Fossil SCM
The recent change that allows Admin-only users to edit the skin affected the setup.c side of things only: there were also several bits in skins.c that checked for g.perm.Setup, so an Admin-only user couldn't actually do anthing useful.
Commit
7b58c6fddee37082ed7ed46a6992fd01b5829df9257311093420e0923fb41452
Parent
8ec908d1a06ffc4…
1 file changed
+5
-5
+5
-5
| --- src/skins.c | ||
| +++ src/skins.c | ||
| @@ -459,11 +459,11 @@ | ||
| 459 | 459 | Stmt q; |
| 460 | 460 | int seenCurrent = 0; |
| 461 | 461 | int once; |
| 462 | 462 | |
| 463 | 463 | login_check_credentials(); |
| 464 | - if( !g.perm.Setup ){ | |
| 464 | + if( !g.perm.Admin ){ | |
| 465 | 465 | login_needed(0); |
| 466 | 466 | return; |
| 467 | 467 | } |
| 468 | 468 | db_begin_transaction(); |
| 469 | 469 | zCurrent = getSkin(0); |
| @@ -693,11 +693,11 @@ | ||
| 693 | 693 | |
| 694 | 694 | /* |
| 695 | 695 | ** WEBPAGE: setup_skinedit |
| 696 | 696 | ** |
| 697 | 697 | ** Edit aspects of a skin determined by the w= query parameter. |
| 698 | -** Requires Setup privileges. | |
| 698 | +** Requires Admin or Setup privileges. | |
| 699 | 699 | ** |
| 700 | 700 | ** w=NUM -- 0=CSS, 1=footer, 2=header, 3=details, 4=js |
| 701 | 701 | ** sk=NUM -- the draft skin number |
| 702 | 702 | */ |
| 703 | 703 | void setup_skinedit(void){ |
| @@ -730,11 +730,11 @@ | ||
| 730 | 730 | /* Figure out which skin we are editing */ |
| 731 | 731 | iSkin = atoi(PD("sk","1")); |
| 732 | 732 | if( iSkin<1 || iSkin>9 ) iSkin = 1; |
| 733 | 733 | |
| 734 | 734 | /* Check that the user is authorized to edit this skin. */ |
| 735 | - if( !g.perm.Setup ){ | |
| 735 | + if( !g.perm.Admin ){ | |
| 736 | 736 | char *zAllowedEditors = ""; |
| 737 | 737 | Glob *pAllowedEditors; |
| 738 | 738 | int isMatch = 0; |
| 739 | 739 | if( login_is_individual() ){ |
| 740 | 740 | zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); |
| @@ -1057,11 +1057,11 @@ | ||
| 1057 | 1057 | @ a production-ready skin. |
| 1058 | 1058 | @ |
| 1059 | 1059 | @ <a name='step7'></a> |
| 1060 | 1060 | @ <h1>Step 7: Publish</h1> |
| 1061 | 1061 | @ |
| 1062 | - if( !g.perm.Setup ){ | |
| 1062 | + if( !g.perm.Admin ){ | |
| 1063 | 1063 | @ <p>Only administrators are allowed to publish draft skins. Contact |
| 1064 | 1064 | @ an administrator to get this "draft%d(iSkin)" skin published.</p> |
| 1065 | 1065 | }else{ |
| 1066 | 1066 | @ <p>When the draft%d(iSkin) skin is ready for production use, |
| 1067 | 1067 | @ make it the default scan by clicking the acknowledgements and |
| @@ -1082,15 +1082,15 @@ | ||
| 1082 | 1082 | } |
| 1083 | 1083 | @ |
| 1084 | 1084 | @ <a name='step8'></a> |
| 1085 | 1085 | @ <h1>Step 8: Cleanup and Undo Actions</h1> |
| 1086 | 1086 | @ |
| 1087 | - if( !g.perm.Setup ){ | |
| 1087 | + if( !g.perm.Admin ){ | |
| 1088 | 1088 | @ <p>Administrators can optionally save or restore legacy skins, and/or |
| 1089 | 1089 | @ undo a prior publish. |
| 1090 | 1090 | }else{ |
| 1091 | 1091 | @ <p>Visit the <a href='%R/setup_skin_admin'>Skin Admin</a> page |
| 1092 | 1092 | @ for cleanup and recovery actions. |
| 1093 | 1093 | } |
| 1094 | 1094 | style_load_one_js_file("skin.js"); |
| 1095 | 1095 | style_footer(); |
| 1096 | 1096 | } |
| 1097 | 1097 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -459,11 +459,11 @@ | |
| 459 | Stmt q; |
| 460 | int seenCurrent = 0; |
| 461 | int once; |
| 462 | |
| 463 | login_check_credentials(); |
| 464 | if( !g.perm.Setup ){ |
| 465 | login_needed(0); |
| 466 | return; |
| 467 | } |
| 468 | db_begin_transaction(); |
| 469 | zCurrent = getSkin(0); |
| @@ -693,11 +693,11 @@ | |
| 693 | |
| 694 | /* |
| 695 | ** WEBPAGE: setup_skinedit |
| 696 | ** |
| 697 | ** Edit aspects of a skin determined by the w= query parameter. |
| 698 | ** Requires Setup privileges. |
| 699 | ** |
| 700 | ** w=NUM -- 0=CSS, 1=footer, 2=header, 3=details, 4=js |
| 701 | ** sk=NUM -- the draft skin number |
| 702 | */ |
| 703 | void setup_skinedit(void){ |
| @@ -730,11 +730,11 @@ | |
| 730 | /* Figure out which skin we are editing */ |
| 731 | iSkin = atoi(PD("sk","1")); |
| 732 | if( iSkin<1 || iSkin>9 ) iSkin = 1; |
| 733 | |
| 734 | /* Check that the user is authorized to edit this skin. */ |
| 735 | if( !g.perm.Setup ){ |
| 736 | char *zAllowedEditors = ""; |
| 737 | Glob *pAllowedEditors; |
| 738 | int isMatch = 0; |
| 739 | if( login_is_individual() ){ |
| 740 | zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); |
| @@ -1057,11 +1057,11 @@ | |
| 1057 | @ a production-ready skin. |
| 1058 | @ |
| 1059 | @ <a name='step7'></a> |
| 1060 | @ <h1>Step 7: Publish</h1> |
| 1061 | @ |
| 1062 | if( !g.perm.Setup ){ |
| 1063 | @ <p>Only administrators are allowed to publish draft skins. Contact |
| 1064 | @ an administrator to get this "draft%d(iSkin)" skin published.</p> |
| 1065 | }else{ |
| 1066 | @ <p>When the draft%d(iSkin) skin is ready for production use, |
| 1067 | @ make it the default scan by clicking the acknowledgements and |
| @@ -1082,15 +1082,15 @@ | |
| 1082 | } |
| 1083 | @ |
| 1084 | @ <a name='step8'></a> |
| 1085 | @ <h1>Step 8: Cleanup and Undo Actions</h1> |
| 1086 | @ |
| 1087 | if( !g.perm.Setup ){ |
| 1088 | @ <p>Administrators can optionally save or restore legacy skins, and/or |
| 1089 | @ undo a prior publish. |
| 1090 | }else{ |
| 1091 | @ <p>Visit the <a href='%R/setup_skin_admin'>Skin Admin</a> page |
| 1092 | @ for cleanup and recovery actions. |
| 1093 | } |
| 1094 | style_load_one_js_file("skin.js"); |
| 1095 | style_footer(); |
| 1096 | } |
| 1097 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -459,11 +459,11 @@ | |
| 459 | Stmt q; |
| 460 | int seenCurrent = 0; |
| 461 | int once; |
| 462 | |
| 463 | login_check_credentials(); |
| 464 | if( !g.perm.Admin ){ |
| 465 | login_needed(0); |
| 466 | return; |
| 467 | } |
| 468 | db_begin_transaction(); |
| 469 | zCurrent = getSkin(0); |
| @@ -693,11 +693,11 @@ | |
| 693 | |
| 694 | /* |
| 695 | ** WEBPAGE: setup_skinedit |
| 696 | ** |
| 697 | ** Edit aspects of a skin determined by the w= query parameter. |
| 698 | ** Requires Admin or Setup privileges. |
| 699 | ** |
| 700 | ** w=NUM -- 0=CSS, 1=footer, 2=header, 3=details, 4=js |
| 701 | ** sk=NUM -- the draft skin number |
| 702 | */ |
| 703 | void setup_skinedit(void){ |
| @@ -730,11 +730,11 @@ | |
| 730 | /* Figure out which skin we are editing */ |
| 731 | iSkin = atoi(PD("sk","1")); |
| 732 | if( iSkin<1 || iSkin>9 ) iSkin = 1; |
| 733 | |
| 734 | /* Check that the user is authorized to edit this skin. */ |
| 735 | if( !g.perm.Admin ){ |
| 736 | char *zAllowedEditors = ""; |
| 737 | Glob *pAllowedEditors; |
| 738 | int isMatch = 0; |
| 739 | if( login_is_individual() ){ |
| 740 | zAllowedEditors = db_get_mprintf("", "draft%d-users", iSkin); |
| @@ -1057,11 +1057,11 @@ | |
| 1057 | @ a production-ready skin. |
| 1058 | @ |
| 1059 | @ <a name='step7'></a> |
| 1060 | @ <h1>Step 7: Publish</h1> |
| 1061 | @ |
| 1062 | if( !g.perm.Admin ){ |
| 1063 | @ <p>Only administrators are allowed to publish draft skins. Contact |
| 1064 | @ an administrator to get this "draft%d(iSkin)" skin published.</p> |
| 1065 | }else{ |
| 1066 | @ <p>When the draft%d(iSkin) skin is ready for production use, |
| 1067 | @ make it the default scan by clicking the acknowledgements and |
| @@ -1082,15 +1082,15 @@ | |
| 1082 | } |
| 1083 | @ |
| 1084 | @ <a name='step8'></a> |
| 1085 | @ <h1>Step 8: Cleanup and Undo Actions</h1> |
| 1086 | @ |
| 1087 | if( !g.perm.Admin ){ |
| 1088 | @ <p>Administrators can optionally save or restore legacy skins, and/or |
| 1089 | @ undo a prior publish. |
| 1090 | }else{ |
| 1091 | @ <p>Visit the <a href='%R/setup_skin_admin'>Skin Admin</a> page |
| 1092 | @ for cleanup and recovery actions. |
| 1093 | } |
| 1094 | style_load_one_js_file("skin.js"); |
| 1095 | style_footer(); |
| 1096 | } |
| 1097 |