Fossil SCM
Fixed /json/user perms discrepancies - Super users could save but not load other users.
Commit
21b57d8c5d6e26b6b88d69e9b873b8b83e5be3ba
Parent
b80432694047006…
1 file changed
+5
-4
+5
-4
| --- src/json_user.c | ||
| +++ src/json_user.c | ||
| @@ -57,12 +57,13 @@ | ||
| 57 | 57 | ** Impl of /json/user/list. Requires admin rights. |
| 58 | 58 | */ |
| 59 | 59 | static cson_value * json_user_list(){ |
| 60 | 60 | cson_value * payV = NULL; |
| 61 | 61 | Stmt q; |
| 62 | - if(!g.perm.Admin){ | |
| 63 | - g.json.resultCode = FSL_JSON_E_DENIED; | |
| 62 | + if(!g.perm.Admin && !g.perm.Setup){ | |
| 63 | + json_set_err(FSL_JSON_E_DENIED, | |
| 64 | + "Requires 'a' or 's' privileges."); | |
| 64 | 65 | return NULL; |
| 65 | 66 | } |
| 66 | 67 | db_prepare(&q,"SELECT uid AS uid," |
| 67 | 68 | " login AS name," |
| 68 | 69 | " cap AS capabilities," |
| @@ -129,13 +130,13 @@ | ||
| 129 | 130 | ** Impl of /json/user/get. Requires admin rights. |
| 130 | 131 | */ |
| 131 | 132 | static cson_value * json_user_get(){ |
| 132 | 133 | cson_value * payV = NULL; |
| 133 | 134 | char const * pUser = NULL; |
| 134 | - if(!g.perm.Admin){ | |
| 135 | + if(!g.perm.Admin && !g.perm.Setup){ | |
| 135 | 136 | json_set_err(FSL_JSON_E_DENIED, |
| 136 | - "Requires 'a' privileges."); | |
| 137 | + "Requires 'a' or 's' privileges."); | |
| 137 | 138 | return NULL; |
| 138 | 139 | } |
| 139 | 140 | pUser = json_command_arg(g.json.dispatchDepth+1); |
| 140 | 141 | if( g.isHTTP && (!pUser || !*pUser) ){ |
| 141 | 142 | pUser = json_getenv_cstr("name") |
| 142 | 143 |
| --- src/json_user.c | |
| +++ src/json_user.c | |
| @@ -57,12 +57,13 @@ | |
| 57 | ** Impl of /json/user/list. Requires admin rights. |
| 58 | */ |
| 59 | static cson_value * json_user_list(){ |
| 60 | cson_value * payV = NULL; |
| 61 | Stmt q; |
| 62 | if(!g.perm.Admin){ |
| 63 | g.json.resultCode = FSL_JSON_E_DENIED; |
| 64 | return NULL; |
| 65 | } |
| 66 | db_prepare(&q,"SELECT uid AS uid," |
| 67 | " login AS name," |
| 68 | " cap AS capabilities," |
| @@ -129,13 +130,13 @@ | |
| 129 | ** Impl of /json/user/get. Requires admin rights. |
| 130 | */ |
| 131 | static cson_value * json_user_get(){ |
| 132 | cson_value * payV = NULL; |
| 133 | char const * pUser = NULL; |
| 134 | if(!g.perm.Admin){ |
| 135 | json_set_err(FSL_JSON_E_DENIED, |
| 136 | "Requires 'a' privileges."); |
| 137 | return NULL; |
| 138 | } |
| 139 | pUser = json_command_arg(g.json.dispatchDepth+1); |
| 140 | if( g.isHTTP && (!pUser || !*pUser) ){ |
| 141 | pUser = json_getenv_cstr("name") |
| 142 |
| --- src/json_user.c | |
| +++ src/json_user.c | |
| @@ -57,12 +57,13 @@ | |
| 57 | ** Impl of /json/user/list. Requires admin rights. |
| 58 | */ |
| 59 | static cson_value * json_user_list(){ |
| 60 | cson_value * payV = NULL; |
| 61 | Stmt q; |
| 62 | if(!g.perm.Admin && !g.perm.Setup){ |
| 63 | json_set_err(FSL_JSON_E_DENIED, |
| 64 | "Requires 'a' or 's' privileges."); |
| 65 | return NULL; |
| 66 | } |
| 67 | db_prepare(&q,"SELECT uid AS uid," |
| 68 | " login AS name," |
| 69 | " cap AS capabilities," |
| @@ -129,13 +130,13 @@ | |
| 130 | ** Impl of /json/user/get. Requires admin rights. |
| 131 | */ |
| 132 | static cson_value * json_user_get(){ |
| 133 | cson_value * payV = NULL; |
| 134 | char const * pUser = NULL; |
| 135 | if(!g.perm.Admin && !g.perm.Setup){ |
| 136 | json_set_err(FSL_JSON_E_DENIED, |
| 137 | "Requires 'a' or 's' privileges."); |
| 138 | return NULL; |
| 139 | } |
| 140 | pUser = json_command_arg(g.json.dispatchDepth+1); |
| 141 | if( g.isHTTP && (!pUser || !*pUser) ){ |
| 142 | pUser = json_getenv_cstr("name") |
| 143 |