Fossil SCM
/json/branch/list now requires g.perm.Read, like /brlist does. Time for bed...
Commit
a37c6a87c62da2557b73d265010220b9f33a4823
Parent
7592fe934be4854…
1 file changed
+13
-5
+13
-5
| --- src/json.c | ||
| +++ src/json.c | ||
| @@ -1596,17 +1596,25 @@ | ||
| 1596 | 1596 | ** |
| 1597 | 1597 | ** "range" GET/POST.payload parameter. FIXME: currently we also use |
| 1598 | 1598 | ** POST, but really want to restrict this to POST.payload. |
| 1599 | 1599 | */ |
| 1600 | 1600 | static cson_value * json_branch_list(unsigned int depth){ |
| 1601 | - cson_value * payV = cson_value_new_object(); | |
| 1602 | - cson_object * pay = cson_value_get_object(payV); | |
| 1603 | - cson_value * listV = cson_value_new_array(); | |
| 1604 | - cson_array * list = cson_value_get_array(listV); | |
| 1601 | + cson_value * payV; | |
| 1602 | + cson_object * pay; | |
| 1603 | + cson_value * listV; | |
| 1604 | + cson_array * list; | |
| 1605 | 1605 | char const * range = NULL; |
| 1606 | 1606 | int which = 0; |
| 1607 | 1607 | Stmt q; |
| 1608 | + if( !g.perm.Read ){ | |
| 1609 | + g.json.resultCode = FSL_JSON_E_DENIED; | |
| 1610 | + return NULL; | |
| 1611 | + } | |
| 1612 | + payV = cson_value_new_object(); | |
| 1613 | + pay = cson_value_get_object(payV); | |
| 1614 | + listV = cson_value_new_array(); | |
| 1615 | + list = cson_value_get_array(listV); | |
| 1608 | 1616 | if(!g.isHTTP){ |
| 1609 | 1617 | range = find_option("range","r",1); |
| 1610 | 1618 | if(!range||!*range){ |
| 1611 | 1619 | range = find_option("all","a",0); |
| 1612 | 1620 | if(range && *range){ |
| @@ -1639,11 +1647,11 @@ | ||
| 1639 | 1647 | which = 0; |
| 1640 | 1648 | break; |
| 1641 | 1649 | }; |
| 1642 | 1650 | cson_object_set(pay,"range",cson_value_new_string(range,strlen(range))); |
| 1643 | 1651 | |
| 1644 | - if( g.localOpen ){ | |
| 1652 | + if( g.localOpen ){ /* add "current" property (branch name). */ | |
| 1645 | 1653 | int vid = db_lget_int("checkout", 0); |
| 1646 | 1654 | char const * zCurrent = vid |
| 1647 | 1655 | ? db_text(0, "SELECT value FROM tagxref" |
| 1648 | 1656 | " WHERE rid=%d AND tagid=%d", |
| 1649 | 1657 | vid, TAG_BRANCH) |
| 1650 | 1658 |
| --- src/json.c | |
| +++ src/json.c | |
| @@ -1596,17 +1596,25 @@ | |
| 1596 | ** |
| 1597 | ** "range" GET/POST.payload parameter. FIXME: currently we also use |
| 1598 | ** POST, but really want to restrict this to POST.payload. |
| 1599 | */ |
| 1600 | static cson_value * json_branch_list(unsigned int depth){ |
| 1601 | cson_value * payV = cson_value_new_object(); |
| 1602 | cson_object * pay = cson_value_get_object(payV); |
| 1603 | cson_value * listV = cson_value_new_array(); |
| 1604 | cson_array * list = cson_value_get_array(listV); |
| 1605 | char const * range = NULL; |
| 1606 | int which = 0; |
| 1607 | Stmt q; |
| 1608 | if(!g.isHTTP){ |
| 1609 | range = find_option("range","r",1); |
| 1610 | if(!range||!*range){ |
| 1611 | range = find_option("all","a",0); |
| 1612 | if(range && *range){ |
| @@ -1639,11 +1647,11 @@ | |
| 1639 | which = 0; |
| 1640 | break; |
| 1641 | }; |
| 1642 | cson_object_set(pay,"range",cson_value_new_string(range,strlen(range))); |
| 1643 | |
| 1644 | if( g.localOpen ){ |
| 1645 | int vid = db_lget_int("checkout", 0); |
| 1646 | char const * zCurrent = vid |
| 1647 | ? db_text(0, "SELECT value FROM tagxref" |
| 1648 | " WHERE rid=%d AND tagid=%d", |
| 1649 | vid, TAG_BRANCH) |
| 1650 |
| --- src/json.c | |
| +++ src/json.c | |
| @@ -1596,17 +1596,25 @@ | |
| 1596 | ** |
| 1597 | ** "range" GET/POST.payload parameter. FIXME: currently we also use |
| 1598 | ** POST, but really want to restrict this to POST.payload. |
| 1599 | */ |
| 1600 | static cson_value * json_branch_list(unsigned int depth){ |
| 1601 | cson_value * payV; |
| 1602 | cson_object * pay; |
| 1603 | cson_value * listV; |
| 1604 | cson_array * list; |
| 1605 | char const * range = NULL; |
| 1606 | int which = 0; |
| 1607 | Stmt q; |
| 1608 | if( !g.perm.Read ){ |
| 1609 | g.json.resultCode = FSL_JSON_E_DENIED; |
| 1610 | return NULL; |
| 1611 | } |
| 1612 | payV = cson_value_new_object(); |
| 1613 | pay = cson_value_get_object(payV); |
| 1614 | listV = cson_value_new_array(); |
| 1615 | list = cson_value_get_array(listV); |
| 1616 | if(!g.isHTTP){ |
| 1617 | range = find_option("range","r",1); |
| 1618 | if(!range||!*range){ |
| 1619 | range = find_option("all","a",0); |
| 1620 | if(range && *range){ |
| @@ -1639,11 +1647,11 @@ | |
| 1647 | which = 0; |
| 1648 | break; |
| 1649 | }; |
| 1650 | cson_object_set(pay,"range",cson_value_new_string(range,strlen(range))); |
| 1651 | |
| 1652 | if( g.localOpen ){ /* add "current" property (branch name). */ |
| 1653 | int vid = db_lget_int("checkout", 0); |
| 1654 | char const * zCurrent = vid |
| 1655 | ? db_text(0, "SELECT value FROM tagxref" |
| 1656 | " WHERE rid=%d AND tagid=%d", |
| 1657 | vid, TAG_BRANCH) |
| 1658 |