Fossil

Check-in [4b545a8a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fixes to the capability reduction on subrepositories.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | sub-repos
Files: files | file ages | folders
SHA1: 4b545a8a0243c1072e0e05c578dbaf7ea9bd16aa
User & Date: drh 2011-03-28 21:46:25
Context
2011-03-28
22:29
A new approach to sub-repos in which a specific user for the subrepo is specified in the CONFIG table entry. Closed-Leaf check-in: e8b15ad6 user: drh tags: sub-repos
21:46
Fixes to the capability reduction on subrepositories. check-in: 4b545a8a user: drh tags: sub-repos
21:27
Update the sub-repository capability so that it is able to restrict permissions on the sub-repository to a subset of the login permissions. check-in: c477b247 user: drh tags: sub-repos
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/login.c.

502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
...
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
...
672
673
674
675
676
677
678
679

680
681
682
683
684
685
686
...
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
  login_set_anon_nobody_capabilities();
}

/*
** Memory of settings
*/
static int login_anon_once = 1;
static char login_settings[26];

/*
** Add the default privileges of users "nobody" and "anonymous" as appropriate
** for the user g.zLogin.
*/
void login_set_anon_nobody_capabilities(void){
  if( g.zLogin && login_anon_once ){
................................................................................
** Set the global capability flags based on a capability string.
*/
void login_set_capabilities(const char *zCap){
  static char *zDev = 0;
  static char *zUser = 0;
  int i;
  for(i=0; zCap[i]; i++){
    int c = zCap[i];
    if( c<'a' || c>'z' ) continue;
    login_settings[c-'a'] = 1;
    switch( zCap[i] ){
      case 's':   g.okSetup = 1;  /* Fall thru into Admin */
      case 'a':   g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip =
                              g.okRdWiki = g.okWrWiki = g.okNewWiki =
                              g.okApndWiki = g.okHistory = g.okClone = 
                              g.okNewTkt = g.okPassword = g.okRdAddr =
                              g.okTktFmt = g.okAttach = g.okApndTkt = 1;
................................................................................
    char *z = db_text(0, "SELECT cap FROM user WHERE login='reader'");
    setCap(z, seen);
    fossil_free(z);
  }
  seen['u'-'a'] = 0;
  seen['v'-'a'] = 0;
  for(i=0; i<sizeof(seen); i++){
    if( seen[i] && login_settings[i] ) zNew[nNew++] = i+'a';

  }
  zNew[nNew] = 0;

  /* Turn off all capabilities */
  g.okSetup = 0;
  g.okAdmin = 0;
  g.okDelete = 0;
................................................................................
  g.okApndTkt = 0;
  g.okWrTkt = 0;
  g.okAttach = 0;
  g.okTktFmt = 0;
  g.okRdAddr = 0;
  g.okZip = 0;
  g.okPrivate = 0;
  memset(login_settings, 0, sizeof(login_settings));

  /* Set the reduced capabilities */
  login_set_capabilities(zNew);
  login_anon_once = 1;
  login_set_anon_nobody_capabilities();
}








<







 







<
<
<







 







|
>







 







<







502
503
504
505
506
507
508

509
510
511
512
513
514
515
...
530
531
532
533
534
535
536



537
538
539
540
541
542
543
...
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
...
696
697
698
699
700
701
702

703
704
705
706
707
708
709
  login_set_anon_nobody_capabilities();
}

/*
** Memory of settings
*/
static int login_anon_once = 1;


/*
** Add the default privileges of users "nobody" and "anonymous" as appropriate
** for the user g.zLogin.
*/
void login_set_anon_nobody_capabilities(void){
  if( g.zLogin && login_anon_once ){
................................................................................
** Set the global capability flags based on a capability string.
*/
void login_set_capabilities(const char *zCap){
  static char *zDev = 0;
  static char *zUser = 0;
  int i;
  for(i=0; zCap[i]; i++){



    switch( zCap[i] ){
      case 's':   g.okSetup = 1;  /* Fall thru into Admin */
      case 'a':   g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip =
                              g.okRdWiki = g.okWrWiki = g.okNewWiki =
                              g.okApndWiki = g.okHistory = g.okClone = 
                              g.okNewTkt = g.okPassword = g.okRdAddr =
                              g.okTktFmt = g.okAttach = g.okApndTkt = 1;
................................................................................
    char *z = db_text(0, "SELECT cap FROM user WHERE login='reader'");
    setCap(z, seen);
    fossil_free(z);
  }
  seen['u'-'a'] = 0;
  seen['v'-'a'] = 0;
  for(i=0; i<sizeof(seen); i++){
    char c = i+'a';
    if( seen[i] && login_has_capability(&c,1) ) zNew[nNew++] = i+'a';
  }
  zNew[nNew] = 0;

  /* Turn off all capabilities */
  g.okSetup = 0;
  g.okAdmin = 0;
  g.okDelete = 0;
................................................................................
  g.okApndTkt = 0;
  g.okWrTkt = 0;
  g.okAttach = 0;
  g.okTktFmt = 0;
  g.okRdAddr = 0;
  g.okZip = 0;
  g.okPrivate = 0;


  /* Set the reduced capabilities */
  login_set_capabilities(zNew);
  login_anon_once = 1;
  login_set_anon_nobody_capabilities();
}