Fossil SCM

Added permissions checks to artifact/file and artifact/wiki. Renamed a mysterious mlink property.

stephan 2011-10-19 22:12 json-multitag-test
Commit 83ba8852a7996043dac7e1b1eec0a1d68e72d51e
Parent a4f4c62a1a7334a…
1 file changed +13 -1
~ src/json_artifact.c
M src/json_artifact.c
+13 -1
--- src/json_artifact.c
+++ src/json_artifact.c
@@ -212,11 +212,17 @@
212212
 /* Final entry MUST have a NULL name. */
213213
 {NULL,NULL}
214214
 };
215215
216216
 cson_value * json_artifact_wiki(int rid){
217
+ if( ! g.perm.RdWiki ){
218
+ json_set_err(FSL_JSON_E_DENIED,
219
+ "Requires 'j' privileges.");
220
+ return NULL;
221
+ }else{
217222
 return json_get_wiki_page_by_rid(rid, 0);
223
+ }
218224
 }
219225
220226
 cson_value * json_artifact_file(int rid){
221227
 cson_value * payV = NULL;
222228
 cson_object * pay = NULL;
@@ -223,10 +229,16 @@
223229
 const char *zMime;
224230
 const char *zRaw;
225231
 Blob content;
226232
 Stmt q;
227233
234
+ if( ! g.perm.Read ){
235
+ json_set_err(FSL_JSON_E_DENIED,
236
+ "Requires 'o' privileges.");
237
+ return NULL;
238
+ }
239
+
228240
 payV = cson_value_new_object();
229241
 pay = cson_value_get_object(payV);
230242
231243
 content_get(rid, &content);
232244
 zMime = mimetype_from_content(&content);
@@ -254,11 +266,11 @@
254266
 db_prepare(&q,
255267
 "SELECT filename.name AS name, "
256268
 " cast(strftime('%%s',event.mtime) as int) AS mtime,"
257269
 " coalesce(event.ecomment,event.comment) as comment,"
258270
 " coalesce(event.euser,event.user) as user,"
259
- " b.uuid as uuid, mlink.mperm as wtf1,"
271
+ " b.uuid as uuid, mlink.mperm as mperm,"/* WTF is mperm?*/
260272
 " coalesce((SELECT value FROM tagxref"
261273
 " WHERE tagid=%d AND tagtype>0 AND rid=mlink.mid),'trunk') as branch"
262274
 " FROM mlink, filename, event, blob a, blob b"
263275
 " WHERE filename.fnid=mlink.fnid"
264276
 " AND event.objid=mlink.mid"
265277
--- src/json_artifact.c
+++ src/json_artifact.c
@@ -212,11 +212,17 @@
212 /* Final entry MUST have a NULL name. */
213 {NULL,NULL}
214 };
215
216 cson_value * json_artifact_wiki(int rid){
 
 
 
 
 
217 return json_get_wiki_page_by_rid(rid, 0);
 
218 }
219
220 cson_value * json_artifact_file(int rid){
221 cson_value * payV = NULL;
222 cson_object * pay = NULL;
@@ -223,10 +229,16 @@
223 const char *zMime;
224 const char *zRaw;
225 Blob content;
226 Stmt q;
227
 
 
 
 
 
 
228 payV = cson_value_new_object();
229 pay = cson_value_get_object(payV);
230
231 content_get(rid, &content);
232 zMime = mimetype_from_content(&content);
@@ -254,11 +266,11 @@
254 db_prepare(&q,
255 "SELECT filename.name AS name, "
256 " cast(strftime('%%s',event.mtime) as int) AS mtime,"
257 " coalesce(event.ecomment,event.comment) as comment,"
258 " coalesce(event.euser,event.user) as user,"
259 " b.uuid as uuid, mlink.mperm as wtf1,"
260 " coalesce((SELECT value FROM tagxref"
261 " WHERE tagid=%d AND tagtype>0 AND rid=mlink.mid),'trunk') as branch"
262 " FROM mlink, filename, event, blob a, blob b"
263 " WHERE filename.fnid=mlink.fnid"
264 " AND event.objid=mlink.mid"
265
--- src/json_artifact.c
+++ src/json_artifact.c
@@ -212,11 +212,17 @@
212 /* Final entry MUST have a NULL name. */
213 {NULL,NULL}
214 };
215
216 cson_value * json_artifact_wiki(int rid){
217 if( ! g.perm.RdWiki ){
218 json_set_err(FSL_JSON_E_DENIED,
219 "Requires 'j' privileges.");
220 return NULL;
221 }else{
222 return json_get_wiki_page_by_rid(rid, 0);
223 }
224 }
225
226 cson_value * json_artifact_file(int rid){
227 cson_value * payV = NULL;
228 cson_object * pay = NULL;
@@ -223,10 +229,16 @@
229 const char *zMime;
230 const char *zRaw;
231 Blob content;
232 Stmt q;
233
234 if( ! g.perm.Read ){
235 json_set_err(FSL_JSON_E_DENIED,
236 "Requires 'o' privileges.");
237 return NULL;
238 }
239
240 payV = cson_value_new_object();
241 pay = cson_value_get_object(payV);
242
243 content_get(rid, &content);
244 zMime = mimetype_from_content(&content);
@@ -254,11 +266,11 @@
266 db_prepare(&q,
267 "SELECT filename.name AS name, "
268 " cast(strftime('%%s',event.mtime) as int) AS mtime,"
269 " coalesce(event.ecomment,event.comment) as comment,"
270 " coalesce(event.euser,event.user) as user,"
271 " b.uuid as uuid, mlink.mperm as mperm,"/* WTF is mperm?*/
272 " coalesce((SELECT value FROM tagxref"
273 " WHERE tagid=%d AND tagtype>0 AND rid=mlink.mid),'trunk') as branch"
274 " FROM mlink, filename, event, blob a, blob b"
275 " WHERE filename.fnid=mlink.fnid"
276 " AND event.objid=mlink.mid"
277

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button