Fossil SCM
Require read permission (permission to read tickets and configuration histories) to view the global timeline.
Commit
5ebcedc33eea137f80f15bfc3e8375f9029ab6a0
Parent
7fe1e734e9d6158…
4 files changed
+7
-5
+1
-1
+3
-1
+6
+7
-5
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -204,11 +204,11 @@ | ||
| 204 | 204 | } |
| 205 | 205 | |
| 206 | 206 | /* Check the login cookie to see if it matches a known valid user. |
| 207 | 207 | */ |
| 208 | 208 | if( uid==0 ){ |
| 209 | - if( (zCookie = P(login_cookie_name()))!=0 ){ | |
| 209 | + if( (zCookie = P(login_cookie_name()))!=0 && strlen(zCookie)>0 ){ | |
| 210 | 210 | uid = db_int(0, |
| 211 | 211 | "SELECT uid FROM user" |
| 212 | 212 | " WHERE uid=%d" |
| 213 | 213 | " AND cookie=%Q" |
| 214 | 214 | " AND ipaddr=%Q" |
| @@ -215,22 +215,24 @@ | ||
| 215 | 215 | " AND cexpire>julianday('now')", |
| 216 | 216 | atoi(zCookie), zCookie, zRemoteAddr |
| 217 | 217 | ); |
| 218 | 218 | }else{ |
| 219 | 219 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 220 | + g.isAnon = 1; | |
| 221 | + g.zLogin = ""; | |
| 220 | 222 | } |
| 221 | 223 | } |
| 222 | 224 | |
| 223 | 225 | if( uid==0 ){ |
| 224 | - g.isAnon = 1; | |
| 225 | - g.zLogin = ""; | |
| 226 | - zCap = db_get("nologin-cap","onrj"); | |
| 226 | + zCap = db_get("nologin-cap",""); | |
| 227 | 227 | }else if( zCap==0 ){ |
| 228 | 228 | Stmt s; |
| 229 | 229 | db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); |
| 230 | 230 | db_step(&s); |
| 231 | - g.zLogin = db_column_malloc(&s, 0); | |
| 231 | + if( !g.isAnon ){ | |
| 232 | + g.zLogin = db_column_malloc(&s, 0); | |
| 233 | + } | |
| 232 | 234 | zCap = db_column_malloc(&s, 1); |
| 233 | 235 | g.isAnon = 0; |
| 234 | 236 | db_finalize(&s); |
| 235 | 237 | } |
| 236 | 238 | g.userUid = uid; |
| 237 | 239 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -204,11 +204,11 @@ | |
| 204 | } |
| 205 | |
| 206 | /* Check the login cookie to see if it matches a known valid user. |
| 207 | */ |
| 208 | if( uid==0 ){ |
| 209 | if( (zCookie = P(login_cookie_name()))!=0 ){ |
| 210 | uid = db_int(0, |
| 211 | "SELECT uid FROM user" |
| 212 | " WHERE uid=%d" |
| 213 | " AND cookie=%Q" |
| 214 | " AND ipaddr=%Q" |
| @@ -215,22 +215,24 @@ | |
| 215 | " AND cexpire>julianday('now')", |
| 216 | atoi(zCookie), zCookie, zRemoteAddr |
| 217 | ); |
| 218 | }else{ |
| 219 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | if( uid==0 ){ |
| 224 | g.isAnon = 1; |
| 225 | g.zLogin = ""; |
| 226 | zCap = db_get("nologin-cap","onrj"); |
| 227 | }else if( zCap==0 ){ |
| 228 | Stmt s; |
| 229 | db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); |
| 230 | db_step(&s); |
| 231 | g.zLogin = db_column_malloc(&s, 0); |
| 232 | zCap = db_column_malloc(&s, 1); |
| 233 | g.isAnon = 0; |
| 234 | db_finalize(&s); |
| 235 | } |
| 236 | g.userUid = uid; |
| 237 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -204,11 +204,11 @@ | |
| 204 | } |
| 205 | |
| 206 | /* Check the login cookie to see if it matches a known valid user. |
| 207 | */ |
| 208 | if( uid==0 ){ |
| 209 | if( (zCookie = P(login_cookie_name()))!=0 && strlen(zCookie)>0 ){ |
| 210 | uid = db_int(0, |
| 211 | "SELECT uid FROM user" |
| 212 | " WHERE uid=%d" |
| 213 | " AND cookie=%Q" |
| 214 | " AND ipaddr=%Q" |
| @@ -215,22 +215,24 @@ | |
| 215 | " AND cexpire>julianday('now')", |
| 216 | atoi(zCookie), zCookie, zRemoteAddr |
| 217 | ); |
| 218 | }else{ |
| 219 | uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'"); |
| 220 | g.isAnon = 1; |
| 221 | g.zLogin = ""; |
| 222 | } |
| 223 | } |
| 224 | |
| 225 | if( uid==0 ){ |
| 226 | zCap = db_get("nologin-cap",""); |
| 227 | }else if( zCap==0 ){ |
| 228 | Stmt s; |
| 229 | db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid); |
| 230 | db_step(&s); |
| 231 | if( !g.isAnon ){ |
| 232 | g.zLogin = db_column_malloc(&s, 0); |
| 233 | } |
| 234 | zCap = db_column_malloc(&s, 1); |
| 235 | g.isAnon = 0; |
| 236 | db_finalize(&s); |
| 237 | } |
| 238 | g.userUid = uid; |
| 239 |
+1
-1
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -112,11 +112,11 @@ | ||
| 112 | 112 | @ <td align="center">%s(db_column_text(&s,2))</td> |
| 113 | 113 | @ <td align="left">%s(db_column_text(&s,3))</td> |
| 114 | 114 | @ </tr> |
| 115 | 115 | } |
| 116 | 116 | @ </table></td></tr></table> |
| 117 | - @ <p> | |
| 117 | + @ <p style="clear:both"> | |
| 118 | 118 | @ <b>Notes:</b> |
| 119 | 119 | @ <ol> |
| 120 | 120 | @ <li><p>The permission flags are as follows:</p> |
| 121 | 121 | @ <table> |
| 122 | 122 | @ <tr><td>a</td><td width="10"></td> |
| 123 | 123 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -112,11 +112,11 @@ | |
| 112 | @ <td align="center">%s(db_column_text(&s,2))</td> |
| 113 | @ <td align="left">%s(db_column_text(&s,3))</td> |
| 114 | @ </tr> |
| 115 | } |
| 116 | @ </table></td></tr></table> |
| 117 | @ <p> |
| 118 | @ <b>Notes:</b> |
| 119 | @ <ol> |
| 120 | @ <li><p>The permission flags are as follows:</p> |
| 121 | @ <table> |
| 122 | @ <tr><td>a</td><td width="10"></td> |
| 123 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -112,11 +112,11 @@ | |
| 112 | @ <td align="center">%s(db_column_text(&s,2))</td> |
| 113 | @ <td align="left">%s(db_column_text(&s,3))</td> |
| 114 | @ </tr> |
| 115 | } |
| 116 | @ </table></td></tr></table> |
| 117 | @ <p style="clear:both"> |
| 118 | @ <b>Notes:</b> |
| 119 | @ <ol> |
| 120 | @ <li><p>The permission flags are as follows:</p> |
| 121 | @ <table> |
| 122 | @ <tr><td>a</td><td width="10"></td> |
| 123 |
+3
-1
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -84,11 +84,13 @@ | ||
| 84 | 84 | }else{ |
| 85 | 85 | @ <small>logged in as %h(g.zLogin)</small> |
| 86 | 86 | } |
| 87 | 87 | @ </td><td valign="top" align="right"> |
| 88 | 88 | @ <a href="%s(g.zBaseURL)/index">Home</a> |
| 89 | - @ | <a href="%s(g.zBaseURL)/timeline">Timeline</a> | |
| 89 | + if( g.okRdTkt ){ | |
| 90 | + @ | <a href="%s(g.zBaseURL)/timeline">Timeline</a> | |
| 91 | + } | |
| 90 | 92 | if( g.okRdWiki ){ |
| 91 | 93 | @ | <a href="%s(g.zBaseURL)/wiki">Wiki</a> |
| 92 | 94 | } |
| 93 | 95 | #if 0 |
| 94 | 96 | @ | <font color="#888888">Search</font> |
| 95 | 97 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -84,11 +84,13 @@ | |
| 84 | }else{ |
| 85 | @ <small>logged in as %h(g.zLogin)</small> |
| 86 | } |
| 87 | @ </td><td valign="top" align="right"> |
| 88 | @ <a href="%s(g.zBaseURL)/index">Home</a> |
| 89 | @ | <a href="%s(g.zBaseURL)/timeline">Timeline</a> |
| 90 | if( g.okRdWiki ){ |
| 91 | @ | <a href="%s(g.zBaseURL)/wiki">Wiki</a> |
| 92 | } |
| 93 | #if 0 |
| 94 | @ | <font color="#888888">Search</font> |
| 95 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -84,11 +84,13 @@ | |
| 84 | }else{ |
| 85 | @ <small>logged in as %h(g.zLogin)</small> |
| 86 | } |
| 87 | @ </td><td valign="top" align="right"> |
| 88 | @ <a href="%s(g.zBaseURL)/index">Home</a> |
| 89 | if( g.okRdTkt ){ |
| 90 | @ | <a href="%s(g.zBaseURL)/timeline">Timeline</a> |
| 91 | } |
| 92 | if( g.okRdWiki ){ |
| 93 | @ | <a href="%s(g.zBaseURL)/wiki">Wiki</a> |
| 94 | } |
| 95 | #if 0 |
| 96 | @ | <font color="#888888">Search</font> |
| 97 |
+6
| --- src/timeline.c | ||
| +++ src/timeline.c | ||
| @@ -52,10 +52,16 @@ | ||
| 52 | 52 | ** WEBPAGE: timeline |
| 53 | 53 | */ |
| 54 | 54 | void page_timeline(void){ |
| 55 | 55 | Stmt q; |
| 56 | 56 | char zPrevDate[20]; |
| 57 | + | |
| 58 | + /* To view the timeline, must have permission to read project data. | |
| 59 | + */ | |
| 60 | + login_check_credentials(); | |
| 61 | + if( !g.okRdTkt ){ login_needed(); return; } | |
| 62 | + | |
| 57 | 63 | style_header("Timeline"); |
| 58 | 64 | zPrevDate[0] = 0; |
| 59 | 65 | db_prepare(&q, |
| 60 | 66 | "SELECT uuid, datetime(event.mtime,'localtime'), comment, user" |
| 61 | 67 | " FROM event, blob" |
| 62 | 68 |
| --- src/timeline.c | |
| +++ src/timeline.c | |
| @@ -52,10 +52,16 @@ | |
| 52 | ** WEBPAGE: timeline |
| 53 | */ |
| 54 | void page_timeline(void){ |
| 55 | Stmt q; |
| 56 | char zPrevDate[20]; |
| 57 | style_header("Timeline"); |
| 58 | zPrevDate[0] = 0; |
| 59 | db_prepare(&q, |
| 60 | "SELECT uuid, datetime(event.mtime,'localtime'), comment, user" |
| 61 | " FROM event, blob" |
| 62 |
| --- src/timeline.c | |
| +++ src/timeline.c | |
| @@ -52,10 +52,16 @@ | |
| 52 | ** WEBPAGE: timeline |
| 53 | */ |
| 54 | void page_timeline(void){ |
| 55 | Stmt q; |
| 56 | char zPrevDate[20]; |
| 57 | |
| 58 | /* To view the timeline, must have permission to read project data. |
| 59 | */ |
| 60 | login_check_credentials(); |
| 61 | if( !g.okRdTkt ){ login_needed(); return; } |
| 62 | |
| 63 | style_header("Timeline"); |
| 64 | zPrevDate[0] = 0; |
| 65 | db_prepare(&q, |
| 66 | "SELECT uuid, datetime(event.mtime,'localtime'), comment, user" |
| 67 | " FROM event, blob" |
| 68 |