12740540365… — Fossil SCM

M src/capabilities.c

+4 -4

		--- src/capabilities.c
		+++ src/capabilities.c
		@@ -242,14 +242,14 @@
242	242	"Admin", "Create and delete users" },
243	243	{ 'b', CAPCLASS_WIKI\|CAPCLASS_TKT, 0,
244	244	"Attach", "Add attchments to wiki or tickets" },
245	245	{ 'c', CAPCLASS_TKT, 0,
246	246	"Append-Tkt", "Append to existing tickets" },
247		-#if 0 /* Not Used */
248		- { 'd', CAPCLASS_WIKI\|CAPCLASS_TKT, 0,
249		- "Delete", "Delete wiki or tickets" },
250		-#endif
	247	+ /*
	248	+ ** d unused since fork from CVSTrac;
	249	+ ** see https://fossil-scm.org/forum/forumpost/43c78f4bef
	250	+ */
251	251	{ 'e', CAPCLASS_DATA, 0,
252	252	"View-PII", "View sensitive info such as email addresses" },
253	253	{ 'f', CAPCLASS_WIKI, 0,
254	254	"New-Wiki", "Create new wiki pages" },
255	255	{ 'g', CAPCLASS_DATA, 0,
256	256

	--- src/capabilities.c
	+++ src/capabilities.c
	@@ -242,14 +242,14 @@
242	"Admin", "Create and delete users" },
243	{ 'b', CAPCLASS_WIKI\|CAPCLASS_TKT, 0,
244	"Attach", "Add attchments to wiki or tickets" },
245	{ 'c', CAPCLASS_TKT, 0,
246	"Append-Tkt", "Append to existing tickets" },
247	#if 0 /* Not Used */
248	{ 'd', CAPCLASS_WIKI\|CAPCLASS_TKT, 0,
249	"Delete", "Delete wiki or tickets" },
250	#endif
251	{ 'e', CAPCLASS_DATA, 0,
252	"View-PII", "View sensitive info such as email addresses" },
253	{ 'f', CAPCLASS_WIKI, 0,
254	"New-Wiki", "Create new wiki pages" },
255	{ 'g', CAPCLASS_DATA, 0,
256

	--- src/capabilities.c
	+++ src/capabilities.c
	@@ -242,14 +242,14 @@
242	"Admin", "Create and delete users" },
243	{ 'b', CAPCLASS_WIKI\|CAPCLASS_TKT, 0,
244	"Attach", "Add attchments to wiki or tickets" },
245	{ 'c', CAPCLASS_TKT, 0,
246	"Append-Tkt", "Append to existing tickets" },
247	/*
248	** d unused since fork from CVSTrac;
249	** see https://fossil-scm.org/forum/forumpost/43c78f4bef
250	*/
251	{ 'e', CAPCLASS_DATA, 0,
252	"View-PII", "View sensitive info such as email addresses" },
253	{ 'f', CAPCLASS_WIKI, 0,
254	"New-Wiki", "Create new wiki pages" },
255	{ 'g', CAPCLASS_DATA, 0,
256

M src/db.c

+1 -1

		--- src/db.c
		+++ src/db.c
		@@ -2074,11 +2074,11 @@
2074	2074	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2075	2075	" VALUES('anonymous',hex(randomblob(8)),'hmnc','Anon');"
2076	2076	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2077	2077	" VALUES('nobody','','gjorz','Nobody');"
2078	2078	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2079		- " VALUES('developer','','dei','Dev');"
	2079	+ " VALUES('developer','','ei','Dev');"
2080	2080	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2081	2081	" VALUES('reader','','kptw','Reader');"
2082	2082	);
2083	2083	}
2084	2084	}
2085	2085

	--- src/db.c
	+++ src/db.c
	@@ -2074,11 +2074,11 @@
2074	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2075	" VALUES('anonymous',hex(randomblob(8)),'hmnc','Anon');"
2076	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2077	" VALUES('nobody','','gjorz','Nobody');"
2078	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2079	" VALUES('developer','','dei','Dev');"
2080	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2081	" VALUES('reader','','kptw','Reader');"
2082	);
2083	}
2084	}
2085

	--- src/db.c
	+++ src/db.c
	@@ -2074,11 +2074,11 @@
2074	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2075	" VALUES('anonymous',hex(randomblob(8)),'hmnc','Anon');"
2076	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2077	" VALUES('nobody','','gjorz','Nobody');"
2078	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2079	" VALUES('developer','','ei','Dev');"
2080	"INSERT OR IGNORE INTO user(login,pw,cap,info)"
2081	" VALUES('reader','','kptw','Reader');"
2082	);
2083	}
2084	}
2085

M src/json.c

-1

		--- src/json.c
		+++ src/json.c
		@@ -1898,11 +1898,10 @@
1898	1898	obj = cson_value_get_object(sub);
1899	1899
1900	1900	#define ADD(X,K) cson_object_set(obj, K, cson_value_new_bool(g.perm.X))
1901	1901	ADD(Setup,"setup");
1902	1902	ADD(Admin,"admin");
1903		- ADD(Delete,"delete");
1904	1903	ADD(Password,"password");
1905	1904	ADD(Query,"query"); /* don't think this one is actually used */
1906	1905	ADD(Write,"checkin");
1907	1906	ADD(Read,"checkout");
1908	1907	ADD(Hyperlink,"history");
1909	1908

	--- src/json.c
	+++ src/json.c
	@@ -1898,11 +1898,10 @@
1898	obj = cson_value_get_object(sub);
1899
1900	#define ADD(X,K) cson_object_set(obj, K, cson_value_new_bool(g.perm.X))
1901	ADD(Setup,"setup");
1902	ADD(Admin,"admin");
1903	ADD(Delete,"delete");
1904	ADD(Password,"password");
1905	ADD(Query,"query"); /* don't think this one is actually used */
1906	ADD(Write,"checkin");
1907	ADD(Read,"checkout");
1908	ADD(Hyperlink,"history");
1909

	--- src/json.c
	+++ src/json.c
	@@ -1898,11 +1898,10 @@
1898	obj = cson_value_get_object(sub);
1899
1900	#define ADD(X,K) cson_object_set(obj, K, cson_value_new_bool(g.perm.X))
1901	ADD(Setup,"setup");
1902	ADD(Admin,"admin");

1903	ADD(Password,"password");
1904	ADD(Query,"query"); /* don't think this one is actually used */
1905	ADD(Write,"checkin");
1906	ADD(Read,"checkout");
1907	ADD(Hyperlink,"history");
1908

M src/login.c

+2 -3

		--- src/login.c
		+++ src/login.c
		@@ -1227,20 +1227,19 @@
1227	1227	case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip =
1228	1228	p->RdWiki = p->WrWiki = p->NewWiki =
1229	1229	p->ApndWiki = p->Hyperlink = p->Clone =
1230	1230	p->NewTkt = p->Password = p->RdAddr =
1231	1231	p->TktFmt = p->Attach = p->ApndTkt =
1232		- p->ModWiki = p->ModTkt = p->Delete =
	1232	+ p->ModWiki = p->ModTkt =
1233	1233	p->RdForum = p->WrForum = p->ModForum =
1234	1234	p->WrTForum = p->AdminForum =
1235	1235	p->EmailAlert = p->Announce = p->Debug = 1;
1236	1236	/* Fall thru into Read/Write */
1237	1237	case 'i': p->Read = p->Write = 1; break;
1238	1238	case 'o': p->Read = 1; break;
1239	1239	case 'z': p->Zip = 1; break;
1240	1240
1241		- case 'd': p->Delete = 1; /* Not Used */ break;
1242	1241	case 'h': p->Hyperlink = 1; break;
1243	1242	case 'g': p->Clone = 1; break;
1244	1243	case 'p': p->Password = 1; break;
1245	1244
1246	1245	case 'j': p->RdWiki = 1; break;
		@@ -1320,11 +1319,11 @@
1320	1319	for(i=0; i<nCap && rc && zCap[i]; i++){
1321	1320	switch( zCap[i] ){
1322	1321	case 'a': rc = p->Admin; break;
1323	1322	case 'b': rc = p->Attach; break;
1324	1323	case 'c': rc = p->ApndTkt; break;
1325		- case 'd': rc = p->Delete; break; /* Not used */
	1324	+ /* d unused: see comment in capabilities.c */
1326	1325	case 'e': rc = p->RdAddr; break;
1327	1326	case 'f': rc = p->NewWiki; break;
1328	1327	case 'g': rc = p->Clone; break;
1329	1328	case 'h': rc = p->Hyperlink; break;
1330	1329	case 'i': rc = p->Write; break;
1331	1330

	--- src/login.c
	+++ src/login.c
	@@ -1227,20 +1227,19 @@
1227	case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip =
1228	p->RdWiki = p->WrWiki = p->NewWiki =
1229	p->ApndWiki = p->Hyperlink = p->Clone =
1230	p->NewTkt = p->Password = p->RdAddr =
1231	p->TktFmt = p->Attach = p->ApndTkt =
1232	p->ModWiki = p->ModTkt = p->Delete =
1233	p->RdForum = p->WrForum = p->ModForum =
1234	p->WrTForum = p->AdminForum =
1235	p->EmailAlert = p->Announce = p->Debug = 1;
1236	/* Fall thru into Read/Write */
1237	case 'i': p->Read = p->Write = 1; break;
1238	case 'o': p->Read = 1; break;
1239	case 'z': p->Zip = 1; break;
1240
1241	case 'd': p->Delete = 1; /* Not Used */ break;
1242	case 'h': p->Hyperlink = 1; break;
1243	case 'g': p->Clone = 1; break;
1244	case 'p': p->Password = 1; break;
1245
1246	case 'j': p->RdWiki = 1; break;
	@@ -1320,11 +1319,11 @@
1320	for(i=0; i<nCap && rc && zCap[i]; i++){
1321	switch( zCap[i] ){
1322	case 'a': rc = p->Admin; break;
1323	case 'b': rc = p->Attach; break;
1324	case 'c': rc = p->ApndTkt; break;
1325	case 'd': rc = p->Delete; break; /* Not used */
1326	case 'e': rc = p->RdAddr; break;
1327	case 'f': rc = p->NewWiki; break;
1328	case 'g': rc = p->Clone; break;
1329	case 'h': rc = p->Hyperlink; break;
1330	case 'i': rc = p->Write; break;
1331

	--- src/login.c
	+++ src/login.c
	@@ -1227,20 +1227,19 @@
1227	case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip =
1228	p->RdWiki = p->WrWiki = p->NewWiki =
1229	p->ApndWiki = p->Hyperlink = p->Clone =
1230	p->NewTkt = p->Password = p->RdAddr =
1231	p->TktFmt = p->Attach = p->ApndTkt =
1232	p->ModWiki = p->ModTkt =
1233	p->RdForum = p->WrForum = p->ModForum =
1234	p->WrTForum = p->AdminForum =
1235	p->EmailAlert = p->Announce = p->Debug = 1;
1236	/* Fall thru into Read/Write */
1237	case 'i': p->Read = p->Write = 1; break;
1238	case 'o': p->Read = 1; break;
1239	case 'z': p->Zip = 1; break;
1240

1241	case 'h': p->Hyperlink = 1; break;
1242	case 'g': p->Clone = 1; break;
1243	case 'p': p->Password = 1; break;
1244
1245	case 'j': p->RdWiki = 1; break;
	@@ -1320,11 +1319,11 @@
1319	for(i=0; i<nCap && rc && zCap[i]; i++){
1320	switch( zCap[i] ){
1321	case 'a': rc = p->Admin; break;
1322	case 'b': rc = p->Attach; break;
1323	case 'c': rc = p->ApndTkt; break;
1324	/* d unused: see comment in capabilities.c */
1325	case 'e': rc = p->RdAddr; break;
1326	case 'f': rc = p->NewWiki; break;
1327	case 'g': rc = p->Clone; break;
1328	case 'h': rc = p->Hyperlink; break;
1329	case 'i': rc = p->Write; break;
1330

M src/main.c

-1

		--- src/main.c
		+++ src/main.c
		@@ -78,11 +78,10 @@
78	78	** Holds flags for fossil user permissions.
79	79	*/
80	80	struct FossilUserPerms {
81	81	char Setup; /* s: use Setup screens on web interface */
82	82	char Admin; /* a: administrative permission */
83		- char Delete; /* d: delete wiki or tickets - Not Used */
84	83	char Password; /* p: change password */
85	84	char Query; /* q: create new reports */
86	85	char Write; /* i: xfer inbound. check-in */
87	86	char Read; /* o: xfer outbound. check-out */
88	87	char Hyperlink; /* h: enable the display of hyperlinks */
89	88

	--- src/main.c
	+++ src/main.c
	@@ -78,11 +78,10 @@
78	** Holds flags for fossil user permissions.
79	*/
80	struct FossilUserPerms {
81	char Setup; /* s: use Setup screens on web interface */
82	char Admin; /* a: administrative permission */
83	char Delete; /* d: delete wiki or tickets - Not Used */
84	char Password; /* p: change password */
85	char Query; /* q: create new reports */
86	char Write; /* i: xfer inbound. check-in */
87	char Read; /* o: xfer outbound. check-out */
88	char Hyperlink; /* h: enable the display of hyperlinks */
89

	--- src/main.c
	+++ src/main.c
	@@ -78,11 +78,10 @@
78	** Holds flags for fossil user permissions.
79	*/
80	struct FossilUserPerms {
81	char Setup; /* s: use Setup screens on web interface */
82	char Admin; /* a: administrative permission */

83	char Password; /* p: change password */
84	char Query; /* q: create new reports */
85	char Write; /* i: xfer inbound. check-in */
86	char Read; /* o: xfer outbound. check-out */
87	char Hyperlink; /* h: enable the display of hyperlinks */
88

M src/security_audit.c

+13 -8

		--- src/security_audit.c
		+++ src/security_audit.c
		@@ -94,10 +94,12 @@
94	94	** accessed using the Admin/Security-Audit menu option
95	95	** from any of the default skins.
96	96	*/
97	97	void secaudit0_page(void){
98	98	const char zAnonCap; / Capabilities of user "anonymous" and "nobody" */
	99	+ const char zDevCap; / Capabilities of user group "developer" */
	100	+ const char zReadCap; / Capabilities of user group "reader" */
99	101	const char zPubPages; / GLOB pattern for public pages */
100	102	const char zSelfCap; / Capabilities of self-registered users */
101	103	int hasSelfReg = 0; /* True if able to self-register */
102	104	char *z;
103	105	int n;
		@@ -116,10 +118,12 @@
116	118	** means that any anonymous user on the internet can access all content.
117	119	** "Private" repos require (non-anonymous) login to access all content,
118	120	** though some content may be accessible anonymously.
119	121	*/
120	122	zAnonCap = db_text("", "SELECT fullcap(NULL)");
	123	+ zDevCap = db_text("", "SELECT fullcap('v')");
	124	+ zReadCap = db_text("", "SELECT fullcap('u')");
121	125	zPubPages = db_get("public-pages",0);
122	126	hasSelfReg = db_get_boolean("self-register",0);
123	127	pCap = capability_add(0, db_get("default-perms",0));
124	128	capability_expand(pCap);
125	129	zSelfCap = capability_string(pCap);
		@@ -278,19 +282,20 @@
278	282	@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
279	283	@ from users "anonymous" and "nobody"
280	284	@ on the <a href="setup_ulist">User Configuration</a> page.
281	285	}
282	286
283		- /* Anonymous users probably should not be allowed to delete
284		- ** wiki or tickets.
285		- */
286		- if( hasAnyCap(zAnonCap, "d") ){
	287	+ /* Obsolete: */
	288	+ if( hasAnyCap(zAnonCap, "d") \|\|
	289	+ hasAnyCap(zDevCap, "d") \|\|
	290	+ hasAnyCap(zReadCap, "d") ){
287	291	@ <li><p><b>WARNING:</b>
288		- @ Anonymous users can delete wiki and tickets.
289		- @ <p>Fix this by removing the "Delete"
290		- @ privilege from users "anonymous" and "nobody" on the
291		- @ <a href="setup_ulist">User Configuration</a> page.
	292	+ @ One or more users has the <a
	293	+ @ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">obsolete</a>
	294	+ @ "d" capability. You should remove it using the
	295	+ @ <a href="setup_ulist">User Configuration</a> page in case we
	296	+ @ ever reuse the letter for another purpose.
292	297	}
293	298
294	299	/* If anonymous users are allowed to create new Wiki, then
295	300	** wiki moderation should be activated to pervent spam.
296	301	*/
297	302

	--- src/security_audit.c
	+++ src/security_audit.c
	@@ -94,10 +94,12 @@
94	** accessed using the Admin/Security-Audit menu option
95	** from any of the default skins.
96	*/
97	void secaudit0_page(void){
98	const char zAnonCap; / Capabilities of user "anonymous" and "nobody" */


99	const char zPubPages; / GLOB pattern for public pages */
100	const char zSelfCap; / Capabilities of self-registered users */
101	int hasSelfReg = 0; /* True if able to self-register */
102	char *z;
103	int n;
	@@ -116,10 +118,12 @@
116	** means that any anonymous user on the internet can access all content.
117	** "Private" repos require (non-anonymous) login to access all content,
118	** though some content may be accessible anonymously.
119	*/
120	zAnonCap = db_text("", "SELECT fullcap(NULL)");


121	zPubPages = db_get("public-pages",0);
122	hasSelfReg = db_get_boolean("self-register",0);
123	pCap = capability_add(0, db_get("default-perms",0));
124	capability_expand(pCap);
125	zSelfCap = capability_string(pCap);
	@@ -278,19 +282,20 @@
278	@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
279	@ from users "anonymous" and "nobody"
280	@ on the <a href="setup_ulist">User Configuration</a> page.
281	}
282
283	/* Anonymous users probably should not be allowed to delete
284	** wiki or tickets.
285	*/
286	if( hasAnyCap(zAnonCap, "d") ){
287	@ <li><p><b>WARNING:</b>
288	@ Anonymous users can delete wiki and tickets.
289	@ <p>Fix this by removing the "Delete"
290	@ privilege from users "anonymous" and "nobody" on the
291	@ <a href="setup_ulist">User Configuration</a> page.

292	}
293
294	/* If anonymous users are allowed to create new Wiki, then
295	** wiki moderation should be activated to pervent spam.
296	*/
297

	--- src/security_audit.c
	+++ src/security_audit.c
	@@ -94,10 +94,12 @@
94	** accessed using the Admin/Security-Audit menu option
95	** from any of the default skins.
96	*/
97	void secaudit0_page(void){
98	const char zAnonCap; / Capabilities of user "anonymous" and "nobody" */
99	const char zDevCap; / Capabilities of user group "developer" */
100	const char zReadCap; / Capabilities of user group "reader" */
101	const char zPubPages; / GLOB pattern for public pages */
102	const char zSelfCap; / Capabilities of self-registered users */
103	int hasSelfReg = 0; /* True if able to self-register */
104	char *z;
105	int n;
	@@ -116,10 +118,12 @@
118	** means that any anonymous user on the internet can access all content.
119	** "Private" repos require (non-anonymous) login to access all content,
120	** though some content may be accessible anonymously.
121	*/
122	zAnonCap = db_text("", "SELECT fullcap(NULL)");
123	zDevCap = db_text("", "SELECT fullcap('v')");
124	zReadCap = db_text("", "SELECT fullcap('u')");
125	zPubPages = db_get("public-pages",0);
126	hasSelfReg = db_get_boolean("self-register",0);
127	pCap = capability_add(0, db_get("default-perms",0));
128	capability_expand(pCap);
129	zSelfCap = capability_string(pCap);
	@@ -278,19 +282,20 @@
282	@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
283	@ from users "anonymous" and "nobody"
284	@ on the <a href="setup_ulist">User Configuration</a> page.
285	}
286
287	/* Obsolete: */
288	if( hasAnyCap(zAnonCap, "d") \|\|
289	hasAnyCap(zDevCap, "d") \|\|
290	hasAnyCap(zReadCap, "d") ){
291	@ <li><p><b>WARNING:</b>
292	@ One or more users has the <a
293	@ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">obsolete</a>
294	@ "d" capability. You should remove it using the
295	@ <a href="setup_ulist">User Configuration</a> page in case we
296	@ ever reuse the letter for another purpose.
297	}
298
299	/* If anonymous users are allowed to create new Wiki, then
300	** wiki moderation should be activated to pervent spam.
301	*/
302

M www/caps/index.md

+4 -4

		--- www/caps/index.md
		+++ www/caps/index.md
		@@ -65,12 +65,12 @@
65	65	Fossil shows how these capabilities apply hierarchically in the user
66	66	editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]`
67	67	tags next to each capability check box. If a user gets a capability from
68	68	one of the user categories already assigned to it, there is no value in
69	69	redundantly assigning that same cap to the user explicitly. For example,
70		-with the default dei cap set for the “developer” category, the cap
71		-set ve is redundant because v grants dei, which includes
	70	+with the default ei cap set for the “developer” category, the cap
	71	+set ve is redundant because v grants ei, which includes
72	72	e.
73	73
74	74	We suggest that you lean heavily on these fixed user categories when
75	75	setting up new users. Ideally, your users will group neatly into one of
76	76	the predefined categories, but if not, you might be able to shoehorn
		@@ -151,12 +151,12 @@
151	151	are all about modifying repository content: edit existing wiki pages,
152	152	change one’s own password, create new ticket report formats, and modify
153	153	existing tickets. This category would be better named “participant”.
154	154
155	155	Those in the “developer” category get the “nobody” and “anonymous” cap
156		-sets plus [d][d][e][e][i][i]: delete wiki articles and tickets, view
157		-sensitive user material, and check in changes.
	156	+sets plus [e][e][i][i]: view
	157	+sensitive user material and check in changes.
158	158
159	159	[bot]: ../antibot.wiki
160	160
161	161
162	162	## <a name="pvt"></a>Consequences of Taking a Repository Private
163	163

	--- www/caps/index.md
	+++ www/caps/index.md
	@@ -65,12 +65,12 @@
65	Fossil shows how these capabilities apply hierarchically in the user
66	editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]`
67	tags next to each capability check box. If a user gets a capability from
68	one of the user categories already assigned to it, there is no value in
69	redundantly assigning that same cap to the user explicitly. For example,
70	with the default dei cap set for the “developer” category, the cap
71	set ve is redundant because v grants dei, which includes
72	e.
73
74	We suggest that you lean heavily on these fixed user categories when
75	setting up new users. Ideally, your users will group neatly into one of
76	the predefined categories, but if not, you might be able to shoehorn
	@@ -151,12 +151,12 @@
151	are all about modifying repository content: edit existing wiki pages,
152	change one’s own password, create new ticket report formats, and modify
153	existing tickets. This category would be better named “participant”.
154
155	Those in the “developer” category get the “nobody” and “anonymous” cap
156	sets plus [d][d][e][e][i][i]: delete wiki articles and tickets, view
157	sensitive user material, and check in changes.
158
159	[bot]: ../antibot.wiki
160
161
162	## <a name="pvt"></a>Consequences of Taking a Repository Private
163

	--- www/caps/index.md
	+++ www/caps/index.md
	@@ -65,12 +65,12 @@
65	Fossil shows how these capabilities apply hierarchically in the user
66	editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]`
67	tags next to each capability check box. If a user gets a capability from
68	one of the user categories already assigned to it, there is no value in
69	redundantly assigning that same cap to the user explicitly. For example,
70	with the default ei cap set for the “developer” category, the cap
71	set ve is redundant because v grants ei, which includes
72	e.
73
74	We suggest that you lean heavily on these fixed user categories when
75	setting up new users. Ideally, your users will group neatly into one of
76	the predefined categories, but if not, you might be able to shoehorn
	@@ -151,12 +151,12 @@
151	are all about modifying repository content: edit existing wiki pages,
152	change one’s own password, create new ticket report formats, and modify
153	existing tickets. This category would be better named “participant”.
154
155	Those in the “developer” category get the “nobody” and “anonymous” cap
156	sets plus [e][e][i][i]: view
157	sensitive user material and check in changes.
158
159	[bot]: ../antibot.wiki
160
161
162	## <a name="pvt"></a>Consequences of Taking a Repository Private
163

M www/caps/ref.html

+11 -3

		--- www/caps/ref.html
		+++ www/caps/ref.html
		@@ -73,15 +73,23 @@
73	73	</td>
74	74	</tr>
75	75
76	76	<tr id="d">
77	77	<th>d</th>
78		- <th>Delete</th>
	78	+ <th>n/a</th>
79	79	<td>
80		- Delete wiki articles or tickets. Mnemonic: <b>d</b>elete.
	80	+ Legacy capability letter from Fossil's forebear <a
	81	+ href="http://cvstrac.org/">CVSTrac</a>, which has no useful
	82	+ meaning in Fossil due to its durable blockchain nature. This
	83	+ letter was assigned by default to Developer in repos created with
	84	+ Fossil 2.10 or earlier, but it has no effect in current or past
	85	+ versions of Fossil; we recommend that you remove it in case we
	86	+ ever reuse this letter for another purpose. See <a
	87	+ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">this
	88	+ post</a> for details.
81	89	</td>
82		- </tr>
	90	+ </tr>
83	91
84	92	<tr id="e">
85	93	<th>e</th>
86	94	<th>RdAddr</th>
87	95	<td>
88	96

	--- www/caps/ref.html
	+++ www/caps/ref.html
	@@ -73,15 +73,23 @@
73	</td>
74	</tr>
75
76	<tr id="d">
77	<th>d</th>
78	<th>Delete</th>
79	<td>
80	Delete wiki articles or tickets. Mnemonic: <b>d</b>elete.








81	</td>
82	</tr>
83
84	<tr id="e">
85	<th>e</th>
86	<th>RdAddr</th>
87	<td>
88

	--- www/caps/ref.html
	+++ www/caps/ref.html
	@@ -73,15 +73,23 @@
73	</td>
74	</tr>
75
76	<tr id="d">
77	<th>d</th>
78	<th>n/a</th>
79	<td>
80	Legacy capability letter from Fossil's forebear <a
81	href="http://cvstrac.org/">CVSTrac</a>, which has no useful
82	meaning in Fossil due to its durable blockchain nature. This
83	letter was assigned by default to Developer in repos created with
84	Fossil 2.10 or earlier, but it has no effect in current or past
85	versions of Fossil; we recommend that you remove it in case we
86	ever reuse this letter for another purpose. See <a
87	href="https://fossil-scm.org/forum/forumpost/43c78f4bef">this
88	post</a> for details.
89	</td>
90	</tr>
91
92	<tr id="e">
93	<th>e</th>
94	<th>RdAddr</th>
95	<td>
96

Fossil SCM

Keyboard Shortcuts