template("user/repo/rights/delete_ok.html", $rg);
1248 break;
1157 1249 } }
1158 1250
1159 $buf = serialize($a);
1160 $file = sha1($buf);
1161 $r = file_put_contents($q . "/" . $file, $buf);
1162 if ($r === FALSE) {
1163 rg_internal_error("Cannot store file in qstats ($php_errormsg)!");
1164 return FALSE;
1251 // edit
1252 while ($a['edit_id'] > 0) {
1253 // TODO: check rights
1254
1255 $r = rg_rights_get($db, $type, $rg['ri']['repo_id'],
1256 $rg['login_ui']['uid'], $a['edit_id']);
1257 if ($r['ok'] != 1) {
1258 $list_errmsg[] = "cannot load rights: " . rg_rights_error();
1259 break;
1260 }
1261
1262 if (empty($r['list'])) {
1263 $list_errmsg[] = "right not found";
1264 break;
1265 }
1266
1267 $a = $r['list'][0];
1268
1269 // fill 'target_user' field
1270 rg_repo_rights_cosmetic($db, $a);
1271
1272 $load_defaults = 0;
1273 break;
1165 1274 } }
1166 1275
1167 return $file;
1276 $grant = rg_var_bool("grant");
1277 while ($grant == 1) {
1278 $load_defaults = 0;
1279
1280 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1281 $errmsg[] = "invalid token; try again";
1282 break;
1283 }
1284
1285 $r = rg_rights_validate_ip($a['ip']);
1286 if ($r !== TRUE) {
1287 $errmsg[] = rg_rights_error();
1288 break;
1289 }
1290
1291 // lookup user
1292 rg_repo_rights_cosmetic($db, $a);
1293
1294 $a['obj_id'] = $rg['ri']['repo_id'];
1295 $a['who'] = $rg['login_ui']['uid'];
1296 $r = rg_rights_set($db, $type, $a);
1297 if ($r !== TRUE) {
1298 $errmsg[] = rg_repo_error();
1299 break;
1300 }
1301
1302 $ret .= rg_template("user/repo/rights/grant_ok.html", $rg);
1303
1304 $load_defaults = 1;
1305 break;
1306 }
1307
1308 if ($load_defaults == 1) {
1309 $rg['right_id'] = $a['right_id'];
1310 $rg['target_user'] = "";
1311 $rg['rights'] = rg_rights_default($type);
1312 $rg['misc'] = "";
1313 $rg['ip'] = "";
1314 $rg['prio'] = 100;
1315 } else {
1316 $rg = rg_array_merge($rg, "", $a);
1317 }
1318
1319 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
1320 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
1321 $rg['HTML:list_errmsg'] = rg_template_errmsg($list_errmsg);
1322 $rg['HTML:rights_checkboxes'] = rg_rights_checkboxes($type, "rights",
1323 $rg['rights']);
1324
1325 // list rights
1326 $rights_list = rg_rights_load($db, $type, $rg['ri']['repo_id']);
1327 rg_repo_rights_cosmetic_list($db, $rights_list);
1328 if ($rights_list === FALSE)
1329 $ret .= rg_warning("Cannot load rights. Try later.");
1330 else
1331 $ret .= rg_template_table("user/repo/rights/list_" . $type,
1332 $rights_list, $rg);
1333
1334 $ret .= rg_template("user/repo/rights/form_" . $type . ".html", $rg);
1335
1336 // hints
1337 $hints = array();
1338 $hints[]['HTML:hint'] = rg_template("hints/repo/edit_rights.html", $rg);
1339 $hints[]['HTML:hint'] = rg_template("hints/repo/edit_" . $type . "_rights.html", $rg);
1340 $ret .= rg_template_table("hints/list", $hints, $rg);
1341
1342 return $ret;
1343 }
1344
1345 /*
1346 * High level function for repo deletion
1347 */
1348 function rg_repo_admin_delete($db, $rg)
1349 {
1350 $ret = "";
1351
1352 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "D", $rg['ip'], "") !== TRUE)
1353 return rg_template("user/repo/delete/deny.html", $rg);
1354
1355 $are_you_sure = rg_var_uint("are_you_sure");
1356
1357 $errmsg = array();
1358
1359 $show_form = 1;
1360
1361 do {
1362 if ($rg['doit'] != 1)
1363 break;
1364
1365 if ($are_you_sure == 0) {
1366 $ret .= rg_template("user/repo/delete/no.html", $rg);
1367 $show_form = 0;
1368 break;
1369 }
1370
1371 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1372 $errmsg[] = "invalid token; try again";
1373 break;
1374 }
1375
1376 rg_log_ml("CHECK: rg: " . print_r($rg, TRUE));
1377 $r = rg_repo_delete($db, $rg['ri']['repo_id'], $rg['login_ui']);
1378 if ($r === FALSE) {
1379 $errmsg[] = rg_repo_error();
1380 break;
1381 }
1382
1383 $ret .= rg_template("user/repo/delete/done.html", $rg);
1384 $show_form = 0;
1385 } while (0);
1386
1387 if ($show_form == 1) {
1388 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
1389 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
1390 $ret .= rg_template("user/repo/delete/sure.html", $rg);
1391 }
1392
1393 return $ret;
1394 }
1395
1396 /*
1397 * High level function creating/editing a repo
1398 */
1399 function rg_repo_edit_high_level($db, $rg)
1400 {
1401 rg_log("rg_repo_edit_high_level");
1402
1403 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "E", $rg['ip'], "") !== TRUE)
1404 return rg_template("user/repo/deny_edit.html", $rg);
1405
1406 $ret = "";
1407
1408 $errmsg = array();
1409 $load_form = TRUE;
1410 do {
1411 if ($rg['doit'] != 1) {
1412 if (!isset($rg['ri'])) {
1413 // Defaults
1414 $rg['ri']['repo_id'] = "0";
1415 $rg['ri']['master'] = "0";
1416 $rg['ri']['name'] = "";
1417 $rg['ri']['max_commit_size'] = "0";
1418 $rg['ri']['description'] = "";
1419 $rg['ri']['master_repo_id'] = "0";
1420 $rg['ri']['public'] = "1";
1421 }
1422 break;
1423 }
1424
1425 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1426 // TODO: replace all of these with a template
1427 $errmsg[] = "invalid token; try again.";
1428 break;
1429 }
1430
1431 $rg['ri']['repo_id'] = rg_var_uint("repo_id");
1432 $rg['ri']['name'] = rg_var_str("name"); // TODO: filter name!
1433 $rg['ri']['max_commit_size'] = rg_var_uint("max_commit_size");
1434 $rg['ri']['description'] = rg_var_str("description");
1435 $rg['ri']['public'] = rg_var_bool("public");
1436 $rg['ri']['master'] = rg_var_uint("master");
1437
1438 $r = rg_repo_edit($db, $rg['login_ui'], $rg['ri']);
1439 if ($r === FALSE) {
1440 $errmsg[] = rg_repo_error();
1441 break;
1442 }
1443 $rg['ri.renamed'] = $r['renamed'];
1444
1445 $rg['ri']['home'] = rg_re_repopage($rg['login_ui'],
1446 $rg['ri']['name']);
1447 if ($rg['ri']['repo_id'] == 0) {
1448 $ret .= rg_template("repo/create_ok.html", $rg);
1449 } else {
1450 $ret .= rg_template("repo/edit_ok.html", $rg);
1451 }
1452
1453 $load_form = FALSE;
1454 } while (0);
1455
1456 if ($load_form) {
1457 if ($rg['ri']['master'] > 0) {
1458 $rg['ri']['master_name'] = $rg['ri']['master'];
1459 $_mi = repo_info($db, $rg['ri']['master'], "");
1460 if ($_mi['exists'] == 1)
1461 $rg['ri']['master_name'] = $_mi['name'];
1462 } else {
1463 $rg['ri']['master_name'] = "";
1464 }
1465
1466 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
1467 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
1468 $hints = array();
1469 $hints[]['HTML:hint'] = rg_template("hints/repo/create_repo.html", $rg);
1470 $rg['HTML:hints'] = rg_template_table("hints/list", $hints, $rg);
1471 $ret .= rg_template("repo/add_edit.html", $rg);
1472 }
1473
1474 return $ret;
1168 1475 } }
1169 1476
1477 /*
1478 * High level function for 'Repo -> Admin' menu
1479 */
1480 function rg_repo_admin($db, $rg, $paras)
1481 {
1482 rg_log("rg_repo_admin paras=" . rg_array2string($paras));
1483
1484 $ret = "";
1485
1486 $_op = empty($paras) ? "edit" : array_shift($paras);
1487
1488 $rg['menu']['repo'][$_op] = 1;
1489 $ret .= rg_template("user/repo/menu.html", $rg);
1490
1491 switch ($_op) {
1492 case 'repo_rights':
1493 $ret .= rg_repo_admin_rights($db, $rg, "repo");
1494 break;
1495
1496 case 'refs_rights':
1497 $ret .= rg_repo_admin_rights($db, $rg, "repo_refs");
1498 break;
1499
1500 case 'path_rights':
1501 $ret .= rg_repo_admin_rights($db, $rg, "repo_path");
1502 break;
1503
1504 case 'delete':
1505 $ret .= rg_repo_admin_delete($db, $rg);
1506 break;
1507
1508 default:
1509 $rg['form_url'] = $rg['url_repo'] . "/admin";
1510 $ret .= rg_repo_edit_high_level($db, $rg);
1511 break;
1512 }
1513
1514 return $ret;
1515 }
1170 1516
1171 1517 ?> ?>
File inc/repo/repo.php changed (mode: 100644) (index 5823907..73ad594)
1 1 <?php <?php
2 rg_log("/inc/repo/repo");
2 rg_log("FILE: /inc/repo/repo");
3 3
4 $repo_more = $more;
5 $_repo = "";
6
7 if ($login_ui['uid'] == 0) {
8 $_repo .= rg_warning("You do not have access here!");
9 return;
10 }
4 // This page is shown when user press main menu "Repositories"
11 5
12 $name = rg_var_str("name");
13 $max_commit_size = rg_var_uint("max_commit_size");
14 $description = rg_var_str("description");
15 $master_repo_id = rg_var_uint("master_repo_id");
16 $repo_id = rg_var_uint("repo_id");
6 $_repo = "";
17 7
18 8 $errmsg = array(); $errmsg = array();
19 9
20 10 $_subop = empty($paras) ? "list" : array_shift($paras); $_subop = empty($paras) ? "list" : array_shift($paras);
21
22 // menu
23 $_m = array(
24 "list" => array(
25 "text" => "List",
26 "op" => "list"
27 ),
28 "create" => array(
29 "text" => "Create",
30 "op" => "create"
31 ),
32 "search" => array(
33 "text" => "Search",
34 "op" => "search"
35 )
36 );
37 rg_menu_add($rg_menu, $_m, $_subop);
38
39 11 switch ($_subop) { switch ($_subop) {
40 12 case 'list': case 'list':
41 $_repo .= rg_repo_list($db, "", $login_ui);
13 $_repo .= rg_repo_list($db, $rg, "", $rg['login_ui']);
42 14 break; break;
43 15
44 16 case 'create': case 'create':
45 if ($doit == 1) {
46 $rights = rg_rights_a2s(rg_var_str("rights"));
47
48 do {
49 $_r = rg_repo_create($db, $master_repo_id, $login_ui, $name,
50 $max_commit_size, $description, $rights);
51 if ($_r === FALSE) {
52 $errmsg[] = rg_repo_error();
53 break;
54 }
55
56 // redirect to repo page
57 $url = rg_re_repopage($login_ui, $name);
58 rg_redirect($url);
59 } while (0);
60 } else { // load defaults
61 $rights = $rg_repo_rights_default;
62 }
63
64 if ($master_repo_id > 0) {
65 $master_name = $master_repo_id;
66 $_mi = repo_info($db, $master_repo_id, "");
67 if ($_mi['exists'] == 1)
68 $master_name = $_mi['name'];
69 $repo_more['master_name'] = $master_name;
70 } else {
71 $repo_more['master_name'] = "";
72 }
73
74 $repo_more['title'] = "Create repository";
75 $repo_more['button'] = "Create";
76 $repo_more['name'] = $name;
77 $repo_more['max_commit_size'] = $max_commit_size;
78 $repo_more['description'] = $description;
79 $repo_more['master_repo_id'] = $master_repo_id;
80 $repo_more['HTML:rights'] = rg_rights_checkboxes("repo", $rights);
81 $repo_more['repo_id'] = $repo_id;
82 $repo_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
83 $repo_more['rg_form_token'] = rg_token_get($db, $sid);
84
85 $hints = array();
86 $hints[]['HTML:hint'] = rg_template("hints/repo/create_repo.html", $repo_more);
87 $repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more);
88
89 $_repo .= rg_template("repo/add_edit.html", $repo_more);
17 $rg['form_url'] = "/op/repo/create";
18 $_repo .= rg_repo_edit_high_level($db, $rg);
90 19 break; break;
91 20
92 21 case 'search': case 'search':
93 22 $q = rg_var_str("q"); $q = rg_var_str("q");
94 23
95 while ($doit == 1) {
96 $_t = rg_repo_search($db, $login_ui, $q);
24 while ($rg['doit'] == 1) {
25 $_t = rg_repo_search($db, $rg['login_ui'], $q);
97 26 if ($_t === FALSE) { if ($_t === FALSE) {
98 27 $errmsg[] = rg_repo_error(); $errmsg[] = rg_repo_error();
99 28 break; break;
 
... ... case 'search':
103 32 break; break;
104 33 } }
105 34
106 $repo_more['q'] = $q;
107 $repo_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
108 $_repo .= rg_template("repo/search.html", $repo_more);
35 $rg['q'] = $q;
36 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
37 $_repo .= rg_template("repo/search.html", $rg);
109 38 break; break;
110 39 } }
111 40
41 $rg['menu']['sub1'][$_subop] = 1;
42 $rg['HTML:submenu1'] = rg_template("repo/menu.html", $rg);
43
112 44 ?> ?>
File inc/rights.inc.php changed (mode: 100644) (index 2d4baaa..6101110)
... ... require_once($INC . "/sql.inc.php");
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/git.inc.php"); require_once($INC . "/git.inc.php");
7 7
8 define("RG_RIGHTS_FILL_EXISTS", 1);
9
10 8 $rg_rights = array(); $rg_rights = array();
9 $rg_rights_default = array();
11 10
12 11 $rg_rights_error = ""; $rg_rights_error = "";
13 12
 
... ... function rg_rights_error()
26 25 /* /*
27 26 * Register a set of rights * Register a set of rights
28 27 */ */
29 function rg_rights_register($type, $rights)
28 function rg_rights_register($type, $rights, $default_rights)
30 29 { {
31 30 global $rg_rights; global $rg_rights;
31 global $rg_rights_default;
32 32
33 33 $rg_rights[$type] = $rights; $rg_rights[$type] = $rights;
34 $rg_rights_default[$type] = $default_rights;
34 35 } }
35 36
36 37 /* /*
 
... ... function rg_rights_all($type)
73 74 return $ret; return $ret;
74 75 } }
75 76
77 /*
78 * Returns default rights for a type
79 */
80 function rg_rights_default($type)
81 {
82 global $rg_rights_default;
83
84 if (!isset($rg_rights_default[$type])) {
85 rg_log("WARN: type [$type] is not registered!");
86 return "";
87 }
88
89 return $rg_rights_default[$type];
90 }
91
76 92 /* /*
77 93 * Rights -> form * Rights -> form
78 94 */ */
79 function rg_rights_checkboxes($type, $passed_rights)
95 function rg_rights_checkboxes($type, $name, $passed_rights)
80 96 { {
81 97 global $rg_rights; global $rg_rights;
82 98
 
... ... function rg_rights_checkboxes($type, $passed_rights)
90 106 $add = ""; $add = "";
91 107 if (strstr($passed_rights, $right)) if (strstr($passed_rights, $right))
92 108 $add = " checked=\"checked\""; $add = " checked=\"checked\"";
93 $ret .= "<input type=\"checkbox\" name=\"rights[$right]\""
109 $ret .= "<input type=\"checkbox\""
110 . " name=\"" . $name . "[$right]\""
94 111 . $add . " />$info<br />\n"; . $add . " />$info<br />\n";
95 112 } }
96 113
 
... ... function rg_rights_a2s($a)
127 144 { {
128 145 $rights = ""; $rights = "";
129 146
147 if (empty($a))
148 return "";
149
130 150 if (!is_array($a)) { if (!is_array($a)) {
131 151 rg_internal_error("Rights array is not an array"); rg_internal_error("Rights array is not an array");
132 152 return ""; return "";
 
... ... function rg_rights_a2s($a)
140 160
141 161 /* /*
142 162 * Get rights for an object * Get rights for an object
143 * TODO: caching in RAM?
163 * @uid - the uid of the (normally) logged in user.
164 * @right_id - optional id (used by edit)
144 165 */ */
145 function rg_rights_get($db, $type, $obj_id, $uid)
166 $rg_rights_get_cache = array();
167 function rg_rights_get($db, $type, $obj_id, $uid, $right_id)
146 168 { {
147 169 global $rg_rights; global $rg_rights;
170 global $rg_rights_get_cache;
171
172 $key = $type . "|" . $obj_id . "|" . $uid . "|" . $right_id;
173 if (isset($rg_rights_get_cache[$key])) {
174 rg_log("CHECK: rights returned from cache for key $key");
175 return $rg_rights_get_cache[$key];
176 }
148 177
149 178 rg_log("rg_rights_get: type=$type obj_id=$obj_id uid=$uid..."); rg_log("rg_rights_get: type=$type obj_id=$obj_id uid=$uid...");
150 179 rg_prof_start("rights_get"); rg_prof_start("rights_get");
151 180
152 181 $ret = array(); $ret = array();
153 182 $ret['ok'] = 0; $ret['ok'] = 0;
154 $ret['rights'] = "";
183 $ret['list'] = array();
155 184 do { do {
185 // No rights possible for not logged in user
156 186 if ($uid == 0) { if ($uid == 0) {
157 187 $ret['ok'] = 1; $ret['ok'] = 1;
158 188 break; break;
159 189 } }
160 190
161 $params = array($type, $uid, $obj_id);
162 $sql = "SELECT itime, rights, misc, prio FROM rights"
163 . " WHERE type = $1"
164 . " AND uid = $2"
165 . " AND obj_id = $3"
191 $add = "";
192 if ($right_id > 0)
193 $add = " AND right_id = @@right_id@@";
194 else
195 $add = " AND (uid = @@uid@@ OR uid = 0)";
196
197 $params = array("type" => $type,
198 "uid" => $uid,
199 "obj_id" => $obj_id,
200 "right_id" => $right_id);
201 $sql = "SELECT * FROM rights"
202 . " WHERE type = @@type@@"
203 . " AND obj_id = @@obj_id@@"
204 . $add
166 205 . " ORDER BY prio"; . " ORDER BY prio";
167 206 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
168 207 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_rights_get($db, $type, $obj_id, $uid)
170 209 break; break;
171 210 } }
172 211
173 $ret['ok'] = 1;
174 $ret['exists'] = 0;
175 $rows = rg_sql_num_rows($res);
176 if ($rows > 0)
177 $row = rg_sql_fetch_array($res);
212 while (($row = rg_sql_fetch_array($res))) {
213 $row['target_uid'] = $row['uid']; unset($row['uid']);
214 $row['rights_text'] = implode(", ",
215 rg_rights_text($type, $row['rights']));
216 $ret['list'][] = $row;
217 }
178 218 rg_sql_free_result($res); rg_sql_free_result($res);
179 if ($rows == 0)
180 break;
181 219
182 $ret['itime'] = $row['itime'];
183 $ret['rights'] = $row['rights'];
184 $ret['misc'] = empty($row['misc']) ? array() : unserialize($row['misc']);
185 $ret['prio'] = $row['prio'];
186 $ret['exists'] = 1;
220 $ret['ok'] = 1;
221 $rg_rights_get_cache[$key] = $ret;
187 222 } while (0); } while (0);
188 223
189 rg_log("\tdb rights: [" . $ret['rights'] . "].");
224 rg_log("\tdb rights: " . rg_array2string($ret['list']));
190 225
191 226 rg_prof_end("rights_get"); rg_prof_end("rights_get");
192 227 return $ret; return $ret;
 
... ... function rg_rights_get($db, $type, $obj_id, $uid)
195 230 /* /*
196 231 * Set rights for an object * Set rights for an object
197 232 */ */
198 function rg_rights_set($db, $type, $obj_id, $uid, $rights, $misc)
233 function rg_rights_set($db, $type, $a)
199 234 { {
200 rg_log("rg_rights_set: type=$type obj_id=$obj_id"
201 . " uid=$uid rights=$rights misc=" . rg_array2string($misc));
202
203 if (empty($rights)) {
204 $params = array($type, $uid, $obj_id);
205 $sql = "DELETE FROM rights"
206 . " WHERE type = $1"
207 . " AND uid = $2"
208 . " AND obj_id = $3";
209 } else {
210 $r = rg_rights_get($db, $type, $obj_id, $uid);
211 if ($r['ok'] != 1)
212 return $r;
213 rg_log("r: " . rg_array2string($r));
214
215 if ($r['exists'] == 1) {
216 $params = array($rights, serialize($misc), $type, $uid,
217 $obj_id);
218 $sql = "UPDATE rights"
219 . " SET rights = $1"
220 . ", misc = $2"
221 . " WHERE type = $3"
222 . " AND uid = $4"
223 . " AND obj_id = $5";
224 } else {
225 $params = array($type, $uid, $obj_id, $rights,
226 serialize($misc), time());
227 $sql = "INSERT INTO rights (type, uid, obj_id, rights"
228 . ", misc, itime)"
229 . " VALUES ($1, $2, $3, $4, $5, $6)";
230 }
231 }
232
233 $res = rg_sql_query_params($db, $sql, $params);
235 rg_log("rg_rights_set: type=$type paras=" . rg_array2string($a));
236
237 $a['type'] = $type;
238 $a['now'] = time();
239 if ($a['right_id'] > 0)
240 $sql = "UPDATE rights SET"
241 . " type = @@type@@"
242 . ", uid = @@uid@@"
243 . ", obj_id = @@obj_id@@"
244 . ", rights = @@rights@@"
245 . ", misc = @@misc@@"
246 . ", ip = @@ip@@"
247 . ", prio = @@prio@@"
248 . ", itime = @@now@@"
249 . ", who = @@who@@"
250 . " WHERE right_id = @@right_id@@";
251 else
252 $sql = "INSERT INTO rights (type, uid, obj_id, rights"
253 . ", misc, ip, prio, itime, who)"
254 . " VALUES (@@type@@, @@uid@@, @@obj_id@@, @@rights@@"
255 . ", @@misc@@, @@ip@@, @@prio@@, @@now@@, @@who@@)";
256 $res = rg_sql_query_params($db, $sql, $a);
234 257 if ($res === FALSE) { if ($res === FALSE) {
235 258 rg_rights_set_error("cannot alter rights (" . rg_sql_error() . ")!"); rg_rights_set_error("cannot alter rights (" . rg_sql_error() . ")!");
236 259 return FALSE; return FALSE;
 
... ... function rg_rights_set($db, $type, $obj_id, $uid, $rights, $misc)
242 265
243 266 /* /*
244 267 * Returns an array with the rights, for all users * Returns an array with the rights, for all users
268 * TODO: we have a circular depenedncy on user.inc. Remove the lookup and brake
269 * the dependency.
245 270 */ */
246 271 function rg_rights_load($db, $type, $obj_id) function rg_rights_load($db, $type, $obj_id)
247 272 { {
 
... ... function rg_rights_load($db, $type, $obj_id)
252 277
253 278 $ret = FALSE; $ret = FALSE;
254 279 do { do {
255 $params = array($type, $obj_id);
280 $params = array("obj_id" => $obj_id,
281 "type" => $type);
282
256 283 $sql = "SELECT * FROM rights" $sql = "SELECT * FROM rights"
257 . " WHERE type = $1"
258 . " AND obj_id = $2";
284 . " WHERE obj_id = @@obj_id@@";
285
286 if (strcmp($type, "*") != 0)
287 $sql .= " AND type = @@type@@";
288
259 289 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
260 290 if ($res === FALSE) { if ($res === FALSE) {
261 291 rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!"); rg_rights_set_error("cannot get info (" . rg_sql_error() . ")!");
 
... ... function rg_rights_load($db, $type, $obj_id)
264 294
265 295 $ret = array(); $ret = array();
266 296 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
267 $row['username'] = "?";
268 $_ui = rg_user_info($db, $row['uid'], "", "");
269 if ($_ui['exists'] == 1)
270 $row['username'] = $_ui['username'];
271
272 $_r = rg_rights_text($type, $row['rights']);
297 if ($row['uid'] == 0) {
298 $row['username'] = "*";
299 } else {
300 $_ui = rg_user_info($db, $row['uid'], "", "");
301 if ($_ui['exists'] == 1)
302 $row['username'] = $_ui['username'];
303 else
304 $row['username'] = "?";
305 }
306
307 $_r = rg_rights_text($row['type'], $row['rights']);
273 308 $row['rights_text'] = implode(", ", $_r); $row['rights_text'] = implode(", ", $_r);
274 309
275 310 $row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']); $row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
276 311
277 312 // To avoid confusion // To avoid confusion
278 $row['right_uid'] = $row['uid']; unset($row['uid']);
313 $row['target_uid'] = $row['uid']; unset($row['uid']);
279 314
280 315 $ret[] = $row; $ret[] = $row;
281 316 } }
 
... ... function rg_rights_mask($val, $mask)
301 336 return $ret; return $ret;
302 337 } }
303 338
339 /*
340 * Splits ip/prefix in components and apply the prefix len mask
341 * Returns FALSE if something is wrong
342 */
343 function rg_rights_split_ip($ip)
344 {
345 $ret = array();
346
347 $ret['prefix_len'] = -1;
348 if (strstr($ip, "/")) { /* prefix len */
349 $t = explode("/", $ip);
350 $ip2 = $t[0];
351 $ret['prefix_len'] = $t[1];
352 } else {
353 $ip2 = $ip;
354 }
355
356 if (preg_match('/^[a-fA-F0-9:]*$/', $ip2)) { /* ipv6 */
357 if ($ret['prefix_len'] == -1) {
358 $ret['prefix_len'] = 128;
359 } else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 128)) {
360 rg_rights_set_error("invalid prefix len for [$ip]");
361 return FALSE;
362 }
363
364 $t = explode("::", $ip2);
365 if (count($t) > 2) {
366 rg_rights_set_error("invalid IPv6 IP [$ip] (multiple ::)");
367 return FALSE;
368 }
369 if (count($t) == 2) { /* we have :: */
370 $ipv6 = array();
371 /* count non-empty groups ($good) */
372 $t = explode(":", $ip2);
373 $good = 0;
374 foreach ($t as $p) {
375 if (!empty($p))
376 $good++;
377 }
378
379 $i = 0;
380 $fill = 1;
381 foreach ($t as $p) {
382 if (!empty($p)) {
383 $ipv6[$i++] = hexdec($p);
384 continue;
385 }
386
387 if ($fill == 0)
388 continue;
389
390 for ($j = 0; $j < 8 - $good; $j++)
391 $ipv6[$i++] = 0;
392 $fill = 0;
393 }
394 } else {
395 $ipv6 = explode(":", $ip2);
396 if (count($ipv6) != 8) {
397 rg_rights_set_error("invalid IPv6 IP [$ip]");
398 return FALSE;
399 }
400
401 foreach ($ipv6 as $k => $p)
402 $ipv6[$k] = hexdec($p);
403 }
404
405 // apply mask
406 for ($i = 0; $i < 8; $i++) {
407 if ($ret['prefix_len'] >= ($i + 1) * 16)
408 continue;
409
410 $len = ($i + 1) * 16 - $ret['prefix_len'];
411 if ($len >= 16) {
412 $ipv6[$i] = 0;
413 } else {
414 $mask = 0xFFFF - (pow(2, $len) - 1);
415 $ipv6[$i] &= $mask;
416 }
417 }
418
419 $new = array();
420 foreach ($ipv6 as $k => $p)
421 $new[$k] = sprintf("%x", $p);
422 $ret['ip'] = implode(":", $new);
423 $ret['type'] = "ipv6";
424 } else if (preg_match('/^[0-9\.]*$/', $ip2)) { /* ipv4 */
425 if ($ret['prefix_len'] == -1) {
426 $ret['prefix_len'] = 32;
427 } else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 32)) {
428 rg_rights_set_error("invalid prefix len for [$ip]");
429 return FALSE;
430 }
431
432 $ipv4 = explode(".", $ip2);
433 if (count($ipv4) != 4) {
434 rg_rights_set_error("invalid IPv4 IP [$ip]");
435 return FALSE;
436 }
437
438 foreach ($ipv4 as $k => $p) {
439 if (($p < 0) || ($p > 255)) {
440 rg_rights_set_error("invalid IPv4 IP [$ip]");
441 return FALSE;
442 }
443
444 $ipv4[$k] = ltrim($p, "0");
445 }
446
447 // apply mask
448 for ($i = 0; $i < 4; $i++) {
449 if ($ret['prefix_len'] >= ($i + 1) * 8)
450 continue;
451
452 $len = ($i + 1) * 8 - $ret['prefix_len'];
453 if ($len >= 8) {
454 $ipv4[$i] = "0";
455 } else {
456 $ipv4[$i] &= 0xFF - (pow(2, $len) - 1);
457 }
458 }
459
460 $ret['ip'] = implode(".", $ipv4);
461 $ret['type'] = "ipv4";
462 } else {
463 rg_rights_set_error("invalid address [$ip]");
464 return FALSE;
465 }
466
467 return $ret;
468 }
469
470 /*
471 * Validates a list of IPs to be correct
472 */
473 function rg_rights_validate_ip($list)
474 {
475 $list = preg_replace("/[,\n]/", " ", $list);
476 $list = trim($list);
477 if (empty($list))
478 return TRUE;
479
480 $list = explode(" ", $list);
481
482 foreach ($list as $junk => $ip) {
483 if (empty($ip))
484 continue;
485
486 $r = rg_rights_split_ip($ip);
487 if ($r === FALSE)
488 return FALSE;
489 }
490
491 return TRUE;
492 }
493
494 /*
495 * Test if an IP match the allowed list
496 */
497 function rg_rights_test_ip($list, $ip)
498 {
499 $r = rg_rights_split_ip($ip);
500 if ($r === FALSE) {
501 rg_log("An invalid IP was specified [$ip]. Ignore it.");
502 return FALSE;
503 }
504
505 $list = explode(" ", $list);
506 foreach ($list as $junk => $ip0) {
507 if (empty($ip0))
508 continue;
509
510 $r0 = rg_rights_split_ip($ip0);
511 if ($r0 === FALSE) {
512 rg_log("An invalid IP was specified [$ip0]. Ignore it.");
513 continue;
514 }
515
516 $new_ip = rg_rights_split_ip($ip . "/" . $r0['prefix_len']);
517 if (strcmp($new_ip['type'], $r0['type']) != 0)
518 continue;
519
520 if (strcmp($new_ip['ip'], $r0['ip']) == 0) {
521 rg_log("$ip matches $ip0");
522 return TRUE;
523 }
524
525 rg_log("no match " . $new_ip['ip'] . " != " . $r0['ip']);
526 }
527
528 return FALSE;
529 }
530
304 531 /* /*
305 532 * Returns TRUE if all 'needed_rights' are included in 'rights' * Returns TRUE if all 'needed_rights' are included in 'rights'
533 * @list - an array of rights
534 * needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
535 */
536 function rg_rights_allow($list, $needed_rights, $ip, $misc)
537 {
538 rg_log("rg_rights_allow: needed_rights=$needed_rights ip=$ip"
539 . " misc=$misc list:" . rg_array2string($list));
540
541 $ret = FALSE;
542
543 if (!is_array($list)) {
544 rg_rights_set_error("list is not array");
545 return $ret;
546 }
547
548 if (empty($needed_rights))
549 return TRUE;
550
551 $needed = explode("|", $needed_rights);
552
553 foreach ($list as $k => $v) {
554 // Test IP
555 if (rg_rights_test_ip($v['ip'], $ip) !== TRUE) {
556 rg_log("CHECK: ip does not match with " . $v['ip']);
557 continue;
558 }
559
560 foreach ($needed as $needed1) {
561 $r = rg_rights_mask($v['rights'], $needed1);
562 if (strcmp($r, $needed1) != 0) {
563 rg_log("rights_allow: [$r] != [$needed1]! Continue.");
564 continue;
565 }
566 rg_log("rights_allow: [$r] = [$needed1]! Allow.");
567 $ret = TRUE;
568 break;
569 }
570
571 if ($ret === FALSE)
572 continue;
573
574 // Test 'misc' match
575 if ($misc !== FALSE) {
576 if (empty($v['misc']))
577 break;
578
579 rg_log("Check misc [$misc] against [" . $v['misc'] . "]");
580 if (!stristr($misc, $v['misc']))
581 continue;
582 }
583
584 break;
585 }
586
587 return $ret;
588 }
589
590 /*
591 * Delete a list of rights
592 * Caller must be sure that the user is allowed to operate on 'obj_id'.
306 593 */ */
307 function rg_rights_allow($rights, $needed_rights)
594 function rg_rights_delete_list($db, $obj_id, $list)
308 595 { {
309 $r = rg_rights_mask($rights, $needed_rights);
310 if (strcmp($r, $needed_rights) != 0) {
311 rg_log("rights_allow: [$r] != [$needed_rights]!");
596 $db_list = implode(",", $list);
597
598 $params = array("obj_id" => $obj_id);
599 $sql = "DELETE FROM rights"
600 . " WHERE obj_id = @@obj_id@@"
601 . " AND right_id IN (" . $db_list . ")";
602 $res = rg_sql_query_params($db, $sql, $params);
603 if ($res === FALSE) {
604 rg_rights_set_error("cannot mass delete (" . rg_sql_error() . ")!");
312 605 return FALSE; return FALSE;
313 606 } }
314 607
315 608 return TRUE; return TRUE;
316 609 } }
610
317 611 ?> ?>
File inc/sess.inc.php changed (mode: 100644) (index cbf461f..59ef247)
... ... function rg_sess_add($db, $uid, $sid, $session_time, $lock_ip)
21 21
22 22 $ret = FALSE; $ret = FALSE;
23 23 do { do {
24 $params = array($sid, $uid, $now + $session_time, $session_time, $ip);
24 $params = array("sid" => $sid,
25 "uid" => $uid,
26 "expire" => $now + $session_time,
27 "session_time" => $session_time,
28 "ip" => $ip);
25 29 $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)" $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)"
26 . " VALUES ($1, $2, $3, $4, $5)";
30 . " VALUES (@@sid@@, @@uid@@, @@expire@@"
31 . ", @@session_time@@, @@ip@@)";
27 32 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
28 33 if ($res === FALSE) { if ($res === FALSE) {
29 34 rg_log("\tCannot insert (" . rg_sql_error() . ")!"); rg_log("\tCannot insert (" . rg_sql_error() . ")!");
 
... ... function rg_sess_add($db, $uid, $sid, $session_time, $lock_ip)
31 36 } }
32 37 rg_sql_free_result($res); rg_sql_free_result($res);
33 38
34 $row = array("sid" => $sid, "uid" => $uid,
35 "expire" => $now + $session_time,
36 "session_time" => $session_time, "ip" => $ip,
37 "last_db_write" => $now);
38 rg_cache_set("sess::" . $sid, serialize($row));
39 $params['last_db_write'] = $now;
40 rg_cache_set("sess::" . $sid, serialize($params));
39 41
40 42 $ret = TRUE; $ret = TRUE;
41 43 } while (0); } while (0);
 
... ... function rg_sess_valid($db, $sid)
60 62 $r = unserialize($r); $r = unserialize($r);
61 63
62 64 if ($r === FALSE) { if ($r === FALSE) {
63 $params = array($sid);
64 $sql = "SELECT * FROM sess WHERE sid = $1";
65 $params = array("sid" => $sid);
66 $sql = "SELECT * FROM sess WHERE sid = @@sid@@";
65 67 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
66 68 if ($res === FALSE) { if ($res === FALSE) {
67 69 rg_log("\tCannot select (" . rg_sql_error() . ")!"); rg_log("\tCannot select (" . rg_sql_error() . ")!");
 
... ... function rg_sess_valid($db, $sid)
95 97 } }
96 98
97 99 $uid = $r['uid']; $uid = $r['uid'];
98 rg_log("\tSession valid, uid=$uid, expire=+" . ($r['expire'] - $now));
100 rg_log("\tSession valid, uid=$uid, expire=+"
101 . ($r['expire'] - $now) . "s");
99 102 $ret = $r; $ret = $r;
100 103 } while (0); } while (0);
101 104
 
... ... function rg_sess_update($db, $sess)
113 116 rg_prof_start("sess_update"); rg_prof_start("sess_update");
114 117 rg_log("sess_update: sess=" . rg_array2string($sess)); rg_log("sess_update: sess=" . rg_array2string($sess));
115 118
119 $now = time();
120
116 121 $ret = FALSE; $ret = FALSE;
117 122 do { do {
118 if ($sess['last_db_write'] + 60 > time()) {
119 $_diff = time() - $sess['last_db_write'];
120 rg_log("DEBUG: last_db_write is fresh enough ($_diff).");
123 if ($sess['last_db_write'] + 60 > $now) {
124 $_diff = $now - $sess['last_db_write'];
125 rg_log("DEBUG: last_db_write is fresh enough (" . $_diff . "s).");
121 126 $ret = TRUE; $ret = TRUE;
122 127 break; break;
123 128 } }
124 129
125 $params = array(time(), $sess['sid']);
126 $sql = "UPDATE sess SET expire = $1 + session_time"
127 . " WHERE sid = $2";
128 $res = rg_sql_query_params($db, $sql, $params);
130 $sess['expire'] = $now + $sess['session_time'];
131 $sql = "UPDATE sess SET expire = @@expire@@"
132 . " WHERE sid = @@sid@@";
133 $res = rg_sql_query_params($db, $sql, $sess);
129 134 if ($res === FALSE) { if ($res === FALSE) {
130 135 rg_log("\tCannot update (" . rg_sql_error() . ")!"); rg_log("\tCannot update (" . rg_sql_error() . ")!");
131 break;
136 // We will not exit here. At least in cache to be ok
137 } else {
138 $sess['last_db_write'] = $now;
139 rg_sql_free_result($res);
132 140 } }
133 rg_sql_free_result($res);
134 141
135 $sess['last_db_write'] = time();
136 142 rg_cache_set("sess::" . $sess['sid'], serialize($sess)); rg_cache_set("sess::" . $sess['sid'], serialize($sess));
137 143
138 144 $ret = TRUE; $ret = TRUE;
 
... ... function rg_sess_destroy($db, $sid, &$ui)
152 158
153 159 $ret = FALSE; $ret = FALSE;
154 160 do { do {
155 $params = array($sid);
156 $sql = "DELETE FROM sess WHERE sid = $1";
161 $params = array("sid" => $sid);
162 $sql = "DELETE FROM sess WHERE sid = @@sid@@";
157 163 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
158 164 if ($res === FALSE) { if ($res === FALSE) {
159 165 rg_log("\tCannot delete (" . rg_sql_error() . ")!"); rg_log("\tCannot delete (" . rg_sql_error() . ")!");
 
... ... function rg_sess_destroy($db, $sid, &$ui)
167 173 $ui = array(); $ui = array();
168 174 $ui['uid'] = 0; $ui['uid'] = 0;
169 175 $ui['is_admin'] = 0; $ui['is_admin'] = 0;
170 $ui['rights'] = "";
171 176
172 177 rg_cache_unset("sess::" . $sid); rg_cache_unset("sess::" . $sid);
173 178
File inc/sql.inc.php changed (mode: 100644) (index d8fe504..606263e)
... ... function rg_sql_query($h, $sql)
162 162
163 163 /* /*
164 164 * Queries using params * Queries using params
165 * @params - array of fields -> values
166 * Examples: $params = array("id" => "1", "name" = "bau")
167 * $sql = "UPDATE x SET name = @@name@@ WHERE id = @@id@@ AND @@name@@ = @@name@@"
168 * $sql2 = "UPDATE x SET name = $1 WHERE id = $2 AND name = $1"
165 169 */ */
166 170 function rg_sql_query_params($h, $sql, $params) function rg_sql_query_params($h, $sql, $params)
167 171 { {
 
... ... function rg_sql_query_params($h, $sql, $params)
174 178 if ($db === FALSE) if ($db === FALSE)
175 179 return FALSE; return FALSE;
176 180
181 // Transforms @params into $x system
182 $params2 = array();
183 $i = 1;
184 foreach ($params as $k => $v) {
185 $what = "/@@" . $k . "@@/";
186 $value = "\\$" . $i;
187 $sql = preg_replace($what, $value, $sql, -1, $count);
188
189 //rg_log("rg_sql_query_params: k=[$k] value=$value count=$count");
190 if ($count > 0) {
191 $params2[] = $v;
192 $i++;
193 }
194 }
195 //rg_log("new sql: $sql");
196 //rg_log("params2: " . rg_array2string($params2));
197
177 198 $_s = microtime(TRUE); $_s = microtime(TRUE);
178 $res = @pg_query_params($db, $sql, $params);
199 $res = @pg_query_params($db, $sql, $params2);
179 200 return rg_sql_query0($db, $sql, $res, $_s); return rg_sql_query0($db, $sql, $res, $_s);
180 201 } }
181 202
File inc/ssh.inc.php changed (mode: 100644) (index 5d75c18..28b8c81)
... ... function rg_ssh_status($db, $uid)
18 18 exit(0); exit(0);
19 19 } }
20 20
21 /*
22 * List repos
23 */
21 24 function rg_ssh_repos($db, $uid) function rg_ssh_repos($db, $uid)
22 25 { {
23 26 rg_log("ssh_repos"); rg_log("ssh_repos");
 
... ... function rg_ssh_repos($db, $uid)
40 43 exit(0); exit(0);
41 44 } }
42 45
46 /*
47 * Info about a repo
48 */
43 49 function rg_ssh_repo($db, $uid, $paras) function rg_ssh_repo($db, $uid, $paras)
44 50 { {
45 51 rg_log("ssh_repo: " . rg_array2string($paras)); rg_log("ssh_repo: " . rg_array2string($paras));
 
... ... function rg_ssh_repo($db, $uid, $paras)
53 59
54 60 $ri = rg_repo_info($db, 0, $uid, $repo_name); $ri = rg_repo_info($db, 0, $uid, $repo_name);
55 61 if ($ri === FALSE) { if ($ri === FALSE) {
56 echo "Unknown repo!\n";
62 echo "Error: unknown repo.\n";
57 63 exit(0); exit(0);
58 64 } }
59 65
60 66 echo "Repo: " . $ri['name'] . "\n"; echo "Repo: " . $ri['name'] . "\n";
67 echo "Repo type: " . ($ri['public'] == 1 ? "public" : "private") . "\n";
61 68 echo "Description:\n"; echo "Description:\n";
62 69 $_d = explode("\n", $ri['description']); $_d = explode("\n", $ri['description']);
63 70 if (!empty($_d)) { if (!empty($_d)) {
 
... ... function rg_ssh_repo($db, $uid, $paras)
66 73 } }
67 74 echo "Creation time: " . gmdate("Y-m-d", $ri['itime']) . " UTC\n"; echo "Creation time: " . gmdate("Y-m-d", $ri['itime']) . " UTC\n";
68 75 echo "Disk used: " . rg_1024($ri['disk_used_mb']) . "\n"; echo "Disk used: " . rg_1024($ri['disk_used_mb']) . "\n";
69 $rights = implode(", ", rg_rights_text("repo", $ri['default_rights']));
70 echo "Default rights: " . $rights . "\n";
71 76
72 77 if ($ri['master'] > 0) { if ($ri['master'] > 0) {
73 78 $mri = rg_repo_info($db, $ri['master'], 0, ""); $mri = rg_repo_info($db, $ri['master'], 0, "");
 
... ... function rg_ssh_dispatch($db, $uid, $cmd)
85 90 $cmd = array_shift($paras); $cmd = array_shift($paras);
86 91
87 92 switch ($cmd) { switch ($cmd) {
88 case 'status': rg_ssh_status($db, $uid); break;
89 case 'repos': rg_ssh_repos($db, $uid); break;
90 case 'repo': rg_ssh_repo($db, $uid, $paras); break;
93 case 'status': rg_ssh_status($db, $uid); break;
94 case 'repos': rg_ssh_repos($db, $uid); break;
95 case 'repo': rg_ssh_repo($db, $uid, $paras); break;
91 96 case '': case '':
92 97 echo "Available commmands: status, repos, repo.\n"; echo "Available commmands: status, repos, repo.\n";
93 98 exit(0); exit(0);
File inc/state.inc.php changed (mode: 100644) (index 0850743..14e5d73)
... ... function rg_state_get($db, $var)
34 34 break; break;
35 35 } }
36 36
37 $params = array($var);
38 $sql = "SELECT value FROM state WHERE var = $1 LIMIT 1";
37 $params = array("var" => $var);
38 $sql = "SELECT value FROM state WHERE var = @@var@@ LIMIT 1";
39 39 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
40 40 if ($res === FALSE) { if ($res === FALSE) {
41 41 rg_state_set_error(rg_sql_error()); rg_state_set_error(rg_sql_error());
 
... ... function rg_state_set($db, $var, $value)
79 79
80 80 $ret = FALSE; $ret = FALSE;
81 81 do { do {
82 $params = array($var, $value);
82 $params = array("var" => $var, "value" => $value);
83 83 if (rg_state_get($db, $var) === "") { if (rg_state_get($db, $var) === "") {
84 84 $sql = "INSERT INTO state (var, value)" $sql = "INSERT INTO state (var, value)"
85 . " VALUES ($1, $2)";
85 . " VALUES (@@var@@, @@value@@)";
86 86 } else { } else {
87 $sql = "UPDATE state SET value = $2"
88 . " WHERE var = $1";
87 $sql = "UPDATE state SET value = @@value@@"
88 . " WHERE var = @@var@@";
89 89 } }
90 90 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
91 91 if ($res === FALSE) { if ($res === FALSE) {
File inc/struct.inc.php changed (mode: 100644) (index 8df7662..32c3b7d)
... ... $rg_sql_struct[14]['tables'] = array(
256 256 . ", itime INT NOT NULL)" . ", itime INT NOT NULL)"
257 257 ); );
258 258 $rg_sql_struct[14]['other'] = array( $rg_sql_struct[14]['other'] = array(
259 "users_renames_index_old_name" => "CREATE INDEX users_renames_i_old_name"
260 . " ON repos_renames(old_name)"
259 "users_renames_index_old_name" =>
260 "CREATE INDEX users_renames_i_old_name ON repos_renames(old_name)"
261 261 ); );
262 262
263 263
 
... ... $rg_sql_struct[20]['other'] = array(
324 324 $rg_sql_struct[21] = array(); $rg_sql_struct[21] = array();
325 325 $rg_sql_struct[21]['tables'] = array(); $rg_sql_struct[21]['tables'] = array();
326 326 $rg_sql_struct[21]['other'] = array( $rg_sql_struct[21]['other'] = array(
327 "plans_max_public_repos" => "ALTER TABLE plans ADD max_public_repos INT NOT NULL DEFAULT 0",
328 "plans_max_private_repos" => "ALTER TABLE plans ADD max_private_repos INT NOT NULL DEFAULT 0"
327 "plans_max_public_repos" =>
328 "ALTER TABLE plans ADD max_public_repos INT NOT NULL DEFAULT 0",
329 "plans_max_private_repos" =>
330 "ALTER TABLE plans ADD max_private_repos INT NOT NULL DEFAULT 0"
329 331 ); );
330 332
331 333 $rg_sql_struct[22] = array(); $rg_sql_struct[22] = array();
 
... ... $rg_sql_struct[22]['other'] = array(
335 337 . " ADD last_ip TEXT NOT NULL DEFAULT '?'" . " ADD last_ip TEXT NOT NULL DEFAULT '?'"
336 338 ); );
337 339
340 $rg_sql_struct[23] = array();
341 $rg_sql_struct[23]['tables'] = array();
342 $rg_sql_struct[23]['other'] = array(
343 "repo_public_private" => "ALTER TABLE repos"
344 . " ADD public INT NOT NULL DEFAULT 0"
345 );
346
347 $rg_sql_struct[24] = array();
348 $rg_sql_struct[24]['tables'] = array();
349 $rg_sql_struct[24]['other'] = array(
350 "default_rights are not used anymore" => "ALTER TABLE repos"
351 . " DROP default_rights"
352 );
353
354 $rg_sql_struct[25] = array();
355 $rg_sql_struct[25]['tables'] = array();
356 $rg_sql_struct[25]['other'] = array(
357 "we must record who gave rights" => "ALTER TABLE rights"
358 . " ADD who INTEGER NOT NULL DEFAULT 0",
359 "we need an int id for rights" => "ALTER TABLE rights"
360 . " ADD right_id SERIAL"
361 );
362
363 $rg_sql_struct[26] = array();
364 $rg_sql_struct[26]['tables'] = array();
365 $rg_sql_struct[26]['other'] = array(
366 "we implement IP access in generic rights" => "ALTER TABLE rights"
367 . " ADD ip TEXT NOT NULL DEFAULT ''",
368 "we need a new misc field for path" => "ALTER TABLE rights"
369 . " ADD misc2 TEXT NOT NULL DEFAULT ''"
370 );
371
372 $rg_sql_struct[27] = array();
373 $rg_sql_struct[27]['tables'] = array();
374 $rg_sql_struct[27]['other'] = array(
375 "we need to lookup rights fast" =>
376 "CREATE INDEX rights_i_type_obj_id ON rights(type, obj_id)",
377 "record who deleted a bug" =>
378 "ALTER TABLE bugs ADD deleted_who INTEGER NOT NULL DEFAULT 0"
379 );
380
381 $rg_sql_struct[28] = array();
382 $rg_sql_struct[28]['tables'] = array();
383 $rg_sql_struct[28]['other'] = array(
384 "add repos.last_bug_id" =>
385 "ALTER TABLE repos ADD last_bug_id INTEGER NOT NULL DEFAULT 0"
386 );
387
338 388 // This must be the last line // This must be the last line
339 389 $rg_sql_schema_ver = count($rg_sql_struct); $rg_sql_schema_ver = count($rg_sql_struct);
340 390
File inc/token.inc.php changed (mode: 100644) (index 354ce7f..c943ccd)
... ... function rg_token_delete($db, $sid, $token)
28 28 $ret = array(); $ret = array();
29 29 $ret['ok'] = 0; $ret['ok'] = 0;
30 30
31 $params = array($sid);
31 $params = array("sid" => $sid, "token" => $token);
32 32 $add_token = ""; $add_token = "";
33 if (!empty($token)) {
34 $params[] = $token;
35 $add_token = " AND token = $2";
36 }
33 if (!empty($token))
34 $add_token = " AND token = @@token@@";
37 35
38 36 $sql = "DELETE FROM tokens" $sql = "DELETE FROM tokens"
39 . " WHERE sid = $1"
37 . " WHERE sid = @@sid@@"
40 38 . $add_token; . $add_token;
41 39 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
42 40 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_token_valid($db, $sid, $token)
57 55 { {
58 56 rg_log("rg_token_get: sid=$sid token=$token"); rg_log("rg_token_get: sid=$sid token=$token");
59 57
60 $params = array($token, $sid);
58 $params = array("sid" => $sid, "token" => $token);
61 59 $sql = "SELECT 1 AS junk FROM tokens" $sql = "SELECT 1 AS junk FROM tokens"
62 . " WHERE token = $1"
63 . " AND sid = $2";
60 . " WHERE token = @@token@@"
61 . " AND sid = @@sid@@";
64 62 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
65 63 if ($res === FALSE) { if ($res === FALSE) {
66 64 rg_token_set_error("cannot get token (" . rg_sql_error() . ")"); rg_token_set_error("cannot get token (" . rg_sql_error() . ")");
 
... ... function rg_token_insert($db, $sid, $token)
89 87
90 88 $now = time(); $now = time();
91 89
92 $params = array($sid, $token, $now + 24 * 3600);
90 $params = array("sid" => $sid,
91 "token" => $token,
92 "expire" => $now + 24 * 3600);
93 93 $sql = "INSERT INTO tokens (sid, token, expire)" $sql = "INSERT INTO tokens (sid, token, expire)"
94 . " VALUES ($1, $2, $3)";
94 . " VALUES (@@sid@@, @@token@@, @@expire@@)";
95 95 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
96 96 if ($res === FALSE) { if ($res === FALSE) {
97 97 rg_token_set_error("cannot insert token (" . rg_sql_error() . ")!"); rg_token_set_error("cannot insert token (" . rg_sql_error() . ")!");
File inc/user.inc.php changed (mode: 100644) (index 724f6fb..0123c0b)
... ... $rg_user_rights = array(
17 17 "G" => "Grant rights" "G" => "Grant rights"
18 18 ); );
19 19
20 rg_rights_register("user", $rg_user_rights);
20 rg_rights_register("user", $rg_user_rights, "");
21 21
22 22 $rg_user_error = ""; $rg_user_error = "";
23 23
 
... ... function rg_user_path_by_name($name)
172 172 */ */
173 173 function rg_user_url($ui) function rg_user_url($ui)
174 174 { {
175 $prefix = "";
176 175 if ($ui['organization'] == 0) if ($ui['organization'] == 0)
177 176 $prefix = "/user"; $prefix = "/user";
177 else
178 $prefix = "";
178 179
179 180 return $prefix . "/" . $ui['username']; return $prefix . "/" . $ui['username'];
180 181 } }
 
... ... function rg_user_lookup_by_old_name($db, $old_name)
243 244 break; break;
244 245 } }
245 246
246 $params = array($old_name);
247 $params = array("old_name" => $old_name);
247 248 $sql = "SELECT uid FROM users_renames" $sql = "SELECT uid FROM users_renames"
248 . " WHERE old_name = $1";
249 . " WHERE old_name = @@old_name@@";
249 250 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
250 251 if ($res === FALSE) { if ($res === FALSE) {
251 252 rg_user_set_error("cannot lookup old name (" rg_user_set_error("cannot lookup old name ("
 
... ... function rg_user_insert_rename($db, $uid, $old_name)
282 283 $r = rg_user_lookup_by_old_name($db, $old_name); $r = rg_user_lookup_by_old_name($db, $old_name);
283 284 if ($r === FALSE) if ($r === FALSE)
284 285 break; break;
286
287 $params = array("uid" => $uid,
288 "old_name" => $old_name,
289 "now" => time());
290
285 291 if ($r > 0) { if ($r > 0) {
286 $params = array($uid, $old_name);
287 292 $sql = "UPDATE users_renames" $sql = "UPDATE users_renames"
288 . " SET uid = $1"
289 . " WHERE old_name = $2";
293 . " SET uid = @@uid@@"
294 . " WHERE old_name = @@old_name@@";
290 295 } else { } else {
291 $params = array($uid, $old_name, time());
292 296 $sql = "INSERT INTO users_renames (uid, old_name" $sql = "INSERT INTO users_renames (uid, old_name"
293 297 . ", itime)" . ", itime)"
294 . " VALUES ($1, $2, $3)";
298 . " VALUES (@@uid@@, @@old_name@@, @@now@@)";
295 299 } }
296 300 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
297 301 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_user_edit($db, $d)
426 430 $d['salt'] = rg_id(40); $d['salt'] = rg_id(40);
427 431 $d['pass_crypted'] = rg_user_pass($d['salt'], $d['pass']); $d['pass_crypted'] = rg_user_pass($d['salt'], $d['pass']);
428 432
433 $params = array("username" => $d['username'],
434 "realname" => $d['realname'],
435 "salt" => $d['salt'],
436 "pass_crypted" => $d['pass_crypted'],
437 "email" => $d['email'],
438 "now" => $now,
439 "is_admin" => $d['is_admin'],
440 "rights" => $d['rights'],
441 "session_time" => $d['session_time'],
442 "confirmed" => $confirmed,
443 "confirm_token" => $d['confirm_token'],
444 "plan_id" => $d['plan_id'],
445 "uid" => $d['uid']);
446
429 447 if ($d['uid'] == 0) { // add if ($d['uid'] == 0) { // add
430 448 if (rg_user_pass_ok($d['pass']) !== TRUE) if (rg_user_pass_ok($d['pass']) !== TRUE)
431 449 break; break;
432 450
433 $params = array($d['username'], $d['realname'], $d['salt'],
434 $d['pass_crypted'], $d['email'], $now, $d['is_admin'],
435 $d['rights'], $d['session_time'], $confirmed,
436 $d['confirm_token'], $d['plan_id']);
437 451 $sql = "INSERT INTO users (username, realname, salt, pass" $sql = "INSERT INTO users (username, realname, salt, pass"
438 452 . ", email, itime" . ", email, itime"
439 453 . ", is_admin, rights, session_time" . ", is_admin, rights, session_time"
440 454 . ", confirmed, confirm_token, plan_id)" . ", confirmed, confirm_token, plan_id)"
441 . " VALUES ($1, $2, $3, $4, $5, $6, $7"
442 . ", $8, $9, $10, $11, $12)"
455 . " VALUES (@@username@@, @@realname@@, @@salt@@"
456 . ", @@pass_crypted@@, @@email@@, @@now@@"
457 . ", @@is_admin@@, @@rights@@, @@session_time@@"
458 . ", @@confirmed@@, @@confirm_token@@, @@plan_id@@)"
443 459 . " RETURNING uid"; . " RETURNING uid";
444 460 } else { // edit } else { // edit
445 $params = array($d['username'], $d['realname'],
446 $d['email'], $d['is_admin'], $d['rights'],
447 $d['session_time'], $d['uid']);
448
449 461 $salt_pass_add = ""; $salt_pass_add = "";
450 462 if (!empty($d['pass'])) { if (!empty($d['pass'])) {
451 $params[] = $d['pass_crypted'];
452 $params[] = $d['salt'];
453 $salt_pass_add = ", pass = $8, salt = $9";
463 $params['pass_crtypted'] = $d['pass_crypted'];
464 $params['salt'] = $d['salt'];
465 $salt_pass_add = ", pass = @@pass_crypted@@"
466 . ", salt = @@salt@@";
454 467 } }
455 468
456 469 $sql = "UPDATE users" $sql = "UPDATE users"
457 . " SET username = $1"
458 . ", realname = $2"
459 . ", email = $3"
460 . ", is_admin = $4"
461 . ", rights = $5"
462 . ", session_time = $6"
470 . " SET username = @@username@@"
471 . ", realname = @@realname@@"
472 . ", email = @@email@@"
473 . ", is_admin = @@is_admin@@"
474 . ", rights = @@rights@@"
475 . ", session_time = @@session_time@@"
463 476 . $salt_pass_add . $salt_pass_add
464 . " WHERE uid = $7"
477 . " WHERE uid = @@uid@@"
465 478 . " RETURNING uid"; . " RETURNING uid";
466 479 } }
467 480
 
... ... function rg_user_edit($db, $d)
503 516 /* /*
504 517 * Delete a user * Delete a user
505 518 */ */
506 function rg_user_remove($db, $uid)
519 function rg_user_remove($db, $rg, $uid)
507 520 { {
508 521 rg_prof_start("user_remove"); rg_prof_start("user_remove");
509 522 rg_log("user_remove: uid=$uid"); rg_log("user_remove: uid=$uid");
510 523
511 524 $ret = FALSE; $ret = FALSE;
512 525 do { do {
513 $login_ui = rg_get_login_ui();
514 if (!rg_rights_allow($login_ui['rights'], "R"))
526 if (!rg_rights_allow($rg['login_ui']['rights'], "R", $rg['ip'], ""))
515 527 break; break;
516 528
517 $params = array($uid);
518 $sql = "DELETE FROM users WHERE uid = $1";
529 $params = array("uid" => $uid);
530 $sql = "DELETE FROM users WHERE uid = @@uid@@";
519 531 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
520 532 if ($res === FALSE) { if ($res === FALSE) {
521 533 rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")"); rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")");
 
... ... function rg_user_info($db, $uid, $user, $email)
553 565 while (1) { while (1) {
554 566 //rg_log("user_info: uid=$uid user=$user email=$email."); //rg_log("user_info: uid=$uid user=$user email=$email.");
555 567
568 $params = array("uid" => $uid,
569 "user" => $user,
570 "email" => $email);
571
556 572 if ($uid > 0) { if ($uid > 0) {
557 573 $c = rg_cache_get("user::" . $uid); $c = rg_cache_get("user::" . $uid);
558 574 if ($c !== FALSE) { if ($c !== FALSE) {
 
... ... function rg_user_info($db, $uid, $user, $email)
562 578 break; break;
563 579 } }
564 580
565 $params = array($uid);
566 $sql = "SELECT * FROM users WHERE uid = $1";
581 $sql = "SELECT * FROM users WHERE uid = @@uid@@";
567 582 $set_cache = TRUE; $set_cache = TRUE;
568 583 } else if (!empty($user)) { } else if (!empty($user)) {
569 584 if (rg_user_ok($user) !== TRUE) if (rg_user_ok($user) !== TRUE)
 
... ... function rg_user_info($db, $uid, $user, $email)
575 590 continue; continue;
576 591 } }
577 592
578 $params = array($user);
579 $sql = "SELECT * FROM users WHERE username = $1";
593 $sql = "SELECT * FROM users WHERE username = @@user@@";
580 594 $set_cache_user = TRUE; $set_cache_user = TRUE;
581 595 } else if (!empty($email)) { } else if (!empty($email)) {
582 596 $c = rg_cache_get("email_to_uid::" . $email); $c = rg_cache_get("email_to_uid::" . $email);
 
... ... function rg_user_info($db, $uid, $user, $email)
585 599 continue; continue;
586 600 } }
587 601
588 $params = array($email);
589 $sql = "SELECT * FROM users WHERE email = $1";
602 $sql = "SELECT * FROM users WHERE email = @@email@@";
590 603 $set_cache_email = TRUE; $set_cache_email = TRUE;
591 604 } else { } else {
592 605 break; break;
 
... ... function rg_user_info($db, $uid, $user, $email)
632 645 /* /*
633 646 * Loads ui based on sid, if possible * Loads ui based on sid, if possible
634 647 */ */
635 function rg_user_login_by_sid($db, $sid, &$ui)
648 function rg_user_login_by_sid($db, &$rg)
636 649 { {
637 650 rg_prof_start("user_login_by_sid"); rg_prof_start("user_login_by_sid");
638 rg_log("user_login_by_sid: sid=$sid...");
651 rg_log("user_login_by_sid: sid=" . $rg['sid']);
639 652
640 653 // Make sure it is not passed by client // Make sure it is not passed by client
641 $ui = array();
642 $ui['uid'] = 0;
643 $ui['is_admin'] = 0;
644 $ui['rights'] = "";
645 $ui['username'] = "";
654 $rg['login_ui'] = array();
655 $rg['login_ui']['uid'] = 0;
656 $rg['login_ui']['is_admin'] = 0;
657 $rg['login_ui']['rights'] = "";
658 $rg['login_ui']['username'] = "";
646 659
647 660 $ret = FALSE; $ret = FALSE;
648 661 do { do {
649 if (empty($sid)) {
662 if (empty($rg['sid'])) {
650 663 rg_log("\tNo sid!"); rg_log("\tNo sid!");
651 664 break; break;
652 665 } }
653 666
654 $sess = rg_sess_valid($db, $sid);
667 $sess = rg_sess_valid($db, $rg['sid']);
655 668 if ($sess == FALSE) { if ($sess == FALSE) {
656 669 rg_log("session is not valid"); rg_log("session is not valid");
657 670 break; break;
658 671 } }
659 672
660 673 $uid = $sess['uid']; $uid = $sess['uid'];
661 $ui = rg_user_info($db, $uid, "", "");
662 if ($ui['exists'] != 1) {
674 $rg['login_ui'] = rg_user_info($db, $uid, "", "");
675 if ($rg['login_ui']['exists'] != 1) {
663 676 rg_log("\tUid $uid does not exists (" . rg_user_error() . ")!"); rg_log("\tUid $uid does not exists (" . rg_user_error() . ")!");
664 677 rg_user_set_error("invalid uid"); rg_user_set_error("invalid uid");
665 678 break; break;
 
... ... function rg_user_login_by_sid($db, $sid, &$ui)
667 680
668 681 rg_sess_update($db, $sess); rg_sess_update($db, $sess);
669 682
670 rg_user_set_last_seen($db, $ui['uid']);
683 rg_user_set_last_seen($db, $rg['login_ui']['uid']);
671 684
672 685 $ret = TRUE; $ret = TRUE;
673 686 } while (0); } while (0);
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, $lock_ip, &$ui)
797 810 * Suspend an account * Suspend an account
798 811 * 1=suspend, 0=unsuspend * 1=suspend, 0=unsuspend
799 812 */ */
800 function rg_user_suspend($db, $uid, $op)
813 function rg_user_suspend($db, $rg, $uid, $op)
801 814 { {
802 815 rg_log("user_suspend: uid=$uid, op=$op"); rg_log("user_suspend: uid=$uid, op=$op");
803 816
804 $login_ui = rg_get_login_ui();
805 if (!rg_rights_allow($login_ui['rights'], "S"))
817 if (!rg_rights_allow($rg['login_ui']['rights'], "S", $rg['ip'], ""))
806 818 return FALSE; return FALSE;
807 819
808 820 $now = time(); $now = time();
 
... ... function rg_user_suspend($db, $uid, $op)
812 824 else else
813 825 $v = 0; $v = 0;
814 826
815 $params = array($v, $uid);
816 $sql = "UPDATE users SET suspended = $1 WHERE uid = $2";
827 $params = array("suspeneded" => $v,
828 "uid" => $uid);
829 $sql = "UPDATE users SET suspended = @@suspended@@"
830 . " WHERE uid = @@uid@@";
817 831 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
818 832 if ($res === FALSE) { if ($res === FALSE) {
819 833 rg_user_set_error("cannot suspend (" . rg_sql_error() . ")"); rg_user_set_error("cannot suspend (" . rg_sql_error() . ")");
 
... ... function rg_user_suspend($db, $uid, $op)
829 843
830 844 /* /*
831 845 * Make/remove admin * Make/remove admin
832 * 1=make, 0=remove
846 * @op: 1=make, 0=remove
833 847 */ */
834 function rg_user_make_admin($db, $uid, $op)
848 function rg_user_make_admin($db, $rg, $uid, $op)
835 849 { {
836 850 rg_log("user_make_admin: uid=$uid, op=$op"); rg_log("user_make_admin: uid=$uid, op=$op");
837 851 rg_prof_start("user_make_admin"); rg_prof_start("user_make_admin");
838 852
839 853 $ret = FALSE; $ret = FALSE;
840 854 do { do {
841 $login_ui = rg_get_login_ui();
842 if (!rg_rights_allow($login_ui['rights'], "A"))
855 // BIG TODO: here how do we specify the target repo?!
856 // Why should we?! It is about a user to become admin
857 // not about a repo!
858 // Also, we need to do a rg_rights_get to obtain the list of
859 // rights
860 if (!rg_rights_allow($rg['login_ui']['rights'], "A", $rg['ip'], ""))
843 861 return FALSE; return FALSE;
844 862
845 $params = array($op, $uid);
846 $sql = "UPDATE users SET is_admin = $1 WHERE uid = $2";
863 $params = array("op" => $op, "uid" => $uid);
864 $sql = "UPDATE users SET is_admin = @@op@@"
865 . " WHERE uid = @@uid@@";
847 866 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
848 867 if ($res === FALSE) { if ($res === FALSE) {
849 868 rg_user_set_error("cannot make admin (" . rg_sql_error() . ")"); rg_user_set_error("cannot make admin (" . rg_sql_error() . ")");
 
... ... function rg_user_make_admin($db, $uid, $op)
851 870 } }
852 871 rg_sql_free_result($res); rg_sql_free_result($res);
853 872
854 // Invalidate cache.
855 rg_cache_unset("user::" . $uid);
873 // TODO: check if this is working
874 rg_cache_set("user::" . $uid . "::is_admin", 1);
856 875 $ret = TRUE; $ret = TRUE;
857 876 } while (0); } while (0);
858 877
 
... ... function rg_user_set_last_seen($db, $uid)
871 890
872 891 $IP = $_SERVER['REMOTE_ADDR']; $IP = $_SERVER['REMOTE_ADDR'];
873 892
874 $params = array($now, $IP, $uid);
875 $sql = "UPDATE users SET last_seen = $1, last_ip = $2 WHERE uid = $3";
893 $params = array("now" => $now,
894 "IP" => $IP,
895 "uid" => $uid);
896 $sql = "UPDATE users SET last_seen = @@now@@, last_ip = @@IP@@"
897 . " WHERE uid = @@uid@@";
876 898 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
877 899 if ($res === FALSE) { if ($res === FALSE) {
878 900 rg_user_set_error("cannot update last seen (" . rg_sql_error() . ")"); rg_user_set_error("cannot update last seen (" . rg_sql_error() . ")");
 
... ... function rg_user_forgot_pass_uid($db, $token)
990 1012
991 1013 $now = time(); $now = time();
992 1014
993 $params = array($token, $now);
1015 $params = array("token" => $token, "now" => $now);
994 1016 $sql = "SELECT uid FROM forgot_pass" $sql = "SELECT uid FROM forgot_pass"
995 . " WHERE token = $1"
996 . " AND expire > $2";
1017 . " WHERE token = @@token@@"
1018 . " AND expire > @@now@@";
997 1019 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
998 1020 if ($res === FALSE) { if ($res === FALSE) {
999 1021 rg_user_set_error("cannot lookup token (" . rg_sql_error() . ")"); rg_user_set_error("cannot lookup token (" . rg_sql_error() . ")");
 
... ... function rg_user_forgot_pass_mail_prepare($db, $email)
1041 1063 $uid = $r['uid']; $uid = $r['uid'];
1042 1064
1043 1065 // store token in database // store token in database
1044 $params = array($token, $uid, $expire);
1066 $params = array("token" => $token,
1067 "uid" => $uid,
1068 "expire" => $expire);
1045 1069 $sql = "INSERT INTO forgot_pass (token, uid, expire)" $sql = "INSERT INTO forgot_pass (token, uid, expire)"
1046 . " VALUES ($1, $2, $3)";
1070 . " VALUES (@@token@@, @@uid@@, @@expire@@)";
1047 1071 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1048 1072 if ($res === FALSE) { if ($res === FALSE) {
1049 1073 rg_user_set_error("cannot query (" . rg_sql_error() . ")"); rg_user_set_error("cannot query (" . rg_sql_error() . ")");
 
... ... function rg_user_forgot_pass_destroy($db, $uid)
1111 1135 { {
1112 1136 rg_log("user_forgot_pass_destroy: uid=$uid"); rg_log("user_forgot_pass_destroy: uid=$uid");
1113 1137
1114 $params = array($uid);
1115 $sql = "DELETE FROM forgot_pass WHERE uid = $1";
1138 $params = array("uid" => $uid);
1139 $sql = "DELETE FROM forgot_pass WHERE uid = @@uid@@";
1116 1140 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1117 1141 if ($res === FALSE) { if ($res === FALSE) {
1118 1142 rg_user_set_error("cannot query (" . rg_sql_error() . ")"); rg_user_set_error("cannot query (" . rg_sql_error() . ")");
 
... ... function rg_user_set_pass($db, $uid, $pass)
1130 1154 $salt = rg_id(40); $salt = rg_id(40);
1131 1155 $pass = rg_user_pass($salt, $pass); $pass = rg_user_pass($salt, $pass);
1132 1156
1133 $params = array($salt, $pass, $uid);
1157 $params = array("salt" => $salt,
1158 "pass" => $pass,
1159 "uid" => $uid);
1134 1160 $sql = "UPDATE users SET" $sql = "UPDATE users SET"
1135 ." salt = $1"
1136 . ", pass = $2"
1137 . " WHERE uid = $3";
1161 ." salt = @@salt@@"
1162 . ", pass = @@pass@@"
1163 . " WHERE uid = @@uid@@";
1138 1164 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1139 1165 if ($res === FALSE) { if ($res === FALSE) {
1140 1166 rg_user_set_error("cannot update pass (" . rg_sql_error() . ")"); rg_user_set_error("cannot update pass (" . rg_sql_error() . ")");
 
... ... function rg_user_confirm($db, $token)
1166 1192 break; break;
1167 1193 } }
1168 1194
1169 $params = array($token);
1170 $sql = "SELECT uid FROM users WHERE confirm_token = $1";
1195 $params = array("token" => $token);
1196 $sql = "SELECT uid FROM users WHERE confirm_token = @@token@@";
1171 1197 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1172 1198 if ($res === FALSE) { if ($res === FALSE) {
1173 1199 rg_user_set_error("cannot search for token (" . rg_sql_error() . ")"); rg_user_set_error("cannot search for token (" . rg_sql_error() . ")");
 
... ... function rg_user_confirm($db, $token)
1184 1210 $uid = $row['uid']; $uid = $row['uid'];
1185 1211
1186 1212 // "< 2" because we mark with "1" if "no need to confirm" // "< 2" because we mark with "1" if "no need to confirm"
1187 $params = array($now, $uid);
1188 $sql = "UPDATE users SET confirmed = $1"
1189 . " WHERE uid = $2"
1213 $params = array("now" => $now, "uid" => $uid);
1214 $sql = "UPDATE users SET confirmed = @@now@@"
1215 . " WHERE uid = @@uid@@"
1190 1216 . " AND confirmed < 2"; . " AND confirmed < 2";
1191 1217 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1192 1218 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_user_confirm($db, $token)
1209 1235 */ */
1210 1236 function rg_user_suggestion($db, $uid, $email, $suggestion) function rg_user_suggestion($db, $uid, $email, $suggestion)
1211 1237 { {
1212 $params = array($uid, $email, $suggestion);
1238 rg_log("user_suggestion: uid=$uid email=$email suggestion=$suggestion");
1239
1240 $params = array("uid" => $uid,
1241 "email" => $email,
1242 "sug" => $suggestion);
1213 1243 $sql = "INSERT INTO suggestions (uid, email, suggestion)" $sql = "INSERT INTO suggestions (uid, email, suggestion)"
1214 . " VALUES ($1, $2, $3)";
1244 . " VALUES (@@uid@@, @@email@@, @@sug@@)";
1215 1245 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
1216 1246 if ($res === FALSE) { if ($res === FALSE) {
1217 1247 rg_user_set_error("cannot add suggestion (" . rg_sql_error() . ")"); rg_user_set_error("cannot add suggestion (" . rg_sql_error() . ")");
 
... ... function rg_user_over_limit($db, $ui, &$max)
1244 1274 return FALSE; return FALSE;
1245 1275 } }
1246 1276
1247 /*
1248 * Returns the login structure of the logged-in user
1249 */
1250 function rg_user_get_login_ui()
1251 {
1252 global $login_ui;
1253
1254 return $login_ui;
1255 }
1256
1257 /*
1258 * Returns the login structure of the target user (admin section)
1259 */
1260 function rg_user_get_target_ui()
1261 {
1262 global $target_ui;
1263
1264 return $target_ui;
1265 }
1266
1267 1277 /* /*
1268 1278 * Test access of a login_user to an uid * Test access of a login_user to an uid
1269 1279 * TODO: Admin will have access... * TODO: Admin will have access...
1270 1280 */ */
1271 function rg_user_allow_access($login_ui, $uid)
1281 function rg_user_allow_access($login_ui, $uid, $ip)
1272 1282 { {
1273 1283 /* uid 0 does not exists */ /* uid 0 does not exists */
1274 1284 if ($uid == 0) if ($uid == 0)
 
... ... function rg_user_allow_access($login_ui, $uid)
1277 1287 if ($login_ui['uid'] == $uid) if ($login_ui['uid'] == $uid)
1278 1288 return TRUE; return TRUE;
1279 1289
1280 if (rg_rights_allow($login_ui['rights'], "U"))
1290 if (rg_rights_allow($login_ui['rights'], "U", $ip, ""))
1281 1291 return TRUE; return TRUE;
1282 1292
1283 1293 rg_security_violation_no_exit("uid " . $login_ui['uid'] rg_security_violation_no_exit("uid " . $login_ui['uid']
 
... ... function rg_user_allow_access($login_ui, $uid)
1292 1302 /* /*
1293 1303 * High-level function for editing a user * High-level function for editing a user
1294 1304 */ */
1295 function rg_user_edit_high_level($db, $sid, $more)
1305 function rg_user_edit_high_level($db, $rg)
1296 1306 { {
1297 1307 rg_log("user_edit_high_level"); rg_log("user_edit_high_level");
1298 1308
1299 1309 $ret = ""; $ret = "";
1300 1310
1301 $login_ui = rg_user_get_login_ui();
1302 $target_ui = rg_user_get_target_ui();
1303 $doit = rg_var_uint("doit");
1304
1305 if (!rg_user_allow_access($login_ui, $target_ui['uid'])) {
1306 $ret .= rg_template("access_denied.html", $more);
1311 // TODO: what this means?! it is not clear what below function does
1312 if (!rg_user_allow_access($rg['login_ui'], $rg['target_ui']['uid'],
1313 $rg['ip'])) {
1314 $ret .= rg_template("access_denied.html", $rg);
1307 1315 return $ret; return $ret;
1308 1316 } }
1309 1317
1310 if (($target_ui['uid'] == 0) && ($more['rg_account_allow_creation'] != 1)) {
1311 $ret .= rg_template("user/create_na.html", $more);
1318 if (($rg['target_ui']['uid'] == 0)
1319 && ($rg['rg_account_allow_creation'] != 1)) {
1320 $ret .= rg_template("user/create_na.html", $rg);
1312 1321 return $ret; return $ret;
1313 1322 } }
1314 1323
1315 if ($target_ui['uid'] > 0)
1316 $more['create_mode'] = 0;
1324 if ($rg['target_ui']['uid'] > 0)
1325 $rg['create_mode'] = 0;
1317 1326 else else
1318 $more['create_mode'] = 1;
1327 $rg['create_mode'] = 1;
1319 1328
1320 if ($doit == 0) {
1321 if ($target_ui['uid'] > 0) {
1329 if ($rg['doit'] == 0) {
1330 if ($rg['target_ui']['uid'] > 0) {
1322 1331 // TODO: check also access rights? // TODO: check also access rights?
1323 $ui = $target_ui;
1332 $ui = $rg['target_ui'];
1324 1333 } else { } else {
1325 1334 // Defaults // Defaults
1326 1335 $ui = array(); $ui = array();
 
... ... function rg_user_edit_high_level($db, $sid, $more)
1331 1340 $ui['pass'] = ""; $ui['pass'] = "";
1332 1341 $ui['pass2'] = ""; $ui['pass2'] = "";
1333 1342 $ui['is_admin'] = "0"; $ui['is_admin'] = "0";
1334 $ui['rights'] = rg_rights_checkboxes("user", "C"); // TODO
1343 $ui['rights'] = rg_rights_checkboxes("user", "rights", "C"); // TODO
1335 1344 $ui['plan_id'] = 0; $ui['plan_id'] = 0;
1336 1345 $ui['session_time'] = 600; $ui['session_time'] = 600;
1337 1346 } }
 
... ... function rg_user_edit_high_level($db, $sid, $more)
1340 1349 $errmsg = array(); $errmsg = array();
1341 1350 $load_form = TRUE; $load_form = TRUE;
1342 1351 do { do {
1343 if ($doit != 1)
1352 if ($rg['doit'] != 1)
1353 break;
1354
1355 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
1356 $errmsg[] = "invalid token; try again";
1344 1357 break; break;
1358 }
1345 1359
1346 1360 $ui = array(); $ui = array();
1347 $ui['uid'] = $target_ui['uid'];
1361 $ui['uid'] = $rg['target_ui']['uid'];
1348 1362 $ui['username'] = rg_var_str("username"); $ui['username'] = rg_var_str("username");
1349 1363 $ui['realname'] = rg_var_str("realname"); $ui['realname'] = rg_var_str("realname");
1350 1364 $ui['email'] = rg_var_str("email"); $ui['email'] = rg_var_str("email");
1351 1365 $ui['pass'] = rg_var_str("pass"); $ui['pass'] = rg_var_str("pass");
1352 1366 $ui['pass2'] = rg_var_str("pass2"); $ui['pass2'] = rg_var_str("pass2");
1353 $ui['is_admin'] = rg_var_uint("is_admin");
1367 $ui['is_admin'] = rg_var_bool("is_admin");
1354 1368 $ui['rights'] = "C"; // TODO $ui['rights'] = "C"; // TODO
1355 1369 $ui['plan_id'] = rg_var_uint("plan_id"); $ui['plan_id'] = rg_var_uint("plan_id");
1356 1370 $ui['session_time'] = rg_var_uint("session_time"); $ui['session_time'] = rg_var_uint("session_time");
1357 1371 $ui['confirm_token'] = rg_id(20); $ui['confirm_token'] = rg_id(20);
1358 1372
1359 $token = rg_var_str("token");
1360
1361 if (!rg_token_valid($db, $sid, $token)) {
1362 $errmsg[] = "invalid token; try again";
1373 if (($rg['login_ui']['is_admin'] != 1) && ($ui['is_admin'] != 0)) {
1374 $errmsg[] = "you are not admin, you cannot give admin rights";
1363 1375 break; break;
1364 1376 } }
1365 1377
 
... ... function rg_user_edit_high_level($db, $sid, $more)
1393 1405 // TODO: should we just redirect to login page? // TODO: should we just redirect to login page?
1394 1406 // TODO: or to user page if there is no need to confirm the account? // TODO: or to user page if there is no need to confirm the account?
1395 1407 if ($ui['uid'] == 0) if ($ui['uid'] == 0)
1396 $ret = rg_template("user/create_ok.html", $more);
1408 $ret = rg_template("user/create_ok.html", $rg);
1397 1409 else else
1398 $ret = rg_template("user/edit_ok.html", $more);
1410 $ret = rg_template("user/edit_ok.html", $rg);
1399 1411 $load_form = FALSE; $load_form = FALSE;
1400 1412 } while (0); } while (0);
1401 1413
1402 1414 if ($load_form) { if ($load_form) {
1403 if (rg_rights_allow($login_ui['rights'], "U"))
1404 $more['admin_mode'] = 1;
1405 else
1406 $more['admin_mode'] = 0;
1407
1408 $more = array_merge($more, $ui);
1409 $more['HTML:select_plan'] = rg_plan_select($db, $ui['plan_id']);
1410 $more['HTML:checkbox_rights'] = rg_rights_checkboxes("user", $ui['rights']);
1411 $more['HTML:errmsg'] = rg_template_errmsg($errmsg);
1412 $more['rg_form_token'] = rg_token_get($db, $sid);
1413 $ret .= rg_template("user/add_edit.html", $more);
1415 $rg = array_merge($rg, $ui);
1416 $rg['HTML:select_plan'] = rg_plan_select($db, $ui['plan_id']);
1417 $rg['HTML:checkbox_rights'] = rg_rights_checkboxes("user",
1418 "rights", $ui['rights']);
1419 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
1420 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
1421 $ret .= rg_template("user/add_edit.html", $rg);
1414 1422 } }
1415 1423
1416 1424 return $ret; return $ret;
File inc/user/confirm.php changed (mode: 100644) (index 9b91e35..2f4343b)
1 1 <?php <?php
2 rg_log("/inc/user/confirm");
2 rg_log("FILE: /inc/user/confirm");
3 3
4 4 $token = empty($paras) ? "" : array_shift($paras); $token = empty($paras) ? "" : array_shift($paras);
5 5
 
... ... $uid = rg_user_confirm($db, $token);
9 9 if ($uid !== FALSE) { if ($uid !== FALSE) {
10 10 // auto-login // auto-login
11 11 $lock_ip = 0; // TODO: What should we do here? Present a form? $lock_ip = 0; // TODO: What should we do here? Present a form?
12 if (rg_user_auto_login($db, $uid, $lock_ip, $login_ui)) {
13 $url = rg_re_userpage($login_ui);
12 if (rg_user_auto_login($db, $uid, $lock_ip, $rg['login_ui'])) {
13 $url = rg_re_userpage($rg['login_ui']);
14 14 rg_redirect($url); rg_redirect($url);
15 15 } }
16 16 } }
17 17
18 18 // error // error
19 $_confirm = rg_template("user/bad_token.html", $more);
19 $_confirm = rg_template("user/bad_token.html", $rg);
20 20
21 21 ?> ?>
File inc/user/forgot.php changed (mode: 100644) (index 3e1332c..36b2170)
1 1 <?php <?php
2 rg_log("/inc/user/forgot");
2 rg_log("FILE: /inc/user/forgot");
3 3
4 4 $forgot_token = empty($paras) ? "" : array_shift($paras); $forgot_token = empty($paras) ? "" : array_shift($paras);
5 5 $forgot_token = preg_replace("/[^A-Za-z0-9]/", "", $forgot_token); $forgot_token = preg_replace("/[^A-Za-z0-9]/", "", $forgot_token);
6 6
7 $forgot_more = $more;
8 7 $pass1 = rg_var_str("pass1"); $pass1 = rg_var_str("pass1");
9 8 $pass2 = rg_var_str("pass2"); $pass2 = rg_var_str("pass2");
10 9 $lock_ip = rg_var_uint("lock_ip"); $lock_ip = rg_var_uint("lock_ip");
 
... ... $_forgot = "";
13 12
14 13 $errmsg = array(); $errmsg = array();
15 14
16 if ($doit == 1) {
15 if ($rg['doit'] == 1) {
17 16 if (strcmp($pass1, $pass2) != 0) { if (strcmp($pass1, $pass2) != 0) {
18 17 $errmsg[] = "Passwords mismatch."; $errmsg[] = "Passwords mismatch.";
19 18 } else { } else {
 
... ... if ($doit == 1) {
35 34
36 35 rg_user_forgot_pass_destroy($db, $r['uid']); rg_user_forgot_pass_destroy($db, $r['uid']);
37 36 // auto-login // auto-login
38 if (!rg_user_auto_login($db, $r['uid'], $lock_ip, $login_ui)) {
37 if (!rg_user_auto_login($db, $r['uid'], $lock_ip, $rg['login_ui'])) {
39 38 $_forgot = rg_template("msg/internal.txt"); $_forgot = rg_template("msg/internal.txt");
40 39 return; return;
41 40 } }
42 41
43 42 // redirect to home // redirect to home
44 $url = rg_re_userpage($login_ui);
43 $url = rg_re_userpage($rg['login_ui']);
45 44 rg_redirect($url); rg_redirect($url);
46 45 } }
47 46 } }
48 47
49 $forgot_more['forgot_token'] = $forgot_token;
50 $forgot_more['pass1'] = $pass1;
51 $forgot_more['pass2'] = $pass2;
52 $forgot_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
53 $_forgot .= rg_template("user/forgot.html", $forgot_more);
48 $rg['forgot_token'] = $forgot_token;
49 $rg['pass1'] = $pass1;
50 $rg['pass2'] = $pass2;
51 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
52 $_forgot .= rg_template("user/forgot.html", $rg);
54 53 ?> ?>
File inc/user/forgot_send.php changed (mode: 100644) (index 0f964f4..edf6db4)
1 1 <?php <?php
2 rg_log("/inc/user/forgot_send");
2 rg_log("FILE: /inc/user/forgot_send");
3 3
4 $forgot_send_more = $more;
4 $forgot_send_more = $rg;
5 5 $email = rg_var_str("email"); $email = rg_var_str("email");
6 6
7 7 $_forgot = ""; $_forgot = "";
 
... ... $_forgot = "";
9 9 $errmsg = array(); $errmsg = array();
10 10
11 11 $_show_form = 1; $_show_form = 1;
12 if ($doit == 1) {
12 if ($rg['doit'] == 1) {
13 13 $r = rg_user_forgot_pass_mail($db, $email); $r = rg_user_forgot_pass_mail($db, $email);
14 14 if ($r['ok'] == 0) { if ($r['ok'] == 0) {
15 15 $errmsg[] = "Internal error! Try again later."; $errmsg[] = "Internal error! Try again later.";
File inc/user/home-page.php changed (mode: 100644) (index d2bd67e..971f5cf)
1 1 <?php <?php
2 rg_log("/inc/user/home-page");
2 rg_log("FILE: /inc/user/home-page");
3 3
4 4 $_home = ""; $_home = "";
5 5
6 6 $page_ui = rg_user_info($db, 0, $user, ""); $page_ui = rg_user_info($db, 0, $user, "");
7 7 if ($page_ui['exists'] == 0) { if ($page_ui['exists'] == 0) {
8 $_home .= rg_template("user/invalid.html", $more);
8 $_home .= rg_template("user/invalid.html", $rg);
9 9 return; return;
10 10 } }
11 11
12 12 // list of repositories // list of repositories
13 $_home .= rg_repo_list($db, "", $page_ui);
13 $_home .= rg_repo_list($db, $rg, "", $page_ui);
14 14 ?> ?>
File inc/user/keys/keys.php changed (mode: 100644) (index ab8a437..b99d68e)
1 1 <?php <?php
2 rg_log("/inc/user/keys/keys");
2 rg_log("FILE: /inc/user/keys/keys");
3 3
4 4 $add_errmsg = array(); $add_errmsg = array();
5 5 $del_errmsg = array(); $del_errmsg = array();
6 $_my_more = $more;
6 $_my_more = $rg;
7 7
8 8 $_keys = ""; $_keys = "";
9 9
 
... ... $key_delete_ids = rg_var_str("key_delete_ids");
15 15 // menu // menu
16 16 $_url = rg_re_url($sparas); $_url = rg_re_url($sparas);
17 17
18 $_my_more['HTML:status'] = "";
19
18 20 if (rg_var_uint("add") == 1) { if (rg_var_uint("add") == 1) {
19 21 do { do {
20 if (!rg_token_valid($db, $sid, $token)) {
22 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
21 23 $add_errmsg[] = "Invalid token. Try again."; $add_errmsg[] = "Invalid token. Try again.";
22 24 break; break;
23 25 } }
24 26
25 $_r = rg_keys_add($db, $login_ui, $key);
27 $_r = rg_keys_add($db, $rg['login_ui'], $key);
26 28 if ($_r === FALSE) if ($_r === FALSE)
27 29 $add_errmsg[] = rg_keys_error(); $add_errmsg[] = rg_keys_error();
28 30 } while (0); } while (0);
29 31 } else if (rg_var_uint("delete") == 1) { } else if (rg_var_uint("delete") == 1) {
30 32 do { do {
31 if (!rg_token_valid($db, $sid, $token)) {
33 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
32 34 $del_errmsg[] = "Invalid token. Try again."; $del_errmsg[] = "Invalid token. Try again.";
33 35 break; break;
34 36 } }
 
... ... if (rg_var_uint("add") == 1) {
38 40 break; break;
39 41 } }
40 42
41 if (rg_keys_remove($db, $login_ui, $key_delete_ids) !== TRUE) {
43 if (rg_keys_remove($db, $rg['login_ui'], $key_delete_ids) !== TRUE) {
42 44 $del_errmsg[] = rg_keys_error(); $del_errmsg[] = rg_keys_error();
43 45 break; break;
44 46 } }
47
48 $_my_more['HTML:status'] =
49 rg_template("user/keys/remove_ok.html", $_my_more);
45 50 } while (0); } while (0);
46 51 } }
47 52
 
... ... $_my_more['HTML:del_errmsg'] = rg_template_errmsg($del_errmsg);
50 55
51 56 $_my_more['HTML:add_form'] = rg_template("user/keys/add.html", $_my_more); $_my_more['HTML:add_form'] = rg_template("user/keys/add.html", $_my_more);
52 57
53 $keys_list = rg_keys_list($db, $login_ui);
58 $keys_list = rg_keys_list($db, $rg['login_ui']);
54 59 if ($keys_list === FALSE) if ($keys_list === FALSE)
55 60 $_my_more['HTML:keys'] = rg_warning("Could not load keys. Try later."); // TODO $_my_more['HTML:keys'] = rg_warning("Could not load keys. Try later."); // TODO
56 61 else else
 
... ... if ($rg_ssh_port != 0)
61 66 $hints[]['HTML:hint'] = rg_template("hints/ssh/key.html", $_my_more); $hints[]['HTML:hint'] = rg_template("hints/ssh/key.html", $_my_more);
62 67 $_my_more['HTML:hints'] = rg_template_table("hints/list", $hints, $_my_more); $_my_more['HTML:hints'] = rg_template_table("hints/list", $hints, $_my_more);
63 68
64 $_my_more['rg_form_token'] = rg_token_get($db, $sid);
69 $_my_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
65 70 $_my_more['key'] = $key; $_my_more['key'] = $key;
66 71
67 72 $_keys = rg_template("user/keys/main.html", $_my_more); $_keys = rg_template("user/keys/main.html", $_my_more);
File inc/user/pass/pass.php changed (mode: 100644) (index fb012be..231c7fa)
1 1 <?php <?php
2 rg_log("/inc/user/pass/pass");
3
4 $user_pass_more = $more;
2 rg_log("FILE: /inc/user/pass/pass");
5 3
6 4 $errmsg = array(); $errmsg = array();
7 5
 
... ... $pass2 = rg_var_str("pass2");
13 11
14 12 $show_form = 1; $show_form = 1;
15 13 do { do {
16 if ($doit != 1)
14 if ($rg['doit'] != 1)
17 15 break; break;
18 16
19 if (!rg_token_valid($db, $sid, $token)) {
17 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
20 18 $errmsg[] = "invalid token; try again"; $errmsg[] = "invalid token; try again";
21 19 break; break;
22 20 } }
 
... ... do {
26 24 break; break;
27 25 } }
28 26
29 if (!rg_user_pass_valid($db, $login_ui['uid'], $old_pass)) {
27 if (!rg_user_pass_valid($db, $rg['login_ui']['uid'], $old_pass)) {
30 28 $errmsg[] = "old password is invalid"; $errmsg[] = "old password is invalid";
31 29 break; break;
32 30 } }
33 31
34 if (!rg_user_set_pass($db, $login_ui['uid'], $pass1)) {
32 if (!rg_user_set_pass($db, $rg['login_ui']['uid'], $pass1)) {
35 33 $errmsg[] = rg_user_error(); $errmsg[] = rg_user_error();
36 34 break; break;
37 35 } }
38 36
39 $_pass .= rg_ok("Password was changed with success!");
37 $_pass .= rg_template("user/pass_changed.html", $rg);
40 38 $show_form = 0; $show_form = 0;
41 39 } while (0); } while (0);
42 40
43 41 if ($show_form == 1) { if ($show_form == 1) {
44 $user_pass_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
45 $user_pass_more['rg_form_token'] = rg_token_get($db, $sid);
46 $user_pass_more['old_pass'] = $old_pass;
47 $user_pass_more['pass1'] = $pass1;
48 $user_pass_more['pass2'] = $pass2;
42 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
43 $rg['rg_form_token'] = rg_token_get($db, $rg['sid']);
44 $rg['old_pass'] = $old_pass;
45 $rg['pass1'] = $pass1;
46 $rg['pass2'] = $pass2;
49 47
50 $_pass .= rg_template("user/pass.html", $user_pass_more);
48 $_pass .= rg_template("user/pass.html", $rg);
51 49 } }
52 50
53 51 ?> ?>
File inc/user/repo-page.php changed (mode: 100644) (index f4e096f..60370f3)
1 1 <?php <?php
2 rg_log("/inc/user/repo-page");
2 rg_log("FILE: /inc/user/repo-page");
3 3
4 4 $_repo_page = ""; $_repo_page = "";
5 $repo_more = $more;
6 rg_log("DEBUG: repo_more: " . rg_array2string($repo_more));
7 5
8 6 if (rg_user_ok($user) !== TRUE) { if (rg_user_ok($user) !== TRUE) {
9 7 $_repo_page .= rg_warning("Invalid user!"); $_repo_page .= rg_warning("Invalid user!");
10 8 return; return;
11 9 } }
12 $page_ui = rg_user_info($db, 0, $user, "");
13 if ($page_ui['ok'] != 1) {
10 $rg['page_ui'] = rg_user_info($db, 0, $user, "");
11 if ($rg['page_ui']['ok'] != 1) {
14 12 $_repo_page .= rg_warning("Internal error!"); $_repo_page .= rg_warning("Internal error!");
15 13 return; return;
16 14 } }
17 if ($page_ui['exists'] != 1) {
18 $_repo_page .= rg_template("user/invalid.html", $repo_more);
15 if ($rg['page_ui']['exists'] != 1) {
16 $_repo_page .= rg_template("user/invalid.html", $rg);
19 17 return; return;
20 18 } }
21 19
22 20 if (rg_repo_ok($repo) !== TRUE) { if (rg_repo_ok($repo) !== TRUE) {
23 $_repo_page .= rg_template("repo/invalid.html", $repo_more);
21 $_repo_page .= rg_template("repo/invalid.html", $rg);
24 22 return; return;
25 23 } }
26 $ri = rg_repo_info($db, 0, $page_ui['uid'], $repo);
27 if ($ri['ok'] != 1) {
24 $rg['ri'] = rg_repo_info($db, 0, $rg['page_ui']['uid'], $repo);
25 if ($rg['ri']['ok'] != 1) {
28 26 $_repo_page .= rg_warning("Internal error!"); $_repo_page .= rg_warning("Internal error!");
29 27 return; return;
30 28 } }
31 if ($ri['exists'] != 1) {
32 $_repo_page .= rg_template("repo/invalid.html", $repo_more);
29 if ($rg['ri']['exists'] != 1) {
30 $_repo_page .= rg_template("repo/invalid.html", $rg);
33 31 return; return;
34 32 } }
35 33
36 if ($ri['git_dir_done'] == 0) {
34 if ($rg['ri']['git_dir_done'] == 0) {
37 35 // We will wait a little for the git dir to be done // We will wait a little for the git dir to be done
38 36 // TODO: Should we really wait for this?! // TODO: Should we really wait for this?!
39 37 // We may just consider that the repo is empty. Hm. // We may just consider that the repo is empty. Hm.
40 $ev_id = "repo_create-" . $login_ui['uid'] . "-" . $ri['repo_id'] . "-git";
38 $ev_id = "repo_create-" . $rg['login_ui']['uid'] . "-"
39 . $rg['ri']['repo_id'] . "-git";
41 40 $timeout = 10 * 1000; // seconds $timeout = 10 * 1000; // seconds
42 41 $r = rg_event_signal_daemon($ev_id, $timeout); $r = rg_event_signal_daemon($ev_id, $timeout);
43 42 if ($r === FALSE) { if ($r === FALSE) {
 
... ... if ($ri['git_dir_done'] == 0) {
47 46 } }
48 47 } }
49 48
50 // We must not allow access to a private repo (check for fetch)
51 if (rg_repo_allow($db, $ri, $login_ui, "A") !== TRUE) {
52 $_repo_page .= rg_warning("Not existent repo!");
49 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "A", $rg['ip'], "") !== TRUE) {
50 $_repo_page .= rg_template("user/repo/deny.html", $rg);
53 51 return; return;
54 52 } }
55 53
56 $page_ui = rg_user_info($db, 0, $user, "");
57 if ($page_ui === FALSE) {
58 $_repo_page .= rg_warning("Invalid user!");
59 return;
60 }
61 54 // TODO: should we test against $ri?! // TODO: should we test against $ri?!
62 $can_admin = (rg_repo_allow($db, $ri, $login_ui, "A") === TRUE) ? 1 : 0;
55 $can_admin = rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "E", $rg['ip'], "") === TRUE ? 1 : 0;
63 56
64 $_t = array(
65 "owner" => $user,
66 "url_user" => rg_re_userpage($page_ui),
67 "url_repo" => rg_re_repopage($page_ui, $repo),
68 "ssh" => rg_re_repo_ssh($organization, $user, $repo),
69 "git" => rg_re_repo_git($organization, $user, $repo),
70 "can_admin" => $can_admin
71 );
72 $repo_more = array_merge($repo_more, $_t);
73 $repo_more = array_merge($repo_more, $ri);
74 $repo_more['default_rights'] = implode(", ", rg_rights_text("repo", $ri['default_rights']));
75 $repo_more['max_commit_size'] = $ri['max_commit_size'] == 0 ? "unlimited" : rg_1024($ri['max_commit_size']);
57 $rg['url_user'] = rg_re_userpage($rg['page_ui']);
58 $rg['url_repo'] = rg_re_repopage($rg['page_ui'], $repo);
59 $rg['ssh'] = rg_re_repo_ssh($organization, $user, $repo);
60 $rg['git'] = rg_re_repo_git($organization, $user, $repo);
61 $rg['can_admin'] = $can_admin;
62 $repo_more = $rg;
76 63 $repo_more['hints'] = ""; $repo_more['hints'] = "";
77 64
78 $repo_path = rg_repo_path_by_id($ri['uid'], $ri['repo_id']);
65 $repo_path = rg_repo_path_by_id($rg['ri']['uid'], $rg['ri']['repo_id']);
79 66 rg_log("repo_path=$repo_path"); rg_log("repo_path=$repo_path");
80 67 putenv("GIT_DIR=$repo_path"); // TODO: this will be removed after all functios will got a path para putenv("GIT_DIR=$repo_path"); // TODO: this will be removed after all functios will got a path para
81 68
82 69 $repo_more['repo_body'] = ""; $repo_more['repo_body'] = "";
83 70 $repo_more['repo_right'] = ""; $repo_more['repo_right'] = "";
84 71 $repo_more['branches_and_tags'] = ""; $repo_more['branches_and_tags'] = "";
72 $repo_more['repo_submenu'] = "";
85 73 $_repo_body = ""; $_repo_body = "";
86 74 $_repo_right = ""; $_repo_right = "";
87 75
 
... ... $repo_more['HTML:urls'] = rg_template_table("repo/urls", $urls, $repo_more);
97 85 $_subop = empty($paras) ? "history" : array_shift($paras); $_subop = empty($paras) ? "history" : array_shift($paras);
98 86
99 87 if (strcmp($_subop, "history") == 0) { if (strcmp($_subop, "history") == 0) {
100 $hist = rg_repo_history_load($db, $ri['repo_id'], 0, 20, 0);
88 $hist = rg_repo_history_load($db, $rg['ri']['repo_id'], 0, 20, 0);
101 89 if ($hist === FALSE) if ($hist === FALSE)
102 90 $_repo_body .= rg_warning("Cannot load history. Try again later."); $_repo_body .= rg_warning("Cannot load history. Try again later.");
103 91 else else
104 92 $_repo_body .= rg_template_table("repo/history", $hist, $repo_more); $_repo_body .= rg_template_table("repo/history", $hist, $repo_more);
105 93 } else if (strcmp($_subop, "admin") == 0) { } else if (strcmp($_subop, "admin") == 0) {
106 include($INC . "/user/repo/admin/admin.php");
107 $_repo_body .= $_admin;
94 $_repo_body .= rg_repo_admin($db, $rg, $paras);
108 95 } else if (strcmp($_subop, "source") == 0) { } else if (strcmp($_subop, "source") == 0) {
109 96 $_subsubop = empty($paras) ? "" : array_shift($paras); $_subsubop = empty($paras) ? "" : array_shift($paras);
110 97
 
... ... if (strcmp($_subop, "history") == 0) {
122 109 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $repo_more); $hints[]['HTML:hint'] = rg_template("hints/repo/clone_ssh.html", $repo_more);
123 110 if ($rg_git_port != 0) if ($rg_git_port != 0)
124 111 $hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $repo_more); $hints[]['HTML:hint'] = rg_template("hints/repo/clone_git.html", $repo_more);
125 if (rg_rights_allow($ri['default_rights'], "H")) // anonymous push?
112 if (rg_repo_allow($db, "repo_refs", $rg['ri'], $rg['login_ui'], "H", $rg['ip'], FALSE)) /* H = anon push */
126 113 $hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $repo_more); $hints[]['HTML:hint'] = rg_template("hints/repo/anon_push.html", $repo_more);
127 114 $repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more); $repo_more['HTML:hints'] = rg_template_table("hints/list", $hints, $repo_more);
128 115
 
... ... if (strcmp($_subop, "history") == 0) {
239 226 if (empty($paras)) { if (empty($paras)) {
240 227 $_repo_body .= rg_template("repo/mrs.html", $repo_more); $_repo_body .= rg_template("repo/mrs.html", $repo_more);
241 228
242 $r = rg_mr_load($db, $ri['repo_id'], 20);
229 $r = rg_mr_load($db, $rg['ri']['repo_id'], 20);
243 230 if ($r === FALSE) { if ($r === FALSE) {
244 231 $_repo_body .= "Error getting merge request list (" $_repo_body .= "Error getting merge request list ("
245 232 . rg_mr_error() . ")."; . rg_mr_error() . ").";
 
... ... if (strcmp($_subop, "history") == 0) {
250 237 } else { } else {
251 238 $mr = preg_replace('/[^0-9a-zA-Z_]/', '', array_shift($paras)); $mr = preg_replace('/[^0-9a-zA-Z_]/', '', array_shift($paras));
252 239 do { do {
253 $mri = rg_mr_load_one($db, $ri['repo_id'], $mr);
240 $mri = rg_mr_load_one($db, $rg['ri']['repo_id'], $mr);
254 241 if ($mri === FALSE) { if ($mri === FALSE) {
255 242 $_repo_body .= "Error getting merge request (" . rg_mr_error() . ")."; $_repo_body .= "Error getting merge request (" . rg_mr_error() . ").";
256 243 break; break;
File inc/user/repo/bug/main.php changed (mode: 100644) (index d8d059d..17e3998)
1 1 <?php <?php
2 rg_log("/inc/user/repo/bug/main");
2 rg_log("FILE: /inc/user/repo/bug/main");
3 3
4 4 $repo_bug_more = $repo_more; $repo_bug_more = $repo_more;
5 5 $_bug_body = ""; $_bug_body = "";
6 6
7 $repo_bug_more['can_save'] = $login_ui['uid'] > 0 ? 1 : 0;
7 $repo_bug_more['can_save'] = $rg['login_ui']['uid'] > 0 ? 1 : 0;
8 8
9 9 $_op = empty($paras) ? "list" : array_shift($paras); $_op = empty($paras) ? "list" : array_shift($paras);
10 10 switch ($_op) { switch ($_op) {
 
... ... case 'search':
14 14 break; break;
15 15
16 16 case 'add': case 'add':
17 include($INC . "/user/repo/bug/add/add.php");
18 $_bug_body .= $_bug_add;
17 $_bug_body .= rg_bug_edit_high_level($db, $repo_more);
19 18 break; break;
20 19
21 case 'list': /* list */
20 case 'list':
22 21 $_search = empty($paras) ? "All" : array_shift($paras); $_search = empty($paras) ? "All" : array_shift($paras);
23 22
24 // Somebody pressed "Remove" button?
23 // Somebody pressed "Remove" (search) button?
25 24 if (rg_var_uint("remove") == 1) { if (rg_var_uint("remove") == 1) {
26 if (!rg_token_valid($db, $sid, $token)) {
25 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
27 26 $_bug_body .= rg_warning("Error: invalid token. Try again."); // TODO $_bug_body .= rg_warning("Error: invalid token. Try again."); // TODO
28 exit(1); // security_violation!
27 exit(1); // security_violation?!
29 28 } }
30 29
31 $r = rg_bug_search_remove($db, $ri['repo_id'], $login_ui['uid'],
32 $_search);
30 $r = rg_bug_search_remove($db, $rg['ri']['repo_id'],
31 $rg['login_ui']['uid'], $_search);
33 32 if ($r === FALSE) if ($r === FALSE)
34 33 $_bug_body .= rg_warning("Error: cannot delete search!"); // TODO $_bug_body .= rg_warning("Error: cannot delete search!"); // TODO
35 34 } }
36 35
37 $r = rg_bug_search_load_all($db, $ri['repo_id'], $login_ui['uid']);
36 $r = rg_bug_search_load_all($db, $rg['ri']['repo_id'], $rg['login_ui']['uid']);
38 37 if ($r === FALSE) { if ($r === FALSE) {
39 38 $_bug_body .= rg_warning("Error: cannot load all searches!"); // TODO $_bug_body .= rg_warning("Error: cannot load all searches!"); // TODO
40 39 } else { } else {
 
... ... case 'list': /* list */
42 41 $r, $repo_bug_more); $r, $repo_bug_more);
43 42 } }
44 43
45 $filter = rg_bug_search_load($db, $ri['repo_id'], $login_ui['uid'], $_search);
44 $filter = rg_bug_search_load($db, $rg['ri']['repo_id'],
45 $rg['login_ui']['uid'], $_search);
46 46 if ($filter === FALSE) { if ($filter === FALSE) {
47 47 $_bug_body .= rg_warning("Error: cannot load search!"); // TODO $_bug_body .= rg_warning("Error: cannot load search!"); // TODO
48 48 $filter = array(); $filter = array();
 
... ... case 'list': /* list */
51 51 if (isset($filter['name'])) if (isset($filter['name']))
52 52 $repo_bug_more['search_name'] = $filter['name']; $repo_bug_more['search_name'] = $filter['name'];
53 53
54 $r = rg_bug_search($db, $ri['repo_id'], $login_ui['uid'], $filter);
54 $r = rg_bug_search($db, $rg['ri']['repo_id'], $rg['login_ui']['uid'], $filter);
55 55 if ($r === FALSE) if ($r === FALSE)
56 56 $_bug_body .= rg_warning("Error: Cannot search bugs!"); // TODO: do something OK here! $_bug_body .= rg_warning("Error: Cannot search bugs!"); // TODO: do something OK here!
57 57 else else
 
... ... case 'list': /* list */
61 61 // TODO: don't we check for uid also? Security problems? // TODO: don't we check for uid also? Security problems?
62 62 if (isset($filter['standard']) && ($filter['standard'] == 0)) { if (isset($filter['standard']) && ($filter['standard'] == 0)) {
63 63 $_remove_more = $repo_bug_more; $_remove_more = $repo_bug_more;
64 $_remove_more['rg_form_token'] = rg_token_get($db, $sid);
64 $_remove_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
65 65 $_remove_more['search_remove_errmsg'] = ""; $_remove_more['search_remove_errmsg'] = "";
66 66 $_bug_body .= rg_template("repo/bug/search/remove.html", $_bug_body .= rg_template("repo/bug/search/remove.html",
67 67 $_remove_more); $_remove_more);
68 68 } }
69 69 break; break;
70 70
71 default: // go directly to a bug
71 default: // show - go directly to a bug
72 72 $bug_id = intval($_op); $bug_id = intval($_op);
73 $repo_bug_more['bug'] = array();
74 $repo_bug_more['bug']['bug_id'] = $bug_id;
73 75 if ($bug_id > 0) { if ($bug_id > 0) {
76 $repo_bug_more['bug']['url'] = $rg['url_repo'] . "/bug/"
77 . $repo_bug_more['bug']['bug_id'];
74 78 include($INC . "/user/repo/bug/show/show.php"); include($INC . "/user/repo/bug/show/show.php");
75 79 $_bug_body .= $_bug_show; $_bug_body .= $_bug_show;
76 80 } }
81 break;
77 82 } }
78 83
79 84 $repo_bug_more['HTML:bug_body'] = $_bug_body; $repo_bug_more['HTML:bug_body'] = $_bug_body;
File inc/user/repo/bug/search/search.php changed (mode: 100644) (index 8731370..234a83c)
1 1 <?php <?php
2 rg_log("/inc/user/repo/bug/search/search");
2 rg_log("FILE: /inc/user/repo/bug/search/search");
3 3
4 4 $bug_search_more = $repo_bug_more; $bug_search_more = $repo_bug_more;
5 5 $_bug_search = ""; $_bug_search = "";
6 $bug_errmsg = array();
6 $errmsg = array();
7 7
8 8 $_x = array(); $_x = array();
9 if ($doit == 0) {
9 if ($rg['doit'] == 0) {
10 10 // defaults // defaults
11 11 $_x['reported_by'] = ""; $_x['reported_by'] = "";
12 12 $_x['assigned_to'] = ""; $_x['assigned_to'] = "";
 
... ... if ($doit == 0) {
40 40 $_x['standard'] = 0; $_x['standard'] = 0;
41 41
42 42 do { do {
43 $bugs = rg_bug_search($db, $ri['repo_id'], $login_ui['uid'], $_x);
43 $bugs = rg_bug_search($db, $rg['ri']['repo_id'],
44 $rg['login_ui']['uid'], $_x);
44 45 if ($bugs === FALSE) { if ($bugs === FALSE) {
45 $bug_errmsg[] = "Cannot search bug (" . rg_bug_error() . ").";
46 $errmsg[] = "Cannot search bug (" . rg_bug_error() . ").";
46 47 break; break;
47 48 } }
48 49
 
... ... if ($doit == 0) {
53 54 } }
54 55
55 56 $bug_search_more = array_merge($bug_search_more, $_x); $bug_search_more = array_merge($bug_search_more, $_x);
56 $bug_search_more['HTML:bug_errmsg'] = rg_template_errmsg($bug_errmsg);
57 $bug_search_more['HTML:errmsg'] = rg_template_errmsg($errmsg);
57 58 $_exclude = array(); $_exclude = array();
58 59 $bug_search_more['HTML:state_select'] = rg_bug_state_select($_x['state'], $_exclude); $bug_search_more['HTML:state_select'] = rg_bug_state_select($_x['state'], $_exclude);
59 60 $_bug_search .= rg_template("repo/bug/search/search.html", $bug_search_more); $_bug_search .= rg_template("repo/bug/search/search.html", $bug_search_more);
File inc/user/repo/bug/show/add_note.php changed (mode: 100644) (index f61e6c7..1271f8b)
1 1 <?php <?php
2 rg_log("/inc/user/repo/bug/show/add_note");
2 rg_log("FILE: /inc/user/repo/bug/show/add_note");
3 3
4 4 $note_add_doit = rg_var_uint("note_add_doit"); $note_add_doit = rg_var_uint("note_add_doit");
5 5
 
... ... do {
14 14
15 15 $note = rg_var_str("note"); $note = rg_var_str("note");
16 16
17 if (!rg_token_valid($db, $sid, $token)) {
17 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
18 18 $note_errmsg[] = "Invalid token. Try again."; $note_errmsg[] = "Invalid token. Try again.";
19 19 break; break;
20 20 } }
21 21
22 22 if (empty($note)) { if (empty($note)) {
23 $note_errmsg[] = "Cannot be empty";
23 $note_errmsg[] = "note cannot be empty";
24 24 break; break;
25 25 } }
26 26
27 27 // add note // add note
28 28 $_d = array(); $_d = array();
29 29 $_d['note'] = $note; $_d['note'] = $note;
30 $ret = rg_bug_note_add($db, $ri['repo_id'], $bug_id, $login_ui['uid'], $_d);
30 $ret = rg_bug_note_add($db, $rg['ri']['repo_id'], $bug_id,
31 $rg['login_ui']['uid'], $_d);
31 32 if ($ret === FALSE) { if ($ret === FALSE) {
32 33 $note_errmsg[] = "Cannot add note (" . rg_bug_error() . ")"; $note_errmsg[] = "Cannot add note (" . rg_bug_error() . ")";
33 34 break; break;
 
... ... do {
39 40
40 41 // add note form // add note form
41 42 $add_note_more['HTML:note_errmsg'] = rg_template_errmsg($note_errmsg); $add_note_more['HTML:note_errmsg'] = rg_template_errmsg($note_errmsg);
42 $add_note_more['rg_form_token'] = rg_token_get($db, $sid);
43 $add_note_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
43 44 $add_note_more['note'] = $note; $add_note_more['note'] = $note;
44 45 $repo_bug_show_more['HTML:note_add'] = rg_template("repo/bug/note_add.html", $add_note_more); $repo_bug_show_more['HTML:note_add'] = rg_template("repo/bug/note_add.html", $add_note_more);
45 46 ?> ?>
File inc/user/repo/bug/show/show.php changed (mode: 100644) (index 1d41eee..e9b9051)
1 1 <?php <?php
2 rg_log("/inc/user/repo/bug/show");
2 rg_log("FILE: /inc/user/repo/bug/show/show");
3
4 // TODO: security checks
3 5
4 6 $repo_bug_show_more = $repo_bug_more; $repo_bug_show_more = $repo_bug_more;
5 7 $_bug_show = ""; $_bug_show = "";
6 8
7 $repo_bug_show_more['bug_id'] = $bug_id;
8 9 $repo_bug_show_more['HTML:bug_edit'] = ""; $repo_bug_show_more['HTML:bug_edit'] = "";
9 10
10 $ibug = rg_bug_info($db, $ri['repo_id'], $bug_id);
11 $ibug = rg_bug_info($db, $rg['ri']['repo_id'],
12 $repo_bug_show_more['bug']['bug_id']);
11 13 if ($ibug === FALSE) if ($ibug === FALSE)
12 14 rg_fatal("Cannot lookup bug!"); rg_fatal("Cannot lookup bug!");
15
16 $repo_bug_show_more['bug'] = array_merge($repo_bug_show_more['bug'], $ibug);
17
13 18 if ($ibug['exists'] != 1) { if ($ibug['exists'] != 1) {
14 19 $_bug_body .= rg_template("repo/bug/not_found.html", $repo_bug_show_more); $_bug_body .= rg_template("repo/bug/not_found.html", $repo_bug_show_more);
15 20 return; return;
16 21 } }
17 22
23 // If bug is deleted and the user does not have 'delete' rights, deny access.
24 if ($ibug['deleted'] > 0) {
25 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "d", $rg['ip'], "") !== TRUE) {
26 $_bug_body .= rg_template("repo/bug/deleted.html", $repo_bug_show_more);
27 return;
28 }
29 }
30
18 31 // load labels // load labels
19 $labels = rg_bug_label_get($db, $ri['repo_id'], $bug_id);
32 $labels = rg_bug_label_get($db, $rg['ri']['repo_id'], $repo_bug_show_more['bug']['bug_id']);
20 33 if ($labels === FALSE) if ($labels === FALSE)
21 34 $repo_bug_show_more['HTML:labels_html'] = "Cannot load labels!"; $repo_bug_show_more['HTML:labels_html'] = "Cannot load labels!";
22 35 else else
23 36 $repo_bug_show_more['HTML:labels_html'] = rg_bug_label_html($db, $labels); $repo_bug_show_more['HTML:labels_html'] = rg_bug_label_html($db, $labels);
24 $repo_bug_show_more['labels'] = implode(" ", $labels);
37 $repo_bug_show_more['bug']['labels'] = implode(" ", $labels);
25 38
26 39 // edit // edit
27 40 $repo_bug_show_more['HTML:edit_form'] = rg_template("repo/bug/b_edit.html", $repo_bug_show_more['HTML:edit_form'] = rg_template("repo/bug/b_edit.html",
28 41 $repo_bug_show_more); $repo_bug_show_more);
29 42 if (rg_var_uint("edit") == 1) { if (rg_var_uint("edit") == 1) {
30 include($INC . "/user/repo/bug/show/edit.php");
31 $repo_bug_show_more['HTML:bug_edit'] = $_bug_edit;
43 $repo_bug_show_more['HTML:bug_edit'] =
44 rg_bug_edit_high_level($db, $repo_bug_show_more);
32 45 } }
33 46
34 47 // close/re-open // close/re-open
 
... ... do {
37 50 if (rg_var_uint("close_reopen") != 1) if (rg_var_uint("close_reopen") != 1)
38 51 break; break;
39 52
40 if (!rg_token_valid($db, $sid, $token)) {
53 $ibug['state'] = rg_var_uint("state");
54 $ibug['state_text'] = rg_bug_state($ibug['state']);
55
56 if ($ibug['state'] == 1) { // reopen
57 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "r", $rg['ip'], "") !== TRUE) {
58 rg_template("repo/bug/deny_reopen.html", $rg);
59 break;
60 }
61 } else { // close
62 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "C", $rg['ip'], "") !== TRUE) {
63 rg_template("repo/bug/deny_close.html", $rg);
64 break;
65 }
66 }
67
68 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
41 69 $close_reopen_error = "Invalid token. Try again."; $close_reopen_error = "Invalid token. Try again.";
42 70 break; break;
43 71 } }
44 72
45 $ibug['state'] = rg_var_uint("state");
46 $ibug['state_text'] = rg_bug_state($ibug['state']);
47 $ret = rg_bug_edit($db, $ri, $login_ui, $ibug);
73 $ret = rg_bug_edit($db, $rg['login_ui'], $rg['ri'], $ibug);
48 74 if ($ret === FALSE) { if ($ret === FALSE) {
49 75 $close_reopen_error = "Cannot edit bug (" . rg_bug_error() . ")"; $close_reopen_error = "Cannot edit bug (" . rg_bug_error() . ")";
50 76 break; break;
 
... ... $repo_bug_show_more['HTML:close_form'] = rg_template($t, $repo_bug_show_more);
60 86 $repo_bug_show_more['HTML:button_error'] = rg_warning($close_reopen_error, $repo_bug_show_more['HTML:button_error'] = rg_warning($close_reopen_error,
61 87 $repo_bug_show_more); $repo_bug_show_more);
62 88
63 // add_note must be unconditionally included because we must insert the form
89 // 'add_note' must be unconditionally included because we must insert the form
64 90 include($INC . "/user/repo/bug/show/add_note.php"); include($INC . "/user/repo/bug/show/add_note.php");
65 91
66 92 // load notes // load notes
67 $notes = rg_bug_note_list($db, $ri['repo_id'], $bug_id, 0);
93 $notes = rg_bug_note_list($db, $rg['ri']['repo_id'],
94 $repo_bug_show_more['bug']['bug_id'], 0);
68 95 if ($notes === FALSE) if ($notes === FALSE)
69 96 $repo_bug_show_more['HTML:notes'] = "Cannot load notes!"; $repo_bug_show_more['HTML:notes'] = "Cannot load notes!";
70 97 else else
 
... ... else
72 99
73 100 // watch // watch
74 101 $watch_body = ""; $watch_body = "";
75 $watch = rg_watch_load($db, "bug", $login_ui['uid'], $ri['repo_id'], $bug_id);
102 $watch = rg_watch_load($db, "bug", $rg['login_ui']['uid'], $rg['ri']['repo_id'],
103 $repo_bug_show_more['bug']['bug_id']);
76 104 if ($watch === FALSE) { if ($watch === FALSE) {
77 105 $watch_body .= rg_warning("Internal error."); $watch_body .= rg_warning("Internal error.");
78 106 } else { } else {
 
... ... if ($watch === FALSE) {
80 108 // user does not watch the bug, present 'watch' form // user does not watch the bug, present 'watch' form
81 109 if (rg_var_uint("watch") == 1) { if (rg_var_uint("watch") == 1) {
82 110 // user pressed watch button // user pressed watch button
83 $r = rg_watch_add($db, "bug", $login_ui['uid'],
84 $ri['repo_id'], $bug_id);
111 $r = rg_watch_add($db, "bug", $rg['login_ui']['uid'],
112 $rg['ri']['repo_id'], $repo_bug_show_more['bug']['bug_id']);
85 113 if ($r === FALSE) if ($r === FALSE)
86 114 rg_internal_error("TODO: find something here"); rg_internal_error("TODO: find something here");
87 115 $watch = 1; $watch = 1;
 
... ... if ($watch === FALSE) {
90 118 // user is already watching the bug, present 'unwatch' option // user is already watching the bug, present 'unwatch' option
91 119 if (rg_var_uint("unwatch") == 1) { if (rg_var_uint("unwatch") == 1) {
92 120 // user pressed unwatch button // user pressed unwatch button
93 $r = rg_watch_del($db, "bug", $login_ui['uid'],
94 $ri['repo_id'], $bug_id);
121 $r = rg_watch_del($db, "bug", $rg['login_ui']['uid'],
122 $rg['ri']['repo_id'], $repo_bug_show_more['bug']['bug_id']);
95 123 if ($r === FALSE) if ($r === FALSE)
96 124 rg_internal_error("TODO: find something here"); rg_internal_error("TODO: find something here");
97 125 $watch = 0; $watch = 0;
 
... ... if ($watch === FALSE) {
102 130 $t = "repo/bug/b_watch.html"; $t = "repo/bug/b_watch.html";
103 131 else else
104 132 $t = "repo/bug/b_unwatch.html"; $t = "repo/bug/b_unwatch.html";
105
106 133 $r = rg_template($t, $repo_bug_show_more); $r = rg_template($t, $repo_bug_show_more);
107 134 if ($r !== FALSE) if ($r !== FALSE)
108 135 $watch_body .= $r; $watch_body .= $r;
109 136 } }
110 137 $repo_bug_show_more['HTML:watch_form'] = $watch_body; $repo_bug_show_more['HTML:watch_form'] = $watch_body;
111 138
112 //rg_log_ml("DEBUG: ibug: " . print_r($ibug, TRUE));
113 $repo_bug_show_more = array_merge($repo_bug_show_more, $ibug);
114 $repo_bug_show_more['rg_form_token'] = rg_token_get($db, $sid);
139 // delete
140 $delete_error = "";
141 do {
142 $del_undel = rg_var_uint("del_undel");
143 if ($del_undel == 0)
144 break;
145
146 if (rg_repo_allow($db, "repo", $rg['ri'], $rg['login_ui'], "d", $rg['ip'], "") !== TRUE) {
147 rg_template("repo/bug/deny_delete.html", $rg);
148 break;
149 }
150
151 if (!rg_token_valid($db, $rg['sid'], $rg['token'])) {
152 $delete_error = "Invalid token. Try again.";
153 break;
154 }
155
156 $ret = rg_bug_delete_undelete($db, $rg['login_ui']['uid'], $rg['ri']['repo_id'],
157 $ibug['bug_id'], $del_undel);
158 if ($ret === FALSE) {
159 $delete_error = rg_bug_error();
160 break;
161 }
162 } while (0);
163 $repo_bug_show_more['HTML:button_error'] = rg_warning($delete_error,
164 $repo_bug_show_more);
165
166
167 // We must look it up again because it can be edited above; no prob, is in cache
168 $ibug = rg_bug_info($db, $rg['ri']['repo_id'],
169 $repo_bug_show_more['bug']['bug_id']);
170 if ($ibug === FALSE)
171 rg_fatal("Cannot lookup bug!");
172 $repo_bug_show_more = rg_array_merge($repo_bug_show_more, "bug", $ibug);
115 173
174 $repo_bug_show_more['rg_form_token'] = rg_token_get($db, $rg['sid']);
116 175 $_bug_show .= rg_template("repo/bug/show.html", $repo_bug_show_more); $_bug_show .= rg_template("repo/bug/show.html", $repo_bug_show_more);
117 176 ?> ?>
File inc/user/settings.php changed (mode: 100644) (index 7140034..009ea25)
1 1 <?php <?php
2 rg_log("/inc/user/settings");
2 rg_log("FILE: /inc/user/settings");
3 3
4 4 $_settings = ""; $_settings = "";
5 5
6 if ($login_ui['uid'] == 0) {
7 $_settings .= rg_warning("You have no access here!");
6 if ($rg['login_ui']['uid'] == 0) {
7 $_settings .= rg_warning("Error: Not logged in.");
8 8 return; return;
9 9 } }
10 10
11 $target_ui = $login_ui;
11 $rg['target_ui'] = $rg['login_ui'];
12 12
13 13 $errmsg = array(); $errmsg = array();
14 14
15 15 $_subop = empty($paras) ? "edit_info" : array_shift($paras); $_subop = empty($paras) ? "edit_info" : array_shift($paras);
16
17 // menu
18 $_m = array(
19 "edit_info" => array(
20 "text" => "Edit info",
21 "op" => "edit_info"
22 ),
23 "change_pass" => array(
24 "text" => "Change password",
25 "op" => "change_pass"
26 ),
27 "keys" => array(
28 "text" => "SSH keys",
29 "op" => "keys"
30 )
31 );
32 rg_menu_add($rg_menu, $_m, $_subop);
33
34 16 switch ($_subop) { switch ($_subop) {
35 17 case 'edit_info': case 'edit_info':
36 $more['ask_for_pass'] = 0;
37 $_settings .= rg_user_edit_high_level($db, $sid, $more);
18 $rg['ask_for_pass'] = 0;
19 $_settings .= rg_user_edit_high_level($db, $rg);
38 20 break; break;
39 21
40 22 case 'change_pass': case 'change_pass':
 
... ... case 'keys':
48 30 break; break;
49 31 } }
50 32
33 $rg['menu']['sub1'][$_subop] = 1;
34 $rg['HTML:submenu1'] = rg_template("user/settings/menu.html", $rg);
35
51 36 ?> ?>
File inc/util.inc.php changed (mode: 100644) (index 3f7c22f..571aab0)
... ... function rg_re_userpage($ui)
140 140 { {
141 141 if (!isset($ui['organization'])) { if (!isset($ui['organization'])) {
142 142 rg_internal_error("rg_re_userpage called with wrong ui (no org)!"); rg_internal_error("rg_re_userpage called with wrong ui (no org)!");
143 rg_log("ui: " . print_r($ui, TRUE));
143 144 exit(1); exit(1);
144 145 } }
145 146
 
... ... function rg_re_userpage($ui)
155 156 function rg_re_repopage($ui, $repo_name) function rg_re_repopage($ui, $repo_name)
156 157 { {
157 158 if (!isset($ui['organization'])) { if (!isset($ui['organization'])) {
158 rg_internal_error("rg_re_repopage called with wrong ui (no org)!");
159 rg_internal_error("rg_re_repopage called with wrong ui"
160 . " (no 'organization' field): " . rg_array2string($ui));
161 rg_log("ui: " . print_r($ui, TRUE));
159 162 exit(1); exit(1);
160 163 } }
161 164
 
... ... function rg_var_str($name)
251 254
252 255 function rg_var_int($name) function rg_var_int($name)
253 256 { {
254 return sprintf("%d", rg_var_str($name));
257 $r = rg_var_str($name);
258
259 if (is_array($r)) {
260 $ret2 = array();
261 foreach ($r as $k => $v)
262 $ret2[$k] = sprintf("%d", $v);
263 return $ret2;
264 }
265 return sprintf("%d", $r);
255 266 } }
256 267
257 268 function rg_var_uint($name) function rg_var_uint($name)
258 269 { {
259 return sprintf("%u", rg_var_str($name));
270 $r = rg_var_str($name);
271
272 if (is_array($r)) {
273 $ret2 = array();
274 foreach ($r as $k => $v)
275 $ret2[$k] = sprintf("%u", $v);
276 return $ret2;
277 }
278 return sprintf("%u", $r);
279 }
280
281 function rg_var_bool($name)
282 {
283 $r = rg_var_str($name);
284 if (strcmp($r, "1") == 0)
285 return 1;
286
287 return 0;
260 288 } }
261 289
262 290 function rg_var_re($name, $re) function rg_var_re($name, $re)
 
... ... function rg_rmdir($dir)
318 346 return TRUE; return TRUE;
319 347 } }
320 348
321 /*
322 * Adds an submenu
323 * It is normal op to be empty
324 */
325 function rg_menu_add(&$menu, $sub, $op)
326 {
327 if (isset($sub[$op]))
328 $sub[$op]['active'] = 1;
329
330 if (empty($menu)) {
331 $menu = $sub;
332 return;
333 }
334
335 // search for last active menu
336 foreach ($menu as $_op => &$_info) {
337 if (!isset($_info['active']))
338 continue;
339
340 if (!isset($_info['sub'])) {
341 // we found the correct place
342 $menu[$_op]['sub'] = $sub;
343 break;
344 }
345
346 // we are on parent of the correct menu
347 rg_menu_add($_info['sub'], $sub, $op);
348 break;
349 }
350 }
351
352 /*
353 * Generates a menu
354 */
355 function rg_menu($a, $url, $ui)
356 {
357 $menu = array();
358 $submenu = "";
359 foreach ($a as $_id => $_info) {
360 $entry = array();
361
362 // we ignore fake menus like 'home'
363 if (!isset($_info['text']))
364 continue;
365
366 if (isset($_info['needs_admin']) && ($ui['is_admin'] == 0))
367 continue;
368
369 if (isset($_info['uid0']) && ($ui['uid'] > 0))
370 continue;
371
372 if (!isset($_info['uid0']) && ($ui['uid'] == 0))
373 continue;
374
375 $entry['text'] = $_info['text'];
376 $prefix = empty($url) ? "" : $url . "/";
377 $menu_url = $prefix . rg_re_url($_info['op']);
378 $entry['url'] = $menu_url;
379
380 $entry['selected'] = 0;
381 if (isset($_info['active']))
382 $entry['selected'] = 1;
383
384 $menu[] = $entry;
385
386 if (!isset($_info['sub']) || (count($_info['sub']) == 0))
387 continue;
388
389 // submenu
390 $submenu = rg_menu($_info['sub'], $menu_url, $ui);
391 }
392
393 // Build menu
394 $ret = rg_template_table("menu", $menu, array());
395 $ret .= $submenu;
396
397 return $ret;
398 }
399
400 349 /* /*
401 350 * Provides a link to an image, taking in consideration the theme * Provides a link to an image, taking in consideration the theme
402 351 * Used by rg_prepare_image. * Used by rg_prepare_image.
 
... ... function rg_prepare_image($line)
423 372 return preg_replace_callback('/@@IMG:(.*)@@/uU', "rg_image_callback", $line); return preg_replace_callback('/@@IMG:(.*)@@/uU', "rg_image_callback", $line);
424 373 } }
425 374
375 /*
376 * Helper for rg_prepare_replace
377 */
378 function rg_prepare_replace_helper($a, $prefix, &$what, &$values)
379 {
380 foreach ($a as $k => $v) {
381 if (empty($prefix))
382 $add = "";
383 else
384 $add = ".";
385
386 $new_prefix = $prefix . $add . $k;
387
388 if (is_array($v)) {
389 rg_prepare_replace_helper($v, $new_prefix,
390 $what, $values);
391 continue;
392 }
393
394 if (strncmp($k, "HTML:", 5) == 0) {
395 $new_prefix = $prefix . $add . substr($k, 5);
396 } else {
397 if (is_array($v))
398 rg_log_ml("DEBUG: Invalid type for [$k]: " . print_r($v, TRUE));
399 $v = htmlspecialchars($v);
400 }
401 $what[$new_prefix] = "/@@" . $new_prefix . "@@/uU";
402 $values[$new_prefix] = $v;
403 }
404 }
405
426 406 function rg_prepare_replace(&$data, &$what, &$values) function rg_prepare_replace(&$data, &$what, &$values)
427 407 { {
428 408 if (!empty($data)) { if (!empty($data)) {
429 409 if (!is_array($data)) if (!is_array($data))
430 rg_internal_error("invalid type passed");
431 foreach ($data as $k => $v) {
432 if (is_array($v))
433 rg_fatal("value of key [$k] is array!"
434 . " data: " . print_r($data, TRUE));
410 rg_internal_error("prepare_replace: invalid type passed");
435 411
436 if (strncmp($k, "HTML:", 5) == 0) {
437 $k = substr($k, 5);
438 } else {
439 if (is_array($v))
440 rg_log_ml("DEBUG: Invalid type for [$k]: " . print_r($v, TRUE));
441 $v = htmlspecialchars($v);
442 }
443 $what[$k] = "/@@" . $k . "@@/uU";
444 $values[$k] = $v;
445 }
412 rg_prepare_replace_helper($data, "", $what, $values);
446 413 } }
447 414
448 415 $what['DUMP'] = "/@@DUMP@@/uU"; $what['DUMP'] = "/@@DUMP@@/uU";
 
... ... function rg_replace_conditionals_block($block, &$data, &$stack)
525 492 rg_internal_error("Invalid condition!"); rg_internal_error("Invalid condition!");
526 493 return FALSE; return FALSE;
527 494 } }
528 //rg_log("DEBUG: matches2: " . rg_array2string($matches2));
529 495 if (count($matches2) < 3) { if (count($matches2) < 3) {
496 rg_log("matches[3]: " . $matches[3]);
497 rg_log("matches2: " . rg_array2string($matches2));
530 498 rg_internal_error("Cannot match condition."); rg_internal_error("Cannot match condition.");
531 499 return FALSE; return FALSE;
532 500 } }
 
... ... function rg_template_table($dir, &$data, $more)
680 648 return $head . $body . $foot; return $head . $body . $foot;
681 649 } }
682 650
651 /*
652 * Loads a template.
653 * TODO: why we pass variable by reference?!
654 */
683 655 function rg_template($file, &$data) function rg_template($file, &$data)
684 656 { {
685 657 global $rg_theme_dir; global $rg_theme_dir;
 
... ... function rg_date2ts_last_second($s)
1096 1068
1097 1069 /* /*
1098 1070 * Function to send e-mails * Function to send e-mails
1099 * TODO: Replace mail() wil rg_mail everywhere.
1071 * TODO: Replace mail() with rg_mail everywhere.
1100 1072 */ */
1101 1073 function rg_mail($template, $more) function rg_mail($template, $more)
1102 1074 { {
 
... ... function rg_mail($template, $more)
1118 1090
1119 1091 $ret = mail($more['ui.email'], $subject, $body, $header, "-f $rg_admin_email"); $ret = mail($more['ui.email'], $subject, $body, $header, "-f $rg_admin_email");
1120 1092 if ($ret === FALSE) if ($ret === FALSE)
1121 rg_log("Sending mail failed!");
1093 rg_log("Sending mail failed to=" . $more['ui.email'] . " subject=$subject!");
1122 1094
1123 1095 rg_prof_end("mail"); rg_prof_end("mail");
1124 1096 return $ret; return $ret;
 
... ... function rg_array_merge($src, $namespace, $a)
1135 1107 if (empty($a)) if (empty($a))
1136 1108 return $ret; return $ret;
1137 1109
1110 if (!empty($namespace))
1111 $namespace .= ".";
1112
1138 1113 foreach ($a as $k => $v) { foreach ($a as $k => $v) {
1139 1114 $t = explode(":", $k, 2); $t = explode(":", $k, 2);
1140 1115 if (count($t) == 1) if (count($t) == 1)
1141 $ret[$namespace . "." . $k] = $v;
1116 $ret[$namespace . $k] = $v;
1142 1117 else else
1143 $ret[$t[0] . ":" . $namespace . "." . $t[1]] = $v;
1118 $ret[$t[0] . ":" . $namespace . $t[1]] = $v;
1144 1119 } }
1145 1120
1146 1121 return $ret; return $ret;
File inc/watch.inc.php changed (mode: 100644) (index f6190b3..02c78ad)
... ... function rg_watch_error()
24 24 * Returns a watched entry * Returns a watched entry
25 25 */ */
26 26 $rg_watch_load_cache = array(); $rg_watch_load_cache = array();
27 function rg_watch_load($db, $type, $login_uid, $obj_id1, $obj_id2)
27 function rg_watch_load($db, $type, $uid, $obj_id1, $obj_id2)
28 28 { {
29 29 global $rg_watch_load_cache; global $rg_watch_load_cache;
30 30
31 $key = $type . "-" . $login_uid . "-" . $obj_id1 . "-" . $obj_id2;
31 $key = $type . "-" . $uid . "-" . $obj_id1 . "-" . $obj_id2;
32 32 if (isset($rg_watch_load_cache[$key])) if (isset($rg_watch_load_cache[$key]))
33 33 return $rg_watch_load_cache[$key]; return $rg_watch_load_cache[$key];
34 34
35 35 rg_prof_start("watch_load"); rg_prof_start("watch_load");
36 rg_log("watch_load: type=$type login_uid=$login_uid obj_id=$obj_id1/$obj_id2");
36 rg_log("watch_load: type=$type uid=$uid obj_id=$obj_id1/$obj_id2");
37 37
38 38 $ret = FALSE; $ret = FALSE;
39 39 do { do {
40 $params = array("uid" => $uid,
41 "obj_id1" => $obj_id1,
42 "obj_id2" => $obj_id2);
40 43 if (strcmp($type, "bug") == 0) { if (strcmp($type, "bug") == 0) {
41 $params = array($login_uid, $obj_id1, $obj_id2);
42 44 $sql = "SELECT 1 FROM watch_bug" $sql = "SELECT 1 FROM watch_bug"
43 . " WHERE uid = $1"
44 . " AND repo_id = $2"
45 . " AND bug_id = $3";
45 . " WHERE uid = @@uid@@"
46 . " AND repo_id = @@obj_id1@@"
47 . " AND bug_id = @@obj_id2@@";
46 48 } else if (strcmp($type, "repo") == 0) { } else if (strcmp($type, "repo") == 0) {
47 $params = array($login_uid, $obj_id1);
48 49 $sql = "SELECT 1 FROM watch_repo" $sql = "SELECT 1 FROM watch_repo"
49 . " WHERE uid = $1"
50 . " AND repo_id = $2";
50 . " WHERE uid = @@uid@@"
51 . " AND repo_id = @@obj_id1@@";
51 52 } else { } else {
52 53 rg_internal_error("Invalid watch type!"); rg_internal_error("Invalid watch type!");
53 54 break; break;
 
... ... function rg_watch_load($db, $type, $login_uid, $obj_id1, $obj_id2)
71 72 * Add somebody to the watch list * Add somebody to the watch list
72 73 */ */
73 74 $rg_watch_add_state = array(); $rg_watch_add_state = array();
74 function rg_watch_add($db, $type, $login_uid, $obj_id1, $obj_id2)
75 function rg_watch_add($db, $type, $uid, $obj_id1, $obj_id2)
75 76 { {
76 77 global $rg_watch_add_state; global $rg_watch_add_state;
77 78
78 79 // If watch already added, skip. // If watch already added, skip.
79 $key = $type . "-" . $login_uid . "-" . $obj_id1 . "-" . $obj_id2;
80 $key = $type . "-" . $uid . "-" . $obj_id1 . "-" . $obj_id2;
80 81 if (isset($rg_watch_add_state[$key])) if (isset($rg_watch_add_state[$key]))
81 82 return $rg_watch_add_state[$key]; return $rg_watch_add_state[$key];
82 83
83 84 rg_prof_start("watch_add"); rg_prof_start("watch_add");
84 rg_log("watch_add type=$type, login_uid=$login_uid obj_id=$obj_id1/$obj_id2");
85 rg_log("watch_add type=$type, uid=$uid obj_id=$obj_id1/$obj_id2");
85 86
86 87 $ret = FALSE; $ret = FALSE;
87 88 do { do {
88 $r = rg_watch_load($db, $type, $login_uid, $obj_id1, $obj_id2);
89 $r = rg_watch_load($db, $type, $uid, $obj_id1, $obj_id2);
89 90 if ($r === FALSE) if ($r === FALSE)
90 91 break; break;
91 92 if ($r === 1) { // already in watch list if ($r === 1) { // already in watch list
 
... ... function rg_watch_add($db, $type, $login_uid, $obj_id1, $obj_id2)
93 94 break; break;
94 95 } }
95 96
97 $params = array("uid" => $uid,
98 "obj_id1" => $obj_id1,
99 "obj_id2" => $obj_id2);
100
96 101 if (strcmp($type, "bug") == 0) { if (strcmp($type, "bug") == 0) {
97 $params = array($login_uid, $obj_id1, $obj_id2);
98 102 $sql = "INSERT INTO watch_bug (uid, repo_id, bug_id)" $sql = "INSERT INTO watch_bug (uid, repo_id, bug_id)"
99 . " VALUES ($1, $2, $3)";
103 . " VALUES (@@uid@@, @@obj_id1@@, @@obj_id2@@)";
100 104 } else if (strcmp($type, "repo") == 0) { } else if (strcmp($type, "repo") == 0) {
101 $params = array($login_uid, $obj_id1);
102 105 $sql = "INSERT INTO watch_repo (uid, repo_id)" $sql = "INSERT INTO watch_repo (uid, repo_id)"
103 . " VALUES ($1, $2)";
106 . " VALUES (@@uid@@, @@obj_id1@@)";
104 107 } else { } else {
105 108 rg_internal_error("Invalid watch type!"); rg_internal_error("Invalid watch type!");
106 109 break; break;
 
... ... function rg_watch_load_by_obj_id($db, $type, $obj_id1, $obj_id2)
164 167
165 168 $ret = FALSE; $ret = FALSE;
166 169 do { do {
170 $params = array("obj_id1" => $obj_id1,
171 "obj_id2" => $obj_id2);
172
167 173 if (strcmp($type, "bug") == 0) { if (strcmp($type, "bug") == 0) {
168 $params = array($obj_id1, $obj_id2);
169 174 $sql = "SELECT uid FROM watch_bug" $sql = "SELECT uid FROM watch_bug"
170 . " WHERE repo_id = $1"
171 . " AND bug_id = $2";
175 . " WHERE repo_id = @@obj_id1@@"
176 . " AND bug_id = @@obj_id2@@";
172 177 } else if (strcmp($type, "repo") == 0) { } else if (strcmp($type, "repo") == 0) {
173 $params = array($obj_id1);
174 178 $sql = "SELECT uid FROM watch_repo" $sql = "SELECT uid FROM watch_repo"
175 . " WHERE repo_id = $1";
179 . " WHERE repo_id = @@obj_id1@@";
176 180 } else { } else {
177 181 rg_internal_error("Invalid watch type!"); rg_internal_error("Invalid watch type!");
178 182 break; break;
File root/index.php changed (mode: 100644) (index 70fa3af..43dae64)
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 3 ini_set("track_errors", "On"); ini_set("track_errors", "On");
4 4
5 $more = array();
6 $INC = dirname(__FILE__) . "/../inc";
5 $rg = array();
6
7 7 require_once("/etc/rocketgit/config.php"); require_once("/etc/rocketgit/config.php");
8 $INC = dirname(__FILE__) . "/../inc";
8 9 require_once($INC . "/init.inc.php"); require_once($INC . "/init.inc.php");
9 10 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
10 11 include_once($INC . "/sql.inc.php"); include_once($INC . "/sql.inc.php");
 
... ... rg_prof_start("MAIN");
24 25
25 26 rg_log_set_file($rg_web_log_dir . "/main.log"); rg_log_set_file($rg_web_log_dir . "/main.log");
26 27
27 // Last time fixes for configurations options that were added after
28 if (!isset($rg_theme_dir))
29 $rg_theme_dir = $rg_scripts . "/root/themes";
30
31 // Store confirguration into 'more'
28 // Store configuration into 'rg'
32 29 if (!isset($rg_account_email_confirm)) if (!isset($rg_account_email_confirm))
33 30 $rg_account_email_confirm = 1; $rg_account_email_confirm = 1;
34 $more['rg_account_email_confirm'] = $rg_account_email_confirm;
31 $rg['rg_account_email_confirm'] = $rg_account_email_confirm;
35 32 if (!isset($rg_account_allow_creation)) if (!isset($rg_account_allow_creation))
36 33 $rg_account_allow_creation = 0; $rg_account_allow_creation = 0;
37 $more['rg_account_allow_creation'] = $rg_account_allow_creation;
34 $rg['rg_account_allow_creation'] = $rg_account_allow_creation;
38 35
39 36 // Init variables // Init variables
40 37 $THEME_URL = "/themes/" . $rg_theme; $THEME_URL = "/themes/" . $rg_theme;
41 38 $sparas = ""; $sparas = "";
42 $login_ui = array();
43 $target_ui = array("ok" => 1, "exists" => 0, "uid" => 0);
39 $rg['login_ui'] = array();
40 $rg['target_ui'] = array("ok" => 1, "exists" => 0, "uid" => 0);
41 $rg['ri'] = array("repo_id" => 0, "uid" => 0);
42 $rg['bug'] = array("bug_id" => 0);
43 $rg['HTML:submenu1'] = "";
44 $rg['HTML:submenu2'] = "";
44 45
45 46 // We have variable 'vv' passed from webserver - build 'op' and rest of paras // We have variable 'vv' passed from webserver - build 'op' and rest of paras
46 47 $sparas = rg_var_str("vv"); $sparas = rg_var_str("vv");
47 48 rg_log("DEBUG: sparas=$sparas."); rg_log("DEBUG: sparas=$sparas.");
48 $more['url'] = $sparas;
49 $rg['url'] = "/op";
49 50 $paras = explode("/", trim($sparas, "/")); $paras = explode("/", trim($sparas, "/"));
50 51 $_t = empty($paras) ? "" : $paras[0]; $_t = empty($paras) ? "" : $paras[0];
51 52 rg_log("DEBUG: paras: " . rg_array2string($paras)); rg_log("DEBUG: paras: " . rg_array2string($paras));
 
... ... if (strcmp($_t, "op") == 0) {
56 57 $_op = ""; $_op = "";
57 58 } }
58 59
59 $doit = rg_var_uint("doit");
60 $sid = rg_var_re("sid", "/[^A-Za-z0-9]/");
61 $token = rg_var_re("token", "/[^A-Za-z0-9]/");
62 $user = ""; $repo = ""; $organization = 0;
60 $rg['doit'] = rg_var_uint("doit");
61 $rg['sid'] = rg_var_re("sid", "/[^A-Za-z0-9]/");
62 $rg['token'] = rg_var_re("token", "/[^A-Za-z0-9]/");
63 $user = ""; $repo = ""; $organization = 0; // TODO: those are really used?
63 64
64 rg_log("IP: " . @$_SERVER['REMOTE_ADDR']);
65 $rg['ip'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
66 rg_log("IP: " . $rg['ip']);
65 67 rg_log("_REQUEST: " . rg_array2string($_REQUEST)); rg_log("_REQUEST: " . rg_array2string($_REQUEST));
66 68 rg_log("_COOKIE: " . rg_array2string($_COOKIE)); rg_log("_COOKIE: " . rg_array2string($_COOKIE));
67 69 rg_log("Start! ver=$rocketgit_version"); rg_log("Start! ver=$rocketgit_version");
 
... ... while ($tries > 0) {
92 94 sleep(1); sleep(1);
93 95 } }
94 96 if ($good == 0) { if ($good == 0) {
95 // TODO: we must let if go to dispatcher instead of redirecting = another connection
97 // TODO: we must let it go to dispatcher instead of redirecting = another connection
96 98 $url = rg_re_url("fatal"); $url = rg_re_url("fatal");
97 99 rg_fatal_web("Internal error", $url); rg_fatal_web("Internal error", $url);
98 100 } }
99 101
100 rg_user_login_by_sid($db, $sid, $login_ui);
101 rg_log("After login_by_sid, login_ui=" . rg_array2string($login_ui));
102 rg_user_login_by_sid($db, $rg);
103 rg_log("After login_by_sid, login_ui=" . rg_array2string($rg['login_ui']));
102 104
103 105
104 106 $body = ""; $body = "";
105 $rg_menu = array();
106 // first level menu
107 $_m = array(
108 "login" => array(
109 "text" => "Login",
110 "uid0" => 1,
111 "op" => "/op/login"),
112 "settings" => array(
113 "text" => "Settings",
114 "op" => "/op/settings"),
115 "repo" => array(
116 "text" => "Repositories",
117 "op" => "/op/repo"),
118 "admin" => array(
119 "text" => "Admin",
120 "needs_admin" => 1,
121 "op" => "/op/admin"),
122 "suggestion"=> array(
123 "text" => "Suggestion",
124 "op" => "/op/suggestion"),
125 "logout" => array(
126 "text" => "Logout",
127 "op" => "/op/logout")
128 );
129 rg_menu_add($rg_menu, $_m, $_op);
130
131 107
132 108 rg_log("Dispatching to [$_op]"); rg_log("Dispatching to [$_op]");
133 109 include($INC . "/dispatch/dispatch.php"); include($INC . "/dispatch/dispatch.php");
134 110
135 111
136 $more['HTML:rg_menu'] = rg_menu($rg_menu, "", $login_ui);
137
138 if ($login_ui['uid'] > 0) {
139 $more['rg_username'] = $login_ui['username'];
140 $more['rg_homepage'] = rg_re_userpage($login_ui);
112 if ($rg['login_ui']['uid'] > 0) {
113 $rg['login_ui']['homepage'] = rg_re_userpage($rg['login_ui']);
141 114 } else { } else {
142 $more['rg_username'] = "";
143 $more['rg_homepage'] = "";
115 $rg['login_ui']['username'] = "";
116 $rg['login_ui']['homepage'] = "";
144 117 } }
145 118
146 // home page
147
148 119 // Some variables from the database // Some variables from the database
149 120 $r = rg_state_get_uint($db, "first_install"); $r = rg_state_get_uint($db, "first_install");
150 121 if ($r > 0) { if ($r > 0) {
151 $more['first_install_text'] = gmdate("Y-m-d", $r);
122 $rg['first_install_text'] = gmdate("Y-m-d", $r);
152 123 } else { } else {
153 $more['first_install_text'] = "?";
124 $rg['first_install_text'] = "?";
154 125 } }
155 126
156 127
157 128 rg_prof_end("MAIN"); rg_prof_end("MAIN");
158 129
159 // TODO: Do something with the profiling, here: log it in database etc.
160
161 $more['HTML:rg_theme_url'] = $THEME_URL;
162 $more['HTML:rg_body'] = $body;
163 echo rg_template("index.html", $more);
130 $rg['HTML:rg_theme_url'] = $THEME_URL;
131 $rg['HTML:rg_body'] = $body;
132 echo rg_template("index.html", $rg);
164 133
165 rg_log("DONE!");
166 134 rg_prof_log("rg_log"); rg_prof_log("rg_log");
167
135 rg_log("DONE!");
168 136 ?> ?>
File root/themes/default/admin/menu.html changed (mode: 100644) (index e69de29..63ce6e3)
1 <div class="menu">
2 <ul>
3 <li><a @@if(@@menu.sub1.plans@@ == 1){{class="selected"}}{{}} href="@@url@@/plans">Plans</a></li>
4 <li><a @@if(@@menu.sub1.users@@ == 1){{class="selected"}}{{}} href="@@url@@/users">Users</a></li>
5 <li><a @@if(@@menu.sub1.repos@@ == 1){{class="selected"}}{{}} href="@@url@@/repos">Repos</a></li>
6 </ul>
7 </div>
File root/themes/default/admin/plans/add_edit.html changed (mode: 100644) (index 8956b5c..605a96a)
1 @@DUMP@@
2 1 <div class="formarea"> <div class="formarea">
3 2
4 3 <div class="formarea_title">@@if(@@id@@ == 0){{Add a new plan}}{{Edit plan}}</div><br /> <div class="formarea_title">@@if(@@id@@ == 0){{Add a new plan}}{{Edit plan}}</div><br />
 
6 5 @@errmsg@@ @@errmsg@@
7 6
8 7 <form method="post" action="@@url@@"> <form method="post" action="@@url@@">
9 <input type="hidden" name="id" value="@@id@@" />
8 <input type="hidden" name="pi.id" value="@@pi.id@@" />
10 9 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
11 10 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
12 11
13 <label for="position" class="form_item_title">Position in the list</label><br />
14 <input type="text" name="position" value="@@position@@" />
12 <label for="pi.position" class="form_item_title">Position in the list</label><br />
13 <input type="text" name="pi.position" value="@@pi.position@@" />
15 14 <br /> <br />
16 15 <br /> <br />
17 16
18 <label for="name" class="form_item_title">Name</label><br />
19 <input type="text" name="name" value="@@name@@" />
17 <label for="pi.name" class="form_item_title">Name</label><br />
18 <input type="text" name="pi.name" value="@@pi.name@@" />
20 19 <br /> <br />
21 20 <br /> <br />
22 21
23 <label for="description" class="form_item_title">Description</label><br />
24 <textarea name="description" rows="4" cols="50">@@description@@</textarea>
22 <label for="pi.description" class="form_item_title">Description</label><br />
23 <textarea name="pi.description" rows="4" cols="50">@@pi.description@@</textarea>
25 24 <br /> <br />
26 25 <br /> <br />
27 26
28 <label for="disk_mb" class="form_item_title">Maximum disk space (MiB, 0 = unlimited)</label><br />
29 <input type="text" name="disk_mb" value="@@disk_mb@@" />
27 <label for="pi.disk_mb" class="form_item_title">Maximum disk space (MiB, 0 = unlimited)</label><br />
28 <input type="text" name="pi.disk_mb" value="@@pi.disk_mb@@" />
30 29 <br /> <br />
31 30 <br /> <br />
32 31
33 <label for="users" class="form_item_title">Maximum number of co-workers (0 = unlimited)</label><br />
34 <input type="text" name="users" value="@@users@@" />
32 <label for="pi.users" class="form_item_title">Maximum number of co-workers (0 = unlimited)</label><br />
33 <input type="text" name="pi.users" value="@@pi.users@@" />
35 34 <br /> <br />
36 35 <br /> <br />
37 36
38 <label for="speed" class="form_item_title">Maximum speed (kbit/s, 0 = unlimited)</label><br />
39 <input type="text" name="speed" value="@@speed@@" />
37 <label for="pi.speed" class="form_item_title">Maximum speed (kbit/s, 0 = unlimited)</label><br />
38 <input type="text" name="pi.speed" value="@@pi.speed@@" />
40 39 <br /> <br />
41 40 <br /> <br />
42 41
43 <label for="bw" class="form_item_title">Maximum bandwidth (MiB/month, 0 = unlimited)</label><br />
44 <input type="text" name="bw" value="@@bw@@" />
42 <label for="pi.bw" class="form_item_title">Maximum bandwidth (MiB/month, 0 = unlimited)</label><br />
43 <input type="text" name="pi.bw" value="@@pi.bw@@" />
45 44 <br /> <br />
46 45 <br /> <br />
47 46
48 <label for="max_public_repos" class="form_item_title">Maximum number of public repos (0 = unlimited)</label><br />
49 <input type="text" name="max_public_repos" value="@@max_public_repos@@" />
47 <label for="pi.max_public_repos" class="form_item_title">Maximum number of public repos (0 = unlimited)</label><br />
48 <input type="text" name="pi.max_public_repos" value="@@pi.max_public_repos@@" />
50 49 <br /> <br />
51 50 <br /> <br />
52 51
53 <label for="max_private_repos" class="form_item_title">Maximum number of private repos (0 = unlimited)</label><br />
54 <input type="text" name="max_private_repos" value="@@max_private_repos@@" />
52 <label for="pi.max_private_repos" class="form_item_title">Maximum number of private repos (0 = unlimited)</label><br />
53 <input type="text" name="pi.max_private_repos" value="@@pi.max_private_repos@@" />
55 54 <br /> <br />
56 55 <br /> <br />
57 56
58 <input type="submit" name="button" value="@@if(@@id@@ == 0){{Add}}{{Edit}}" />
57 <input type="submit" name="button" value="@@if(@@pi.id@@ == 0){{Add}}{{Edit}}" />
59 58
60 59 </form> </form>
61 60 </div> </div>
File root/themes/default/admin/plans/menu.html changed (mode: 100644) (index 63ce6e3..ee13f0b)
1 1 <div class="menu"> <div class="menu">
2 2 <ul> <ul>
3 <li><a @@if(@@menu.sub1.plans@@ == 1){{class="selected"}}{{}} href="@@url@@/plans">Plans</a></li>
4 <li><a @@if(@@menu.sub1.users@@ == 1){{class="selected"}}{{}} href="@@url@@/users">Users</a></li>
5 <li><a @@if(@@menu.sub1.repos@@ == 1){{class="selected"}}{{}} href="@@url@@/repos">Repos</a></li>
3 <li><a @@if(@@menu.sub2.list@@ == 1){{class="selected"}}{{}} href="@@url@@/list">List</a></li>
4 <li><a @@if(@@menu.sub2.add@@ == 1){{class="selected"}}{{}} href="@@url@@/add">Add</a></li>
6 5 </ul> </ul>
7 6 </div> </div>
File root/themes/default/hints/repo/edit_repo_path_rights.html changed (mode: 100644) (index 3591855..8dbe040)
1 Bad whitespace: if checked, commits with mixed tabs and spaces, trailing
2 spaces/tabs etc. will be allowed.
3 <br /><br />
4
5 1 Example rights for references:<br /> Example rights for references:<br />
6 2 <pre> <pre>
7 refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />
8 {USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />
3 doc/.*\.jpg None = User cannot push jpeg files<br />
4 /user/{USER} Push = The pushing user (USER) is allowed to push files only in his folder inside /user/<br />
9 5 </pre> </pre>
File root/themes/default/hints/repo/edit_repo_refs_rights.html changed (mode: 100644) (index e25af68..3591855)
1 You do not have to grant yourself rights.
2 You are the owner, so you have maximum rights.<br />
3 <br />
4
5 Priority is used to order the rights in the proper order.<br />
6 <br />
7
8 1 Bad whitespace: if checked, commits with mixed tabs and spaces, trailing Bad whitespace: if checked, commits with mixed tabs and spaces, trailing
9 spaces/tabs etc. will be allowed.<br />
10 <br />
2 spaces/tabs etc. will be allowed.
3 <br /><br />
11 4
12 5 Example rights for references:<br /> Example rights for references:<br />
6 <pre>
13 7 refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br /> refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />
14 8 {USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br /> {USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />
9 </pre>
File root/themes/default/hints/repo/edit_repo_rights.html changed (mode: 100644) (index 75f132b..d79e11a)
1 You do not have to grant yourself rights.<br />
2 You are the owner, so you have maximum rights.<br />
3 <br />
4
5 Bad whitespace: if checked, commits with mixed tabs and spaces, trailing
6 spaces/tabs etc. will be allowed.<br />
7 <br />
8
9 Example rights for references:<br />
10 refs/heads/x * Fetch + Push = Allow user to fetch/push in private namespace 'x'<br />
11 {USER} * Fetch + Push + Create branch+Delete branch = Logged in user 'USER' has rights to refs/heads/USER<br />
1 TODO: Some hints here?
File root/themes/default/hints/repo/merge.html changed (mode: 100644) (index 2ecc06b..3d0858e)
... ... fetch = +refs/namespaces/*:refs/remotes/your_remote_name_for_example_origin/mr/*
13 13 </code> </code>
14 14 After you run a git fetch, you will have all the merge requests localy.<br /> After you run a git fetch, you will have all the merge requests localy.<br />
15 15 You can do ??? You can do ???
16
File root/themes/default/hints/ssh/key.html changed (mode: 100644) (index 9212c74..5fa4eaa)
... ... and paste it in the form above.<br />
8 8 <br /> <br />
9 9
10 10 To force the use of this key when you connect to the server,<br /> To force the use of this key when you connect to the server,<br />
11 add the following lines to ~/.ssh/config (use tab to indent):<br />
11 add the following lines to your ~/.ssh/config (use tab to indent):<br />
12 12 <code> <code>
13 13 Host @@rg_ssh_host@@<br /> Host @@rg_ssh_host@@<br />
14 14 &nbsp;&nbsp; User rocketgit<br /> &nbsp;&nbsp; User rocketgit<br />
File root/themes/default/index.html changed (mode: 100644) (index 4c782a0..699cf78)
19 19 <div class="logo"><a href="/">RocketGit</a></div> <div class="logo"><a href="/">RocketGit</a></div>
20 20 </td> </td>
21 21
22 @@if("@@rg_username@@" != ""){{
22 @@if("@@login_ui.username@@" != ""){{
23 23 <td> <td>
24 <div class="user"><a href="@@rg_homepage@@">@@rg_username@@</a></div>
24 <div class="user"><a href="@@login_ui.homepage@@">@@login_ui.username@@</a></div>
25 25 </td> </td>
26 26 }}{{}} }}{{}}
27 27
28 28 <td> <td>
29 29 <div id="menus"> <div id="menus">
30 @@rg_menu@@
30 <!-- main menu -->
31 <div class="menu">
32 <ul>
33 @@if(@@login_ui.uid@@ == 0){{<li><a @@if(@@menu.login@@ == 1){{class="selected"}}{{}} href="/op/login">Login</a></li>}}{{}}
34 @@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.settings@@ == 1){{class="selected"}}{{}} href="/op/settings">Settings</a></li>}}{{}}
35 <li><a @@if(@@menu.repo@@ == 1){{class="selected"}}{{}} href="/op/repo">Repositories</a></li>
36 @@if(@@login_ui.is_admin@@ == 1){{<li><a @@if(@@menu.admin@@ == 1){{class="selected"}}{{}} href="/op/admin">Admin</a></li>}}{{}}
37 @@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.suggestion@@ == 1){{class="selected"}}{{}} href="/op/suggestion">Suggestion</a></li>}}{{}}
38 @@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.logout@@ == 1){{class="selected"}}{{}} href="/op/logout">Logout</a></li>}}{{}}
39 </ul>
40 </div>
41 <!-- submenus -->
42 @@submenu1@@
43 @@submenu2@@
31 44 </div> </div>
32 45 </td> </td>
33 46 </tr> </tr>
File root/themes/default/mail/user/key/del.body.txt changed (mode: 100644) (index 3901edf..b4b4b57)
... ... Some SSH keys were removed from your account.
4 4
5 5 IP: @@IP@@ IP: @@IP@@
6 6
7 Thank you!
8
9 7 -- --
10 8 RocketGit Team RocketGit Team
11 9 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/key/new.body.txt changed (mode: 100644) (index 09259a6..3e2e4a8)
... ... A new SSH key was added to your account.
4 4
5 5 IP: @@IP@@ IP: @@IP@@
6 6
7 Thank you!
8
9 7 -- --
10 8 RocketGit Team RocketGit Team
11 9 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/repo/bug/new.body.txt changed (mode: 100644) (index 9971814..a7395e9)
... ... State: @@bug.state_text@@
12 12
13 13 Link to bug: @@bug.url@@ Link to bug: @@bug.url@@
14 14
15 Thank you!
16
17 15 -- --
18 16 RocketGit Team RocketGit Team
19 17 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/repo/bug/new_note.body.txt changed (mode: 100644) (index 99a04fb..ecb9c56)
... ... The note was added by '@@note.who_added_text@@'.
9 9
10 10 Link to bug: @@bug.url@@ Link to bug: @@bug.url@@
11 11
12 Thank you!
13
14 12 -- --
15 13 RocketGit Team RocketGit Team
16 14 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/repo/del.body.txt changed (mode: 100644) (index 1d7797d..7b756eb)
... ... Repository '@@ri.name@@' was deleted.
4 4
5 5 IP: @@IP@@ IP: @@IP@@
6 6
7 Thank you!
8
9 7 -- --
10 8 RocketGit Team RocketGit Team
11 9 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/repo/new.body.txt changed (mode: 100644) (index 4befc1e..f2dc483)
... ... Description:
11 11 Link to repository: @@ri.url@@. Link to repository: @@ri.url@@.
12 12 IP: @@IP@@ IP: @@IP@@
13 13
14 Thank you!
15
16 14 -- --
17 15 RocketGit Team RocketGit Team
18 16 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/repo/update.body.txt changed (mode: 100644) (index 3da201f..c00b67f)
... ... Link to repository: @@ri.url@@.
12 12
13 13 IP: @@IP@@ IP: @@IP@@
14 14
15 Thank you!
16
17 15 -- --
18 16 RocketGit Team RocketGit Team
19 17 http://rocketgit.net http://rocketgit.net
File root/themes/default/mail/user/welcome.body.txt changed (mode: 100644) (index e9788ea..f1f8d09)
... ... Thank you!
15 15
16 16 -- --
17 17 RocketGit Team RocketGit Team
18 http://rocketgit.net
18 http://rocketgit.net/
File root/themes/default/repo/add_edit.html changed (mode: 100644) (index 227d09d..ede60ce)
1 1 <div class="formarea"> <div class="formarea">
2 2
3 <div class="formarea_title">@@title@@</div><br />
3 <div class="formarea_title">@@if(@@ri.repo_id@@ == 0){{Create repository}}{{Edit repository}}</div><br />
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
8 <input type="hidden" name="repo_id" value="@@repo_id@@" />
9 <input type="hidden" name="master_repo_id" value="@@master_repo_id@@" />
7 <form method="post" action="@@form_url@@/@@if(@@ri.repo_id@@ == 0){{create}}{{edit}}">
8 <input type="hidden" name="repo_id" value="@@ri.repo_id@@" />
9 <input type="hidden" name="master" value="@@ri.master@@" />
10 10 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
11 11 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
12 12
13 @@if(@@master_name@@ != ){{Master repo: @@master_name@@<br />}}{{}}
13 @@if("@@ri.master_name@@" != ""){{Master repo: @@ri.master_name@@<br />}}{{}}
14 14
15 15 <label for="name" class="form_item_title">Name</label><br /> <label for="name" class="form_item_title">Name</label><br />
16 <input type="text" name="name" value="@@name@@" />
16 <input type="text" name="name" value="@@ri.name@@" />
17 17 <br /> <br />
18 18 <br /> <br />
19 19
20 <label for="max_commit_size" class="form_item_title">Max commit size (bytes)</label><br />
21 <input type="text" name="max_commit_size" value="@@max_commit_size@@" />
20 <label for="max_commit_size" class="form_item_title">Max commit size (bytes, 0 = unlimited)</label><br />
21 <input type="text" name="max_commit_size" value="@@ri.max_commit_size@@" />
22 22 <br /> <br />
23 23 <br /> <br />
24 24
25 25 <label for="description" class="form_item_title">Description</label><br /> <label for="description" class="form_item_title">Description</label><br />
26 <textarea name="description" rows="4" cols="30">@@description@@</textarea>
26 <textarea name="description" rows="4" cols="30">@@ri.description@@</textarea>
27 27 <br /> <br />
28 28 <br /> <br />
29 29
30
31 <label for="default_rights" class="form_item_title">Default rights for anonymous access</label><br />
32 (un-check all for private repositories)<br />
33 @@rights@@
30 <label for="public" class="form_item_title">Public or private</label><br />
31 <select name="public">
32 <option value="0"@@if(@@ri.public@@ == 0){{ selected="selected"}}{{}}>Private</option>
33 <option value="1"@@if(@@ri.public@@ == 1){{ selected="selected"}}{{}}>Public</option>
34 </select>
34 35 <br /> <br />
35 36
36 <input type="submit" name="button" value="@@button@@" />
37 <input type="submit" name="button" value="@@if(@@ri.repo_id@@ == 0){{Create}}{{Update}}" />
37 38
38 39 </form> </form>
39 40 </div> </div>
File root/themes/default/repo/bug/b_close.html changed (mode: 100644) (index 99ddaef..c7415ad)
1 <form method="post" action="@@url@@">
1 <form method="post" action="@@bug.url@@">
2 2 <input type="hidden" name="close_reopen" value="1" /> <input type="hidden" name="close_reopen" value="1" />
3 3 <input type="hidden" name="state" value="2" /> <input type="hidden" name="state" value="2" />
4 4 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
File root/themes/default/repo/bug/b_edit.html changed (mode: 100644) (index 03d1a29..ee5c4b2)
1 <form method="post" action="@@url@@">
1 <form method="post" action="@@bug.url@@">
2 2 <input type="hidden" name="edit" value="1" /> <input type="hidden" name="edit" value="1" />
3 3 <!-- no need for token --> <!-- no need for token -->
4 4
File root/themes/default/repo/bug/b_reopen.html changed (mode: 100644) (index 0359587..d4b2497)
1 <form method="post" action="@@url@@">
1 <form method="post" action="@@bug.url@@">
2 2 <input type="hidden" name="close_reopen" value="1" /> <input type="hidden" name="close_reopen" value="1" />
3 3 <input type="hidden" name="state" value="1" /> <input type="hidden" name="state" value="1" />
4 4 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
File root/themes/default/repo/bug/b_unwatch.html changed (mode: 100644) (index 7348f81..a3e1789)
1 <form method="post" action="@@url@@">
1 <form method="post" action="@@bug.url@@">
2 2 <input type="hidden" name="unwatch" value="1" /> <input type="hidden" name="unwatch" value="1" />
3 3 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
4 4
File root/themes/default/repo/bug/b_watch.html changed (mode: 100644) (index 9b7e138..6178b85)
1 <form method="post" action="@@url@@">
1 <form method="post" action="@@bug.url@@">
2 2 <input type="hidden" name="watch" value="1" /> <input type="hidden" name="watch" value="1" />
3 3 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
4 4
File root/themes/default/repo/bug/bug_add_edit.html changed (mode: 100644) (index d046148..afa6036)
1 1 <div class="formarea"> <div class="formarea">
2 2
3 <div class="formarea_title">@@if(@@bug_id@@ == 0){{Add bug}}{{Edit bug}}</div><br />
3 <div class="formarea_title">@@if(@@bug.bug_id@@ == 0){{Add bug}}{{Edit bug}}</div><br />
4 4
5 @@bug_errmsg@@
5 @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="@@url_repo@@/bug/@@if(@@bug.bug_id@@ == 0){{add}}{{@@bug.bug_id@@}}">
8 <input type="hidden" name="edit" value="@@if(@@bug.bug_id@@ == 0){{0}}{{1}}" />
8 9 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
9 <input type="hidden" name="bug_id" value="@@bug_id@@" />
10 10 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
11 11
12 12 <label for="title" class="form_item_title">Title</label><br /> <label for="title" class="form_item_title">Title</label><br />
13 <input type="text" name="title" value="@@title@@" size="80" />
13 <input type="text" name="title" value="@@bug.title@@" size="80" />
14 14 <br /> <br />
15 15 <br /> <br />
16 16
17 17 <label for="body" class="form_item_title">Description</label><br /> <label for="body" class="form_item_title">Description</label><br />
18 <textarea name="body" rows="5" cols="80">@@body@@</textarea>
18 <textarea name="body" rows="5" cols="80">@@bug.body@@</textarea>
19 19 <br /> <br />
20 20 <br /> <br />
21 21
22 22 <label for="state" class="form_item_title">State</label><br /> <label for="state" class="form_item_title">State</label><br />
23 @@state_select@@
23 @@bug.state_select@@
24 24 <br /> <br />
25 25 <br /> <br />
26 26
27 27 <label for="assigned_to" class="form_item_title">Assign to</label><br /> <label for="assigned_to" class="form_item_title">Assign to</label><br />
28 <input type="text" name="assigned_to" value="@@assigned_to@@" size="80" />
28 <input type="text" name="assigned_to" value="@@bug.assigned_to@@" size="80" />
29 29 <br /> <br />
30 30 <br /> <br />
31 31
32 32 <label for="labels" class="form_item_title">Labels (comma or Enter separated)</label><br /> <label for="labels" class="form_item_title">Labels (comma or Enter separated)</label><br />
33 <textarea name="labels" rows="3" cols="80">@@labels@@</textarea>
33 <textarea name="labels" rows="3" cols="80">@@bug.labels@@</textarea>
34 34 <br /> <br />
35 35 <br /> <br />
36 36
37 <input type="submit" name="button" value="@@if(@@bug_id@@ == 0){{Add bug}}{{Update}}" />
37 <input type="submit" name="button" value="@@if(@@bug.bug_id@@ == 0){{Add bug}}{{Update}}" />
38 38
39 39 </form> </form>
40 40 </div> </div>
41
42 @@hints@@
File root/themes/default/repo/bug/deleted.html changed (mode: 100644) (index 6284a8c..0680a08)
1 1 <div class="error"> <div class="error">
2 You are not allowed to edit this bug.
2 This bug was deleted.
3 3 </div> </div>
File root/themes/default/repo/bug/deny_close.html changed (mode: 100644) (index 82c7199..030b690)
1 1 <div class="error"> <div class="error">
2 You are not allowed to edit this repo.
2 You are not allowed to close bugs.
3 3 </div> </div>
File root/themes/default/repo/bug/deny_delete.html changed (mode: 100644) (index 1db3cde..a5b5f33)
1 1 <div class="error"> <div class="error">
2 You are not allowed to reopen bugs.
2 You are not allowed to delete bugs.
3 3 </div> </div>
File root/themes/default/repo/bug/deny_edit.html changed (mode: 100644) (index 82c7199..6284a8c)
1 1 <div class="error"> <div class="error">
2 You are not allowed to edit this repo.
2 You are not allowed to edit this bug.
3 3 </div> </div>
File root/themes/default/repo/bug/deny_reopen.html changed (mode: 100644) (index 030b690..1db3cde)
1 1 <div class="error"> <div class="error">
2 You are not allowed to close bugs.
2 You are not allowed to reopen bugs.
3 3 </div> </div>
File root/themes/default/repo/bug/list/line.html changed (mode: 100644) (index 568a5f8..8437433)
1 1 <tr> <tr>
2 <td><a href="@@url_repo@@/bug/@@bug_id@@">@@bug_id@@</a></td>
3 <td>@@creation@@</td>
4 <td><a href="@@url_repo@@/bug/@@bug_id@@">@@title@@</a></td>
5 <td>@@state_text@@</td>
6 <td>@@owner@@</td>
7 <td>@@if(@@assigned_to@@ == ){{-}}{{@@assigned_to@@}}</td>
8 <td>@@updated@@</td>
2 <td><a href="@@url_repo@@/bug/@@bug.bug_id@@">@@bug.bug_id@@</a></td>
3 <td>@@bug.creation@@</td>
4 <td><a href="@@url_repo@@/bug/@@bug.bug_id@@">@@bug.title@@</a></td>
5 <td>@@bug.state_text@@</td>
6 <td>@@bug.owner@@</td>
7 <td>@@if("@@bug.assigned_to@@" == ""){{-}}{{@@bug.assigned_to@@}}</td>
8 <td>@@bug.updated@@</td>
9 9 </tr> </tr>
10 10
File root/themes/default/repo/bug/list/nodata.html changed (mode: 100644) (index fce0f1f..e510296)
1 <div class="warning">
1 <div class="ok">
2 2 No bugs found. No bugs found.
3 3 </div> </div>
File root/themes/default/repo/bug/not_found.html changed (mode: 100644) (index 1d11b35..121db38)
1 1 <div class="warning"> <div class="warning">
2 Bug <b>@@bug_id@@</b> not found.
2 Bug <b>@@bug.bug_id@@</b> not found.
3 3 </div> </div>
File root/themes/default/repo/bug/note_add.html changed (mode: 100644) (index 05fb9dc..dd3163e)
4 4
5 5 @@note_errmsg@@ @@note_errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="@@bug.url@@">
8 8 <input type="hidden" name="note_add_doit" value="1" /> <input type="hidden" name="note_add_doit" value="1" />
9 9 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
10 10
File root/themes/default/repo/bug/search/search.html changed (mode: 100644) (index b387d70..1bd917b)
2 2
3 3 <div class="formarea_title">Search bugs</div><br /> <div class="formarea_title">Search bugs</div><br />
4 4
5 @@bug_errmsg@@
5 @@errmsg@@
6 6
7 7 <form method="post" action="@@url@@"> <form method="post" action="@@url@@">
8 8 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
File root/themes/default/repo/bug/show.html changed (mode: 100644) (index 6f16b69..e23f4c8)
7 7 <td>@@edit_form@@</td> <td>@@edit_form@@</td>
8 8 <td>@@watch_form@@</td> <td>@@watch_form@@</td>
9 9 <td>@@close_form@@</td> <td>@@close_form@@</td>
10 <td>
11 <form method="post" action="@@bug.url@@">
12 <input type="hidden" name="del_undel" value="@@if(@@bug.deleted@@ == 0){{1}}{{2}}" />
13 <input type="hidden" name="token" value="@@rg_form_token@@" />
14 <input type="submit" name="button" value="@@if(@@bug.deleted@@ == 0){{Delete}}{{Undelete}}" />
15 </form>
16 </td>
10 17 </tr> </tr>
11 18 </tbody> </tbody>
12 19 </table> </table>
 
16 23 @@bug_edit@@ @@bug_edit@@
17 24
18 25 <div class="bug_description"> <div class="bug_description">
19 <div class="bug_title">#@@bug_id@@ - @@title@@</div>
20 State: @@state_text@@<br />
21 Insertion date (UTC): @@creation@@<br />
22 Last update (UTC): @@updated@@<br />
23 Reporter: <b>@@owner@@</b><br />
24 Assigned to: <b>@@if(@@assigned_to@@ == ){{-}}{{@@assigned_to@@}}</b><br />
26 <div class="bug_title">#@@bug.bug_id@@ - @@bug.title@@</div>
27 State: @@bug.state_text@@<br />
28 Insertion date (UTC): @@bug.creation@@<br />
29 Last update (UTC): @@bug.updated@@<br />
30 Reporter: <b>@@bug.owner@@</b><br />
31 Assigned to: <b>@@if("@@bug.assigned_to@@" == ""){{-}}{{@@bug.assigned_to@@}}</b><br />
32 @@if(@@bug.deleted@@ != 0){{
33 <font color="red">Deleted by: @@bug.deleted_who_text@@ (@@bug.deleted_text@@ UTC)</font><br />
34 }}{{}}
25 35 </div> </div>
26 36
27 37 <div class="bug_body"> <div class="bug_body">
28 @@body@@
38 @@bug.body@@
29 39 </div> </div>
30 40
31 41 @@labels_html@@ @@labels_html@@
File root/themes/default/repo/create_ok.html changed (mode: 100644) (index 3b375f0..15e118c)
1 1 <div class="ok"> <div class="ok">
2 Repository was updated with success.
2 Repository was created with success.
3 Click <a href="@@ri.home@@">here</a> to go to the repository home.
3 4 </div> </div>
File root/themes/default/repo/edit_ok.html changed (mode: 100644) (index 3b375f0..ae8743b)
1 1 <div class="ok"> <div class="ok">
2 2 Repository was updated with success. Repository was updated with success.
3 @@if(@@ri.renamed@@ == 1){{Go to new home <a href="@@ri.home@@">here</a>}}{{}}
3 4 </div> </div>
File root/themes/default/repo/fstat/nodata.html changed (mode: 100644) (index f70717a..028c426)
1 <div class="warning">
1 <div class="ok">
2 2 No file changed. No file changed.
3 3 </div> </div>
File root/themes/default/repo/history/header.html changed (mode: 100644) (index 9027dc6..b4fc9ee)
1 1 <table> <table>
2 <tr>
3 <th>Date (UTC)</th>
4 <th>Event</th>
5 </tr>
File root/themes/default/repo/history/nodata.html changed (mode: 100644) (index 6b49479..75b9e0b)
1 <div class="warning">
1 <div class="ok">
2 2 No history found. No history found.
3 3 </div> </div>
File root/themes/default/repo/list/header.html changed (mode: 100644) (index f2ac164..8ab11f2)
5 5 <th>Description</th> <th>Description</th>
6 6 <th>Clone of</th> <th>Clone of</th>
7 7 <th>Creation date (UTC)</th> <th>Creation date (UTC)</th>
8 <th>Default rights</th>
8 <th>Type</th>
9 9 <th>Disk used</th> <th>Disk used</th>
10 10 </tr> </tr>
11 11
File root/themes/default/repo/list/line.html changed (mode: 100644) (index 5e680a9..2f4a523)
3 3 <td><small>@@description@@</small></td> <td><small>@@description@@</small></td>
4 4 <td>@@clone_of@@</td> <td>@@clone_of@@</td>
5 5 <td>@@creation@@</td> <td>@@creation@@</td>
6 <td>@@rights@@</td>
6 <td>@@if(@@public@@ == 1){{Public}}{{Private}}</td>
7 7 <td>@@disk_used@@</td> <td>@@disk_used@@</td>
8 8 </tr> </tr>
File root/themes/default/repo/list/nodata.html changed (mode: 100644) (index e5cf84e..a9cbe64)
1 <div class="warning">
2 No repository found.
1 <div class="ok">
2 No repositories found.
3 3 </div> </div>
File root/themes/default/repo/log/nodata.html changed (mode: 100644) (index 48fcc28..227cb23)
1 <div class="warning">
1 <div class="ok">
2 2 No commit found. No commit found.
3 3 </div> </div>
File root/themes/default/repo/main.html changed (mode: 100644) (index 435c61f..d590770)
2 2 <div class="repo_header"> <div class="repo_header">
3 3 <div> <div>
4 4 <div class="repo_title"> <div class="repo_title">
5 <a href="@@url_user@@">@@owner@@</a> / <a href="@@url_repo@@">@@name@@</a>
5 <a href="@@url_user@@">@@page_ui.username@@</a> / <a href="@@url_repo@@">@@ri.name@@</a>
6 6 </div> </div>
7 7 <div class="repo_desc"> <div class="repo_desc">
8 @@description@@
8 @@ri.description@@
9 9 </div> </div>
10 10
11 11 @@urls@@ @@urls@@
 
20 20 @@if(@@can_admin@@ == 1){{<li><a href="@@url_repo@@/admin">Admin</a></li>}}{{}} @@if(@@can_admin@@ == 1){{<li><a href="@@url_repo@@/admin">Admin</a></li>}}{{}}
21 21 </ul> </ul>
22 22 </div> </div>
23 @@repo_submenu@@
23 24 </div> <!-- repo_header --> </div> <!-- repo_header -->
24 25
25 26 <div class="repo_right"> <div class="repo_right">
File root/themes/default/repo/menu.html changed (mode: 100644) (index 977f8d4..624a850)
1 1 <div class="menu"> <div class="menu">
2 2 <ul> <ul>
3 <li><a @@if(@@menu.sub1.edit_info@@ == 1){{class="selected"}}{{}} href="@@url@@/edit_info">Edit info</a></li>
4 <li><a @@if(@@menu.sub1.change_pass@@ == 1){{class="selected"}}{{}} href="@@url@@/change_pass">Change password</a></li>
5 <li><a @@if(@@menu.sub1.keys@@ == 1){{class="selected"}}{{}} href="@@url@@/keys">SSH keys</a></li>
3 <li>
4 <a @@if(@@menu.sub1.list@@ == 1){{class="selected"}}{{}} href="/op/repo/list">List</a>
5 </li>
6 <li>
7 @@if(@@login_ui.uid@@ != 0){{
8 <a @@if(@@menu.sub1.create@@ == 1){{class="selected"}}{{}} href="/op/repo/create">Create</a>
9 }}{{
10 }}
11 </li>
12 <li>
13 <a @@if(@@menu.sub1.search@@ == 1){{class="selected"}}{{}} href="/op/repo/search">Search</a>
14 </li>
6 15 </ul> </ul>
7 </div>
16 </div>
File root/themes/default/repo/mr/list/nodata.html changed (mode: 100644) (index c217f3d..ba2dc17)
1 <div class="warning">
1 <div class="ok">
2 2 No merge requests found. No merge requests found.
3 3 </div> </div>
File root/themes/default/repo/not_init.html changed (mode: 100644) (index 868ead5..0e8070c)
1 <!-- This is shown when the repo contains no commit -->
2
3 <div class="warning">
1 <div class="ok">
4 2 This repo contains no commits. This repo contains no commits.
5 3 </div> </div>
File root/themes/default/repo/search.html changed (mode: 100644) (index d712ad7..7f44df0)
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="/op/repo/search">
8 8 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
9 9
10 10 <label for="q" class="form_item_title">Keyword</label><br /> <label for="q" class="form_item_title">Keyword</label><br />
File root/themes/default/repo/tree/nodata.html changed (mode: 100644) (index d5ef081..fa1a030)
1 <div class="warning">
1 <div class="ok">
2 2 Empty tree. Empty tree.
3 3 </div> </div>
File root/themes/default/suggestion.html changed (mode: 100644) (index 2d5e2e5..be7dc80)
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="/op/suggestion">
8 8 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
9 9 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
10 10
11 @@if(login_ui.uid == 0){{
12 <label for="suggestion" class="form_item_title">Suggestion</label><br />
13 <input type="text" name="email">@@email@@ />
14 <br />
15 <br />
16 }}{{
17 }}
18
11 19 <label for="suggestion" class="form_item_title">Suggestion</label><br /> <label for="suggestion" class="form_item_title">Suggestion</label><br />
12 20 <textarea name="suggestion" rows="6" cols="50">@@suggestion@@</textarea> <textarea name="suggestion" rows="6" cols="50">@@suggestion@@</textarea>
13 21 <br /> <br />
File root/themes/default/suggestion_sent.html changed (mode: 100644) (index 54b2283..eea9e80)
1 1 <div class="ok"> <div class="ok">
2 @@msg@@
2 Suggestion sent. Thank you very much!
3 3 </div> </div>
File root/themes/default/user/add_edit.html changed (mode: 100644) (index 3a9f2d1..139d15d)
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="/op/settings/edit_info">
8 8 <input type="hidden" name="uid" value="@@uid@@" /> <input type="hidden" name="uid" value="@@uid@@" />
9 9 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
10 10 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
 
34 34 <input type="password" name="pass2" value="@@pass2@@" /> <input type="password" name="pass2" value="@@pass2@@" />
35 35 <br /> <br />
36 36 <br /> <br />
37 }}{{
37 38 }} }}
38 {{}}
39 39
40 @@if(@@admin_mode@@ == 1){{
40 @@if(@@login_ui.is_admin@@ == 1){{
41 41 <label for="is_admin" class="form_item_title">Admin?</label><br /> <label for="is_admin" class="form_item_title">Admin?</label><br />
42 42 <select name="is_admin"> <select name="is_admin">
43 43 <option value="0"@@if(@@is_admin@@ == 0){{ selected="selected"}}{{}}>No, I will give rights later</option> <option value="0"@@if(@@is_admin@@ == 0){{ selected="selected"}}{{}}>No, I will give rights later</option>
 
45 45 </select> </select>
46 46 <br /> <br />
47 47 <br /> <br />
48 }}
48 49
49 50 <label for="plan" class="form_item_title">Plan</label><br /> <label for="plan" class="form_item_title">Plan</label><br />
50 51 @@select_plan@@ @@select_plan@@
File root/themes/default/user/create_na.html changed (mode: 100644) (index 4875389..fe39c81)
1 1 <div class="warning"> <div class="warning">
2 This site does not allow account creation. Talk with Admin.
2 This site does not allow account creation. Talk with the Admin.
3 3 </div> </div>
File root/themes/default/user/keys/add.html changed (mode: 100644) (index c70b229..d220990)
4 4
5 5 @@add_errmsg@@ @@add_errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="/op/settings/keys">
8 8 <input type="hidden" name="add" value="1" /> <input type="hidden" name="add" value="1" />
9 9 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
10 10
File root/themes/default/user/keys/list/header.html changed (mode: 100644) (index ac7e523..48edae8)
1 1 <div class="rg_keys_list"> <div class="rg_keys_list">
2 2
3 3 @@del_errmsg@@ @@del_errmsg@@
4 @@status@@
4 5
5 <form method="post" action="@@url@@">
6 <form method="post" action="/op/settings/keys">
6 7 <input type="hidden" name="delete" value="1" /> <input type="hidden" name="delete" value="1" />
7 8 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
8 9
File root/themes/default/user/keys/list/nodata.html changed (mode: 100644) (index 1e0d7fb..6e176db)
1 <div class="warning">
1 <div class="ok">
2 2 No keys uploaded yet. No keys uploaded yet.
3 3 </div> </div>
File root/themes/default/user/keys/remove_ok.html changed (mode: 100644) (index 76ab87e..d3d98d1)
1 1 <div class="ok"> <div class="ok">
2 Information was updated with success.
2 Selected keys were removed with success.
3 3 </div> </div>
File root/themes/default/user/login.html changed (mode: 100644) (index ef80a59..7ae9168)
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="/op/login">
8 8 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
9 9
10 10 <label for="username" class="form_item_title">Username</label><br /> <label for="username" class="form_item_title">Username</label><br />
File root/themes/default/user/pass.html changed (mode: 100644) (index 0d73a62..1480306)
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="/op/settings/change_pass">
8 8 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
9 9 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
10 10
File root/themes/default/user/pass_changed.html changed (mode: 100644) (index 76ab87e..d446b2e)
1 1 <div class="ok"> <div class="ok">
2 Information was updated with success.
2 Password was updated with success.
3 3 </div> </div>
File root/themes/default/user/repo/delete/deny.html changed (mode: 100644) (index e69de29..3bc641a)
1 <div class="error">
2 You are not allowed to delete this repo.
3 </div>
File root/themes/default/user/repo/delete/done.html changed (mode: 100644) (index 0457089..fc296c0)
1 <div class="ok">
1 2 The repository was deleted. The repository was deleted.
3 </div>
File root/themes/default/user/repo/delete/no.html changed (mode: 100644) (index 69bcc79..57302d4)
1 I am glad the you changed your mind!
1 <div class="ok">
2 We are happy you changed your mind!
3 </div>
File root/themes/default/user/repo/delete/sure.html changed (mode: 100644) (index a39fe9b..354309c)
2 2
3 3 <div class="formarea_title">Delete repository</div><br /> <div class="formarea_title">Delete repository</div><br />
4 4
5 <form method="post" action="@@url@@">
5 <form method="post" action="@@url_repo@@/admin/delete">
6 6 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
7 7 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
8 8
File root/themes/default/user/repo/deny.html changed (mode: 100644) (index 82c7199..4dd0d6f)
1 1 <div class="error"> <div class="error">
2 You are not allowed to edit this repo.
2 Cannot access non-existing or private repository.
3 3 </div> </div>
File root/themes/default/user/repo/deny_edit.html changed (mode: 100644) (index 3bc641a..82c7199)
1 1 <div class="error"> <div class="error">
2 You are not allowed to delete this repo.
2 You are not allowed to edit this repo.
3 3 </div> </div>
File root/themes/default/user/repo/menu.html changed (mode: 100644) (index eecfcd6..fa41462)
1 1 <div class="menu submenu"> <div class="menu submenu">
2 2 <ul> <ul>
3 <li><a href="@@url_admin@@/edit">Edit</a></li>
4 <li><a href="@@url_admin@@/rights">Rights</a></li>
5 <li><a href="@@url_admin@@/delete">Delete</a></li>
3 <li><a @@if(@@menu.repo.edit@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/edit">Edit</a></li>
4 <li><a @@if(@@menu.repo.repo_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/repo_rights">Repo rights</a></li>
5 <li><a @@if(@@menu.repo.refs_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/refs_rights">Refs rights</a></li>
6 <li><a @@if(@@menu.repo.path_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/path_rights">Path rights</a></li>
7 <li><a @@if(@@menu.repo.delete@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/delete">Delete</a></li>
6 8 </ul> </ul>
7 9 </div> </div>
File root/themes/default/user/repo/rights/delete_ok.html changed (mode: 100644) (index d8a4857..c9cd4c6)
1 1 <div class="ok"> <div class="ok">
2 Rights granted with success.
2 Rights deleted with success.
3 3 </div> </div>
File root/themes/default/user/repo/rights/deny.html changed (mode: 100644) (index 3bc641a..cde12b4)
1 1 <div class="error"> <div class="error">
2 You are not allowed to delete this repo.
2 You are not allowed to grant rights.
3 3 </div> </div>
File root/themes/default/user/repo/rights/form_repo.html changed (mode: 100644) (index 6b26feb..9d52630)
1 1 <div class="formarea"> <div class="formarea">
2 2
3 <div class="formarea_title">Grant rights</div><br />
3 <div class="formarea_title">Grant repo rights</div><br />
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url@@">
7 <form method="post" action="@@url_repo@@/admin/repo_rights">
8 <input type="hidden" name="right_id" value="@@right_id@@" />
8 9 <input type="hidden" name="grant" value="1" /> <input type="hidden" name="grant" value="1" />
9 10 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
10 11
 
13 14 <br /> <br />
14 15 <br /> <br />
15 16
16 <table>
17 <tr>
18 <th>For repository</th>
19 <th>For references</th>
20 </tr>
21
22 <tr>
23 <td>
24 17 <label class="form_item_title" for="rights">Rights</label><br /> <label class="form_item_title" for="rights">Rights</label><br />
25 18 @@rights_checkboxes@@ @@rights_checkboxes@@
26 </td>
27
28 <td>
29 <label class="form_item_title" for="ref">Reference</label><br />
30 <input type="text" name="ref" value="@@ref@@" />
31 <br />
32 19 <br /> <br />
33 20
34 <label class="form_item_title" for="path">Path</label><br />
35 <input type="text" name="path" value="@@path@@" />
21 <label class="form_item_title" for="ip">IP addresses/prefix (comma/space separated)</label><br />
22 <textarea name="ip" rows="3" cols="50">@@ip@@</textarea>
36 23 <br /> <br />
37 24 <br /> <br />
38 25
39 <label class="form_item_title" for="rights">Rights</label><br />
40 @@refs_rights_checkboxes@@
26 <label class="form_item_title" for="prio">Priority</label><br />
27 <input type="text" name="prio" value="@@prio@@" />
28 <br />
41 29 <br /> <br />
42 </td>
43 </tr>
44 </table>
45 30
46 31 <input type="submit" name="button" value="Grant" /> <input type="submit" name="button" value="Grant" />
47 32
File root/themes/default/user/repo/rights/form_repo_path.html changed (mode: 100644) (index de90e03..26428c8)
1 1 <div class="formarea"> <div class="formarea">
2 2
3 <div class="formarea_title">Grant refs rights</div><br />
3 <div class="formarea_title">Grant path rights</div><br />
4 4
5 5 @@errmsg@@ @@errmsg@@
6 6
7 <form method="post" action="@@url_repo@@/admin/refs_rights">
7 <form method="post" action="@@url_repo@@/admin/path_rights">
8 8 <input type="hidden" name="right_id" value="@@right_id@@" /> <input type="hidden" name="right_id" value="@@right_id@@" />
9 9 <input type="hidden" name="grant" value="1" /> <input type="hidden" name="grant" value="1" />
10 10 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
 
14 14 <br /> <br />
15 15 <br /> <br />
16 16
17 <label class="form_item_title" for="ref">Reference (regexp)</label><br />
17 <label class="form_item_title" for="ref">Path (regexp)</label><br />
18 18 <input type="text" name="misc" value="@@misc@@" /> <input type="text" name="misc" value="@@misc@@" />
19 19 <br /> <br />
20 20 <br /> <br />
 
23 23 @@rights_checkboxes@@ @@rights_checkboxes@@
24 24 <br /> <br />
25 25
26 <label class="form_item_title" for="ip">IP address/prefix</label><br />
27 <input type="text" name="ip" value="@@ip@@" />
26 <label class="form_item_title" for="ip">IP addresses/prefix (comma/space separated)</label><br />
27 <textarea name="ip" rows="3" cols="50">@@ip@@</textarea>
28 28 <br /> <br />
29 29 <br /> <br />
30 30
File root/themes/default/user/repo/rights/form_repo_refs.html changed (mode: 100644) (index 4d35c6a..8c685a2)
1 <pre>@@DUMP@@</pre>
2 1 <div class="formarea"> <div class="formarea">
3 2
4 <div class="formarea_title">Grant rights</div><br />
3 <div class="formarea_title">Grant refs rights</div><br />
5 4
6 5 @@errmsg@@ @@errmsg@@
7 6
8 <form method="post" action="@@url@@">
7 <form method="post" action="@@url_repo@@/admin/refs_rights">
8 <input type="hidden" name="right_id" value="@@right_id@@" />
9 9 <input type="hidden" name="grant" value="1" /> <input type="hidden" name="grant" value="1" />
10 10 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
11 11
 
14 14 <br /> <br />
15 15 <br /> <br />
16 16
17 <table>
18 <tr>
19 <th>For repository</th>
20 <th>For references</th>
21 </tr>
17 <label class="form_item_title" for="ref">Reference (regexp)</label><br />
18 <input type="text" name="misc" value="@@misc@@" />
19 <br />
20 <br />
22 21
23 <tr>
24 <td>
25 22 <label class="form_item_title" for="rights">Rights</label><br /> <label class="form_item_title" for="rights">Rights</label><br />
26 23 @@rights_checkboxes@@ @@rights_checkboxes@@
27 </td>
28
29 <td>
30 <label class="form_item_title" for="ref">Reference (regexp)</label><br />
31 <input type="text" name="ref" value="@@ref@@" />
32 <br />
33 24 <br /> <br />
34 25
35 <label class="form_item_title" for="path">Path (regexp)</label><br />
36 <input type="text" name="path" value="@@path@@" />
26 <label class="form_item_title" for="ip">IP addresses/prefix (comma/space separated)</label><br />
27 <textarea name="ip" rows="3" cols="50">@@ip@@</textarea>
37 28 <br /> <br />
38 29 <br /> <br />
39 30
40 <label class="form_item_title" for="refs_rights">Rights</label><br />
41 @@refs_rights_checkboxes@@
31 <label class="form_item_title" for="prio">Priority</label><br />
32 <input type="text" name="prio" value="@@prio@@" />
33 <br />
42 34 <br /> <br />
43 </td>
44 </tr>
45 </table>
46 35
47 36 <input type="submit" name="button" value="Grant" /> <input type="submit" name="button" value="Grant" />
48 37
File root/themes/default/user/repo/rights/grant_ok.html changed (mode: 100644) (index e69de29..d8a4857)
1 <div class="ok">
2 Rights granted with success.
3 </div>
File root/themes/default/user/repo/rights/list_repo/header.html changed (mode: 100644) (index e8ec802..8e5634a)
1 1 <div class="repo_rights"> <div class="repo_rights">
2 2
3 @@del_errmsg@@
3 @@list_errmsg@@
4 4
5 <form method="post" action="@@url@@">
5 <form method="post" action="@@url_repo@@/admin/repo_rights">
6 6 <input type="hidden" name="delete" value="1" /> <input type="hidden" name="delete" value="1" />
7 7 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
8 8
9 9 <table> <table>
10 10 <tr> <tr>
11 11 <th>Select</th> <th>Select</th>
12 <th>User</th>
12 <th>Priority</th>
13 <th>Who</th>
13 14 <th>Date (UTC)</th> <th>Date (UTC)</th>
14 <th>Rights</th>
15 <th>User</th>
16 <th>IP</th>
17 <th>Repo rights</th>
15 18 <th>Operations</th> <th>Operations</th>
16 19 </tr> </tr>
File root/themes/default/user/repo/rights/list_repo/line.html changed (mode: 100644) (index 88ed164..9cb9302)
1 1 <tr> <tr>
2 <td><input type="checkbox" name="rights_delete_ids[@@right_uid@@]" /></td>
3 <td>@@username@@</td>
2 <td><input type="checkbox" name="rights_delete_ids[@@right_id@@]" /></td>
3 <td>@@prio@@</td>
4 <td>@@who_name@@</td>
4 5 <td>@@itime_text@@</td> <td>@@itime_text@@</td>
6 <td>@@username@@</td>
7 <td>@@ip@@</td>
5 8 <td>@@rights_text@@</td> <td>@@rights_text@@</td>
6 9 <td> <td>
7 <a href="@@url@@?edit_uid=@@right_uid@@">Edit</a>
10 <a href="@@url_repo@@/admin/repo_rights?edit_id=@@right_id@@">Edit</a>
8 11 </td> </td>
9 12 </tr> </tr>
10
File root/themes/default/user/repo/rights/list_repo_path/header.html changed (mode: 100644) (index 9310164..e2065de)
14 14 <th>Date (UTC)</th> <th>Date (UTC)</th>
15 15 <th>User</th> <th>User</th>
16 16 <th>IP</th> <th>IP</th>
17 <th>Ref</th>
18 <th>Refs rights</th>
17 <th>Path</th>
18 <th>Path rights</th>
19 19 <th>Operations</th> <th>Operations</th>
20 20 </tr> </tr>
File root/themes/default/user/repo/rights/list_repo_path/line.html changed (mode: 100644) (index 199836e..167e787)
8 8 <td>@@misc@@</td> <td>@@misc@@</td>
9 9 <td>@@rights_text@@</td> <td>@@rights_text@@</td>
10 10 <td> <td>
11 <a href="@@url_repo@@/admin/refs_rights?edit_id=@@right_id@@">Edit</a>
11 <a href="@@url_repo@@/admin/path_rights?edit_id=@@right_id@@">Edit</a>
12 12 </td> </td>
13 13 </tr> </tr>
14
File root/themes/default/user/repo/rights/list_repo_refs/footer.html copied from file root/themes/default/user/repo/rights/list_repo/footer.html (similarity 100%)
File root/themes/default/user/repo/rights/list_repo_refs/header.html copied from file root/themes/default/user/repo/rights/list_repo_path/header.html (similarity 100%)
File root/themes/default/user/repo/rights/list_repo_refs/line.html copied from file root/themes/default/user/repo/rights/list_repo_path/line.html (similarity 99%) (mode: 100644) (index 199836e..7b516c1)
11 11 <a href="@@url_repo@@/admin/refs_rights?edit_id=@@right_id@@">Edit</a> <a href="@@url_repo@@/admin/refs_rights?edit_id=@@right_id@@">Edit</a>
12 12 </td> </td>
13 13 </tr> </tr>
14
File root/themes/default/user/repo/rights/list_repo_refs/nodata.html copied from file root/themes/default/errmsg/nodata.html (similarity 100%)
File root/themes/default/user/settings/menu.html changed (mode: 100644) (index e69de29..27a4339)
1 <div class="menu">
2 <ul>
3 <li><a @@if(@@menu.sub1.edit_info@@ == 1){{class="selected"}}{{}} href="/op/settings/edit_info">Edit info</a></li>
4 <li><a @@if(@@menu.sub1.change_pass@@ == 1){{class="selected"}}{{}} href="/op/settings/change_pass">Change password</a></li>
5 <li><a @@if(@@menu.sub1.keys@@ == 1){{class="selected"}}{{}} href="/op/settings/keys">SSH keys</a></li>
6 </ul>
7 </div>
File scripts/remote.php changed (mode: 100644) (index 8589194..3d2c1fa)
... ... if (isset($_SERVER['SSH_CONNECTION'])) {
130 130 } }
131 131
132 132 // Extracts command and computes permissions // Extracts command and computes permissions
133 if (strncmp($cmd_repo, "git-upload-pack", 15) == 0) {
133 if (strncasecmp($cmd_repo, "git-upload-pack", 15) == 0) {
134 134 $cmd = "git-upload-pack"; $cmd = "git-upload-pack";
135 135 $needed_rights = "F"; $needed_rights = "F";
136 136 $push = 0; $push = 0;
137 } else if (strncmp($cmd_repo, "git-receive-pack", 16) == 0) {
137 } else if (strncasecmp($cmd_repo, "git-receive-pack", 16) == 0) {
138 138 $cmd = "git-receive-pack"; $cmd = "git-receive-pack";
139 // TODO: add a comment here why we need to check nothing
140 $needed_rights = "";
139 // We need push or anonymous push
140 $needed_rights = "P|H";
141 141 $push = 1; $push = 1;
142 142 } else { } else {
143 143 fatal("Unknown command [$cmd_repo]!"); fatal("Unknown command [$cmd_repo]!");
 
... ... $owner_ui = rg_user_info($db, 0, $user, "");
169 169 if ($owner_ui['ok'] != 1) if ($owner_ui['ok'] != 1)
170 170 fatal("Internal problems. Try again later, please."); fatal("Internal problems. Try again later, please.");
171 171 if ($owner_ui['exists'] != 1) if ($owner_ui['exists'] != 1)
172 fatal("User does not exists.");
172 fatal("User does not exists (repo).");
173 173
174 174 // Load info about the connecting user // Load info about the connecting user
175 /* Seems is not used now
176 175 $conn_ui = rg_user_info($db, $conn_uid, "", ""); $conn_ui = rg_user_info($db, $conn_uid, "", "");
177 if ($conn_ui['exists'] != 0)
178 fatal("User does not exists.");
179 */
176 if ($conn_ui['exists'] != 1)
177 fatal("User does not exists (conn).");
180 178
181 179 // Loading info about the repository // Loading info about the repository
182 180 if (rg_repo_ok($repo) !== TRUE) if (rg_repo_ok($repo) !== TRUE)
 
... ... if ($ri['deleted'] == 1)
192 190 $repo_path = rg_repo_path_by_id($owner_ui['uid'], $ri['repo_id']); $repo_path = rg_repo_path_by_id($owner_ui['uid'], $ri['repo_id']);
193 191 rg_log("repo_path=$repo_path."); rg_log("repo_path=$repo_path.");
194 192
195 // TODO: signal user that the repo moved and provide a hint how to move
193 // TODO: signal user that the repo moved and provide a hint how to follow
196 194
197 // We must not use here the rg_repo_allow function because we need
198 // $rights variable below.
199 $ret = rg_repo_rights_get($db, $ri, $conn_uid, 0);
200 if ($ret['ok'] !== 1)
201 fatal("Internal error (rights_get)");
202 $rights = $ret['rights'];
203
204 if (rg_rights_allow($rights, $needed_rights) === FALSE)
195 $misc = FALSE;
196 $ret = rg_repo_allow($db, "repo_refs", $ri, $conn_ui, $needed_rights, $ip, $misc);
197 if ($ret !== TRUE)
205 198 fatal("You have no rights to access this repo!"); fatal("You have no rights to access this repo!");
206 199
207 200 // TODO: limit per connection // TODO: limit per connection
 
... ... if (($push == 1) && rg_user_over_limit($db, $owner_ui, $max))
219 212 putenv("ROCKETGIT_UID=" . $conn_uid); putenv("ROCKETGIT_UID=" . $conn_uid);
220 213 putenv("ROCKETGIT_KEY_ID=" . $key_id); putenv("ROCKETGIT_KEY_ID=" . $key_id);
221 214 putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']); putenv("ROCKETGIT_REPO_ID=" . $ri['repo_id']);
222 putenv("ROCKETGIT_REPO_RIGHTS=" . $rights);
223 215 putenv("ROCKETGIT_REPO_PATH=" . $repo_path); putenv("ROCKETGIT_REPO_PATH=" . $repo_path);
224 216 putenv("ROCKETGIT_IP=$ip"); putenv("ROCKETGIT_IP=$ip");
225 217 putenv("ROCKETGIT_ITIME=" . microtime(TRUE)); putenv("ROCKETGIT_ITIME=" . microtime(TRUE));
 
... ... if ($push == 1) {
228 220 rg_log("namespace is $namespace."); rg_log("namespace is $namespace.");
229 221 putenv("GIT_NAMESPACE=" . $namespace); putenv("GIT_NAMESPACE=" . $namespace);
230 222
231 // Prepare refs to avoid:
223 // Prepare refs to avoid the following message:
232 224 // "No refs in common and none specified; doing nothing. // "No refs in common and none specified; doing nothing.
233 225 // Perhaps you should specify a branch such as 'master'." // Perhaps you should specify a branch such as 'master'."
234 226 $dst = $repo_path . "/refs/namespaces/" . $namespace . "/refs/heads"; $dst = $repo_path . "/refs/namespaces/" . $namespace . "/refs/heads";
File selinux/rocketgit.fc changed (mode: 100644) (index 255b678..16d650c)
5 5
6 6 /etc/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_conf_t,s0) /etc/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_conf_t,s0)
7 7
8 /var/log/rocketgit(/.*)? -- gen_context(system_u:object_r:rocketgit_log_t,s0)
8 /var/log/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_log_t,s0)
9 9 /var/log/rocketgit-web(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) /var/log/rocketgit-web(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
10 10
11 11 /var/lib/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_var_t,s0) /var/lib/rocketgit(/.*)? gen_context(system_u:object_r:rocketgit_var_t,s0)
File selinux/rocketgit.te changed (mode: 100644) (index 48bb18d..0079a3a)
1 policy_module(rocketgit,1.0.71)
1 policy_module(rocketgit,1.0.73)
2 2
3 3 ######################################## ########################################
4 4 # #
 
... ... type rocketgit_log_t;
76 76 files_type(rocketgit_log_t) files_type(rocketgit_log_t)
77 77 manage_files_pattern(rocketgit_t, rocketgit_log_t, rocketgit_log_t) manage_files_pattern(rocketgit_t, rocketgit_log_t, rocketgit_log_t)
78 78 logging_log_filetrans(rocketgit_t, rocketgit_log_t, file) logging_log_filetrans(rocketgit_t, rocketgit_log_t, file)
79 # below line tries to allow httpd to create err-* files in /var/log/rocketgit-web
80 #filetrans_pattern(httpd_t,dirtype?,rocketgit_log_t, file)
79 81 # allow rocketgit_t access to /var/log/rocketgit-web. Why? # allow rocketgit_t access to /var/log/rocketgit-web. Why?
80 82 allow rocketgit_t httpd_log_t:dir { read open }; allow rocketgit_t httpd_log_t:dir { read open };
81 83
File tests/Makefile changed (mode: 100644) (index 9017f43..87f3c32)
... ... hook_update_anon_nm:
54 54
55 55 .PHONY: clean .PHONY: clean
56 56 clean: clean:
57 @rm -f *.log *.strace *.out
57 @rm -f *.log *.strace *.out *.lock
File tests/bug.php changed (mode: 100644) (index 55fccf9..b188b80)
... ... require_once("common.php");
12 12
13 13 rg_log_set_file("bug.log"); rg_log_set_file("bug.log");
14 14
15 $db = rg_sql_open("dbname=trg");
16 if ($db === FALSE) {
17 rg_log("Cannot create a database (" . rg_sql_error() . ")!");
18 exit(1);
19 }
20
21 $r = rg_state_set($db, "schema_version", "0");
22 if ($r !== TRUE) {
23 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
24 exit(1);
25 }
26
27 $r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
28 if ($r !== TRUE) {
29 rg_log("Cannot create struct (" . rg_sql_error() . ")!");
30 exit(1);
31 }
32
33 $r = rg_fixes_update($db);
34 if ($r !== TRUE) {
35 rg_log("Cannot apply fixes!");
36 exit(1);
37 }
38
39 $r = rg_sql_struct_slaves_update($db);
40 if ($r !== TRUE) {
41 rg_log("Cannot create slaves!");
42 exit(1);
43 }
44
45 15 // defaults // defaults
46 16 $uid = 1; $uid = 1;
47 17 $ui = array("uid" => $uid, "username" => "userX", "organization" => 0, "email" => "test@embedromix.ro"); $ui = array("uid" => $uid, "username" => "userX", "organization" => 0, "email" => "test@embedromix.ro");
48 18 $repo_name = "A"; $repo_name = "A";
49 19
50 20 rg_log("Creating a repo"); rg_log("Creating a repo");
51 $repo_id = rg_repo_create($db, 0, $ui, $repo_name, 0, "desc", "F", 0);
21 $new = array();
22 $new['master'] = 0;
23 $new['name'] = $repo_name;
24 $new['max_commit_size'] = 0;
25 $new['description'] = "desc";
26 $new['git_dir_done'] = 0;
27 $new['public'] = 1;
28 $repo_id = rg_repo_edit($db, $ui, $new);
52 29 if ($repo_id === FALSE) { if ($repo_id === FALSE) {
53 30 rg_log("Cannot insert a repo (" . rg_repo_error() . ")!"); rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
54 31 exit(1); exit(1);
 
... ... if ($r === FALSE) {
108 85 } }
109 86
110 87 $r = rg_bug_info($db, $repo_id, $bug_id); $r = rg_bug_info($db, $repo_id, $bug_id);
111 if ($r === FALSE) {
112 rg_log("Cannot lookup a bug (" . rg_bug_error() . ")!");
113 exit(1);
114 }
115 88 if ($r['exists'] != 1) { if ($r['exists'] != 1) {
116 rg_log("Seems the bug does not exists!");
89 rg_log("Cannot lookup a bug (" . rg_bug_error() . ")!");
117 90 exit(1); exit(1);
118 91 } }
119 92
120 93 // test a non existing bug // test a non existing bug
121 94 $r = rg_bug_info($db, $repo_id, 0); $r = rg_bug_info($db, $repo_id, 0);
122 if ($r === FALSE) {
123 rg_log("Cannot lookup a bug (" . rg_bug_error() . ")!");
124 exit(1);
125 }
126 95 if ($r['exists'] != 0) { if ($r['exists'] != 0) {
127 96 rg_log("Wrong bug number (0) returned valid data!"); rg_log("Wrong bug number (0) returned valid data!");
128 97 exit(1); exit(1);
File tests/cache.php changed (mode: 100644) (index 437109b..0d96d11)
... ... if ($r !== $e) {
76 76 exit(1); exit(1);
77 77 } }
78 78
79 echo "cache: OK!\n";
80
79 81 ?> ?>
File tests/common.php changed (mode: 100644) (index b223af9..9841fbf)
1 1 <?php <?php
2 $INC = "../inc";
3 require_once($INC . "/state.inc.php");
4 require_once($INC . "/sql.inc.php");
5 require_once($INC . "/struct.inc.php");
6 require_once($INC . "/fixes.inc.php");
2 7
3 8 // Defaults // Defaults
4 9 $rg_base = dirname(__FILE__); $rg_base = dirname(__FILE__);
 
... ... $rg_lang = "en";
29 34 $rg_cache_enable = FALSE; $rg_cache_enable = FALSE;
30 35 $rg_event_socket = ""; $rg_event_socket = "";
31 36
37 $db = rg_sql_open("dbname=trg");
38 if ($db === FALSE) {
39 rg_log("Cannot create a database (" . rg_sql_error() . ")!");
40 exit(1);
41 }
42
43 $r = rg_state_set($db, "schema_version", "0");
44 if ($r !== TRUE) {
45 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
46 exit(1);
47 }
48
49 $r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
50 if ($r !== TRUE) {
51 rg_log("Cannot create struct (" . rg_sql_error() . ")!");
52 exit(1);
53 }
54
55 $r = rg_fixes_update($db);
56 if ($r !== TRUE) {
57 rg_log("Cannot apply fixes!");
58 exit(1);
59 }
60
61 $r = rg_sql_struct_slaves_update($db);
62 if ($r !== TRUE) {
63 rg_log("Cannot create slaves!");
64 exit(1);
65 }
66
32 67 ?> ?>
File tests/event.php changed (mode: 100644) (index 5d12c2a..362d0e1)
... ... rg_log_set_file("event.log");
17 17
18 18 $rg_sql_debug = 1; $rg_sql_debug = 1;
19 19
20 $db = rg_sql_open("dbname=trg");
21 if ($db === FALSE) {
22 rg_log("Cannot create a database (" . rg_sql_error() . ")!");
23 exit(1);
24 }
25
26 $r = rg_state_set($db, "schema_version", "0");
27 if ($r !== TRUE) {
28 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
29 exit(1);
30 }
31
32 $r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
33 if ($r !== TRUE) {
34 rg_log("Cannot create struct (" . rg_sql_error() . ")!");
35 exit(1);
36 }
37
38 $r = rg_fixes_update($db);
39 if ($r !== TRUE) {
40 rg_log("Cannot aply fixes!");
41 exit(1);
42 }
43
44 $r = rg_sql_struct_slaves_update($db);
45 if ($r !== TRUE) {
46 rg_log("Cannot create slaves!");
47 exit(1);
48 }
49
50 20 /* /*
51 21 * This function will generate an array of sub-events * This function will generate an array of sub-events
52 22 */ */
File tests/keys.php changed (mode: 100644) (index 10c3ffa..3df8dac)
... ... $rg_sql_debug = 1;
18 18 // Defaults // Defaults
19 19 $rg_admin_email = "rg@embedromix.ro"; $rg_admin_email = "rg@embedromix.ro";
20 20
21 $db = rg_sql_open("dbname=trg");
22 if ($db === FALSE) {
23 echo "Cannot create a database (" . rg_sql_error() . ")!\n";
24 exit(1);
25 }
26
27 $r = rg_state_set($db, "schema_version", "0");
28 if ($r !== TRUE) {
29 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
30 exit(1);
31 }
32
33 $r = rg_sql_struct_update($db, RG_DROP_TABLES);
34 if ($r !== TRUE) {
35 echo "Cannot create structure (" . rg_sql_error() . ")!\n";
36 exit(1);
37 }
38
39 $r = rg_fixes_update($db);
40 if ($r !== TRUE) {
41 echo "Cannot apply fixes!\n";
42 exit(1);
43 }
44
45 $r = rg_sql_struct_slaves_update($db);
46 if ($r !== TRUE) {
47 rg_log("Cannot create slaves!");
48 exit(1);
49 }
50
51 // clean all old keys
52 $sql = "DELETE FROM keys";
53 $res = rg_sql_query($db, $sql);
54 rg_sql_free_result($res);
55
56 21 $rg_ui = array("uid" => 1, "is_admin" => 0, "email" => "test@embedromix.ro"); $rg_ui = array("uid" => 1, "is_admin" => 0, "email" => "test@embedromix.ro");
57 22
58 23 // insert a key 1 // insert a key 1
File tests/repo.php changed (mode: 100644) (index 76813c1..268eeb8)
... ... if ($c !== FALSE) {
78 78 exit(1); exit(1);
79 79 } }
80 80
81 $db = rg_sql_open("dbname=trg");
82 if ($db === FALSE) {
83 rg_log("Cannot create a database (" . rg_sql_error() . ")!");
84 exit(1);
85 }
86
87 $r = rg_state_set($db, "schema_version", "0");
88 if ($r !== TRUE) {
89 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
90 exit(1);
91 }
92
93 $r = rg_sql_struct_update($db, RG_DROP_TABLES|RG_IGNORE_ERRORS);
94 if ($r !== TRUE) {
95 rg_log("Cannot create struct (" . rg_sql_error() . ")!");
96 exit(1);
97 }
98
99 $r = rg_fixes_update($db);
100 if ($r !== TRUE) {
101 rg_log("Cannot apply fixes!");
102 exit(1);
103 }
104
105 $r = rg_sql_struct_slaves_update($db);
106 if ($r !== TRUE) {
107 rg_log("Cannot create slaves!");
108 exit(1);
109 }
110
111 81 $uid = time(); $uid = time();
112 82 rg_log("Inserting a fake user"); rg_log("Inserting a fake user");
113 83 $sql = "INSERT INTO users (uid, username, realname, salt, pass, email, itime, suspended" $sql = "INSERT INTO users (uid, username, realname, salt, pass, email, itime, suspended"
 
... ... if ($rg_ui['exists'] != 1) {
126 96 } }
127 97
128 98 rg_log("Creating a repo"); rg_log("Creating a repo");
129 $repo_name = "A";
130 $repo_id = rg_repo_create($db, 0, $rg_ui, $repo_name, 0, "desc", "F", 0);
99 $new = array();
100 $new['master'] = 0;
101 $new['name'] = "A";
102 $new['max_commit_size'] = 0;
103 $new['description'] = "desc";
104 $new['git_dir_done'] = 0;
105 $new['public'] = 1;
106 $repo_id = rg_repo_edit($db, $ui, $new);
131 107 if ($repo_id === FALSE) { if ($repo_id === FALSE) {
132 108 rg_log("Cannot insert a repo (" . rg_repo_error() . ")!"); rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
133 109 exit(1); exit(1);
 
... ... if ($r === FALSE) {
158 134 } }
159 135
160 136 rg_log("test giving rights"); rg_log("test giving rights");
137 $right_id = 100;
138 $who = 400;
161 139 $tuid = 10; $tuid = 10;
162 $v = rg_repo_rights_set($db, $ri, $tuid, "P", array());
140 $prio = 13;
141 $ip = "1.1.1.1";
142 $v = rg_rights_set($db, $right_id, $who, "repo", $ri['repo_id'],
143 $tuid, "P", "", $ip, $prio);
163 144 if ($v === FALSE) { if ($v === FALSE) {
164 145 rg_log("Cannot give rights (1)!"); rg_log("Cannot give rights (1)!");
165 146 exit(1); exit(1);
166 147 } }
167 148
168 rg_log("owner gets all rights");
169 $e = rg_rights_all("repo");
170 $r = rg_repo_rights_get($db, $ri, $uid, 0);
171 $c = $r['rights'];
172 if (strcmp($c, $e) != 0) {
173 rg_log("Owner did not get all rights: c=$c e=$e.");
174 exit(1);
175 }
176
177 149 rg_log("non-owner gets correct rights: F gets from default rights."); rg_log("non-owner gets correct rights: F gets from default rights.");
150 $right_id = 0;
151 $who = 400;
178 152 $xuid = 12; $xuid = 12;
179 $r = rg_repo_rights_set($db, $ri, $xuid, "P", array());
153 $rights = "AaB";
154 $prio = 50;
155 $ip = "";
156 $r = rg_rights_set($db, $right_id, $who, "repo", $ri['repo_id'],
157 $xuid, $rights, "", $ip, $prio);
180 158 if ($r !== TRUE) { if ($r !== TRUE) {
181 rg_log("Cannot set rights (" . rg_repo_error() . ")!");
159 rg_log("Cannot set rights (" . rg_rights_error() . ")!");
182 160 exit(1); exit(1);
183 161 } }
184 $e = "FP";
185 $r = rg_repo_rights_get($db, $ri, $xuid, 0);
186 $c = $r['rights'];
162 $e = "AaB";
163 $r = rg_rights_get($db, "repo", $ri['repo_id'], $xuid);
164 $c = $r['list'][0]['rights'];
187 165 if (strcmp($c, $e) != 0) { if (strcmp($c, $e) != 0) {
188 166 rg_log("Non-owner did not get correct rights: c=$c e=$e."); rg_log("Non-owner did not get correct rights: c=$c e=$e.");
189 167 exit(1); exit(1);
190 168 } }
191 169
192 170 rg_log("owner can set separate rights for him"); rg_log("owner can set separate rights for him");
193 $v = rg_repo_rights_set($db, $ri, $uid, "A", array());
171 $uid = 500;
172 $tuid = 500;
173 $rights = "E";
174 $prio = 100;
175 $ip = "";
176 $v = rg_rights_set($db, $right_id, $uid, "repo", $ri['repo_id'],
177 $tuid, $rights, "", $ip, $prio);
194 178 if ($v === FALSE) { if ($v === FALSE) {
195 179 rg_log("Owner cannot set separate rights for him!"); rg_log("Owner cannot set separate rights for him!");
196 180 exit(1); exit(1);
197 181 } }
198 182
199 183 rg_log("list1"); rg_log("list1");
200 $r = rg_repo_rights_load($db, $ri);
184 $r = rg_rights_load($db, "repo", $ri['repo_id']);
201 185 if ($r === FALSE) { if ($r === FALSE) {
202 186 rg_log("Cannot list rights (" . rg_repo_error() . ")"); rg_log("Cannot list rights (" . rg_repo_error() . ")");
203 187 exit(1); exit(1);
204 188 } }
189 print_r($r);
205 190 // TODO: we should test if expected fields are returned! // TODO: we should test if expected fields are returned!
206 191
207 192
 
... ... if ($r['repo_id'] != 3000) {
233 218 // Testing the rename of the repos // Testing the rename of the repos
234 219 $rg_repos = "repos"; $rg_repos = "repos";
235 220 $_path = rg_repo_path_by_id($uid, $repo_id); $_path = rg_repo_path_by_id($uid, $repo_id);
236 $r = mkdir($_path, 0755, TRUE);
237 if ($r !== TRUE) {
238 echo "Cannot create fake dir ($_path)!\n";
239 exit(1);
221 if (!file_exists($_path)) {
222 $r = @mkdir($_path, 0755, TRUE);
223 if ($r !== TRUE) {
224 echo "Cannot create fake dir ($_path)!\n";
225 exit(1);
226 }
240 227 } }
241 228 $_path = dirname(rg_repo_path_by_name($uid, $repo_name)); $_path = dirname(rg_repo_path_by_name($uid, $repo_name));
242 $r = mkdir($_path, 0755, TRUE);
243 if ($r !== TRUE) {
244 echo "Cannot create fake dir 2 ($_path)!\n";
245 exit(1);
229 if (!file_exists($_path)) {
230 $r = @mkdir($_path, 0755, TRUE);
231 if ($r !== TRUE) {
232 echo "Cannot create fake dir 2 ($_path)!\n";
233 exit(1);
234 }
246 235 } }
247 236 $new = $ri; $new = $ri;
248 237 $new['rights'] = "F"; $new['rights'] = "F";
249 238 // Do first rename // Do first rename
250 239 $new['name'] = $repo_name . "b"; $new['name'] = $repo_name . "b";
251 $r = rg_repo_update($db, $rg_ui, $new);
240 $r = rg_repo_edit($db, $rg_ui, $new);
252 241 if ($r === FALSE) { if ($r === FALSE) {
253 242 echo "Cannot rename repository (" . rg_repo_error() . ")!\n"; echo "Cannot rename repository (" . rg_repo_error() . ")!\n";
254 243 exit(1); exit(1);
255 244 } }
256 245 // Do a second rename // Do a second rename
257 246 $new['name'] = $repo_name . "c"; $new['name'] = $repo_name . "c";
258 $r = rg_repo_update($db, $rg_ui, $new);
247 $r = rg_repo_edit($db, $rg_ui, $new);
259 248 if ($r === FALSE) { if ($r === FALSE) {
260 249 echo "Cannot rename repository (" . rg_repo_error() . ")!\n"; echo "Cannot rename repository (" . rg_repo_error() . ")!\n";
261 250 exit(1); exit(1);
File tests/rights.php changed (mode: 100644) (index cf8f65e..f44e11b)
... ... ini_set("track_errors", "On");
5 5 $INC = "../inc"; $INC = "../inc";
6 6 require_once($INC . "/init.inc.php"); require_once($INC . "/init.inc.php");
7 7 require_once($INC . "/rights.inc.php"); require_once($INC . "/rights.inc.php");
8 require_once("common.php");
9 8
10 9 rg_log_set_file("rights.log"); rg_log_set_file("rights.log");
10 require_once("common.php");
11
12 $rg_sql_debug = 1;
11 13
12 14 // Defaults // Defaults
13 15 $rg_admin_email = "rg@embedromix.ro"; $rg_admin_email = "rg@embedromix.ro";
14 16
17
15 18 rg_log("test if combine works correctly (1)"); rg_log("test if combine works correctly (1)");
16 19 $a = "AF"; $b = "AD"; $e = "AFD"; $a = "AF"; $b = "AD"; $e = "AFD";
17 20 $r = rg_rights_combine($a, $b); $r = rg_rights_combine($a, $b);
 
... ... if (strcmp($e, $e) != 0) {
45 48 } }
46 49
47 50 rg_log("rights: testing allow..."); rg_log("rights: testing allow...");
48 $rights = "ABC"; $needed_rights = "BCD";
49 $r = rg_rights_allow($rights, $needed_rights);
51 $rights = array(array("rights" => "ABC", "ip" => ""));
52 $needed_rights = "BCD"; $ip = "1.2.3.4";
53 $misc = FALSE;
54 $r = rg_rights_allow($rights, $needed_rights, $ip, $misc);
50 55 if ($r !== FALSE) { if ($r !== FALSE) {
51 56 echo "allow is not working right!\n"; echo "allow is not working right!\n";
52 57 exit(1); exit(1);
53 58 } }
54 59
55 rg_log("rights: testing allow...");
56 $rights = "ABC"; $needed_rights = "";
57 $r = rg_rights_allow($rights, $needed_rights);
60 rg_log("rights: testing rg_rights_set...");
61 $a = array();
62 $a['right_id'] = 0;
63 $a['who'] = 90;
64 $a['obj_id'] = 333;
65 $a['uid'] = 200;
66 $a['rights'] = "abc";
67 $a['misc'] = "misc1";
68 $a['ip'] = "1.1.1.1 2.2.2.2 10.0.0.0/8";
69 $a['prio'] = 3;
70 $r = rg_rights_set($db, "type1", $a);
71 if ($r !== TRUE) {
72 echo "Seems I cannot set rights 1 (" . rg_rights_error() . ")\n";
73 exit(1);
74 }
75 $a['rights'] = "d"; $a['misc'] = "misc2";
76 $r = rg_rights_set($db, "type1", $a);
77 if ($r !== TRUE) {
78 echo "Seems I cannot set rights 2 (" . rg_rights_error() . ")\n";
79 exit(1);
80 }
81
82 rg_log("Testing rg_rights_get...");
83 $right_id = 0;
84 $r = rg_rights_get($db, "type1", $a['obj_id'], $a['uid'], $right_id);
85 if (($r['ok'] !== 1) || (strcmp($r['list'][1]['rights'], "d") != 0)) {
86 echo "Seems I cannot get rights (" . rg_rights_error() . ")\n";
87 print_r($r);
88 exit (1);
89 }
90
91 rg_log("Testing delete_list...");
92 $list = array(1, 2);
93 $r = rg_rights_delete_list($db, $a['obj_id'], $list);
58 94 if ($r !== TRUE) { if ($r !== TRUE) {
59 echo "allow is not working right (empty needed_rights)!\n";
95 echo "We should be able to delete rights!\n";
60 96 exit(1); exit(1);
61 97 } }
98 $right_id = 0;
99 $r = rg_rights_get($db, "type1", $a['obj_id'], $a['uid'], $right_id);
100 if (($r['ok'] !== 1) || (count($r['list']) > 0)) {
101 echo "We should not have anymore type1 objects, after a delete.\n";
102 print_r($r);
103 exit (1);
104 }
105
106 rg_log("Testing IP match part - test1");
107 $list = "1.2.3.4/24 10.0.0.0/8 fd00::/64"
108 . " 1234:5678:aaaa:bbbb:cccc:dddd:eeee::/120"
109 . " 2222::/24";
110 $r = rg_rights_test_ip($list, "1.2.3.5");
111 if ($r !== TRUE) {
112 echo "ip test 1 failed\n";
113 exit(1);
114 }
115 rg_log("Testing IP match part - test2");
116 $r = rg_rights_test_ip($list, "10.2.3.4");
117 if ($r !== TRUE) {
118 echo "ip test 2 failed\n";
119 exit(1);
120 }
121 rg_log("Testing IP match part - test3");
122 $r = rg_rights_test_ip($list, "fd00::3030:aaaa");
123 if ($r !== TRUE) {
124 echo "ip test 3 failed\n";
125 exit(1);
126 }
127 rg_log("Testing IP match part - test4a");
128 $r = rg_rights_test_ip($list, "1234:5678:aaaa:bbbb:cccc:dddd:eeee:44");
129 if ($r !== TRUE) {
130 echo "ip test 4a failed\n";
131 exit(1);
132 }
133 rg_log("Testing IP match part - test4b");
134 $r = rg_rights_test_ip($list, "1234:5678:aaaa:bbbb:cccc:dddd:eeee:3344");
135 if ($r === TRUE) {
136 echo "ip test 4b failed\n";
137 exit(1);
138 }
139 rg_log("Testing IP match part - test5");
140 $r = rg_rights_test_ip($list, "2222::5533");
141 if ($r !== TRUE) {
142 echo "ip test 5 failed\n";
143 exit(1);
144 }
145
146
147 // TODO: test if a user can read other rights
62 148
63 149 echo "rights: OK!\n"; echo "rights: OK!\n";
64 150 ?> ?>
File tests/sql.php changed (mode: 100644) (index 0d127ba..091ba2a)
... ... require_once("common.php");
10 10
11 11 rg_log_set_file("sql.log"); rg_log_set_file("sql.log");
12 12
13 echo "db: open connection...\n";
14 $db = rg_sql_open("dbname=trg");
15 if ($db === FALSE) {
16 echo "Cannot create a database (" . rg_sql_error() . ")!\n";
17 exit(1);
18 }
19
20 13 echo "db: drop 'test' table...\n"; echo "db: drop 'test' table...\n";
21 14 $sql = "DROP TABLE IF EXISTS test"; $sql = "DROP TABLE IF EXISTS test";
22 15 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
 
... ... if ($res === FALSE) {
26 19 } }
27 20
28 21 echo "db: test creation of a table...\n"; echo "db: test creation of a table...\n";
29 $sql = "CREATE TABLE test (id TEXT PRIMARY KEY)";
22 $sql = "CREATE TABLE test (id TEXT PRIMARY KEY"
23 . ", f1 TEXT DEFAULT '', f2 TEXT DEFAULT '')";
30 24 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
31 25 if ($res === FALSE) { if ($res === FALSE) {
32 26 echo "Cannot create table 'test' (" . rg_sql_error() . ")!\n"; echo "Cannot create table 'test' (" . rg_sql_error() . ")!\n";
 
... ... echo "db: test insert with the same key...\n";
45 39 $sql = "INSERT INTO test (id) VALUES ('aaa')"; $sql = "INSERT INTO test (id) VALUES ('aaa')";
46 40 $res = @rg_sql_query($db, $sql); $res = @rg_sql_query($db, $sql);
47 41 if ($res !== FALSE) { if ($res !== FALSE) {
48 echo "I can do double insert!\n";
42 echo "I can do double insert, not good!\n";
49 43 exit(1); exit(1);
50 44 } }
51 45
 
... ... if ($res === FALSE) {
57 51 exit(1); exit(1);
58 52 } }
59 53
54 echo "db: test prepare with named values...\n";
55 $sql = "INSERT INTO test(id, f1, f2) VALUES (@@id@@, @@f@@, @@f@@)";
56 $params = array("id" => "myid", "f" => "value", "junk" => "aaa");
57 $res = rg_sql_query_params($db, $sql, $params);
58 if ($res === FALSE) {
59 echo "Cannot insert into test using @@x@@!\n";
60 exit(1);
61 }
62 $sql = "SELECT * FROM test WHERE id = 'myid'";
63 $res = rg_sql_query($db, $sql);
64 $row = rg_sql_fetch_array($res);
65 if (strcmp($row['f1'], "value") != 0) {
66 echo "Seems that insert with @@x@@ are not working!\n";
67 exit(1);
68 }
69
60 70 // TODO: test rg_sql_last_id // TODO: test rg_sql_last_id
61 71
62 72 rg_sql_close($db); rg_sql_close($db);
File tests/state.php changed (mode: 100644) (index d11e1a2..b4db53c)
... ... rg_log_set_file("state.log");
14 14
15 15 $rg_sql_debug = 1; $rg_sql_debug = 1;
16 16
17 $db = rg_sql_open("dbname=trg");
18 if ($db === FALSE) {
19 echo "Cannot create a database (" . rg_sql_error() . ")!\n";
20 exit(1);
21 }
22
23 $r = rg_state_set($db, "schema_version", "0");
24 if ($r !== TRUE) {
25 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
26 exit(1);
27 }
28
29 $r = rg_sql_struct_update($db, RG_DROP_TABLES);
30 if ($r !== TRUE) {
31 echo "Cannot create structure (" . rg_sql_error() . ")!\n";
32 exit(1);
33 }
34
35 17 // check return for an invalid state // check return for an invalid state
36 18 $r = rg_state_get($db, "asdsdsdf"); $r = rg_state_get($db, "asdsdsdf");
37 19 if ($r !== "") { if ($r !== "") {
File tests/themes/util/t3/c6b changed (mode: 100644) (index 862719c..2ab5c84)
1 1 @@if("@@a@@" != ""){{A}}{{B}} @@if("@@a@@" != ""){{A}}{{B}}
2 @@if("@@a@@" = ""){{X}}{{Y}}
2 @@if("@@a@@" == ""){{X}}{{Y}}
File tests/themes/util/t3/c9 changed (mode: 100644) (index 4012a71..d4dc922)
1 1 XX XX
2 @@if(@@X@@ == 1){{
3 @@if(@@Y@@ == 1){{
4 @@if(@@Z@@ == 1){{
5 TRUE_LEVEL_2
6 }}{{
7 FALSE_LEVEL_2
8 }}
9 }}{{
10 FALSE_LEVEL_1
11 }}
2 @@if("@@X@@" == "abc"){{
3 BLA
4 BLA
5 BLA
6 @@X@@
12 7 }}{{ }}{{
13 FALSE_LEVEL_0
14 8 }} }}
15 YY
9 YY
10 @@X@@
File tests/user.php changed (mode: 100644) (index bc030ce..624feea)
... ... $rg_admin_name = "RocketGit Admin";
24 24 $_SERVER['HTTP_HOST'] = "fake.tld"; $_SERVER['HTTP_HOST'] = "fake.tld";
25 25
26 26
27 $db = rg_sql_open("dbname=trg");
28 if ($db === FALSE) {
29 echo "Cannot create a database (" . rg_sql_error() . ")!\n";
30 exit(1);
31 }
32
33 $r = rg_state_set($db, "schema_version", "0");
34 if ($r !== TRUE) {
35 echo "Cannot reset schema (" . rg_state_error() . ")!\n";
36 exit(1);
37 }
38
39 $r = rg_sql_struct_update($db, RG_DROP_TABLES);
40 if ($r !== TRUE) {
41 echo "Cannot create structure (" . rg_sql_error() . ")!\n";
42 exit(1);
43 }
44
45 $r = rg_fixes_update($db);
46 if ($r !== TRUE) {
47 echo "Cannot apply fixes!\n";
48 exit(1);
49 }
50
51 $r = rg_sql_struct_slaves_update($db);
52 if ($r !== TRUE) {
53 rg_log("Cannot create slaves!");
54 exit(1);
55 }
56
57 27 $r = rg_exec("rm -rf ubase"); $r = rg_exec("rm -rf ubase");
58 28 if ($r['ok'] != 1) { if ($r['ok'] != 1) {
59 29 echo "Cannot remove ubase dir (" . $r['errmsg'] . ")!\n"; echo "Cannot remove ubase dir (" . $r['errmsg'] . ")!\n";
File tests/util.php changed (mode: 100644) (index 4a24f5a..016331a)
... ... if ($r !== TRUE) {
25 25 exit(1); exit(1);
26 26 } }
27 27
28
29 echo "util.php: testing function rg_prepare_replace_helper...\n";
30 $what = array(); $values = array();
31 $a = array("a" => "b");
32 rg_prepare_replace_helper($a, "", $what, $values);
33 $w = rg_array2string($what);
34 $v = rg_array2string($values);
35 $ew = "a=[/@@a@@/uU]";
36 $ev = "a=[b]";
37 if ((strcmp($w, $ew) != 0) || (strcmp($v, $ev) != 0)) {
38 echo "Wrong prepare_replace: [$w] != [$ew] OR [$v] != [$ev]!\n";
39 exit(1);
40 }
41
42 $what = array(); $values = array();
43 $a = array("ri" => array("repo_id" => "1", "name" => "repo1"));
44 rg_prepare_replace_helper($a, "", $what, $values);
45 $w = rg_array2string($what);
46 $v = rg_array2string($values);
47 $ew = "ri.repo_id=[/@@ri.repo_id@@/uU] ri.name=[/@@ri.name@@/uU]";
48 $ev = "ri.repo_id=[1] ri.name=[repo1]";
49 if ((strcmp($w, $ew) != 0) || (strcmp($v, $ev) != 0)) {
50 echo "Wrong prepare_replace: [$w] != [$ew] OR [$v] != [$ev]!\n";
51 exit(1);
52 }
53
54
28 55 $r = rg_exec("/xxxx"); $r = rg_exec("/xxxx");
29 56 if ($r['ok'] == 1) { if ($r['ok'] == 1) {
30 57 echo "util.php: running non existing command does not return 0!\n"; echo "util.php: running non existing command does not return 0!\n";
 
... ... if (strcmp($r, $e) != 0) {
195 222 exit(1); exit(1);
196 223 } }
197 224
225 $t = "test rg_template with conditional formating (quotes)";
226 rg_log($t);
227 $data = array("a" => "abc");
228 $r = rg_template("t3/c6b", $data);
229 $r = preg_replace('/\s/', '', $r);
230 $e = "AY";
231 if (strcmp($r, $e) != 0) {
232 echo "util.php: $t: not working (r=$r e=$e)!\n";
233 exit(1);
234 }
235
198 236 $t = "test rg_template with conditional formating (!empty)"; $t = "test rg_template with conditional formating (!empty)";
199 237 rg_log($t); rg_log($t);
200 238 $data = array("AAA" => ""); $data = array("AAA" => "");
 
... ... if (strcmp($r, $e) != 0) {
216 254 exit(1); exit(1);
217 255 } }
218 256
219 $t = "test rg_template with conditional formating (a vriable contains '{{')";
257 $t = "test rg_template with conditional formating (a variable contains '{{')";
220 258 rg_log($t); rg_log($t);
221 259 $data = array("AAA" => "1", "BBB" => "}}", "CCC" => "{{"); $data = array("AAA" => "1", "BBB" => "}}", "CCC" => "{{");
222 260 $r = rg_template("t3/c8", $data); $r = rg_template("t3/c8", $data);
 
... ... if (strcmp($r, $e) != 0) {
227 265 exit(1); exit(1);
228 266 } }
229 267
268 $t = "test rg_template with conditional formating: false branch is empty)";
269 rg_log($t);
270 $data = array("X" => "abc");
271 $r = rg_template("t3/c9", $data);
272 $r = preg_replace('/\s/', '', $r);
273 $e = "XXBLABLABLAabcYYabc";
274 if (strcmp($r, $e) != 0) {
275 echo "util.php: $t: not working (r=[$r] e=[$e])!\n";
276 exit(1);
277 }
278
230 279 $t = "test rg_copy_tree"; $t = "test rg_copy_tree";
231 280 rg_log($t); rg_log($t);
232 281 $r = rg_copy_tree("tree1", "tree1.copy", 0755); $r = rg_copy_tree("tree1", "tree1.copy", 0755);
 
... ... if (strcmp($x['X.u'], "uval") != 0) {
267 316 exit(1); exit(1);
268 317 } }
269 318
270
271
272 319 echo "util: OK!\n"; echo "util: OK!\n";
273 320 ?> ?>
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main