Main RocketGit repo
/inc/rights.inc.php (df5579e9dcb19ff3712c4775f073d1caeae529c5) (23034 bytes) (mode 100644) (type blob)
<?php
require_once(__DIR__ . '/util2.inc.php');
require_once(__DIR__ . '/log.inc.php');
require_once(__DIR__ . '/sql.inc.php');
require_once(__DIR__ . '/user.inc.php');
require_once(__DIR__ . '/events.inc.php');
$rg_rights = array();
$rg_rights_default = array();
$rg_rights_cmp_func = array();
$rg_rights_inject = array();
$rg_rights_error = "";
function rg_rights_set_error($str)
{
global $rg_rights_error;
$rg_rights_error = $str;
rg_log($str);
}
function rg_rights_error()
{
global $rg_rights_error;
return $rg_rights_error;
}
/*
* Register a set of rights
*/
function rg_rights_register($type, $rights, $default_rights, $cmp_func,
$inject_func)
{
global $rg_rights;
global $rg_rights_default;
global $rg_rights_cmp_func;
global $rg_rights_inject;
$rg_rights[$type] = $rights;
$rg_rights_default[$type] = $default_rights;
$rg_rights_cmp_func[$type] = $cmp_func;
if ($inject_func !== FALSE)
$rg_rights_inject[$type] = $inject_func;
}
/*
* Enforce correct chars
*/
function rg_rights_fix($rights)
{
return preg_replace("/[^A-Za-z0-9]/", "", $rights);
}
/*
* Combine two repo rights strings
*/
function rg_rights_combine($a, $b)
{
$len = strlen($b);
for ($i = 0; $i < $len; $i++)
if (!strstr($a, $b[$i]))
$a .= $b[$i];
return $a;
}
/*
* Returns all possible rights
*/
function rg_rights_all($type)
{
global $rg_rights;
if (!isset($rg_rights[$type])) {
rg_log("WARN: type [$type] is not registered!");
return "";
}
$ret = "";
foreach ($rg_rights[$type] as $letter => $junk)
$ret = rg_rights_combine($ret, $letter);
return $ret;
}
/*
* Returns default rights for a type
*/
function rg_rights_default($type)
{
global $rg_rights_default;
if (!isset($rg_rights_default[$type])) {
rg_log("WARN: type [$type] is not registered!");
return "";
}
return $rg_rights_default[$type];
}
/*
* Rights -> form
*/
function rg_rights_checkboxes($type, $name, $passed_rights)
{
global $rg_rights;
if (!isset($rg_rights[$type])) {
rg_internal_error("[$type] is not registered!");
return "";
}
$ret = "";
$br = "";
foreach ($rg_rights[$type] as $right => $info) {
$add = "";
if (strstr($passed_rights, $right))
$add = " checked=\"checked\"";
$ret .= $br
. "<input type=\"checkbox\""
. " name=\"" . $name . "[$right]\""
. " id=\"" . $name . "[$right]\""
. $add . " />"
. "<label for=\"" . $name . "[$right]\">" . $info . "</label>"
. "\n";
$br = "<br />\n";
}
return $ret;
}
/*
* List rights as text
*/
function rg_rights_text($type, $rights)
{
global $rg_rights;
$ret = array();
$all = rg_rights_all($type);
if (strcmp($rights, $all) == 0) {
$ret[] = "All";
return $ret;
}
$len = strlen($rights);
if ($len == 0)
return array("None");
for ($i = 0; $i < $len; $i++) {
if (isset($rg_rights[$type][$rights[$i]]))
$ret[] = $rg_rights[$type][$rights[$i]];
else
$ret[] = "?" . $rights[$i] . "?";
}
return $ret;
}
/*
* Transforms rights array into a string
*/
function rg_rights_a2s($a)
{
$rights = "";
if (empty($a))
return "";
if (!is_array($a)) {
rg_internal_error("Rights array is not an array");
return "";
}
foreach ($a as $right => $junk)
$rights .= $right;
return rg_rights_fix($rights);
}
/*
* Improves a little bit the items of a right
* TODO: we have a circular dependency on user.inc. Remove the lookup and break
* the dependency. Register a function globally, from user.inc, that will be
* called here.
*/
function rg_rights_cosmetic($db, &$row)
{
if ($row['uid'] == 0) {
$row['username'] = "*";
} else {
$_ui = rg_user_info($db, $row['uid'], "", "");
if ($_ui['exists'] == 1)
$row['username'] = $_ui['username'];
else
$row['username'] = "?";
}
if ($row['who'] == 0) {
$row['who_name'] = "*";
} else {
$_ui = rg_user_info($db, $row['who'], "", "");
if ($_ui['exists'] == 1)
$row['who_name'] = $_ui['username'];
else
$row['who_name'] = "?";
}
$_r = rg_rights_text($row['type'], $row['rights']);
$row['rights_text'] = implode(", ", $_r);
if ($row['itime'] == 0)
$row['itime_text'] = "N/A";
else
$row['itime_text'] = gmdate("Y-m-d H:i", $row['itime']);
if (strcmp($row['ip'], "*") == 0)
$row['ip'] = "";
if (empty($row['ip']))
$row['ip_nice'] = "Any";
else
$row['ip_nice'] = $row['ip'];
if (!isset($row['description']))
$row['description'] = "";
$_a = rg_xss_safe(trim($row['description']));
$row['HTML:description_nlbr'] = nl2br($_a);
if (isset($row['prio'])) {
if (($row['prio'] >= 10) && ($row['prio'] <= 30000))
$row['can_be_deleted'] = 1;
else
$row['can_be_deleted'] = 0;
}
}
/*
* Returns the rights from db
*/
function rg_rights_load($db, $obj_id, $type)
{
rg_prof_start("rights_load");
rg_log_enter("rights_load: obj_id=$obj_id type=$type");
$type = rg_force_alphanum($type);
$ret = FALSE;
while (1) {
$key = "rights_by_obj_id::$obj_id::$type";
$r = rg_cache_get($key);
if ($r !== FALSE) {
$ret = $r;
break;
}
$params = array("type" => $type, "obj_id" => $obj_id);
$sql = "SELECT * FROM rights"
. " WHERE type = @@type@@"
. " AND obj_id = @@obj_id@@"
. " ORDER BY prio, itime";
$res = rg_sql_query_params($db, $sql, $params);
if ($res === FALSE) {
rg_rights_set_error("cannot get info");
break;
}
// TODO: we have a problem when we delete a right: we
// have to invalidate them all. Index by right_id!
$ret = array();
while (($row = rg_sql_fetch_array($res)))
$ret[] = $row;
rg_sql_free_result($res);
rg_cache_set($key, $ret, RG_SOCKET_NO_WAIT);
break;
}
rg_log_exit();
rg_prof_end("rights_load");
return $ret;
}
/*
* Helper for rg_rights_sort
*/
function rg_rights_sort_helper($a, $b)
{
if ($a['prio'] > $b['prio'])
return 1;
if ($a['prio'] == $b['prio'])
return 0;
return -1;
}
/*
* Get rights for an object
* @uid - the uid of the (normally) logged in user. If -1, do not filter by uid.
* @right_id - optional id (used by edit)
*/
function rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id)
{
global $rg_rights;
global $rg_rights_inject;
rg_prof_start('rights_get');
rg_log_enter('rights_get: obj_id=' . $obj_id . ' type=' . $type
. ' owner=' . $owner . ' uid=' . $uid . ' right_id=' . $right_id);
$ret = array();
$ret['ok'] = 0;
$ret['list'] = array();
while (1) {
$r = rg_rights_load($db, $obj_id, $type);
if ($r === FALSE)
break;
// Inject rights for owner
if ($owner > 0) {
$a = array();
$a['type'] = $type;
$a['obj_id'] = $obj_id;
$a['uid'] = $owner;
$a['itime'] = 0;
$a['misc'] = '';
$a['prio'] = 0;
$a['who'] = $owner;
$a['right_id'] = 0;
$a['ip'] = '';
$a['can_be_deleted'] = 0;
$a['rights'] = rg_rights_all($type);
$a['description'] = 'Autogenerated (owner)';
$r[] = $a;
}
// Inject specific rights
if (isset($rg_rights_inject[$type])) {
$f = $rg_rights_inject[$type];
$rows = $f($db, $obj_id, $type, $owner, $uid);
//rg_log_ml("CHECK: inject function for '$type' [$f] returned: " . print_r($rows, TRUE));
foreach ($rows as $row) {
//rg_log_ml("rights_get: inject specific rights: " . print_r($row, TRUE));
$r[] = $row;
}
}
// now, filter by uid and right_id
$r2 = array();
foreach ($r as $k => $v) {
if (($right_id > 0) && ($v['right_id'] != $right_id))
continue;
if (($uid == -1) || ($v['uid'] == $uid) || ($v['uid'] == 0))
$r2[] = $v;
}
// sorting by prio
uasort($r2, 'rg_rights_sort_helper');
// cosmetic
//rg_log_debug('before cosmetic: ' . print_r($r2, TRUE));
foreach ($r2 as $index => &$row)
rg_rights_cosmetic($db, $row);
$ret['list'] = $r2;
$ret['ok'] = 1;
break;
}
//rg_log("rights_get: rights=" . rg_array2string($ret['list']));
rg_log_exit();
rg_prof_end('rights_get');
return $ret;
}
/*
* Set rights for an object
*/
function rg_rights_set($db, $type, $a)
{
rg_prof_start("rights_set");
rg_log_enter('rights_set: type=' . $type . ' a=' . rg_array2string($a));
$ret = FALSE;
$rollback = FALSE;
while (1) {
if (($a['prio'] < 10) || ($a['prio'] > 30000)) {
rg_rights_set_error("prio must be between 10 and 30000");
break;
}
$r = rg_rights_validate_ip($a['ip']);
if ($r !== TRUE)
break;
if (rg_sql_begin($db) !== TRUE) {
rg_rights_set_error('cannot start transaction');
break;
}
$rollback = TRUE;
if (!isset($a['who'])) {
$ui_login = rg_ui_login();
$a['who'] = $ui_login['uid'];
}
$a['type'] = $type;
$a['now'] = time();
if ($a['right_id'] > 0)
$sql = "UPDATE rights SET"
. " type = @@type@@"
. ", uid = @@uid@@"
. ", obj_id = @@obj_id@@"
. ", rights = @@rights@@"
. ", misc = @@misc@@"
. ", ip = @@ip@@"
. ", prio = @@prio@@"
. ", itime = @@now@@"
. ", who = @@who@@"
. ", description = @@description@@"
. " WHERE right_id = @@right_id@@";
else
$sql = "INSERT INTO rights (type, uid, obj_id, rights"
. ", misc, ip, prio, itime, who, description)"
. " VALUES (@@type@@, @@uid@@, @@obj_id@@, @@rights@@"
. ", @@misc@@, @@ip@@, @@prio@@, @@now@@, @@who@@"
. ", @@description@@)";
$res = rg_sql_query_params($db, $sql, $a);
if ($res === FALSE) {
rg_rights_set_error("cannot alter rights");
break;
}
rg_sql_free_result($res);
// invalidate cache (TODO: optimize by inserting in list and reorder)
$key = "rights_by_obj_id::" . $a['obj_id'] . "::" . $a['type'];
rg_cache_unset($key, RG_SOCKET_NO_WAIT);
$ev = array(
'category' => 'rights_grant',
'source' => 'rights_set',
'prio' => 100,
'info' => $a
);
$r = rg_event_add($db, $ev);
if ($r !== TRUE) {
rg_rights_set_error('cannot add event');
break;
}
if (rg_sql_commit($db) !== TRUE) {
rg_rights_set_error('cannot commit');
break;
}
$rollback = FALSE;
rg_event_signal_daemon('', 0);
$ret = TRUE;
break;
}
if ($rollback)
rg_sql_rollback($db);
rg_log_exit();
rg_prof_end("rights_set");
return $ret;
}
/*
* Filters var using mask
* Example ("ABCDE", "AEZ") => "AE"
*/
function rg_rights_mask($val, $mask)
{
$ret = "";
$len = strlen($val);
for ($i = 0; $i < $len; $i++)
if (strstr($mask, $val[$i]) && !strstr($ret, $val[$i]))
$ret .= $val[$i];
return $ret;
}
/*
* Splits ip/prefix in components and apply the prefix len mask
* Returns FALSE if something is wrong
*/
function rg_rights_split_ip($ip)
{
rg_debug() && rg_log('rights_split_ip: ip=' . $ip);
$ret = array();
$ret['prefix_len'] = -1;
if (strstr($ip, "/")) { /* prefix len */
$t = explode("/", $ip);
$ip2 = $t[0];
$ret['prefix_len'] = $t[1];
} else {
$ip2 = $ip;
}
$ip2 = rg_fix_ip($ip2);
if (preg_match('/^[a-fA-F0-9:]*$/D', $ip2) === 1) { /* ipv6 */
if ($ret['prefix_len'] == -1) {
$ret['prefix_len'] = 128;
} else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 128)) {
rg_rights_set_error("invalid prefix len for [$ip]");
return FALSE;
}
$t = explode("::", $ip2);
if (count($t) > 2) {
rg_rights_set_error("invalid IPv6 IP [$ip] (multiple ::)");
return FALSE;
}
if (count($t) == 2) { /* we have :: */
$ipv6 = array();
/* count non-empty groups ($good) */
$t = explode(":", $ip2);
$good = 0;
foreach ($t as $p) {
if (!empty($p))
$good++;
}
$i = 0;
$fill = 1;
foreach ($t as $p) {
if (!empty($p)) {
$ipv6[$i++] = hexdec($p);
continue;
}
if ($fill == 0)
continue;
for ($j = 0; $j < 8 - $good; $j++)
$ipv6[$i++] = 0;
$fill = 0;
}
} else {
$ipv6 = explode(":", $ip2);
if (count($ipv6) != 8) {
rg_rights_set_error("invalid IPv6 IP [$ip]");
return FALSE;
}
foreach ($ipv6 as $k => $p)
$ipv6[$k] = hexdec($p);
}
// apply mask
for ($i = 0; $i < 8; $i++) {
if ($ret['prefix_len'] >= ($i + 1) * 16)
continue;
$len = ($i + 1) * 16 - $ret['prefix_len'];
if ($len >= 16) {
$ipv6[$i] = 0;
} else {
$mask = 0xFFFF - (pow(2, $len) - 1);
$ipv6[$i] &= $mask;
}
}
$new = array();
foreach ($ipv6 as $k => $p)
$new[$k] = sprintf("%x", $p);
$ret['ip'] = implode(":", $new);
$ret['type'] = "ipv6";
} else if (preg_match('/^[0-9\.]*$/D', $ip2) === 1) { /* ipv4 */
if ($ret['prefix_len'] == -1) {
$ret['prefix_len'] = 32;
} else if (($ret['prefix_len'] < 0) || ($ret['prefix_len'] > 32)) {
rg_rights_set_error("invalid prefix len for [$ip]");
return FALSE;
}
$ipv4 = explode(".", $ip2);
if (count($ipv4) != 4) {
rg_rights_set_error("invalid IPv4 IP [$ip]");
return FALSE;
}
foreach ($ipv4 as $k => $p) {
if (($p < 0) || ($p > 255)) {
rg_rights_set_error("invalid IPv4 IP [$ip]");
return FALSE;
}
$ipv4[$k] = ltrim($p, "0");
}
// apply mask
for ($i = 0; $i < 4; $i++) {
if ($ret['prefix_len'] >= ($i + 1) * 8)
continue;
$len = ($i + 1) * 8 - $ret['prefix_len'];
if ($len >= 8) {
$ipv4[$i] = "0";
} else {
$ipv4[$i] &= 0xFF - (pow(2, $len) - 1);
}
}
$ret['ip'] = implode(".", $ipv4);
$ret['type'] = "ipv4";
} else {
rg_rights_set_error("invalid address [$ip]");
return FALSE;
}
return $ret;
}
/*
* Validates a list of IPs to be correct
*/
function rg_rights_validate_ip($list)
{
$list = preg_replace("/[,\s]+/", ' ', $list);
$list = trim($list);
if (empty($list))
return TRUE;
$list = explode(" ", $list);
foreach ($list as $junk => $ip) {
if (empty($ip))
continue;
$r = rg_rights_split_ip($ip);
if ($r === FALSE)
return FALSE;
}
return TRUE;
}
/*
* Test if an IP match the allowed list
*/
function rg_rights_test_ip($list, $ip)
{
rg_log_debug('rights_test_ip: ip=' . $ip);
$r = rg_rights_split_ip($ip);
if ($r === FALSE) {
rg_log("An invalid IP has been specified [$ip]. Ignore it.");
return FALSE;
}
$list = explode(" ", $list);
$ret = FALSE;
foreach ($list as $junk => $ip0) {
if (empty($ip0)) {
$ret = TRUE;
break;
}
$r0 = rg_rights_split_ip($ip0);
if ($r0 === FALSE) {
rg_log("An invalid IP has been specified [$ip0]. Ignore it.");
continue;
}
$new_ip = rg_rights_split_ip($ip . "/" . $r0['prefix_len']);
if (strcmp($new_ip['type'], $r0['type']) != 0)
continue;
if (strcmp($new_ip['ip'], $r0['ip']) == 0) {
rg_log("$ip matches $ip0");
$ret = TRUE;
break;
}
rg_log("no match " . $new_ip['ip'] . " != " . $r0['ip']);
}
return $ret;
}
/*
* Returns TRUE if all 'needed_rights' are included in 'rights'
* @list - an array of rights
* @needed_rights: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
*/
function rg_rights_test($list, $needed_rights, $ip, $misc)
{
global $rg_rights_cmp_func;
rg_log_enter('rights_test: needed_rights=' . $needed_rights
. ' ip=' . $ip . ' misc=' . $misc);
$ret = FALSE;
do {
$needed = explode("|", $needed_rights);
foreach ($list as $k => $v) {
rg_log_debug('k=' . $k . ': ' . rg_array2string($v));
// Test IP
if (rg_rights_test_ip($v['ip'], $ip) !== TRUE)
continue;
// Test 'misc' match
if (!empty($v['misc'])) {
$cmp_func = $rg_rights_cmp_func[$v['type']];
$r = $cmp_func($v['misc'], $misc);
if ($r !== TRUE) {
rg_log_debug('cmp function returned !TRUE');
continue;
}
}
// empty = no rights => stop processing
// This check must be after ip/misc tests!
if (empty($v['rights']))
break;
// Test rights
$have_a_match = FALSE;
foreach ($needed as $needed1) {
$r = rg_rights_mask($v['rights'], $needed1);
if (strcmp($r, $needed1) != 0) {
rg_log_debug('mask[' . $r . '] != needed['
. $needed1 . ']! Continue.');
continue;
}
$have_a_match = TRUE;
break;
}
if ($have_a_match === FALSE)
continue;
rg_log_debug('rule id ' . $k . ' match');
$ret = TRUE;
break;
}
} while (0);
if ($ret === FALSE)
rg_log('deny');
rg_log_exit();
return $ret;
}
/*
* Returns TRUE if all 'needed_rights' are included in 'rights'
* @a[needed_rights]: rights letters; you can use "ab|cd" = (a AND B) OR (C AND d)
*/
function rg_rights_allow($db, $a)
{
rg_log_debug('rights_allow: a: ' . serialize($a));
$obj_id = $a['obj_id'];
$type = $a['type'];
if (isset($a['owner'])) {
$owner = $a['owner'];
} else {
$ui_page = rg_ui_page();
$owner = $ui_page['uid'];
}
if (isset($a['uid'])) {
$uid = $a['uid'];
$username = $a['username'];
} else {
$ui_login = rg_ui_login();
$uid = $ui_login['uid'];
$username = $ui_login['username'];
}
$needed_rights = $a['needed_rights'];
$misc = isset($a['misc']) ? $a['misc'] : '';
// TODO - what about IP restrictions, for example?
//if ($uid == $owner)
// return TRUE;
$right_id = 0;
// TODO: we may pass $a?
$r = rg_rights_get($db, $obj_id, $type, $owner, $uid, $right_id);
if ($r['ok'] != 1)
return FALSE;
// TODO: we may call rg_rights_test here and return if it is ok [perf]
// We must replace @USER@ with the logged-in user
if ($uid > 0) {
foreach ($r['list'] as $index => &$e) {
if (!strstr($e['misc'], '@USER@'))
continue;
$_old = $e['misc'];
$e['misc'] = str_replace('@USER@',
$username, $e['misc']);
rg_log_debug('[' . $_old . '] -> [' . $e['misc'] . ']');
}
//rg_log_debug('r[list]=' . print_r($r['list'], TRUE));
}
$r = rg_rights_test($r['list'], $needed_rights, rg_ip(), $misc);
if ($r !== TRUE) {
rg_rights_set_error('you do not have rights');
return FALSE;
}
return TRUE;
}
/*
* Just a simple helper for rg_rights_allow
*/
function rg_rights_allow2($db, $type, $obj_id, $needed_rights, $misc)
{
$x = array();
$x['type'] = $type;
$x['obj_id'] = $obj_id;
$x['needed_rights'] = $needed_rights;
$x['misc'] = $misc;
return rg_rights_allow($db, $x);
}
/*
* Delete a list of rights
* Caller must be sure that the user is allowed to operate on 'obj_id'.
*/
function rg_rights_delete_list($db, $type, $obj_id, $list)
{
rg_prof_start("rights_delete_list");
rg_log_enter("rights_delete_list: type=$type obj_id=$obj_id"
. " list=" . rg_array2string($list));
$ret = FALSE;
while (1) {
$db_list = implode(",", $list);
$params = array("obj_id" => $obj_id);
$sql = "DELETE FROM rights"
. " WHERE obj_id = @@obj_id@@"
. " AND right_id IN (" . $db_list . ")";
$res = rg_sql_query_params($db, $sql, $params);
if ($res === FALSE) {
rg_rights_set_error("cannot mass delete (" . rg_sql_error() . ")!");
break;
}
// invalidate cache; TODO: this is the best way?
rg_cache_unset('rights_by_obj_id::' . $obj_id
. '::' . $type, RG_SOCKET_NO_WAIT);
break;
}
rg_log_exit();
rg_prof_end("rights_delete_list");
return TRUE;
}
/*
* Helper for high level functions - get rights data for a request
*/
function rg_rights_load_vars()
{
$a = array();
$a['right_id'] = rg_var_uint('right_id');
$a['edit_id'] = rg_var_uint('edit_id');
$a['username'] = trim(rg_var_str('username'));
$a['rights'] = rg_rights_a2s(rg_var_str('rights'));
$a['misc'] = trim(rg_var_str('misc'));
$a['ip'] = trim(rg_var_str('ip'));
$a['prio'] = rg_var_uint('prio');
$a['description'] = trim(rg_var_str('description'));
//rg_log_ml('CHECK: a(POST)=' . print_r($a, TRUE));
return $a;
}
/*
* High level function for admin rights
* @base_type: 'type' to check for Grant/Revoke rights (think about 'repo',
* where we have Grant/Revoke on 'repo' type, not 'repo_*' types.
*/
function rg_rights_high_level($db, $rg, $base_type, $type, $owner, $obj_id)
{
rg_log_enter('rights_high_level base_type=' . $base_type
. ' type=' . $type
. ' owner=' . $owner . ' obj_id=' . $obj_id);
$ret = '';
$a = rg_rights_load_vars();
$a['type'] = $type;
$list_errmsg = array();
$errmsg = array();
$load_defaults = TRUE;
$delete = rg_var_bool('delete');
while ($delete == 1) {
if (!rg_valid_referer()) {
$errmsg[] = 'invalid referer; try again';
break;
}
if (!rg_token_valid($db, $rg, 'rights-' . $type, FALSE)) {
$errmsg[] = 'invalid token; try again';
break;
}
$list = rg_var_uint('rights_delete_ids');
if (empty($list)) {
$list_errmsg[] = 'please select at least one item';
break;
}
$my_list = array();
foreach ($list as $k => $junk)
$my_list[] = $k;
$r = rg_rights_allow2($db, $base_type, $obj_id, 'g', '');
if ($r !== TRUE) {
$errmsg[] = rg_rights_error();
break;
}
$r = rg_rights_delete_list($db, $type, $obj_id, $my_list);
if ($r !== TRUE) {
$list_errmsg[] = 'cannot delete rights: ' . rg_rights_error();
break;
}
$ret .= rg_template('rights/delete_ok.html', $rg, TRUE /*xss*/);
break;
}
// edit
while ($a['edit_id'] > 0) {
$r = rg_rights_get($db, $obj_id, $type, $owner, -1, $a['edit_id']);
if ($r['ok'] != 1) {
$list_errmsg[] = 'cannot load rights: ' . rg_rights_error();
break;
}
if (empty($r['list'])) {
$list_errmsg[] = 'right not found';
break;
}
// Only one right is returned when we edit by right_id
$a = $r['list'][0];
$load_defaults = FALSE;
break;
}
$rg['HTML:grant_note'] = '';
$grant = rg_var_uint('grant');
while ($grant == 1) {
$load_defaults = FALSE;
if (!rg_valid_referer()) {
$errmsg[] = 'invalid referer; try again';
break;
}
if (!rg_token_valid($db, $rg, 'rights-' . $type, FALSE)) {
$errmsg[] = 'invalid token; try again';
break;
}
if (strcmp($a['username'], '*') == 0) {
$a['uid'] = 0;
} else {
$_ui = rg_user_info($db, 0, $a['username'], '');
if ($_ui['exists'] == 1) {
$a['uid'] = $_ui['uid'];
} else {
$errmsg[] = rg_template_blind('rights/invalid_user.html');
break;
}
}
$r = rg_rights_allow2($db, $base_type, $obj_id, 'G', '');
if ($r !== TRUE) {
$errmsg[] = rg_rights_error();
break;
}
$a['obj_id'] = $obj_id;
$r = rg_rights_set($db, $type, $a);
if ($r !== TRUE) {
$errmsg[] = rg_rights_error();
break;
}
$rg['HTML:grant_note'] = rg_template('rights/grant_ok.html',
$rg, TRUE /*xss*/);
$load_defaults = TRUE;
break;
}
if ($load_defaults) {
$rg['right_id'] = 0;
$rg['username'] = '';
$rg['rights'] = rg_rights_default($type);
$rg['description'] = '';
$rg['misc'] = '';
$rg['ip'] = '';
$rg['prio'] = 100;
} else {
$rg = rg_array_merge($rg, '', $a);
}
$rg['rg_form_token'] = rg_token_get($db, $rg, 'rights-' . $type);
$rg['HTML:grant_errmsg'] = rg_template_errmsg($errmsg);
$rg['HTML:list_errmsg'] = rg_template_errmsg($list_errmsg);
$rg['HTML:rights_checkboxes'] = rg_rights_checkboxes($type, 'rights',
$rg['rights']);
// list rights
$r = rg_rights_get($db, $obj_id, $type, $owner, -1, 0);
if ($r['ok'] != 1)
$ret .= rg_warning('Cannot load rights. Try later.');
else
$ret .= rg_template_table('rights/list_' . $type, $r['list'], $rg);
$ret .= rg_template('rights/form_' . $type . '.html', $rg, TRUE /*xss*/);
// hints
$hints = array();
$hints[]['HTML:hint'] = rg_template('hints/rights/edit_rights.html',
$rg, TRUE /*xss*/);
$hints[]['HTML:hint'] = rg_template('hints/rights/edit_'
. $type . '.html', $rg, TRUE /*xss*/);
$ret .= rg_template_table('hints/list', $hints, $rg);
rg_log_exit();
return $ret;
}
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 108 | acc2186b1d357966e09df32afcea14933f5f0c78 | .gitignore |
| 100644 | blob | 375 | 1f425bcd2049c526744d449511094fc045ceac74 | AUTHORS |
| 100644 | blob | 1847 | fd1f7a627adc85dec9ebd72ae9e6b4c941b82f8f | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 3624 | 1c4ccf9cceb2e56ae71334442aff3183b242c333 | Makefile.in |
| 100644 | blob | 5325 | 96c40d868ce10b715299085ccffb30f96a730cf3 | README |
| 100644 | blob | 190331 | 0418946bd5fc97da80f0bbd2e918c657536c01e6 | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 967 | 56bbaa7c937381fb10a2907b6bbe056ef8cc824a | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100644 | blob | 5328 | d5be4cc3f15d059ad8d267d800c602e9774816a8 | compare.csv |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 811af39b8be55c3a36147dd06b040e86de4e9d4a | debian |
| 040000 | tree | - | 7108e9538d908ff384482155efcaef836a057a2c | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 18252 | e2438615edba7066a730ed6a796a5302263f1f37 | duilder |
| 100644 | blob | 536 | b791516f9ec08c038e61269e0c5f38446a61e59b | duilder.conf |
| 040000 | tree | - | e330b65f3c3eea427853842a05410579de6175bd | hooks |
| 040000 | tree | - | e6ef0396dd7f12664ea681377807bdedf09ad13f | inc |
| 040000 | tree | - | e255ce234c3993998edc12bc7e93fff555376eda | misc |
| 100644 | blob | 6012 | 7cf5090db19ef7b7a1a4d962f2588464ff4f1c1f | rocketgit.spec |
| 040000 | tree | - | 85421cbfb018ff4b0eebb1741e2dcfcc72f81ada | root |
| 040000 | tree | - | 870e96f0afc7d85c97505a878609d386f81748d8 | samples |
| 040000 | tree | - | 589b9039f8bbb597747e4e78cdfc26be35ead352 | scripts |
| 040000 | tree | - | 454044f7e286fe13ec18598fce6b613190f52e5e | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | d9260d3cf0d6490be720312893600a8041bf991b | techdocs |
| 040000 | tree | - | 5dbc11970335b2e208d92e525d2b6ef49dcce3c3 | tests |
| 040000 | tree | - | e810d7397575886ef495708d571eb3675f6928ba | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!