Fossil SCM

Fixes to login checking for the skin editor.

drh 2018-07-14 19:57 trunk

Commit 09e6fc3df383db287298ef7953a422e8c6abb2aebb3b02cf1d7ed33943421e45

Parent 9b7332766ff4ea0…

2 files changed +1 -1 +11 -5

M src/login.c

+1 -1

		--- src/login.c
		+++ src/login.c
		@@ -729,11 +729,11 @@
729	729	@ </div>
730	730	free(zCaptcha);
731	731	}
732	732	@ </form>
733	733	}
734		- if( g.zLogin && g.perm.Password ){
	734	+ if( login_is_individual() && g.perm.Password ){
735	735	if( email_enabled() ){
736	736	@ <hr>
737	737	@ <p>Configure <a href="%R/alerts">Email Alerts</a>
738	738	@ for user <b>%h(g.zLogin)</b></p>
739	739	}
740	740

	--- src/login.c
	+++ src/login.c
	@@ -729,11 +729,11 @@
729	@ </div>
730	free(zCaptcha);
731	}
732	@ </form>
733	}
734	if( g.zLogin && g.perm.Password ){
735	if( email_enabled() ){
736	@ <hr>
737	@ <p>Configure <a href="%R/alerts">Email Alerts</a>
738	@ for user <b>%h(g.zLogin)</b></p>
739	}
740

	--- src/login.c
	+++ src/login.c
	@@ -729,11 +729,11 @@
729	@ </div>
730	free(zCaptcha);
731	}
732	@ </form>
733	}
734	if( login_is_individual() && g.perm.Password ){
735	if( email_enabled() ){
736	@ <hr>
737	@ <p>Configure <a href="%R/alerts">Email Alerts</a>
738	@ for user <b>%h(g.zLogin)</b></p>
739	}
740

M src/skins.c

+11 -5

		--- src/skins.c
		+++ src/skins.c
		@@ -722,17 +722,19 @@
722	722
723	723	/* Check that the user is authorized to edit this skin. */
724	724	if( !g.perm.Setup ){
725	725	char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
726	726	Glob *pAllowedEditors;
	727	+ int isMatch = 0;
727	728	if( zAllowedEditors[0] ){
728	729	pAllowedEditors = glob_create(zAllowedEditors);
729		- if( !glob_match(pAllowedEditors, zAllowedEditors) ){
730		- login_needed(0);
731		- return;
732		- }
	730	+ isMatch = glob_match(pAllowedEditors, zAllowedEditors);
733	731	glob_free(pAllowedEditors);
	732	+ }
	733	+ if( isMatch==0 ){
	734	+ login_needed(0);
	735	+ return;
734	736	}
735	737	}
736	738
737	739	/* figure out which file is to be edited */
738	740	ii = atoi(PD("w","0"));
		@@ -874,19 +876,23 @@
874	876
875	877	/* Figure out if the current user is allowed to make administrative
876	878	** changes and/or edits
877	879	*/
878	880	login_check_credentials();
	881	+ if( !login_is_individual() ){
	882	+ login_needed(0);
	883	+ return;
	884	+ }
879	885	zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
880	886	if( g.perm.Setup ){
881	887	isSetup = isEditor = 1;
882	888	}else{
883	889	Glob *pAllowedEditors;
884	890	isSetup = isEditor = 0;
885	891	if( zAllowedEditors[0] ){
886	892	pAllowedEditors = glob_create(zAllowedEditors);
887		- isEditor = glob_match(pAllowedEditors, zAllowedEditors);
	893	+ isEditor = glob_match(pAllowedEditors, g.zLogin);
888	894	glob_free(pAllowedEditors);
889	895	}
890	896	}
891	897
892	898	/* Initialize the skin, if requested and authorized. */
893	899

	--- src/skins.c
	+++ src/skins.c
	@@ -722,17 +722,19 @@
722
723	/* Check that the user is authorized to edit this skin. */
724	if( !g.perm.Setup ){
725	char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
726	Glob *pAllowedEditors;

727	if( zAllowedEditors[0] ){
728	pAllowedEditors = glob_create(zAllowedEditors);
729	if( !glob_match(pAllowedEditors, zAllowedEditors) ){
730	login_needed(0);
731	return;
732	}
733	glob_free(pAllowedEditors);




734	}
735	}
736
737	/* figure out which file is to be edited */
738	ii = atoi(PD("w","0"));
	@@ -874,19 +876,23 @@
874
875	/* Figure out if the current user is allowed to make administrative
876	** changes and/or edits
877	*/
878	login_check_credentials();




879	zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
880	if( g.perm.Setup ){
881	isSetup = isEditor = 1;
882	}else{
883	Glob *pAllowedEditors;
884	isSetup = isEditor = 0;
885	if( zAllowedEditors[0] ){
886	pAllowedEditors = glob_create(zAllowedEditors);
887	isEditor = glob_match(pAllowedEditors, zAllowedEditors);
888	glob_free(pAllowedEditors);
889	}
890	}
891
892	/* Initialize the skin, if requested and authorized. */
893

	--- src/skins.c
	+++ src/skins.c
	@@ -722,17 +722,19 @@
722
723	/* Check that the user is authorized to edit this skin. */
724	if( !g.perm.Setup ){
725	char *zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
726	Glob *pAllowedEditors;
727	int isMatch = 0;
728	if( zAllowedEditors[0] ){
729	pAllowedEditors = glob_create(zAllowedEditors);
730	isMatch = glob_match(pAllowedEditors, zAllowedEditors);



731	glob_free(pAllowedEditors);
732	}
733	if( isMatch==0 ){
734	login_needed(0);
735	return;
736	}
737	}
738
739	/* figure out which file is to be edited */
740	ii = atoi(PD("w","0"));
	@@ -874,19 +876,23 @@
876
877	/* Figure out if the current user is allowed to make administrative
878	** changes and/or edits
879	*/
880	login_check_credentials();
881	if( !login_is_individual() ){
882	login_needed(0);
883	return;
884	}
885	zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin);
886	if( g.perm.Setup ){
887	isSetup = isEditor = 1;
888	}else{
889	Glob *pAllowedEditors;
890	isSetup = isEditor = 0;
891	if( zAllowedEditors[0] ){
892	pAllowedEditors = glob_create(zAllowedEditors);
893	isEditor = glob_match(pAllowedEditors, g.zLogin);
894	glob_free(pAllowedEditors);
895	}
896	}
897
898	/* Initialize the skin, if requested and authorized. */
899