Fossil SCM
Require history permission in order to clone.
Commit
13b7ac16e4e5aee70bbcb3958c9047f846e15974
Parent
4c072728b4f19ed…
3 files changed
+1
-1
+6
+2
-2
+1
-1
| --- src/clone.c | ||
| +++ src/clone.c | ||
| @@ -53,11 +53,11 @@ | ||
| 53 | 53 | db_set("last-sync-url", g.argv[2]); |
| 54 | 54 | } |
| 55 | 55 | db_multi_exec( |
| 56 | 56 | "INSERT INTO config(name,value) VALUES('server-code', hex(randomblob(20)));" |
| 57 | 57 | ); |
| 58 | - if( g.urlIsFile ){ | |
| 58 | + if( g.urlIsFile ){ | |
| 59 | 59 | Stmt q; |
| 60 | 60 | db_multi_exec("ATTACH DATABASE %Q AS orig", g.urlName); |
| 61 | 61 | db_begin_transaction(); |
| 62 | 62 | db_prepare(&q, |
| 63 | 63 | "SELECT name FROM orig.sqlite_master" |
| 64 | 64 |
| --- src/clone.c | |
| +++ src/clone.c | |
| @@ -53,11 +53,11 @@ | |
| 53 | db_set("last-sync-url", g.argv[2]); |
| 54 | } |
| 55 | db_multi_exec( |
| 56 | "INSERT INTO config(name,value) VALUES('server-code', hex(randomblob(20)));" |
| 57 | ); |
| 58 | if( g.urlIsFile ){ |
| 59 | Stmt q; |
| 60 | db_multi_exec("ATTACH DATABASE %Q AS orig", g.urlName); |
| 61 | db_begin_transaction(); |
| 62 | db_prepare(&q, |
| 63 | "SELECT name FROM orig.sqlite_master" |
| 64 |
| --- src/clone.c | |
| +++ src/clone.c | |
| @@ -53,11 +53,11 @@ | |
| 53 | db_set("last-sync-url", g.argv[2]); |
| 54 | } |
| 55 | db_multi_exec( |
| 56 | "INSERT INTO config(name,value) VALUES('server-code', hex(randomblob(20)));" |
| 57 | ); |
| 58 | if( g.urlIsFile ){ |
| 59 | Stmt q; |
| 60 | db_multi_exec("ATTACH DATABASE %Q AS orig", g.urlName); |
| 61 | db_begin_transaction(); |
| 62 | db_prepare(&q, |
| 63 | "SELECT name FROM orig.sqlite_master" |
| 64 |
+6
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -370,10 +370,16 @@ | ||
| 370 | 370 | @ formats, and change system defaults. But only the <b>Setup</b> user |
| 371 | 371 | @ is able to change the repository to |
| 372 | 372 | @ which this program is linked. |
| 373 | 373 | @ </p></li> |
| 374 | 374 | @ |
| 375 | + @ <li><p> | |
| 376 | + @ The <b>History</b> privilege allows a user to see a timeline | |
| 377 | + @ with hyperlinks to version information, to download ZIP archives | |
| 378 | + @ of individual versions, and to clone the repository. | |
| 379 | + @ </p></li> | |
| 380 | + @ | |
| 375 | 381 | @ <li><p> |
| 376 | 382 | @ No login is required for user "<b>nobody</b>". The capabilities |
| 377 | 383 | @ of this user are available to anyone without supplying a username or |
| 378 | 384 | @ password. To disable nobody access, make sure there is no user |
| 379 | 385 | @ with an ID of <b>nobody</b> or that the nobody user has no |
| 380 | 386 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -370,10 +370,16 @@ | |
| 370 | @ formats, and change system defaults. But only the <b>Setup</b> user |
| 371 | @ is able to change the repository to |
| 372 | @ which this program is linked. |
| 373 | @ </p></li> |
| 374 | @ |
| 375 | @ <li><p> |
| 376 | @ No login is required for user "<b>nobody</b>". The capabilities |
| 377 | @ of this user are available to anyone without supplying a username or |
| 378 | @ password. To disable nobody access, make sure there is no user |
| 379 | @ with an ID of <b>nobody</b> or that the nobody user has no |
| 380 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -370,10 +370,16 @@ | |
| 370 | @ formats, and change system defaults. But only the <b>Setup</b> user |
| 371 | @ is able to change the repository to |
| 372 | @ which this program is linked. |
| 373 | @ </p></li> |
| 374 | @ |
| 375 | @ <li><p> |
| 376 | @ The <b>History</b> privilege allows a user to see a timeline |
| 377 | @ with hyperlinks to version information, to download ZIP archives |
| 378 | @ of individual versions, and to clone the repository. |
| 379 | @ </p></li> |
| 380 | @ |
| 381 | @ <li><p> |
| 382 | @ No login is required for user "<b>nobody</b>". The capabilities |
| 383 | @ of this user are available to anyone without supplying a username or |
| 384 | @ password. To disable nobody access, make sure there is no user |
| 385 | @ with an ID of <b>nobody</b> or that the nobody user has no |
| 386 |
+2
-2
| --- src/xfer.c | ||
| +++ src/xfer.c | ||
| @@ -457,13 +457,13 @@ | ||
| 457 | 457 | ** |
| 458 | 458 | ** The client knows nothing. Tell all. |
| 459 | 459 | */ |
| 460 | 460 | if( blob_eq(&aToken[0], "clone") ){ |
| 461 | 461 | login_check_credentials(); |
| 462 | - if( !g.okRead ){ | |
| 462 | + if( !g.okRead || !g.okHistory ){ | |
| 463 | 463 | cgi_reset_content(); |
| 464 | - @ error not\sauthorized\sto\sread | |
| 464 | + @ error not\sauthorized\sto\sclone | |
| 465 | 465 | nErr++; |
| 466 | 466 | break; |
| 467 | 467 | } |
| 468 | 468 | isPull = 1; |
| 469 | 469 | @ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x")) |
| 470 | 470 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -457,13 +457,13 @@ | |
| 457 | ** |
| 458 | ** The client knows nothing. Tell all. |
| 459 | */ |
| 460 | if( blob_eq(&aToken[0], "clone") ){ |
| 461 | login_check_credentials(); |
| 462 | if( !g.okRead ){ |
| 463 | cgi_reset_content(); |
| 464 | @ error not\sauthorized\sto\sread |
| 465 | nErr++; |
| 466 | break; |
| 467 | } |
| 468 | isPull = 1; |
| 469 | @ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x")) |
| 470 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -457,13 +457,13 @@ | |
| 457 | ** |
| 458 | ** The client knows nothing. Tell all. |
| 459 | */ |
| 460 | if( blob_eq(&aToken[0], "clone") ){ |
| 461 | login_check_credentials(); |
| 462 | if( !g.okRead || !g.okHistory ){ |
| 463 | cgi_reset_content(); |
| 464 | @ error not\sauthorized\sto\sclone |
| 465 | nErr++; |
| 466 | break; |
| 467 | } |
| 468 | isPull = 1; |
| 469 | @ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x")) |
| 470 |