Fossil SCM
Only allow users with appropriate privileges to see private and phantom artifacts in the /bloblist report.
Commit
7b6b567155e4ec3b1c8b888abf2a8bd91c59e7b8da3fcb937df6e040fe536894
Parent
ea83cdad1d9bb63…
1 file changed
+29
-14
+29
-14
| --- src/name.c | ||
| +++ src/name.c | ||
| @@ -1135,11 +1135,11 @@ | ||
| 1135 | 1135 | if( zLabel ){ |
| 1136 | 1136 | fossil_print("%s\n", zLabel); |
| 1137 | 1137 | zLabel = 0; |
| 1138 | 1138 | } |
| 1139 | 1139 | fossil_print(" %.16s %s", db_column_text(&q,0), db_column_text(&q,1)); |
| 1140 | - if( db_column_int(&q,2) ) fossil_print(" (unpublished)"); | |
| 1140 | + if( db_column_int(&q,2) ) fossil_print(" (private)"); | |
| 1141 | 1141 | fossil_print("\n"); |
| 1142 | 1142 | cnt++; |
| 1143 | 1143 | } |
| 1144 | 1144 | db_finalize(&q); |
| 1145 | 1145 | if( zWhere!=0 ) db_multi_exec("DELETE FROM description;"); |
| @@ -1172,20 +1172,20 @@ | ||
| 1172 | 1172 | ** |
| 1173 | 1173 | ** Return a page showing all artifacts in the repository. Query parameters: |
| 1174 | 1174 | ** |
| 1175 | 1175 | ** n=N Show N artifacts |
| 1176 | 1176 | ** s=S Start with artifact number S |
| 1177 | -** unpub Show only unpublished artifacts | |
| 1177 | +** priv Show only unpublished or private artifacts | |
| 1178 | 1178 | ** phan Show only phantom artifacts |
| 1179 | 1179 | ** hclr Color code hash types (SHA1 vs SHA3) |
| 1180 | 1180 | */ |
| 1181 | 1181 | void bloblist_page(void){ |
| 1182 | 1182 | Stmt q; |
| 1183 | 1183 | int s = atoi(PD("s","0")); |
| 1184 | 1184 | int n = atoi(PD("n","5000")); |
| 1185 | 1185 | int mx = db_int(0, "SELECT max(rid) FROM blob"); |
| 1186 | - int unpubOnly = PB("unpub"); | |
| 1186 | + int privOnly = PB("priv"); | |
| 1187 | 1187 | int phantomOnly = PB("phan"); |
| 1188 | 1188 | int hashClr = PB("hclr"); |
| 1189 | 1189 | char *zRange; |
| 1190 | 1190 | char *zSha1Bg; |
| 1191 | 1191 | char *zSha3Bg; |
| @@ -1194,21 +1194,28 @@ | ||
| 1194 | 1194 | if( !g.perm.Read ){ login_needed(g.anon.Read); return; } |
| 1195 | 1195 | style_header("List Of Artifacts"); |
| 1196 | 1196 | style_submenu_element("250 Largest", "bigbloblist"); |
| 1197 | 1197 | if( g.perm.Admin ){ |
| 1198 | 1198 | style_submenu_element("Artifact Log", "rcvfromlist"); |
| 1199 | + if( !phantomOnly ){ | |
| 1200 | + style_submenu_element("Phantoms", "bloblist?phan"); | |
| 1201 | + } | |
| 1202 | + }else{ | |
| 1203 | + privOnly = 0; | |
| 1204 | + phantomOnly = 0; | |
| 1205 | + } | |
| 1206 | + if( g.perm.Private ){ | |
| 1207 | + if( !privOnly ){ | |
| 1208 | + style_submenu_element("Private", "bloblist?priv"); | |
| 1209 | + } | |
| 1210 | + }else{ | |
| 1211 | + privOnly = 0; | |
| 1199 | 1212 | } |
| 1200 | 1213 | if( g.perm.Write ){ |
| 1201 | 1214 | style_submenu_element("Artifact Stats", "artifact_stats"); |
| 1202 | 1215 | } |
| 1203 | - if( !unpubOnly ){ | |
| 1204 | - style_submenu_element("Unpublished", "bloblist?unpub"); | |
| 1205 | - } | |
| 1206 | - if( !phantomOnly ){ | |
| 1207 | - style_submenu_element("Phantoms", "bloblist?phan"); | |
| 1208 | - } | |
| 1209 | - if( !unpubOnly && !phantomOnly && mx>n && P("s")==0 ){ | |
| 1216 | + if( !privOnly && !phantomOnly && mx>n && P("s")==0 ){ | |
| 1210 | 1217 | int i; |
| 1211 | 1218 | @ <p>Select a range of artifacts to view:</p> |
| 1212 | 1219 | @ <ul> |
| 1213 | 1220 | for(i=1; i<=mx; i+=n){ |
| 1214 | 1221 | @ <li> %z(href("%R/bloblist?s=%d&n=%d",i,n)) |
| @@ -1216,14 +1223,14 @@ | ||
| 1216 | 1223 | } |
| 1217 | 1224 | @ </ul> |
| 1218 | 1225 | style_footer(); |
| 1219 | 1226 | return; |
| 1220 | 1227 | } |
| 1221 | - if( phantomOnly || unpubOnly || mx>n ){ | |
| 1228 | + if( phantomOnly || privOnly || mx>n ){ | |
| 1222 | 1229 | style_submenu_element("Index", "bloblist"); |
| 1223 | 1230 | } |
| 1224 | - if( unpubOnly ){ | |
| 1231 | + if( privOnly ){ | |
| 1225 | 1232 | zRange = mprintf("IN private"); |
| 1226 | 1233 | }else if( phantomOnly ){ |
| 1227 | 1234 | zRange = mprintf("IN (SELECT rid FROM blob WHERE size<0)"); |
| 1228 | 1235 | }else{ |
| 1229 | 1236 | zRange = mprintf("BETWEEN %d AND %d", s, s+n-1); |
| @@ -1246,10 +1253,18 @@ | ||
| 1246 | 1253 | int rid = db_column_int(&q,0); |
| 1247 | 1254 | const char *zUuid = db_column_text(&q, 1); |
| 1248 | 1255 | const char *zDesc = db_column_text(&q, 2); |
| 1249 | 1256 | int isPriv = db_column_int(&q,3); |
| 1250 | 1257 | int isPhantom = db_column_int(&q,4); |
| 1258 | + if( isPhantom && !g.perm.Admin ){ | |
| 1259 | + /* Do not show phantom artifacts to non-admin users */ | |
| 1260 | + continue; | |
| 1261 | + } | |
| 1262 | + if( isPriv && !g.perm.Private ){ | |
| 1263 | + /* Don't show private artifacts to users without Private (x) permission */ | |
| 1264 | + continue; | |
| 1265 | + } | |
| 1251 | 1266 | if( hashClr ){ |
| 1252 | 1267 | const char *zClr = db_column_bytes(&q,1)>40 ? zSha3Bg : zSha1Bg; |
| 1253 | 1268 | @ <tr style='background-color:%s(zClr);'><td align="right">%d(rid)</td> |
| 1254 | 1269 | }else{ |
| 1255 | 1270 | @ <tr><td align="right">%d(rid)</td> |
| @@ -1258,13 +1273,13 @@ | ||
| 1258 | 1273 | @ <td align="left">%h(zDesc)</td> |
| 1259 | 1274 | if( isPriv || isPhantom ){ |
| 1260 | 1275 | if( isPriv==0 ){ |
| 1261 | 1276 | @ <td> (phantom)</td> |
| 1262 | 1277 | }else if( isPhantom==0 ){ |
| 1263 | - @ <td> (unpublished)</td> | |
| 1278 | + @ <td> (private)</td> | |
| 1264 | 1279 | }else{ |
| 1265 | - @ <td> (unpublished,phantom)</td> | |
| 1280 | + @ <td> (private,phantom)</td> | |
| 1266 | 1281 | } |
| 1267 | 1282 | } |
| 1268 | 1283 | @ </tr> |
| 1269 | 1284 | } |
| 1270 | 1285 | @ </table> |
| 1271 | 1286 |
| --- src/name.c | |
| +++ src/name.c | |
| @@ -1135,11 +1135,11 @@ | |
| 1135 | if( zLabel ){ |
| 1136 | fossil_print("%s\n", zLabel); |
| 1137 | zLabel = 0; |
| 1138 | } |
| 1139 | fossil_print(" %.16s %s", db_column_text(&q,0), db_column_text(&q,1)); |
| 1140 | if( db_column_int(&q,2) ) fossil_print(" (unpublished)"); |
| 1141 | fossil_print("\n"); |
| 1142 | cnt++; |
| 1143 | } |
| 1144 | db_finalize(&q); |
| 1145 | if( zWhere!=0 ) db_multi_exec("DELETE FROM description;"); |
| @@ -1172,20 +1172,20 @@ | |
| 1172 | ** |
| 1173 | ** Return a page showing all artifacts in the repository. Query parameters: |
| 1174 | ** |
| 1175 | ** n=N Show N artifacts |
| 1176 | ** s=S Start with artifact number S |
| 1177 | ** unpub Show only unpublished artifacts |
| 1178 | ** phan Show only phantom artifacts |
| 1179 | ** hclr Color code hash types (SHA1 vs SHA3) |
| 1180 | */ |
| 1181 | void bloblist_page(void){ |
| 1182 | Stmt q; |
| 1183 | int s = atoi(PD("s","0")); |
| 1184 | int n = atoi(PD("n","5000")); |
| 1185 | int mx = db_int(0, "SELECT max(rid) FROM blob"); |
| 1186 | int unpubOnly = PB("unpub"); |
| 1187 | int phantomOnly = PB("phan"); |
| 1188 | int hashClr = PB("hclr"); |
| 1189 | char *zRange; |
| 1190 | char *zSha1Bg; |
| 1191 | char *zSha3Bg; |
| @@ -1194,21 +1194,28 @@ | |
| 1194 | if( !g.perm.Read ){ login_needed(g.anon.Read); return; } |
| 1195 | style_header("List Of Artifacts"); |
| 1196 | style_submenu_element("250 Largest", "bigbloblist"); |
| 1197 | if( g.perm.Admin ){ |
| 1198 | style_submenu_element("Artifact Log", "rcvfromlist"); |
| 1199 | } |
| 1200 | if( g.perm.Write ){ |
| 1201 | style_submenu_element("Artifact Stats", "artifact_stats"); |
| 1202 | } |
| 1203 | if( !unpubOnly ){ |
| 1204 | style_submenu_element("Unpublished", "bloblist?unpub"); |
| 1205 | } |
| 1206 | if( !phantomOnly ){ |
| 1207 | style_submenu_element("Phantoms", "bloblist?phan"); |
| 1208 | } |
| 1209 | if( !unpubOnly && !phantomOnly && mx>n && P("s")==0 ){ |
| 1210 | int i; |
| 1211 | @ <p>Select a range of artifacts to view:</p> |
| 1212 | @ <ul> |
| 1213 | for(i=1; i<=mx; i+=n){ |
| 1214 | @ <li> %z(href("%R/bloblist?s=%d&n=%d",i,n)) |
| @@ -1216,14 +1223,14 @@ | |
| 1216 | } |
| 1217 | @ </ul> |
| 1218 | style_footer(); |
| 1219 | return; |
| 1220 | } |
| 1221 | if( phantomOnly || unpubOnly || mx>n ){ |
| 1222 | style_submenu_element("Index", "bloblist"); |
| 1223 | } |
| 1224 | if( unpubOnly ){ |
| 1225 | zRange = mprintf("IN private"); |
| 1226 | }else if( phantomOnly ){ |
| 1227 | zRange = mprintf("IN (SELECT rid FROM blob WHERE size<0)"); |
| 1228 | }else{ |
| 1229 | zRange = mprintf("BETWEEN %d AND %d", s, s+n-1); |
| @@ -1246,10 +1253,18 @@ | |
| 1246 | int rid = db_column_int(&q,0); |
| 1247 | const char *zUuid = db_column_text(&q, 1); |
| 1248 | const char *zDesc = db_column_text(&q, 2); |
| 1249 | int isPriv = db_column_int(&q,3); |
| 1250 | int isPhantom = db_column_int(&q,4); |
| 1251 | if( hashClr ){ |
| 1252 | const char *zClr = db_column_bytes(&q,1)>40 ? zSha3Bg : zSha1Bg; |
| 1253 | @ <tr style='background-color:%s(zClr);'><td align="right">%d(rid)</td> |
| 1254 | }else{ |
| 1255 | @ <tr><td align="right">%d(rid)</td> |
| @@ -1258,13 +1273,13 @@ | |
| 1258 | @ <td align="left">%h(zDesc)</td> |
| 1259 | if( isPriv || isPhantom ){ |
| 1260 | if( isPriv==0 ){ |
| 1261 | @ <td> (phantom)</td> |
| 1262 | }else if( isPhantom==0 ){ |
| 1263 | @ <td> (unpublished)</td> |
| 1264 | }else{ |
| 1265 | @ <td> (unpublished,phantom)</td> |
| 1266 | } |
| 1267 | } |
| 1268 | @ </tr> |
| 1269 | } |
| 1270 | @ </table> |
| 1271 |
| --- src/name.c | |
| +++ src/name.c | |
| @@ -1135,11 +1135,11 @@ | |
| 1135 | if( zLabel ){ |
| 1136 | fossil_print("%s\n", zLabel); |
| 1137 | zLabel = 0; |
| 1138 | } |
| 1139 | fossil_print(" %.16s %s", db_column_text(&q,0), db_column_text(&q,1)); |
| 1140 | if( db_column_int(&q,2) ) fossil_print(" (private)"); |
| 1141 | fossil_print("\n"); |
| 1142 | cnt++; |
| 1143 | } |
| 1144 | db_finalize(&q); |
| 1145 | if( zWhere!=0 ) db_multi_exec("DELETE FROM description;"); |
| @@ -1172,20 +1172,20 @@ | |
| 1172 | ** |
| 1173 | ** Return a page showing all artifacts in the repository. Query parameters: |
| 1174 | ** |
| 1175 | ** n=N Show N artifacts |
| 1176 | ** s=S Start with artifact number S |
| 1177 | ** priv Show only unpublished or private artifacts |
| 1178 | ** phan Show only phantom artifacts |
| 1179 | ** hclr Color code hash types (SHA1 vs SHA3) |
| 1180 | */ |
| 1181 | void bloblist_page(void){ |
| 1182 | Stmt q; |
| 1183 | int s = atoi(PD("s","0")); |
| 1184 | int n = atoi(PD("n","5000")); |
| 1185 | int mx = db_int(0, "SELECT max(rid) FROM blob"); |
| 1186 | int privOnly = PB("priv"); |
| 1187 | int phantomOnly = PB("phan"); |
| 1188 | int hashClr = PB("hclr"); |
| 1189 | char *zRange; |
| 1190 | char *zSha1Bg; |
| 1191 | char *zSha3Bg; |
| @@ -1194,21 +1194,28 @@ | |
| 1194 | if( !g.perm.Read ){ login_needed(g.anon.Read); return; } |
| 1195 | style_header("List Of Artifacts"); |
| 1196 | style_submenu_element("250 Largest", "bigbloblist"); |
| 1197 | if( g.perm.Admin ){ |
| 1198 | style_submenu_element("Artifact Log", "rcvfromlist"); |
| 1199 | if( !phantomOnly ){ |
| 1200 | style_submenu_element("Phantoms", "bloblist?phan"); |
| 1201 | } |
| 1202 | }else{ |
| 1203 | privOnly = 0; |
| 1204 | phantomOnly = 0; |
| 1205 | } |
| 1206 | if( g.perm.Private ){ |
| 1207 | if( !privOnly ){ |
| 1208 | style_submenu_element("Private", "bloblist?priv"); |
| 1209 | } |
| 1210 | }else{ |
| 1211 | privOnly = 0; |
| 1212 | } |
| 1213 | if( g.perm.Write ){ |
| 1214 | style_submenu_element("Artifact Stats", "artifact_stats"); |
| 1215 | } |
| 1216 | if( !privOnly && !phantomOnly && mx>n && P("s")==0 ){ |
| 1217 | int i; |
| 1218 | @ <p>Select a range of artifacts to view:</p> |
| 1219 | @ <ul> |
| 1220 | for(i=1; i<=mx; i+=n){ |
| 1221 | @ <li> %z(href("%R/bloblist?s=%d&n=%d",i,n)) |
| @@ -1216,14 +1223,14 @@ | |
| 1223 | } |
| 1224 | @ </ul> |
| 1225 | style_footer(); |
| 1226 | return; |
| 1227 | } |
| 1228 | if( phantomOnly || privOnly || mx>n ){ |
| 1229 | style_submenu_element("Index", "bloblist"); |
| 1230 | } |
| 1231 | if( privOnly ){ |
| 1232 | zRange = mprintf("IN private"); |
| 1233 | }else if( phantomOnly ){ |
| 1234 | zRange = mprintf("IN (SELECT rid FROM blob WHERE size<0)"); |
| 1235 | }else{ |
| 1236 | zRange = mprintf("BETWEEN %d AND %d", s, s+n-1); |
| @@ -1246,10 +1253,18 @@ | |
| 1253 | int rid = db_column_int(&q,0); |
| 1254 | const char *zUuid = db_column_text(&q, 1); |
| 1255 | const char *zDesc = db_column_text(&q, 2); |
| 1256 | int isPriv = db_column_int(&q,3); |
| 1257 | int isPhantom = db_column_int(&q,4); |
| 1258 | if( isPhantom && !g.perm.Admin ){ |
| 1259 | /* Do not show phantom artifacts to non-admin users */ |
| 1260 | continue; |
| 1261 | } |
| 1262 | if( isPriv && !g.perm.Private ){ |
| 1263 | /* Don't show private artifacts to users without Private (x) permission */ |
| 1264 | continue; |
| 1265 | } |
| 1266 | if( hashClr ){ |
| 1267 | const char *zClr = db_column_bytes(&q,1)>40 ? zSha3Bg : zSha1Bg; |
| 1268 | @ <tr style='background-color:%s(zClr);'><td align="right">%d(rid)</td> |
| 1269 | }else{ |
| 1270 | @ <tr><td align="right">%d(rid)</td> |
| @@ -1258,13 +1273,13 @@ | |
| 1273 | @ <td align="left">%h(zDesc)</td> |
| 1274 | if( isPriv || isPhantom ){ |
| 1275 | if( isPriv==0 ){ |
| 1276 | @ <td> (phantom)</td> |
| 1277 | }else if( isPhantom==0 ){ |
| 1278 | @ <td> (private)</td> |
| 1279 | }else{ |
| 1280 | @ <td> (private,phantom)</td> |
| 1281 | } |
| 1282 | } |
| 1283 | @ </tr> |
| 1284 | } |
| 1285 | @ </table> |
| 1286 |