b344d3c0cdf… — Fossil SCM

M src/attach.c

+10 -10

		--- src/attach.c
		+++ src/attach.c
		@@ -46,19 +46,19 @@
46	46	"SELECT datetime(mtime,'localtime'), src, target, filename, comment, user"
47	47	" FROM attachment",
48	48	-1
49	49	);
50	50	if( zPage ){
51		- if( g.okRdWiki==0 ) login_needed();
	51	+ if( g.perm.RdWiki==0 ) login_needed();
52	52	style_header("Attachments To %h", zPage);
53	53	blob_appendf(&sql, " WHERE target=%Q", zPage);
54	54	}else if( zTkt ){
55		- if( g.okRdTkt==0 ) login_needed();
	55	+ if( g.perm.RdTkt==0 ) login_needed();
56	56	style_header("Attachments To Ticket %.10s", zTkt);
57	57	blob_appendf(&sql, " WHERE target GLOB '%q*'", zTkt);
58	58	}else{
59		- if( g.okRdTkt==0 && g.okRdWiki==0 ) login_needed();
	59	+ if( g.perm.RdTkt==0 && g.perm.RdWiki==0 ) login_needed();
60	60	style_header("All Attachments");
61	61	}
62	62	blob_appendf(&sql, " ORDER BY mtime DESC");
63	63	db_prepare(&q, "%s", blob_str(&sql));
64	64	while( db_step(&q)==SQLITE_ROW ){
		@@ -139,14 +139,14 @@
139	139
140	140	if( zPage && zTkt ) zTkt = 0;
141	141	if( zFile==0 ) fossil_redirect_home();
142	142	login_check_credentials();
143	143	if( zPage ){
144		- if( g.okRdWiki==0 ) login_needed();
	144	+ if( g.perm.RdWiki==0 ) login_needed();
145	145	zTarget = zPage;
146	146	}else if( zTkt ){
147		- if( g.okRdTkt==0 ) login_needed();
	147	+ if( g.perm.RdTkt==0 ) login_needed();
148	148	zTarget = zTkt;
149	149	}else{
150	150	fossil_redirect_home();
151	151	}
152	152	if( attachid>0 ){
		@@ -172,11 +172,11 @@
172	172	style_header("Missing");
173	173	@ Attachment has been deleted
174	174	style_footer();
175	175	return;
176	176	}
177		- g.okRead = 1;
	177	+ g.perm.Read = 1;
178	178	cgi_replace_parameter("name",zUUID);
179	179	if( fossil_strcmp(g.zPath,"attachview")==0 ){
180	180	artifact_page();
181	181	}else{
182	182	cgi_replace_parameter("m", mimetype_from_name(zFile));
		@@ -207,19 +207,19 @@
207	207	if( P("cancel") ) cgi_redirect(zFrom);
208	208	if( zPage && zTkt ) fossil_redirect_home();
209	209	if( zPage==0 && zTkt==0 ) fossil_redirect_home();
210	210	login_check_credentials();
211	211	if( zPage ){
212		- if( g.okApndWiki==0 \|\| g.okAttach==0 ) login_needed();
	212	+ if( g.perm.ApndWiki==0 \|\| g.perm.Attach==0 ) login_needed();
213	213	if( !db_exists("SELECT 1 FROM tag WHERE tagname='wiki-%q'", zPage) ){
214	214	fossil_redirect_home();
215	215	}
216	216	zTarget = zPage;
217	217	zTargetType = mprintf("Wiki Page <a href=\"%s/wiki?name=%h\">%h</a>",
218	218	g.zTop, zPage, zPage);
219	219	}else{
220		- if( g.okApndTkt==0 \|\| g.okAttach==0 ) login_needed();
	220	+ if( g.perm.ApndTkt==0 \|\| g.perm.Attach==0 ) login_needed();
221	221	if( !db_exists("SELECT 1 FROM tag WHERE tagname='tkt-%q'", zTkt) ){
222	222	zTkt = db_text(0, "SELECT substr(tagname,5) FROM tag"
223	223	" WHERE tagname GLOB 'tkt-%q*'", zTkt);
224	224	if( zTkt==0 ) fossil_redirect_home();
225	225	}
		@@ -313,14 +313,14 @@
313	313	if( zPage && zTkt ) fossil_redirect_home();
314	314	if( zPage==0 && zTkt==0 ) fossil_redirect_home();
315	315	if( zFile==0 ) fossil_redirect_home();
316	316	login_check_credentials();
317	317	if( zPage ){
318		- if( g.okWrWiki==0 \|\| g.okAttach==0 ) login_needed();
	318	+ if( g.perm.WrWiki==0 \|\| g.perm.Attach==0 ) login_needed();
319	319	zTarget = zPage;
320	320	}else{
321		- if( g.okWrTkt==0 \|\| g.okAttach==0 ) login_needed();
	321	+ if( g.perm.WrTkt==0 \|\| g.perm.Attach==0 ) login_needed();
322	322	zTarget = zTkt;
323	323	}
324	324	if( zFrom==0 ) zFrom = mprintf("%s/home", g.zTop);
325	325	if( P("cancel") ){
326	326	cgi_redirect(zFrom);
327	327

	--- src/attach.c
	+++ src/attach.c
	@@ -46,19 +46,19 @@
46	"SELECT datetime(mtime,'localtime'), src, target, filename, comment, user"
47	" FROM attachment",
48	-1
49	);
50	if( zPage ){
51	if( g.okRdWiki==0 ) login_needed();
52	style_header("Attachments To %h", zPage);
53	blob_appendf(&sql, " WHERE target=%Q", zPage);
54	}else if( zTkt ){
55	if( g.okRdTkt==0 ) login_needed();
56	style_header("Attachments To Ticket %.10s", zTkt);
57	blob_appendf(&sql, " WHERE target GLOB '%q*'", zTkt);
58	}else{
59	if( g.okRdTkt==0 && g.okRdWiki==0 ) login_needed();
60	style_header("All Attachments");
61	}
62	blob_appendf(&sql, " ORDER BY mtime DESC");
63	db_prepare(&q, "%s", blob_str(&sql));
64	while( db_step(&q)==SQLITE_ROW ){
	@@ -139,14 +139,14 @@
139
140	if( zPage && zTkt ) zTkt = 0;
141	if( zFile==0 ) fossil_redirect_home();
142	login_check_credentials();
143	if( zPage ){
144	if( g.okRdWiki==0 ) login_needed();
145	zTarget = zPage;
146	}else if( zTkt ){
147	if( g.okRdTkt==0 ) login_needed();
148	zTarget = zTkt;
149	}else{
150	fossil_redirect_home();
151	}
152	if( attachid>0 ){
	@@ -172,11 +172,11 @@
172	style_header("Missing");
173	@ Attachment has been deleted
174	style_footer();
175	return;
176	}
177	g.okRead = 1;
178	cgi_replace_parameter("name",zUUID);
179	if( fossil_strcmp(g.zPath,"attachview")==0 ){
180	artifact_page();
181	}else{
182	cgi_replace_parameter("m", mimetype_from_name(zFile));
	@@ -207,19 +207,19 @@
207	if( P("cancel") ) cgi_redirect(zFrom);
208	if( zPage && zTkt ) fossil_redirect_home();
209	if( zPage==0 && zTkt==0 ) fossil_redirect_home();
210	login_check_credentials();
211	if( zPage ){
212	if( g.okApndWiki==0 \|\| g.okAttach==0 ) login_needed();
213	if( !db_exists("SELECT 1 FROM tag WHERE tagname='wiki-%q'", zPage) ){
214	fossil_redirect_home();
215	}
216	zTarget = zPage;
217	zTargetType = mprintf("Wiki Page <a href=\"%s/wiki?name=%h\">%h</a>",
218	g.zTop, zPage, zPage);
219	}else{
220	if( g.okApndTkt==0 \|\| g.okAttach==0 ) login_needed();
221	if( !db_exists("SELECT 1 FROM tag WHERE tagname='tkt-%q'", zTkt) ){
222	zTkt = db_text(0, "SELECT substr(tagname,5) FROM tag"
223	" WHERE tagname GLOB 'tkt-%q*'", zTkt);
224	if( zTkt==0 ) fossil_redirect_home();
225	}
	@@ -313,14 +313,14 @@
313	if( zPage && zTkt ) fossil_redirect_home();
314	if( zPage==0 && zTkt==0 ) fossil_redirect_home();
315	if( zFile==0 ) fossil_redirect_home();
316	login_check_credentials();
317	if( zPage ){
318	if( g.okWrWiki==0 \|\| g.okAttach==0 ) login_needed();
319	zTarget = zPage;
320	}else{
321	if( g.okWrTkt==0 \|\| g.okAttach==0 ) login_needed();
322	zTarget = zTkt;
323	}
324	if( zFrom==0 ) zFrom = mprintf("%s/home", g.zTop);
325	if( P("cancel") ){
326	cgi_redirect(zFrom);
327

	--- src/attach.c
	+++ src/attach.c
	@@ -46,19 +46,19 @@
46	"SELECT datetime(mtime,'localtime'), src, target, filename, comment, user"
47	" FROM attachment",
48	-1
49	);
50	if( zPage ){
51	if( g.perm.RdWiki==0 ) login_needed();
52	style_header("Attachments To %h", zPage);
53	blob_appendf(&sql, " WHERE target=%Q", zPage);
54	}else if( zTkt ){
55	if( g.perm.RdTkt==0 ) login_needed();
56	style_header("Attachments To Ticket %.10s", zTkt);
57	blob_appendf(&sql, " WHERE target GLOB '%q*'", zTkt);
58	}else{
59	if( g.perm.RdTkt==0 && g.perm.RdWiki==0 ) login_needed();
60	style_header("All Attachments");
61	}
62	blob_appendf(&sql, " ORDER BY mtime DESC");
63	db_prepare(&q, "%s", blob_str(&sql));
64	while( db_step(&q)==SQLITE_ROW ){
	@@ -139,14 +139,14 @@
139
140	if( zPage && zTkt ) zTkt = 0;
141	if( zFile==0 ) fossil_redirect_home();
142	login_check_credentials();
143	if( zPage ){
144	if( g.perm.RdWiki==0 ) login_needed();
145	zTarget = zPage;
146	}else if( zTkt ){
147	if( g.perm.RdTkt==0 ) login_needed();
148	zTarget = zTkt;
149	}else{
150	fossil_redirect_home();
151	}
152	if( attachid>0 ){
	@@ -172,11 +172,11 @@
172	style_header("Missing");
173	@ Attachment has been deleted
174	style_footer();
175	return;
176	}
177	g.perm.Read = 1;
178	cgi_replace_parameter("name",zUUID);
179	if( fossil_strcmp(g.zPath,"attachview")==0 ){
180	artifact_page();
181	}else{
182	cgi_replace_parameter("m", mimetype_from_name(zFile));
	@@ -207,19 +207,19 @@
207	if( P("cancel") ) cgi_redirect(zFrom);
208	if( zPage && zTkt ) fossil_redirect_home();
209	if( zPage==0 && zTkt==0 ) fossil_redirect_home();
210	login_check_credentials();
211	if( zPage ){
212	if( g.perm.ApndWiki==0 \|\| g.perm.Attach==0 ) login_needed();
213	if( !db_exists("SELECT 1 FROM tag WHERE tagname='wiki-%q'", zPage) ){
214	fossil_redirect_home();
215	}
216	zTarget = zPage;
217	zTargetType = mprintf("Wiki Page <a href=\"%s/wiki?name=%h\">%h</a>",
218	g.zTop, zPage, zPage);
219	}else{
220	if( g.perm.ApndTkt==0 \|\| g.perm.Attach==0 ) login_needed();
221	if( !db_exists("SELECT 1 FROM tag WHERE tagname='tkt-%q'", zTkt) ){
222	zTkt = db_text(0, "SELECT substr(tagname,5) FROM tag"
223	" WHERE tagname GLOB 'tkt-%q*'", zTkt);
224	if( zTkt==0 ) fossil_redirect_home();
225	}
	@@ -313,14 +313,14 @@
313	if( zPage && zTkt ) fossil_redirect_home();
314	if( zPage==0 && zTkt==0 ) fossil_redirect_home();
315	if( zFile==0 ) fossil_redirect_home();
316	login_check_credentials();
317	if( zPage ){
318	if( g.perm.WrWiki==0 \|\| g.perm.Attach==0 ) login_needed();
319	zTarget = zPage;
320	}else{
321	if( g.perm.WrTkt==0 \|\| g.perm.Attach==0 ) login_needed();
322	zTarget = zTkt;
323	}
324	if( zFrom==0 ) zFrom = mprintf("%s/home", g.zTop);
325	if( P("cancel") ){
326	cgi_redirect(zFrom);
327

M src/branch.c

+4 -4

		--- src/branch.c
		+++ src/branch.c
		@@ -286,11 +286,11 @@
286	286	int showClosed = P("closed")!=0;
287	287	int showAll = P("all")!=0;
288	288	int colorTest = P("colortest")!=0;
289	289
290	290	login_check_credentials();
291		- if( !g.okRead ){ login_needed(); return; }
	291	+ if( !g.perm.Read ){ login_needed(); return; }
292	292	if( colorTest ){
293	293	showClosed = 0;
294	294	showAll = 1;
295	295	}
296	296
		@@ -348,11 +348,11 @@
348	348	}
349	349	if( colorTest ){
350	350	const char *zColor = hash_color(zBr);
351	351	@ <li><span style="background-color: %s(zColor)">
352	352	@ %h(zBr) → %s(zColor)</span></li>
353		- }else if( g.okHistory ){
	353	+ }else if( g.perm.History ){
354	354	@ <li><a href="%s(g.zTop)/timeline?r=%T(zBr)")>%h(zBr)</a></li>
355	355	}else{
356	356	@ <li><b>%h(zBr)</b></li>
357	357	}
358	358	}
		@@ -374,11 +374,11 @@
374	374	** the timeline of a "brlist" page. Add some additional hyperlinks
375	375	** to the end of the line.
376	376	*/
377	377	static void brtimeline_extra(int rid){
378	378	Stmt q;
379		- if( !g.okHistory ) return;
	379	+ if( !g.perm.History ) return;
380	380	db_prepare(&q,
381	381	"SELECT substr(tagname,5) FROM tagxref, tag"
382	382	" WHERE tagxref.rid=%d"
383	383	" AND tagxref.tagid=tag.tagid"
384	384	" AND tagxref.tagtype>0"
		@@ -399,11 +399,11 @@
399	399	*/
400	400	void brtimeline_page(void){
401	401	Stmt q;
402	402
403	403	login_check_credentials();
404		- if( !g.okRead ){ login_needed(); return; }
	404	+ if( !g.perm.Read ){ login_needed(); return; }
405	405
406	406	style_header("Branches");
407	407	style_submenu_element("List", "List", "brlist");
408	408	login_anonymous_available();
409	409	@ <h2>The initial check-in for each branch:</h2>
410	410

	--- src/branch.c
	+++ src/branch.c
	@@ -286,11 +286,11 @@
286	int showClosed = P("closed")!=0;
287	int showAll = P("all")!=0;
288	int colorTest = P("colortest")!=0;
289
290	login_check_credentials();
291	if( !g.okRead ){ login_needed(); return; }
292	if( colorTest ){
293	showClosed = 0;
294	showAll = 1;
295	}
296
	@@ -348,11 +348,11 @@
348	}
349	if( colorTest ){
350	const char *zColor = hash_color(zBr);
351	@ <li><span style="background-color: %s(zColor)">
352	@ %h(zBr) → %s(zColor)</span></li>
353	}else if( g.okHistory ){
354	@ <li><a href="%s(g.zTop)/timeline?r=%T(zBr)")>%h(zBr)</a></li>
355	}else{
356	@ <li><b>%h(zBr)</b></li>
357	}
358	}
	@@ -374,11 +374,11 @@
374	** the timeline of a "brlist" page. Add some additional hyperlinks
375	** to the end of the line.
376	*/
377	static void brtimeline_extra(int rid){
378	Stmt q;
379	if( !g.okHistory ) return;
380	db_prepare(&q,
381	"SELECT substr(tagname,5) FROM tagxref, tag"
382	" WHERE tagxref.rid=%d"
383	" AND tagxref.tagid=tag.tagid"
384	" AND tagxref.tagtype>0"
	@@ -399,11 +399,11 @@
399	*/
400	void brtimeline_page(void){
401	Stmt q;
402
403	login_check_credentials();
404	if( !g.okRead ){ login_needed(); return; }
405
406	style_header("Branches");
407	style_submenu_element("List", "List", "brlist");
408	login_anonymous_available();
409	@ <h2>The initial check-in for each branch:</h2>
410

	--- src/branch.c
	+++ src/branch.c
	@@ -286,11 +286,11 @@
286	int showClosed = P("closed")!=0;
287	int showAll = P("all")!=0;
288	int colorTest = P("colortest")!=0;
289
290	login_check_credentials();
291	if( !g.perm.Read ){ login_needed(); return; }
292	if( colorTest ){
293	showClosed = 0;
294	showAll = 1;
295	}
296
	@@ -348,11 +348,11 @@
348	}
349	if( colorTest ){
350	const char *zColor = hash_color(zBr);
351	@ <li><span style="background-color: %s(zColor)">
352	@ %h(zBr) → %s(zColor)</span></li>
353	}else if( g.perm.History ){
354	@ <li><a href="%s(g.zTop)/timeline?r=%T(zBr)")>%h(zBr)</a></li>
355	}else{
356	@ <li><b>%h(zBr)</b></li>
357	}
358	}
	@@ -374,11 +374,11 @@
374	** the timeline of a "brlist" page. Add some additional hyperlinks
375	** to the end of the line.
376	*/
377	static void brtimeline_extra(int rid){
378	Stmt q;
379	if( !g.perm.History ) return;
380	db_prepare(&q,
381	"SELECT substr(tagname,5) FROM tagxref, tag"
382	" WHERE tagxref.rid=%d"
383	" AND tagxref.tagid=tag.tagid"
384	" AND tagxref.tagtype>0"
	@@ -399,11 +399,11 @@
399	*/
400	void brtimeline_page(void){
401	Stmt q;
402
403	login_check_credentials();
404	if( !g.perm.Read ){ login_needed(); return; }
405
406	style_header("Branches");
407	style_submenu_element("List", "List", "brlist");
408	login_anonymous_available();
409	@ <h2>The initial check-in for each branch:</h2>
410

M src/browse.c

+2 -2

		--- src/browse.c
		+++ src/browse.c
		@@ -77,11 +77,11 @@
77	77	int i, j;
78	78	char *zSep = "";
79	79
80	80	for(i=0; zPath[i]; i=j){
81	81	for(j=i; zPath[j] && zPath[j]!='/'; j++){}
82		- if( zPath[j] && g.okHistory ){
	82	+ if( zPath[j] && g.perm.History ){
83	83	if( zCI ){
84	84	blob_appendf(pOut, "%s<a href=\"%s/dir?ci=%S&name=%#T\">%#h</a>",
85	85	zSep, g.zTop, zCI, j, zPath, j-i, &zPath[i]);
86	86	}else{
87	87	blob_appendf(pOut, "%s<a href=\"%s/dir?name=%#T\">%#h</a>",
		@@ -118,11 +118,11 @@
118	118	Blob dirname;
119	119	Manifest *pM = 0;
120	120	const char *zSubdirLink;
121	121
122	122	login_check_credentials();
123		- if( !g.okHistory ){ login_needed(); return; }
	123	+ if( !g.perm.History ){ login_needed(); return; }
124	124	while( nD>1 && zD[nD-2]=='/' ){ zD[(--nD)-1] = 0; }
125	125	style_header("File List");
126	126	sqlite3_create_function(g.db, "pathelement", 2, SQLITE_UTF8, 0,
127	127	pathelementFunc, 0, 0);
128	128
129	129

	--- src/browse.c
	+++ src/browse.c
	@@ -77,11 +77,11 @@
77	int i, j;
78	char *zSep = "";
79
80	for(i=0; zPath[i]; i=j){
81	for(j=i; zPath[j] && zPath[j]!='/'; j++){}
82	if( zPath[j] && g.okHistory ){
83	if( zCI ){
84	blob_appendf(pOut, "%s<a href=\"%s/dir?ci=%S&name=%#T\">%#h</a>",
85	zSep, g.zTop, zCI, j, zPath, j-i, &zPath[i]);
86	}else{
87	blob_appendf(pOut, "%s<a href=\"%s/dir?name=%#T\">%#h</a>",
	@@ -118,11 +118,11 @@
118	Blob dirname;
119	Manifest *pM = 0;
120	const char *zSubdirLink;
121
122	login_check_credentials();
123	if( !g.okHistory ){ login_needed(); return; }
124	while( nD>1 && zD[nD-2]=='/' ){ zD[(--nD)-1] = 0; }
125	style_header("File List");
126	sqlite3_create_function(g.db, "pathelement", 2, SQLITE_UTF8, 0,
127	pathelementFunc, 0, 0);
128
129

	--- src/browse.c
	+++ src/browse.c
	@@ -77,11 +77,11 @@
77	int i, j;
78	char *zSep = "";
79
80	for(i=0; zPath[i]; i=j){
81	for(j=i; zPath[j] && zPath[j]!='/'; j++){}
82	if( zPath[j] && g.perm.History ){
83	if( zCI ){
84	blob_appendf(pOut, "%s<a href=\"%s/dir?ci=%S&name=%#T\">%#h</a>",
85	zSep, g.zTop, zCI, j, zPath, j-i, &zPath[i]);
86	}else{
87	blob_appendf(pOut, "%s<a href=\"%s/dir?name=%#T\">%#h</a>",
	@@ -118,11 +118,11 @@
118	Blob dirname;
119	Manifest *pM = 0;
120	const char *zSubdirLink;
121
122	login_check_credentials();
123	if( !g.perm.History ){ login_needed(); return; }
124	while( nD>1 && zD[nD-2]=='/' ){ zD[(--nD)-1] = 0; }
125	style_header("File List");
126	sqlite3_create_function(g.db, "pathelement", 2, SQLITE_UTF8, 0,
127	pathelementFunc, 0, 0);
128
129

M src/configure.c

+3 -3

		--- src/configure.c
		+++ src/configure.c
		@@ -153,14 +153,14 @@
153	153	n -= 2;
154	154	}
155	155	for(i=0; i<count(aConfig); i++){
156	156	if( memcmp(zName, aConfig[i].zName, n)==0 && aConfig[i].zName[n]==0 ){
157	157	int m = aConfig[i].groupMask;
158		- if( !g.okAdmin ){
	158	+ if( !g.perm.Admin ){
159	159	m &= ~CONFIGSET_USER;
160	160	}
161		- if( !g.okRdAddr ){
	161	+ if( !g.perm.RdAddr ){
162	162	m &= ~CONFIGSET_ADDR;
163	163	}
164	164	return m;
165	165	}
166	166	}
		@@ -553,11 +553,11 @@
553	553	){
554	554	const char *zName = blob_str(&aToken[1]);
555	555	Blob content;
556	556	blob_zero(&content);
557	557	blob_extract(pIn, size, &content);
558		- g.okAdmin = g.okRdAddr = 1;
	558	+ g.perm.Admin = g.perm.RdAddr = 1;
559	559	configure_receive(zName, &content, groupMask);
560	560	blob_reset(&content);
561	561	blob_seek(pIn, 1, BLOB_SEEK_CUR);
562	562	}
563	563	}
564	564

	--- src/configure.c
	+++ src/configure.c
	@@ -153,14 +153,14 @@
153	n -= 2;
154	}
155	for(i=0; i<count(aConfig); i++){
156	if( memcmp(zName, aConfig[i].zName, n)==0 && aConfig[i].zName[n]==0 ){
157	int m = aConfig[i].groupMask;
158	if( !g.okAdmin ){
159	m &= ~CONFIGSET_USER;
160	}
161	if( !g.okRdAddr ){
162	m &= ~CONFIGSET_ADDR;
163	}
164	return m;
165	}
166	}
	@@ -553,11 +553,11 @@
553	){
554	const char *zName = blob_str(&aToken[1]);
555	Blob content;
556	blob_zero(&content);
557	blob_extract(pIn, size, &content);
558	g.okAdmin = g.okRdAddr = 1;
559	configure_receive(zName, &content, groupMask);
560	blob_reset(&content);
561	blob_seek(pIn, 1, BLOB_SEEK_CUR);
562	}
563	}
564

	--- src/configure.c
	+++ src/configure.c
	@@ -153,14 +153,14 @@
153	n -= 2;
154	}
155	for(i=0; i<count(aConfig); i++){
156	if( memcmp(zName, aConfig[i].zName, n)==0 && aConfig[i].zName[n]==0 ){
157	int m = aConfig[i].groupMask;
158	if( !g.perm.Admin ){
159	m &= ~CONFIGSET_USER;
160	}
161	if( !g.perm.RdAddr ){
162	m &= ~CONFIGSET_ADDR;
163	}
164	return m;
165	}
166	}
	@@ -553,11 +553,11 @@
553	){
554	const char *zName = blob_str(&aToken[1]);
555	Blob content;
556	blob_zero(&content);
557	blob_extract(pIn, size, &content);
558	g.perm.Admin = g.perm.RdAddr = 1;
559	configure_receive(zName, &content, groupMask);
560	blob_reset(&content);
561	blob_seek(pIn, 1, BLOB_SEEK_CUR);
562	}
563	}
564

M src/db.c

+1 -1

		--- src/db.c
		+++ src/db.c
		@@ -1344,11 +1344,11 @@
1344	1344	** In either case, the string returned is stored in space obtained
1345	1345	** from malloc and should be freed by the calling function.
1346	1346	*/
1347	1347	char db_reveal(const char zKey){
1348	1348	char *zOut;
1349		- if( g.okRdAddr ){
	1349	+ if( g.perm.RdAddr ){
1350	1350	zOut = db_text(0, "SELECT content FROM concealed WHERE hash=%Q", zKey);
1351	1351	}else{
1352	1352	zOut = 0;
1353	1353	}
1354	1354	if( zOut==0 ){
1355	1355

	--- src/db.c
	+++ src/db.c
	@@ -1344,11 +1344,11 @@
1344	** In either case, the string returned is stored in space obtained
1345	** from malloc and should be freed by the calling function.
1346	*/
1347	char db_reveal(const char zKey){
1348	char *zOut;
1349	if( g.okRdAddr ){
1350	zOut = db_text(0, "SELECT content FROM concealed WHERE hash=%Q", zKey);
1351	}else{
1352	zOut = 0;
1353	}
1354	if( zOut==0 ){
1355

	--- src/db.c
	+++ src/db.c
	@@ -1344,11 +1344,11 @@
1344	** In either case, the string returned is stored in space obtained
1345	** from malloc and should be freed by the calling function.
1346	*/
1347	char db_reveal(const char zKey){
1348	char *zOut;
1349	if( g.perm.RdAddr ){
1350	zOut = db_text(0, "SELECT content FROM concealed WHERE hash=%Q", zKey);
1351	}else{
1352	zOut = 0;
1353	}
1354	if( zOut==0 ){
1355

M src/descendants.c

+1 -1

		--- src/descendants.c
		+++ src/descendants.c
		@@ -350,11 +350,11 @@
350	350	Stmt q;
351	351	int showAll = P("all")!=0;
352	352	int showClosed = P("closed")!=0;
353	353
354	354	login_check_credentials();
355		- if( !g.okRead ){ login_needed(); return; }
	355	+ if( !g.perm.Read ){ login_needed(); return; }
356	356
357	357	if( !showAll ){
358	358	style_submenu_element("All", "All", "leaves?all");
359	359	}
360	360	if( !showClosed ){
361	361

	--- src/descendants.c
	+++ src/descendants.c
	@@ -350,11 +350,11 @@
350	Stmt q;
351	int showAll = P("all")!=0;
352	int showClosed = P("closed")!=0;
353
354	login_check_credentials();
355	if( !g.okRead ){ login_needed(); return; }
356
357	if( !showAll ){
358	style_submenu_element("All", "All", "leaves?all");
359	}
360	if( !showClosed ){
361

	--- src/descendants.c
	+++ src/descendants.c
	@@ -350,11 +350,11 @@
350	Stmt q;
351	int showAll = P("all")!=0;
352	int showClosed = P("closed")!=0;
353
354	login_check_credentials();
355	if( !g.perm.Read ){ login_needed(); return; }
356
357	if( !showAll ){
358	style_submenu_element("All", "All", "leaves?all");
359	}
360	if( !showClosed ){
361

M src/diff.c

+2 -2

		--- src/diff.c
		+++ src/diff.c
		@@ -837,21 +837,21 @@
837	837	int iLimit;
838	838	int annFlags = 0;
839	839	Annotator ann;
840	840
841	841	login_check_credentials();
842		- if( !g.okRead ){ login_needed(); return; }
	842	+ if( !g.perm.Read ){ login_needed(); return; }
843	843	mid = name_to_typed_rid(PD("checkin","0"),"ci");
844	844	fnid = db_int(0, "SELECT fnid FROM filename WHERE name=%Q", P("filename"));
845	845	if( mid==0 \|\| fnid==0 ){ fossil_redirect_home(); }
846	846	iLimit = atoi(PD("limit","-1"));
847	847	if( !db_exists("SELECT 1 FROM mlink WHERE mid=%d AND fnid=%d",mid,fnid) ){
848	848	fossil_redirect_home();
849	849	}
850	850	style_header("File Annotation");
851	851	if( P("filevers") ) annFlags \|= ANN_FILE_VERS;
852		- annotate_file(&ann, fnid, mid, g.okHistory, iLimit, annFlags);
	852	+ annotate_file(&ann, fnid, mid, g.perm.History, iLimit, annFlags);
853	853	if( P("log") ){
854	854	int i;
855	855	@ <h2>Versions analyzed:</h2>
856	856	@ <ol>
857	857	for(i=0; i<ann.nVers; i++){
858	858

	--- src/diff.c
	+++ src/diff.c
	@@ -837,21 +837,21 @@
837	int iLimit;
838	int annFlags = 0;
839	Annotator ann;
840
841	login_check_credentials();
842	if( !g.okRead ){ login_needed(); return; }
843	mid = name_to_typed_rid(PD("checkin","0"),"ci");
844	fnid = db_int(0, "SELECT fnid FROM filename WHERE name=%Q", P("filename"));
845	if( mid==0 \|\| fnid==0 ){ fossil_redirect_home(); }
846	iLimit = atoi(PD("limit","-1"));
847	if( !db_exists("SELECT 1 FROM mlink WHERE mid=%d AND fnid=%d",mid,fnid) ){
848	fossil_redirect_home();
849	}
850	style_header("File Annotation");
851	if( P("filevers") ) annFlags \|= ANN_FILE_VERS;
852	annotate_file(&ann, fnid, mid, g.okHistory, iLimit, annFlags);
853	if( P("log") ){
854	int i;
855	@ <h2>Versions analyzed:</h2>
856	@ <ol>
857	for(i=0; i<ann.nVers; i++){
858

	--- src/diff.c
	+++ src/diff.c
	@@ -837,21 +837,21 @@
837	int iLimit;
838	int annFlags = 0;
839	Annotator ann;
840
841	login_check_credentials();
842	if( !g.perm.Read ){ login_needed(); return; }
843	mid = name_to_typed_rid(PD("checkin","0"),"ci");
844	fnid = db_int(0, "SELECT fnid FROM filename WHERE name=%Q", P("filename"));
845	if( mid==0 \|\| fnid==0 ){ fossil_redirect_home(); }
846	iLimit = atoi(PD("limit","-1"));
847	if( !db_exists("SELECT 1 FROM mlink WHERE mid=%d AND fnid=%d",mid,fnid) ){
848	fossil_redirect_home();
849	}
850	style_header("File Annotation");
851	if( P("filevers") ) annFlags \|= ANN_FILE_VERS;
852	annotate_file(&ann, fnid, mid, g.perm.History, iLimit, annFlags);
853	if( P("log") ){
854	int i;
855	@ <h2>Versions analyzed:</h2>
856	@ <ol>
857	for(i=0; i<ann.nVers; i++){
858

M src/diffcmd.c

+1 -1

		--- src/diffcmd.c
		+++ src/diffcmd.c
		@@ -518,11 +518,11 @@
518	518	*/
519	519	void vpatch_page(void){
520	520	const char *zFrom = P("from");
521	521	const char *zTo = P("to");
522	522	login_check_credentials();
523		- if( !g.okRead ){ login_needed(); return; }
	523	+ if( !g.perm.Read ){ login_needed(); return; }
524	524	if( zFrom==0 \|\| zTo==0 ) fossil_redirect_home();
525	525
526	526	cgi_set_content_type("text/plain");
527	527	diff_all_two_versions(zFrom, zTo, 0, DIFF_NEWFILE);
528	528	}
529	529

	--- src/diffcmd.c
	+++ src/diffcmd.c
	@@ -518,11 +518,11 @@
518	*/
519	void vpatch_page(void){
520	const char *zFrom = P("from");
521	const char *zTo = P("to");
522	login_check_credentials();
523	if( !g.okRead ){ login_needed(); return; }
524	if( zFrom==0 \|\| zTo==0 ) fossil_redirect_home();
525
526	cgi_set_content_type("text/plain");
527	diff_all_two_versions(zFrom, zTo, 0, DIFF_NEWFILE);
528	}
529

	--- src/diffcmd.c
	+++ src/diffcmd.c
	@@ -518,11 +518,11 @@
518	*/
519	void vpatch_page(void){
520	const char *zFrom = P("from");
521	const char *zTo = P("to");
522	login_check_credentials();
523	if( !g.perm.Read ){ login_needed(); return; }
524	if( zFrom==0 \|\| zTo==0 ) fossil_redirect_home();
525
526	cgi_set_content_type("text/plain");
527	diff_all_two_versions(zFrom, zTo, 0, DIFF_NEWFILE);
528	}
529

M src/doc.c

+1 -1

		--- src/doc.c
		+++ src/doc.c
		@@ -363,11 +363,11 @@
363	363	int i; /* Loop counter */
364	364	Blob filebody; /* Content of the documentation file */
365	365	char zBaseline[UUID_SIZE+1]; /* Baseline UUID */
366	366
367	367	login_check_credentials();
368		- if( !g.okRead ){ login_needed(); return; }
	368	+ if( !g.perm.Read ){ login_needed(); return; }
369	369	zName = PD("name", "tip/index.wiki");
370	370	for(i=0; zName[i] && zName[i]!='/'; i++){}
371	371	if( zName[i]==0 \|\| i>UUID_SIZE ){
372	372	goto doc_not_found;
373	373	}
374	374

	--- src/doc.c
	+++ src/doc.c
	@@ -363,11 +363,11 @@
363	int i; /* Loop counter */
364	Blob filebody; /* Content of the documentation file */
365	char zBaseline[UUID_SIZE+1]; /* Baseline UUID */
366
367	login_check_credentials();
368	if( !g.okRead ){ login_needed(); return; }
369	zName = PD("name", "tip/index.wiki");
370	for(i=0; zName[i] && zName[i]!='/'; i++){}
371	if( zName[i]==0 \|\| i>UUID_SIZE ){
372	goto doc_not_found;
373	}
374

	--- src/doc.c
	+++ src/doc.c
	@@ -363,11 +363,11 @@
363	int i; /* Loop counter */
364	Blob filebody; /* Content of the documentation file */
365	char zBaseline[UUID_SIZE+1]; /* Baseline UUID */
366
367	login_check_credentials();
368	if( !g.perm.Read ){ login_needed(); return; }
369	zName = PD("name", "tip/index.wiki");
370	for(i=0; zName[i] && zName[i]!='/'; i++){}
371	if( zName[i]==0 \|\| i>UUID_SIZE ){
372	goto doc_not_found;
373	}
374

M src/event.c

+6 -6

		--- src/event.c
		+++ src/event.c
		@@ -36,11 +36,11 @@
36	36	char zShort[12];
37	37
38	38	zEventId = db_text(0, "SELECT substr(tagname, 7) FROM tag WHERE tagid=%d",
39	39	tagid);
40	40	sqlite3_snprintf(sizeof(zShort), zShort, "%.10s", zEventId);
41		- if( g.okHistory ){
	41	+ if( g.perm.History ){
42	42	@ [<a href="%s(g.zTop)/event?name=%s(zEventId)">%s(zShort)</a>]
43	43	}else{
44	44	@ [%s(zShort)]
45	45	}
46	46	free(zEventId);
		@@ -74,11 +74,11 @@
74	74
75	75
76	76	/* wiki-read privilege is needed in order to read events.
77	77	*/
78	78	login_check_credentials();
79		- if( !g.okRdWiki ){
	79	+ if( !g.perm.RdWiki ){
80	80	login_needed();
81	81	return;
82	82	}
83	83
84	84	zEventId = P("name");
		@@ -123,18 +123,18 @@
123	123	style_header(blob_str(&title));
124	124	}else{
125	125	style_header("Event %S", zEventId);
126	126	tail = fullbody;
127	127	}
128		- if( g.okWrWiki && g.okWrite && nextRid==0 ){
	128	+ if( g.perm.WrWiki && g.perm.Write && nextRid==0 ){
129	129	style_submenu_element("Edit", "Edit", "%s/eventedit?name=%s",
130	130	g.zTop, zEventId);
131	131	}
132	132	zETime = db_text(0, "SELECT datetime(%.17g)", pEvent->rEventDate);
133	133	style_submenu_element("Context", "Context", "%s/timeline?c=%T",
134	134	g.zTop, zETime);
135		- if( g.okHistory ){
	135	+ if( g.perm.History ){
136	136	if( showDetail ){
137	137	style_submenu_element("Plain", "Plain", "%s/event?name=%s&aid=%s",
138	138	g.zTop, zEventId, zUuid);
139	139	if( nextRid ){
140	140	char *zNext;
		@@ -157,11 +157,11 @@
157	157	"%s/event?name=%s&aid=%s&detail=1",
158	158	g.zTop, zEventId, zUuid);
159	159	}
160	160	}
161	161
162		- if( showDetail && g.okHistory ){
	162	+ if( showDetail && g.perm.History ){
163	163	int i;
164	164	const char *zClr = 0;
165	165	Blob comment;
166	166
167	167	zATime = db_text(0, "SELECT datetime(%.17g)", pEvent->rDate);
		@@ -236,11 +236,11 @@
236	236	free(zTag);
237	237
238	238	/* Need both check-in and wiki-write or wiki-create privileges in order
239	239	** to edit/create an event.
240	240	*/
241		- if( !g.okWrite \|\| (rid && !g.okWrWiki) \|\| (!rid && !g.okNewWiki) ){
	241	+ if( !g.perm.Write \|\| (rid && !g.perm.WrWiki) \|\| (!rid && !g.perm.NewWiki) ){
242	242	login_needed();
243	243	return;
244	244	}
245	245
246	246	/* Figure out the color */
247	247

	--- src/event.c
	+++ src/event.c
	@@ -36,11 +36,11 @@
36	char zShort[12];
37
38	zEventId = db_text(0, "SELECT substr(tagname, 7) FROM tag WHERE tagid=%d",
39	tagid);
40	sqlite3_snprintf(sizeof(zShort), zShort, "%.10s", zEventId);
41	if( g.okHistory ){
42	@ [<a href="%s(g.zTop)/event?name=%s(zEventId)">%s(zShort)</a>]
43	}else{
44	@ [%s(zShort)]
45	}
46	free(zEventId);
	@@ -74,11 +74,11 @@
74
75
76	/* wiki-read privilege is needed in order to read events.
77	*/
78	login_check_credentials();
79	if( !g.okRdWiki ){
80	login_needed();
81	return;
82	}
83
84	zEventId = P("name");
	@@ -123,18 +123,18 @@
123	style_header(blob_str(&title));
124	}else{
125	style_header("Event %S", zEventId);
126	tail = fullbody;
127	}
128	if( g.okWrWiki && g.okWrite && nextRid==0 ){
129	style_submenu_element("Edit", "Edit", "%s/eventedit?name=%s",
130	g.zTop, zEventId);
131	}
132	zETime = db_text(0, "SELECT datetime(%.17g)", pEvent->rEventDate);
133	style_submenu_element("Context", "Context", "%s/timeline?c=%T",
134	g.zTop, zETime);
135	if( g.okHistory ){
136	if( showDetail ){
137	style_submenu_element("Plain", "Plain", "%s/event?name=%s&aid=%s",
138	g.zTop, zEventId, zUuid);
139	if( nextRid ){
140	char *zNext;
	@@ -157,11 +157,11 @@
157	"%s/event?name=%s&aid=%s&detail=1",
158	g.zTop, zEventId, zUuid);
159	}
160	}
161
162	if( showDetail && g.okHistory ){
163	int i;
164	const char *zClr = 0;
165	Blob comment;
166
167	zATime = db_text(0, "SELECT datetime(%.17g)", pEvent->rDate);
	@@ -236,11 +236,11 @@
236	free(zTag);
237
238	/* Need both check-in and wiki-write or wiki-create privileges in order
239	** to edit/create an event.
240	*/
241	if( !g.okWrite \|\| (rid && !g.okWrWiki) \|\| (!rid && !g.okNewWiki) ){
242	login_needed();
243	return;
244	}
245
246	/* Figure out the color */
247

	--- src/event.c
	+++ src/event.c
	@@ -36,11 +36,11 @@
36	char zShort[12];
37
38	zEventId = db_text(0, "SELECT substr(tagname, 7) FROM tag WHERE tagid=%d",
39	tagid);
40	sqlite3_snprintf(sizeof(zShort), zShort, "%.10s", zEventId);
41	if( g.perm.History ){
42	@ [<a href="%s(g.zTop)/event?name=%s(zEventId)">%s(zShort)</a>]
43	}else{
44	@ [%s(zShort)]
45	}
46	free(zEventId);
	@@ -74,11 +74,11 @@
74
75
76	/* wiki-read privilege is needed in order to read events.
77	*/
78	login_check_credentials();
79	if( !g.perm.RdWiki ){
80	login_needed();
81	return;
82	}
83
84	zEventId = P("name");
	@@ -123,18 +123,18 @@
123	style_header(blob_str(&title));
124	}else{
125	style_header("Event %S", zEventId);
126	tail = fullbody;
127	}
128	if( g.perm.WrWiki && g.perm.Write && nextRid==0 ){
129	style_submenu_element("Edit", "Edit", "%s/eventedit?name=%s",
130	g.zTop, zEventId);
131	}
132	zETime = db_text(0, "SELECT datetime(%.17g)", pEvent->rEventDate);
133	style_submenu_element("Context", "Context", "%s/timeline?c=%T",
134	g.zTop, zETime);
135	if( g.perm.History ){
136	if( showDetail ){
137	style_submenu_element("Plain", "Plain", "%s/event?name=%s&aid=%s",
138	g.zTop, zEventId, zUuid);
139	if( nextRid ){
140	char *zNext;
	@@ -157,11 +157,11 @@
157	"%s/event?name=%s&aid=%s&detail=1",
158	g.zTop, zEventId, zUuid);
159	}
160	}
161
162	if( showDetail && g.perm.History ){
163	int i;
164	const char *zClr = 0;
165	Blob comment;
166
167	zATime = db_text(0, "SELECT datetime(%.17g)", pEvent->rDate);
	@@ -236,11 +236,11 @@
236	free(zTag);
237
238	/* Need both check-in and wiki-write or wiki-create privileges in order
239	** to edit/create an event.
240	*/
241	if( !g.perm.Write \|\| (rid && !g.perm.WrWiki) \|\| (!rid && !g.perm.NewWiki) ){
242	login_needed();
243	return;
244	}
245
246	/* Figure out the color */
247

M src/finfo.c

+3 -3

		--- src/finfo.c
		+++ src/finfo.c
		@@ -222,11 +222,11 @@
222	222	GraphContext *pGraph;
223	223	int brBg = P("brbg")!=0;
224	224	int uBg = P("ubg")!=0;
225	225
226	226	login_check_credentials();
227		- if( !g.okRead ){ login_needed(); return; }
	227	+ if( !g.perm.Read ){ login_needed(); return; }
228	228	style_header("File History");
229	229	login_anonymous_available();
230	230
231	231	zPrevDate[0] = 0;
232	232	zFilename = PD("name","");
		@@ -309,11 +309,11 @@
309	309	@ <td class="timelineTableCell">
310	310	}
311	311	sqlite3_snprintf(sizeof(zShort), zShort, "%.10s", zUuid);
312	312	sqlite3_snprintf(sizeof(zShortCkin), zShortCkin, "%.10s", zCkin);
313	313	if( zUuid ){
314		- if( g.okHistory ){
	314	+ if( g.perm.History ){
315	315	@ <a href="%s(g.zTop)/artifact/%s(zUuid)">[%S(zUuid)]</a>
316	316	}else{
317	317	@ [%S(zUuid)]
318	318	}
319	319	@ part of check-in
		@@ -322,11 +322,11 @@
322	322	}
323	323	hyperlink_to_uuid(zShortCkin);
324	324	@ %h(zCom) (user:
325	325	hyperlink_to_user(zUser, zDate, "");
326	326	@ branch: %h(zBr))
327		- if( g.okHistory && zUuid ){
	327	+ if( g.perm.History && zUuid ){
328	328	const char *z = zFilename;
329	329	if( fpid ){
330	330	@ <a href="%s(g.zTop)/fdiff?v1=%s(zPUuid)&v2=%s(zUuid)">[diff]</a>
331	331	}
332	332	@ <a href="%s(g.zTop)/annotate?checkin=%S(zCkin)&filename=%h(z)">
333	333

	--- src/finfo.c
	+++ src/finfo.c
	@@ -222,11 +222,11 @@
222	GraphContext *pGraph;
223	int brBg = P("brbg")!=0;
224	int uBg = P("ubg")!=0;
225
226	login_check_credentials();
227	if( !g.okRead ){ login_needed(); return; }
228	style_header("File History");
229	login_anonymous_available();
230
231	zPrevDate[0] = 0;
232	zFilename = PD("name","");
	@@ -309,11 +309,11 @@
309	@ <td class="timelineTableCell">
310	}
311	sqlite3_snprintf(sizeof(zShort), zShort, "%.10s", zUuid);
312	sqlite3_snprintf(sizeof(zShortCkin), zShortCkin, "%.10s", zCkin);
313	if( zUuid ){
314	if( g.okHistory ){
315	@ <a href="%s(g.zTop)/artifact/%s(zUuid)">[%S(zUuid)]</a>
316	}else{
317	@ [%S(zUuid)]
318	}
319	@ part of check-in
	@@ -322,11 +322,11 @@
322	}
323	hyperlink_to_uuid(zShortCkin);
324	@ %h(zCom) (user:
325	hyperlink_to_user(zUser, zDate, "");
326	@ branch: %h(zBr))
327	if( g.okHistory && zUuid ){
328	const char *z = zFilename;
329	if( fpid ){
330	@ <a href="%s(g.zTop)/fdiff?v1=%s(zPUuid)&v2=%s(zUuid)">[diff]</a>
331	}
332	@ <a href="%s(g.zTop)/annotate?checkin=%S(zCkin)&filename=%h(z)">
333

	--- src/finfo.c
	+++ src/finfo.c
	@@ -222,11 +222,11 @@
222	GraphContext *pGraph;
223	int brBg = P("brbg")!=0;
224	int uBg = P("ubg")!=0;
225
226	login_check_credentials();
227	if( !g.perm.Read ){ login_needed(); return; }
228	style_header("File History");
229	login_anonymous_available();
230
231	zPrevDate[0] = 0;
232	zFilename = PD("name","");
	@@ -309,11 +309,11 @@
309	@ <td class="timelineTableCell">
310	}
311	sqlite3_snprintf(sizeof(zShort), zShort, "%.10s", zUuid);
312	sqlite3_snprintf(sizeof(zShortCkin), zShortCkin, "%.10s", zCkin);
313	if( zUuid ){
314	if( g.perm.History ){
315	@ <a href="%s(g.zTop)/artifact/%s(zUuid)">[%S(zUuid)]</a>
316	}else{
317	@ [%S(zUuid)]
318	}
319	@ part of check-in
	@@ -322,11 +322,11 @@
322	}
323	hyperlink_to_uuid(zShortCkin);
324	@ %h(zCom) (user:
325	hyperlink_to_user(zUser, zDate, "");
326	@ branch: %h(zBr))
327	if( g.perm.History && zUuid ){
328	const char *z = zFilename;
329	if( fpid ){
330	@ <a href="%s(g.zTop)/fdiff?v1=%s(zPUuid)&v2=%s(zUuid)">[diff]</a>
331	}
332	@ <a href="%s(g.zTop)/annotate?checkin=%S(zCkin)&filename=%h(z)">
333

M src/info.c

+28 -28

		--- src/info.c
		+++ src/info.c
		@@ -289,11 +289,11 @@
289	289	const char zNew, / blob.uuid after change. NULL for deletes */
290	290	const char zOldName, / Prior name. NULL if no name change. */
291	291	int showDiff, /* Show edit diffs if true */
292	292	int mperm /* executable or symlink permission for zNew */
293	293	){
294		- if( !g.okHistory ){
	294	+ if( !g.perm.History ){
295	295	if( zNew==0 ){
296	296	@ <p>Deleted %h(zName)</p>
297	297	}else if( zOld==0 ){
298	298	@ <p>Added %h(zName)</p>
299	299	}else if( zOldName!=0 && fossil_strcmp(zName,zOldName)!=0 ){
		@@ -366,11 +366,11 @@
366	366	const char zName; / Name of the checkin to be displayed */
367	367	const char zUuid; / UUID of zName */
368	368	const char zParent; / UUID of the parent checkin (if any) */
369	369
370	370	login_check_credentials();
371		- if( !g.okRead ){ login_needed(); return; }
	371	+ if( !g.perm.Read ){ login_needed(); return; }
372	372	zName = P("name");
373	373	rid = name_to_rid_www("name");
374	374	if( rid==0 ){
375	375	style_header("Check-in Information Error");
376	376	@ No such object: %h(g.argv[2])
		@@ -414,11 +414,11 @@
414	414	zDate = db_column_text(&q,1);
415	415	zOrigDate = db_column_text(&q, 4);
416	416	@ <div class="section">Overview</div>
417	417	@ <table class="label-value">
418	418	@ <tr><th>SHA1 Hash:</th><td>%s(zUuid)
419		- if( g.okSetup ){
	419	+ if( g.perm.Setup ){
420	420	@ (Record ID: %d(rid))
421	421	}
422	422	@ </td></tr>
423	423	@ <tr><th>Date:</th><td>
424	424	hyperlink_to_date(zDate, "</td></tr>");
		@@ -439,11 +439,11 @@
439	439	@ <tr><th>Edited Comment:</th><td>%w(zEComment)</td></tr>
440	440	@ <tr><th>Original Comment:</th><td>%w(zComment)</td></tr>
441	441	}else{
442	442	@ <tr><th>Comment:</th><td>%w(zComment)</td></tr>
443	443	}
444		- if( g.okAdmin ){
	444	+ if( g.perm.Admin ){
445	445	db_prepare(&q,
446	446	"SELECT rcvfrom.ipaddr, user.login, datetime(rcvfrom.mtime)"
447	447	" FROM blob JOIN rcvfrom USING(rcvid) LEFT JOIN user USING(uid)"
448	448	" WHERE blob.rid=%d",
449	449	rid
		@@ -456,11 +456,11 @@
456	456	@ <tr><th>Received From:</th>
457	457	@ <td>%h(zUser) @ %h(zIpAddr) on %s(zDate)</td></tr>
458	458	}
459	459	db_finalize(&q);
460	460	}
461		- if( g.okHistory ){
	461	+ if( g.perm.History ){
462	462	const char *zProjName = db_get("project-name", "unnamed");
463	463	@ <tr><th>Timelines:</th><td>
464	464	@ <a href="%s(g.zTop)/timeline?f=%S(zUuid)">family</a>
465	465	if( zParent ){
466	466	@ \| <a href="%s(g.zTop)/timeline?p=%S(zUuid)">ancestors</a>
		@@ -482,20 +482,20 @@
482	482	db_finalize(&q);
483	483	@ </td></tr>
484	484	@ <tr><th>Other Links:</th>
485	485	@ <td>
486	486	@ <a href="%s(g.zTop)/dir?ci=%S(zUuid)">files</a>
487		- if( g.okZip ){
	487	+ if( g.perm.Zip ){
488	488	char *zUrl = mprintf("%s/tarball/%s-%S.tar.gz?uuid=%s",
489	489	g.zTop, zProjName, zUuid, zUuid);
490	490	@ \| <a href="%s(zUrl)">Tarball</a>
491	491	@ \| <a href="%s(g.zTop)/zip/%s(zProjName)-%S(zUuid).zip?uuid=%s(zUuid)">
492	492	@ ZIP archive</a>
493	493	fossil_free(zUrl);
494	494	}
495	495	@ \| <a href="%s(g.zTop)/artifact/%S(zUuid)">manifest</a>
496		- if( g.okWrite ){
	496	+ if( g.perm.Write ){
497	497	@ \| <a href="%s(g.zTop)/ci_edit?r=%S(zUuid)">edit</a>
498	498	}
499	499	@ </td>
500	500	@ </tr>
501	501	}
		@@ -558,11 +558,11 @@
558	558	void winfo_page(void){
559	559	Stmt q;
560	560	int rid;
561	561
562	562	login_check_credentials();
563		- if( !g.okRdWiki ){ login_needed(); return; }
	563	+ if( !g.perm.RdWiki ){ login_needed(); return; }
564	564	rid = name_to_rid_www("name");
565	565	if( rid==0 ){
566	566	style_header("Wiki Page Information Error");
567	567	@ No such object: %h(g.argv[2])
568	568	style_footer();
		@@ -591,16 +591,16 @@
591	591	@ <div class="section">Overview</div>
592	592	@ <p><table class="label-value">
593	593	@ <tr><th>Version:</th><td>%s(zUuid)</td></tr>
594	594	@ <tr><th>Date:</th><td>
595	595	hyperlink_to_date(zDate, "</td></tr>");
596		- if( g.okSetup ){
	596	+ if( g.perm.Setup ){
597	597	@ <tr><th>Record ID:</th><td>%d(rid)</td></tr>
598	598	}
599	599	@ <tr><th>Original User:</th><td>
600	600	hyperlink_to_user(zUser, zDate, "</td></tr>");
601		- if( g.okHistory ){
	601	+ if( g.perm.History ){
602	602	@ <tr><th>Commands:</th>
603	603	@ <td>
604	604	@ <a href="%s(g.zTop)/whistory?name=%t(zName)">history</a>
605	605	@ \| <a href="%s(g.zTop)/artifact/%S(zUuid)">raw-text</a>
606	606	@ </td>
		@@ -701,11 +701,11 @@
701	701	int showDetail = 0;
702	702	Manifest pFrom, pTo;
703	703	ManifestFile pFileFrom, pFileTo;
704	704
705	705	login_check_credentials();
706		- if( !g.okRead ){ login_needed(); return; }
	706	+ if( !g.perm.Read ){ login_needed(); return; }
707	707	login_anonymous_available();
708	708
709	709	pFrom = vdiff_parse_manifest("from", &ridFrom);
710	710	if( pFrom==0 ) return;
711	711	pTo = vdiff_parse_manifest("to", &ridTo);
		@@ -820,11 +820,11 @@
820	820	}else if( mPerm==PERM_EXE ){
821	821	@ <li>Executable file
822	822	}else{
823	823	@ <li>File
824	824	}
825		- if( g.okHistory ){
	825	+ if( g.perm.History ){
826	826	@ <a href="%s(g.zTop)/finfo?name=%T(zName)">%h(zName)</a>
827	827	}else{
828	828	@ %h(zName)
829	829	}
830	830	@ <ul>
		@@ -833,20 +833,20 @@
833	833	@ <li>
834	834	hyperlink_to_date(zDate,"");
835	835	@ - part of checkin
836	836	hyperlink_to_uuid(zVers);
837	837	if( zBr && zBr[0] ){
838		- if( g.okHistory ){
	838	+ if( g.perm.History ){
839	839	@ on branch <a href="%s(g.zTop)/timeline?r=%T(zBr)">%h(zBr)</a>
840	840	}else{
841	841	@ on branch %h(zBr)
842	842	}
843	843	}
844	844	@ - %w(zCom) (user:
845	845	hyperlink_to_user(zUser,zDate,"");
846	846	@ )
847		- if( g.okHistory ){
	847	+ if( g.perm.History ){
848	848	@ <a href="%s(g.zTop)/annotate?checkin=%S(zVers)&filename=%T(zName)">
849	849	@ [annotate]</a>
850	850	}
851	851	cnt++;
852	852	if( pDownloadName && blob_size(pDownloadName)==0 ){
		@@ -873,11 +873,11 @@
873	873	if( cnt>0 ){
874	874	@ Also wiki page
875	875	}else{
876	876	@ Wiki page
877	877	}
878		- if( g.okHistory ){
	878	+ if( g.perm.History ){
879	879	@ [<a href="%s(g.zTop)/wiki?name=%t(zPagename)">%h(zPagename)</a>]
880	880	}else{
881	881	@ [%h(zPagename)]
882	882	}
883	883	@ by
		@@ -949,17 +949,17 @@
949	949	@ Also attachment "%h(zFilename)" to
950	950	}else{
951	951	@ Attachment "%h(zFilename)" to
952	952	}
953	953	if( strlen(zTarget)==UUID_SIZE && validate16(zTarget,UUID_SIZE) ){
954		- if( g.okHistory && g.okRdTkt ){
	954	+ if( g.perm.History && g.perm.RdTkt ){
955	955	@ ticket [<a href="%s(g.zTop)/tktview?name=%S(zTarget)">%S(zTarget)</a>]
956	956	}else{
957	957	@ ticket [%S(zTarget)]
958	958	}
959	959	}else{
960		- if( g.okHistory && g.okRdWiki ){
	960	+ if( g.perm.History && g.perm.RdWiki ){
961	961	@ wiki page [<a href="%s(g.zTop)/wiki?name=%t(zTarget)">%h(zTarget)</a>]
962	962	}else{
963	963	@ wiki page [%h(zTarget)]
964	964	}
965	965	}
		@@ -975,11 +975,11 @@
975	975	if( cnt==0 ){
976	976	@ Control artifact.
977	977	if( pDownloadName && blob_size(pDownloadName)==0 ){
978	978	blob_appendf(pDownloadName, "%.10s.txt", zUuid);
979	979	}
980		- }else if( linkToView && g.okHistory ){
	980	+ }else if( linkToView && g.perm.History ){
981	981	@ <a href="%s(g.zTop)/artifact/%S(zUuid)">[view]</a>
982	982	}
983	983	}
984	984
985	985
		@@ -997,11 +997,11 @@
997	997	Blob c1, c2, diff, *pOut;
998	998	char *zV1;
999	999	char *zV2;
1000	1000
1001	1001	login_check_credentials();
1002		- if( !g.okRead ){ login_needed(); return; }
	1002	+ if( !g.perm.Read ){ login_needed(); return; }
1003	1003	v1 = name_to_rid_www("v1");
1004	1004	v2 = name_to_rid_www("v2");
1005	1005	if( v1==0 \|\| v2==0 ) fossil_redirect_home();
1006	1006	zV1 = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", v1);
1007	1007	zV2 = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", v2);
		@@ -1049,11 +1049,11 @@
1049	1049	Blob content;
1050	1050
1051	1051	rid = name_to_rid_www("name");
1052	1052	zMime = PD("m","application/x-fossil-artifact");
1053	1053	login_check_credentials();
1054		- if( !g.okRead ){ login_needed(); return; }
	1054	+ if( !g.perm.Read ){ login_needed(); return; }
1055	1055	if( rid==0 ) fossil_redirect_home();
1056	1056	content_get(rid, &content);
1057	1057	cgi_set_content_type(zMime);
1058	1058	cgi_set_content(&content);
1059	1059	}
		@@ -1122,13 +1122,13 @@
1122	1122	Blob downloadName;
1123	1123	char *zUuid;
1124	1124
1125	1125	rid = name_to_rid_www("name");
1126	1126	login_check_credentials();
1127		- if( !g.okRead ){ login_needed(); return; }
	1127	+ if( !g.perm.Read ){ login_needed(); return; }
1128	1128	if( rid==0 ) fossil_redirect_home();
1129		- if( g.okAdmin ){
	1129	+ if( g.perm.Admin ){
1130	1130	const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1131	1131	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1132	1132	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1133	1133	g.zTop, zUuid);
1134	1134	}else{
		@@ -1269,13 +1269,13 @@
1269	1269	if( rid==0 ){
1270	1270	rid = name_to_rid_www("name");
1271	1271	}
1272	1272
1273	1273	login_check_credentials();
1274		- if( !g.okRead ){ login_needed(); return; }
	1274	+ if( !g.perm.Read ){ login_needed(); return; }
1275	1275	if( rid==0 ) fossil_redirect_home();
1276		- if( g.okAdmin ){
	1276	+ if( g.perm.Admin ){
1277	1277	const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1278	1278	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1279	1279	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1280	1280	g.zTop, zUuid);
1281	1281	}else{
		@@ -1356,15 +1356,15 @@
1356	1356	const char *zUuid;
1357	1357	char zTktName[20];
1358	1358	Manifest *pTktChng;
1359	1359
1360	1360	login_check_credentials();
1361		- if( !g.okRdTkt ){ login_needed(); return; }
	1361	+ if( !g.perm.RdTkt ){ login_needed(); return; }
1362	1362	rid = name_to_rid_www("name");
1363	1363	if( rid==0 ){ fossil_redirect_home(); }
1364	1364	zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1365		- if( g.okAdmin ){
	1365	+ if( g.perm.Admin ){
1366	1366	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1367	1367	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1368	1368	g.zTop, zUuid);
1369	1369	}else{
1370	1370	style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
		@@ -1377,11 +1377,11 @@
1377	1377	}
1378	1378	style_header("Ticket Change Details");
1379	1379	zDate = db_text(0, "SELECT datetime(%.12f)", pTktChng->rDate);
1380	1380	memcpy(zTktName, pTktChng->zTicketUuid, 10);
1381	1381	zTktName[10] = 0;
1382		- if( g.okHistory ){
	1382	+ if( g.perm.History ){
1383	1383	@ <h2>Changes to ticket
1384	1384	@ <a href="%s(pTktChng->zTicketUuid)">%s(zTktName)</a></h2>
1385	1385	@
1386	1386	@ <p>By %h(pTktChng->zUser) on %s(zDate). See also:
1387	1387	@ <a href="%s(g.zTop)/artifact/%T(zUuid)">artifact content</a>, and
		@@ -1617,11 +1617,11 @@
1617	1617	char *zUuid;
1618	1618	Blob comment;
1619	1619	Stmt q;
1620	1620
1621	1621	login_check_credentials();
1622		- if( !g.okWrite ){ login_needed(); return; }
	1622	+ if( !g.perm.Write ){ login_needed(); return; }
1623	1623	rid = name_to_typed_rid(P("r"), "ci");
1624	1624	zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid);
1625	1625	zComment = db_text(0, "SELECT coalesce(ecomment,comment)"
1626	1626	" FROM event WHERE objid=%d", rid);
1627	1627	if( zComment==0 ) fossil_redirect_home();
1628	1628

	--- src/info.c
	+++ src/info.c
	@@ -289,11 +289,11 @@
289	const char zNew, / blob.uuid after change. NULL for deletes */
290	const char zOldName, / Prior name. NULL if no name change. */
291	int showDiff, /* Show edit diffs if true */
292	int mperm /* executable or symlink permission for zNew */
293	){
294	if( !g.okHistory ){
295	if( zNew==0 ){
296	@ <p>Deleted %h(zName)</p>
297	}else if( zOld==0 ){
298	@ <p>Added %h(zName)</p>
299	}else if( zOldName!=0 && fossil_strcmp(zName,zOldName)!=0 ){
	@@ -366,11 +366,11 @@
366	const char zName; / Name of the checkin to be displayed */
367	const char zUuid; / UUID of zName */
368	const char zParent; / UUID of the parent checkin (if any) */
369
370	login_check_credentials();
371	if( !g.okRead ){ login_needed(); return; }
372	zName = P("name");
373	rid = name_to_rid_www("name");
374	if( rid==0 ){
375	style_header("Check-in Information Error");
376	@ No such object: %h(g.argv[2])
	@@ -414,11 +414,11 @@
414	zDate = db_column_text(&q,1);
415	zOrigDate = db_column_text(&q, 4);
416	@ <div class="section">Overview</div>
417	@ <table class="label-value">
418	@ <tr><th>SHA1 Hash:</th><td>%s(zUuid)
419	if( g.okSetup ){
420	@ (Record ID: %d(rid))
421	}
422	@ </td></tr>
423	@ <tr><th>Date:</th><td>
424	hyperlink_to_date(zDate, "</td></tr>");
	@@ -439,11 +439,11 @@
439	@ <tr><th>Edited Comment:</th><td>%w(zEComment)</td></tr>
440	@ <tr><th>Original Comment:</th><td>%w(zComment)</td></tr>
441	}else{
442	@ <tr><th>Comment:</th><td>%w(zComment)</td></tr>
443	}
444	if( g.okAdmin ){
445	db_prepare(&q,
446	"SELECT rcvfrom.ipaddr, user.login, datetime(rcvfrom.mtime)"
447	" FROM blob JOIN rcvfrom USING(rcvid) LEFT JOIN user USING(uid)"
448	" WHERE blob.rid=%d",
449	rid
	@@ -456,11 +456,11 @@
456	@ <tr><th>Received From:</th>
457	@ <td>%h(zUser) @ %h(zIpAddr) on %s(zDate)</td></tr>
458	}
459	db_finalize(&q);
460	}
461	if( g.okHistory ){
462	const char *zProjName = db_get("project-name", "unnamed");
463	@ <tr><th>Timelines:</th><td>
464	@ <a href="%s(g.zTop)/timeline?f=%S(zUuid)">family</a>
465	if( zParent ){
466	@ \| <a href="%s(g.zTop)/timeline?p=%S(zUuid)">ancestors</a>
	@@ -482,20 +482,20 @@
482	db_finalize(&q);
483	@ </td></tr>
484	@ <tr><th>Other Links:</th>
485	@ <td>
486	@ <a href="%s(g.zTop)/dir?ci=%S(zUuid)">files</a>
487	if( g.okZip ){
488	char *zUrl = mprintf("%s/tarball/%s-%S.tar.gz?uuid=%s",
489	g.zTop, zProjName, zUuid, zUuid);
490	@ \| <a href="%s(zUrl)">Tarball</a>
491	@ \| <a href="%s(g.zTop)/zip/%s(zProjName)-%S(zUuid).zip?uuid=%s(zUuid)">
492	@ ZIP archive</a>
493	fossil_free(zUrl);
494	}
495	@ \| <a href="%s(g.zTop)/artifact/%S(zUuid)">manifest</a>
496	if( g.okWrite ){
497	@ \| <a href="%s(g.zTop)/ci_edit?r=%S(zUuid)">edit</a>
498	}
499	@ </td>
500	@ </tr>
501	}
	@@ -558,11 +558,11 @@
558	void winfo_page(void){
559	Stmt q;
560	int rid;
561
562	login_check_credentials();
563	if( !g.okRdWiki ){ login_needed(); return; }
564	rid = name_to_rid_www("name");
565	if( rid==0 ){
566	style_header("Wiki Page Information Error");
567	@ No such object: %h(g.argv[2])
568	style_footer();
	@@ -591,16 +591,16 @@
591	@ <div class="section">Overview</div>
592	@ <p><table class="label-value">
593	@ <tr><th>Version:</th><td>%s(zUuid)</td></tr>
594	@ <tr><th>Date:</th><td>
595	hyperlink_to_date(zDate, "</td></tr>");
596	if( g.okSetup ){
597	@ <tr><th>Record ID:</th><td>%d(rid)</td></tr>
598	}
599	@ <tr><th>Original User:</th><td>
600	hyperlink_to_user(zUser, zDate, "</td></tr>");
601	if( g.okHistory ){
602	@ <tr><th>Commands:</th>
603	@ <td>
604	@ <a href="%s(g.zTop)/whistory?name=%t(zName)">history</a>
605	@ \| <a href="%s(g.zTop)/artifact/%S(zUuid)">raw-text</a>
606	@ </td>
	@@ -701,11 +701,11 @@
701	int showDetail = 0;
702	Manifest pFrom, pTo;
703	ManifestFile pFileFrom, pFileTo;
704
705	login_check_credentials();
706	if( !g.okRead ){ login_needed(); return; }
707	login_anonymous_available();
708
709	pFrom = vdiff_parse_manifest("from", &ridFrom);
710	if( pFrom==0 ) return;
711	pTo = vdiff_parse_manifest("to", &ridTo);
	@@ -820,11 +820,11 @@
820	}else if( mPerm==PERM_EXE ){
821	@ <li>Executable file
822	}else{
823	@ <li>File
824	}
825	if( g.okHistory ){
826	@ <a href="%s(g.zTop)/finfo?name=%T(zName)">%h(zName)</a>
827	}else{
828	@ %h(zName)
829	}
830	@ <ul>
	@@ -833,20 +833,20 @@
833	@ <li>
834	hyperlink_to_date(zDate,"");
835	@ - part of checkin
836	hyperlink_to_uuid(zVers);
837	if( zBr && zBr[0] ){
838	if( g.okHistory ){
839	@ on branch <a href="%s(g.zTop)/timeline?r=%T(zBr)">%h(zBr)</a>
840	}else{
841	@ on branch %h(zBr)
842	}
843	}
844	@ - %w(zCom) (user:
845	hyperlink_to_user(zUser,zDate,"");
846	@ )
847	if( g.okHistory ){
848	@ <a href="%s(g.zTop)/annotate?checkin=%S(zVers)&filename=%T(zName)">
849	@ [annotate]</a>
850	}
851	cnt++;
852	if( pDownloadName && blob_size(pDownloadName)==0 ){
	@@ -873,11 +873,11 @@
873	if( cnt>0 ){
874	@ Also wiki page
875	}else{
876	@ Wiki page
877	}
878	if( g.okHistory ){
879	@ [<a href="%s(g.zTop)/wiki?name=%t(zPagename)">%h(zPagename)</a>]
880	}else{
881	@ [%h(zPagename)]
882	}
883	@ by
	@@ -949,17 +949,17 @@
949	@ Also attachment "%h(zFilename)" to
950	}else{
951	@ Attachment "%h(zFilename)" to
952	}
953	if( strlen(zTarget)==UUID_SIZE && validate16(zTarget,UUID_SIZE) ){
954	if( g.okHistory && g.okRdTkt ){
955	@ ticket [<a href="%s(g.zTop)/tktview?name=%S(zTarget)">%S(zTarget)</a>]
956	}else{
957	@ ticket [%S(zTarget)]
958	}
959	}else{
960	if( g.okHistory && g.okRdWiki ){
961	@ wiki page [<a href="%s(g.zTop)/wiki?name=%t(zTarget)">%h(zTarget)</a>]
962	}else{
963	@ wiki page [%h(zTarget)]
964	}
965	}
	@@ -975,11 +975,11 @@
975	if( cnt==0 ){
976	@ Control artifact.
977	if( pDownloadName && blob_size(pDownloadName)==0 ){
978	blob_appendf(pDownloadName, "%.10s.txt", zUuid);
979	}
980	}else if( linkToView && g.okHistory ){
981	@ <a href="%s(g.zTop)/artifact/%S(zUuid)">[view]</a>
982	}
983	}
984
985
	@@ -997,11 +997,11 @@
997	Blob c1, c2, diff, *pOut;
998	char *zV1;
999	char *zV2;
1000
1001	login_check_credentials();
1002	if( !g.okRead ){ login_needed(); return; }
1003	v1 = name_to_rid_www("v1");
1004	v2 = name_to_rid_www("v2");
1005	if( v1==0 \|\| v2==0 ) fossil_redirect_home();
1006	zV1 = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", v1);
1007	zV2 = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", v2);
	@@ -1049,11 +1049,11 @@
1049	Blob content;
1050
1051	rid = name_to_rid_www("name");
1052	zMime = PD("m","application/x-fossil-artifact");
1053	login_check_credentials();
1054	if( !g.okRead ){ login_needed(); return; }
1055	if( rid==0 ) fossil_redirect_home();
1056	content_get(rid, &content);
1057	cgi_set_content_type(zMime);
1058	cgi_set_content(&content);
1059	}
	@@ -1122,13 +1122,13 @@
1122	Blob downloadName;
1123	char *zUuid;
1124
1125	rid = name_to_rid_www("name");
1126	login_check_credentials();
1127	if( !g.okRead ){ login_needed(); return; }
1128	if( rid==0 ) fossil_redirect_home();
1129	if( g.okAdmin ){
1130	const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1131	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1132	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1133	g.zTop, zUuid);
1134	}else{
	@@ -1269,13 +1269,13 @@
1269	if( rid==0 ){
1270	rid = name_to_rid_www("name");
1271	}
1272
1273	login_check_credentials();
1274	if( !g.okRead ){ login_needed(); return; }
1275	if( rid==0 ) fossil_redirect_home();
1276	if( g.okAdmin ){
1277	const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1278	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1279	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1280	g.zTop, zUuid);
1281	}else{
	@@ -1356,15 +1356,15 @@
1356	const char *zUuid;
1357	char zTktName[20];
1358	Manifest *pTktChng;
1359
1360	login_check_credentials();
1361	if( !g.okRdTkt ){ login_needed(); return; }
1362	rid = name_to_rid_www("name");
1363	if( rid==0 ){ fossil_redirect_home(); }
1364	zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1365	if( g.okAdmin ){
1366	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1367	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1368	g.zTop, zUuid);
1369	}else{
1370	style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
	@@ -1377,11 +1377,11 @@
1377	}
1378	style_header("Ticket Change Details");
1379	zDate = db_text(0, "SELECT datetime(%.12f)", pTktChng->rDate);
1380	memcpy(zTktName, pTktChng->zTicketUuid, 10);
1381	zTktName[10] = 0;
1382	if( g.okHistory ){
1383	@ <h2>Changes to ticket
1384	@ <a href="%s(pTktChng->zTicketUuid)">%s(zTktName)</a></h2>
1385	@
1386	@ <p>By %h(pTktChng->zUser) on %s(zDate). See also:
1387	@ <a href="%s(g.zTop)/artifact/%T(zUuid)">artifact content</a>, and
	@@ -1617,11 +1617,11 @@
1617	char *zUuid;
1618	Blob comment;
1619	Stmt q;
1620
1621	login_check_credentials();
1622	if( !g.okWrite ){ login_needed(); return; }
1623	rid = name_to_typed_rid(P("r"), "ci");
1624	zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid);
1625	zComment = db_text(0, "SELECT coalesce(ecomment,comment)"
1626	" FROM event WHERE objid=%d", rid);
1627	if( zComment==0 ) fossil_redirect_home();
1628

	--- src/info.c
	+++ src/info.c
	@@ -289,11 +289,11 @@
289	const char zNew, / blob.uuid after change. NULL for deletes */
290	const char zOldName, / Prior name. NULL if no name change. */
291	int showDiff, /* Show edit diffs if true */
292	int mperm /* executable or symlink permission for zNew */
293	){
294	if( !g.perm.History ){
295	if( zNew==0 ){
296	@ <p>Deleted %h(zName)</p>
297	}else if( zOld==0 ){
298	@ <p>Added %h(zName)</p>
299	}else if( zOldName!=0 && fossil_strcmp(zName,zOldName)!=0 ){
	@@ -366,11 +366,11 @@
366	const char zName; / Name of the checkin to be displayed */
367	const char zUuid; / UUID of zName */
368	const char zParent; / UUID of the parent checkin (if any) */
369
370	login_check_credentials();
371	if( !g.perm.Read ){ login_needed(); return; }
372	zName = P("name");
373	rid = name_to_rid_www("name");
374	if( rid==0 ){
375	style_header("Check-in Information Error");
376	@ No such object: %h(g.argv[2])
	@@ -414,11 +414,11 @@
414	zDate = db_column_text(&q,1);
415	zOrigDate = db_column_text(&q, 4);
416	@ <div class="section">Overview</div>
417	@ <table class="label-value">
418	@ <tr><th>SHA1 Hash:</th><td>%s(zUuid)
419	if( g.perm.Setup ){
420	@ (Record ID: %d(rid))
421	}
422	@ </td></tr>
423	@ <tr><th>Date:</th><td>
424	hyperlink_to_date(zDate, "</td></tr>");
	@@ -439,11 +439,11 @@
439	@ <tr><th>Edited Comment:</th><td>%w(zEComment)</td></tr>
440	@ <tr><th>Original Comment:</th><td>%w(zComment)</td></tr>
441	}else{
442	@ <tr><th>Comment:</th><td>%w(zComment)</td></tr>
443	}
444	if( g.perm.Admin ){
445	db_prepare(&q,
446	"SELECT rcvfrom.ipaddr, user.login, datetime(rcvfrom.mtime)"
447	" FROM blob JOIN rcvfrom USING(rcvid) LEFT JOIN user USING(uid)"
448	" WHERE blob.rid=%d",
449	rid
	@@ -456,11 +456,11 @@
456	@ <tr><th>Received From:</th>
457	@ <td>%h(zUser) @ %h(zIpAddr) on %s(zDate)</td></tr>
458	}
459	db_finalize(&q);
460	}
461	if( g.perm.History ){
462	const char *zProjName = db_get("project-name", "unnamed");
463	@ <tr><th>Timelines:</th><td>
464	@ <a href="%s(g.zTop)/timeline?f=%S(zUuid)">family</a>
465	if( zParent ){
466	@ \| <a href="%s(g.zTop)/timeline?p=%S(zUuid)">ancestors</a>
	@@ -482,20 +482,20 @@
482	db_finalize(&q);
483	@ </td></tr>
484	@ <tr><th>Other Links:</th>
485	@ <td>
486	@ <a href="%s(g.zTop)/dir?ci=%S(zUuid)">files</a>
487	if( g.perm.Zip ){
488	char *zUrl = mprintf("%s/tarball/%s-%S.tar.gz?uuid=%s",
489	g.zTop, zProjName, zUuid, zUuid);
490	@ \| <a href="%s(zUrl)">Tarball</a>
491	@ \| <a href="%s(g.zTop)/zip/%s(zProjName)-%S(zUuid).zip?uuid=%s(zUuid)">
492	@ ZIP archive</a>
493	fossil_free(zUrl);
494	}
495	@ \| <a href="%s(g.zTop)/artifact/%S(zUuid)">manifest</a>
496	if( g.perm.Write ){
497	@ \| <a href="%s(g.zTop)/ci_edit?r=%S(zUuid)">edit</a>
498	}
499	@ </td>
500	@ </tr>
501	}
	@@ -558,11 +558,11 @@
558	void winfo_page(void){
559	Stmt q;
560	int rid;
561
562	login_check_credentials();
563	if( !g.perm.RdWiki ){ login_needed(); return; }
564	rid = name_to_rid_www("name");
565	if( rid==0 ){
566	style_header("Wiki Page Information Error");
567	@ No such object: %h(g.argv[2])
568	style_footer();
	@@ -591,16 +591,16 @@
591	@ <div class="section">Overview</div>
592	@ <p><table class="label-value">
593	@ <tr><th>Version:</th><td>%s(zUuid)</td></tr>
594	@ <tr><th>Date:</th><td>
595	hyperlink_to_date(zDate, "</td></tr>");
596	if( g.perm.Setup ){
597	@ <tr><th>Record ID:</th><td>%d(rid)</td></tr>
598	}
599	@ <tr><th>Original User:</th><td>
600	hyperlink_to_user(zUser, zDate, "</td></tr>");
601	if( g.perm.History ){
602	@ <tr><th>Commands:</th>
603	@ <td>
604	@ <a href="%s(g.zTop)/whistory?name=%t(zName)">history</a>
605	@ \| <a href="%s(g.zTop)/artifact/%S(zUuid)">raw-text</a>
606	@ </td>
	@@ -701,11 +701,11 @@
701	int showDetail = 0;
702	Manifest pFrom, pTo;
703	ManifestFile pFileFrom, pFileTo;
704
705	login_check_credentials();
706	if( !g.perm.Read ){ login_needed(); return; }
707	login_anonymous_available();
708
709	pFrom = vdiff_parse_manifest("from", &ridFrom);
710	if( pFrom==0 ) return;
711	pTo = vdiff_parse_manifest("to", &ridTo);
	@@ -820,11 +820,11 @@
820	}else if( mPerm==PERM_EXE ){
821	@ <li>Executable file
822	}else{
823	@ <li>File
824	}
825	if( g.perm.History ){
826	@ <a href="%s(g.zTop)/finfo?name=%T(zName)">%h(zName)</a>
827	}else{
828	@ %h(zName)
829	}
830	@ <ul>
	@@ -833,20 +833,20 @@
833	@ <li>
834	hyperlink_to_date(zDate,"");
835	@ - part of checkin
836	hyperlink_to_uuid(zVers);
837	if( zBr && zBr[0] ){
838	if( g.perm.History ){
839	@ on branch <a href="%s(g.zTop)/timeline?r=%T(zBr)">%h(zBr)</a>
840	}else{
841	@ on branch %h(zBr)
842	}
843	}
844	@ - %w(zCom) (user:
845	hyperlink_to_user(zUser,zDate,"");
846	@ )
847	if( g.perm.History ){
848	@ <a href="%s(g.zTop)/annotate?checkin=%S(zVers)&filename=%T(zName)">
849	@ [annotate]</a>
850	}
851	cnt++;
852	if( pDownloadName && blob_size(pDownloadName)==0 ){
	@@ -873,11 +873,11 @@
873	if( cnt>0 ){
874	@ Also wiki page
875	}else{
876	@ Wiki page
877	}
878	if( g.perm.History ){
879	@ [<a href="%s(g.zTop)/wiki?name=%t(zPagename)">%h(zPagename)</a>]
880	}else{
881	@ [%h(zPagename)]
882	}
883	@ by
	@@ -949,17 +949,17 @@
949	@ Also attachment "%h(zFilename)" to
950	}else{
951	@ Attachment "%h(zFilename)" to
952	}
953	if( strlen(zTarget)==UUID_SIZE && validate16(zTarget,UUID_SIZE) ){
954	if( g.perm.History && g.perm.RdTkt ){
955	@ ticket [<a href="%s(g.zTop)/tktview?name=%S(zTarget)">%S(zTarget)</a>]
956	}else{
957	@ ticket [%S(zTarget)]
958	}
959	}else{
960	if( g.perm.History && g.perm.RdWiki ){
961	@ wiki page [<a href="%s(g.zTop)/wiki?name=%t(zTarget)">%h(zTarget)</a>]
962	}else{
963	@ wiki page [%h(zTarget)]
964	}
965	}
	@@ -975,11 +975,11 @@
975	if( cnt==0 ){
976	@ Control artifact.
977	if( pDownloadName && blob_size(pDownloadName)==0 ){
978	blob_appendf(pDownloadName, "%.10s.txt", zUuid);
979	}
980	}else if( linkToView && g.perm.History ){
981	@ <a href="%s(g.zTop)/artifact/%S(zUuid)">[view]</a>
982	}
983	}
984
985
	@@ -997,11 +997,11 @@
997	Blob c1, c2, diff, *pOut;
998	char *zV1;
999	char *zV2;
1000
1001	login_check_credentials();
1002	if( !g.perm.Read ){ login_needed(); return; }
1003	v1 = name_to_rid_www("v1");
1004	v2 = name_to_rid_www("v2");
1005	if( v1==0 \|\| v2==0 ) fossil_redirect_home();
1006	zV1 = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", v1);
1007	zV2 = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", v2);
	@@ -1049,11 +1049,11 @@
1049	Blob content;
1050
1051	rid = name_to_rid_www("name");
1052	zMime = PD("m","application/x-fossil-artifact");
1053	login_check_credentials();
1054	if( !g.perm.Read ){ login_needed(); return; }
1055	if( rid==0 ) fossil_redirect_home();
1056	content_get(rid, &content);
1057	cgi_set_content_type(zMime);
1058	cgi_set_content(&content);
1059	}
	@@ -1122,13 +1122,13 @@
1122	Blob downloadName;
1123	char *zUuid;
1124
1125	rid = name_to_rid_www("name");
1126	login_check_credentials();
1127	if( !g.perm.Read ){ login_needed(); return; }
1128	if( rid==0 ) fossil_redirect_home();
1129	if( g.perm.Admin ){
1130	const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1131	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1132	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1133	g.zTop, zUuid);
1134	}else{
	@@ -1269,13 +1269,13 @@
1269	if( rid==0 ){
1270	rid = name_to_rid_www("name");
1271	}
1272
1273	login_check_credentials();
1274	if( !g.perm.Read ){ login_needed(); return; }
1275	if( rid==0 ) fossil_redirect_home();
1276	if( g.perm.Admin ){
1277	const char *zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1278	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1279	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1280	g.zTop, zUuid);
1281	}else{
	@@ -1356,15 +1356,15 @@
1356	const char *zUuid;
1357	char zTktName[20];
1358	Manifest *pTktChng;
1359
1360	login_check_credentials();
1361	if( !g.perm.RdTkt ){ login_needed(); return; }
1362	rid = name_to_rid_www("name");
1363	if( rid==0 ){ fossil_redirect_home(); }
1364	zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", rid);
1365	if( g.perm.Admin ){
1366	if( db_exists("SELECT 1 FROM shun WHERE uuid='%s'", zUuid) ){
1367	style_submenu_element("Unshun","Unshun", "%s/shun?uuid=%s&sub=1",
1368	g.zTop, zUuid);
1369	}else{
1370	style_submenu_element("Shun","Shun", "%s/shun?shun=%s#addshun",
	@@ -1377,11 +1377,11 @@
1377	}
1378	style_header("Ticket Change Details");
1379	zDate = db_text(0, "SELECT datetime(%.12f)", pTktChng->rDate);
1380	memcpy(zTktName, pTktChng->zTicketUuid, 10);
1381	zTktName[10] = 0;
1382	if( g.perm.History ){
1383	@ <h2>Changes to ticket
1384	@ <a href="%s(pTktChng->zTicketUuid)">%s(zTktName)</a></h2>
1385	@
1386	@ <p>By %h(pTktChng->zUser) on %s(zDate). See also:
1387	@ <a href="%s(g.zTop)/artifact/%T(zUuid)">artifact content</a>, and
	@@ -1617,11 +1617,11 @@
1617	char *zUuid;
1618	Blob comment;
1619	Stmt q;
1620
1621	login_check_credentials();
1622	if( !g.perm.Write ){ login_needed(); return; }
1623	rid = name_to_typed_rid(P("r"), "ci");
1624	zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid);
1625	zComment = db_text(0, "SELECT coalesce(ecomment,comment)"
1626	" FROM event WHERE objid=%d", rid);
1627	if( zComment==0 ) fossil_redirect_home();
1628

M src/login.c

+55 -76

		--- src/login.c
		+++ src/login.c
		@@ -226,11 +226,11 @@
226	226	/* To logout, change the cookie value to an empty string */
227	227	const char *zCookieName = login_cookie_name();
228	228	cgi_set_cookie(zCookieName, "", login_cookie_path(), -86400);
229	229	redirect_to_g();
230	230	}
231		- if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
	231	+ if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
232	232	/* The user requests a password change */
233	233	zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
234	234	if( db_int(1, "SELECT 0 FROM user"
235	235	" WHERE uid=%d AND (pw=%Q OR pw=%Q)",
236	236	g.userUid, zPasswd, zSha1Pw) ){
		@@ -431,11 +431,11 @@
431	431	@ <p>To log off the system (and delete your login cookie)
432	432	@ press the following button:<br />
433	433	@ <input type="submit" name="out" value="Logout" /></p>
434	434	}
435	435	@ </form>
436		- if( g.okPassword ){
	436	+ if( g.perm.Password ){
437	437	@ <hr />
438	438	@ <p>To change your password, enter your old password and your
439	439	@ new password twice below then press the "Change Password"
440	440	@ button.</p>
441	441	@ <form action="login" method="post">
		@@ -541,11 +541,11 @@
541	541
542	542	/*
543	543	** This routine examines the login cookie to see if it exists and
544	544	** and is valid. If the login cookie checks out, it then sets
545	545	** global variables appropriately. Global variables set include
546		-** g.userUid and g.zLogin and of the g.okRead family of permission
	546	+** g.userUid and g.zLogin and of the g.perm.Read family of permission
547	547	** booleans.
548	548	**
549	549	*/
550	550	void login_check_credentials(void){
551	551	int uid = 0; /* User id */
		@@ -725,40 +725,40 @@
725	725	*/
726	726	void login_set_capabilities(const char *zCap, unsigned flags){
727	727	int i;
728	728	for(i=0; zCap[i]; i++){
729	729	switch( zCap[i] ){
730		- case 's': g.okSetup = 1; /* Fall thru into Admin */
731		- case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip =
732		- g.okRdWiki = g.okWrWiki = g.okNewWiki =
733		- g.okApndWiki = g.okHistory = g.okClone =
734		- g.okNewTkt = g.okPassword = g.okRdAddr =
735		- g.okTktFmt = g.okAttach = g.okApndTkt = 1;
	730	+ case 's': g.perm.Setup = 1; /* Fall thru into Admin */
	731	+ case 'a': g.perm.Admin = g.perm.RdTkt = g.perm.WrTkt = g.perm.Zip =
	732	+ g.perm.RdWiki = g.perm.WrWiki = g.perm.NewWiki =
	733	+ g.perm.ApndWiki = g.perm.History = g.perm.Clone =
	734	+ g.perm.NewTkt = g.perm.Password = g.perm.RdAddr =
	735	+ g.perm.TktFmt = g.perm.Attach = g.perm.ApndTkt = 1;
736	736	/* Fall thru into Read/Write */
737		- case 'i': g.okRead = g.okWrite = 1; break;
738		- case 'o': g.okRead = 1; break;
739		- case 'z': g.okZip = 1; break;
740		-
741		- case 'd': g.okDelete = 1; break;
742		- case 'h': g.okHistory = 1; break;
743		- case 'g': g.okClone = 1; break;
744		- case 'p': g.okPassword = 1; break;
745		-
746		- case 'j': g.okRdWiki = 1; break;
747		- case 'k': g.okWrWiki = g.okRdWiki = g.okApndWiki =1; break;
748		- case 'm': g.okApndWiki = 1; break;
749		- case 'f': g.okNewWiki = 1; break;
750		-
751		- case 'e': g.okRdAddr = 1; break;
752		- case 'r': g.okRdTkt = 1; break;
753		- case 'n': g.okNewTkt = 1; break;
754		- case 'w': g.okWrTkt = g.okRdTkt = g.okNewTkt =
755		- g.okApndTkt = 1; break;
756		- case 'c': g.okApndTkt = 1; break;
757		- case 't': g.okTktFmt = 1; break;
758		- case 'b': g.okAttach = 1; break;
759		- case 'x': g.okPrivate = 1; break;
	737	+ case 'i': g.perm.Read = g.perm.Write = 1; break;
	738	+ case 'o': g.perm.Read = 1; break;
	739	+ case 'z': g.perm.Zip = 1; break;
	740	+
	741	+ case 'd': g.perm.Delete = 1; break;
	742	+ case 'h': g.perm.History = 1; break;
	743	+ case 'g': g.perm.Clone = 1; break;
	744	+ case 'p': g.perm.Password = 1; break;
	745	+
	746	+ case 'j': g.perm.RdWiki = 1; break;
	747	+ case 'k': g.perm.WrWiki = g.perm.RdWiki = g.perm.ApndWiki =1; break;
	748	+ case 'm': g.perm.ApndWiki = 1; break;
	749	+ case 'f': g.perm.NewWiki = 1; break;
	750	+
	751	+ case 'e': g.perm.RdAddr = 1; break;
	752	+ case 'r': g.perm.RdTkt = 1; break;
	753	+ case 'n': g.perm.NewTkt = 1; break;
	754	+ case 'w': g.perm.WrTkt = g.perm.RdTkt = g.perm.NewTkt =
	755	+ g.perm.ApndTkt = 1; break;
	756	+ case 'c': g.perm.ApndTkt = 1; break;
	757	+ case 't': g.perm.TktFmt = 1; break;
	758	+ case 'b': g.perm.Attach = 1; break;
	759	+ case 'x': g.perm.Private = 1; break;
760	760
761	761	/* The "u" privileges is a little different. It recursively
762	762	** inherits all privileges of the user named "reader" */
763	763	case 'u': {
764	764	if( (flags & LOGIN_IGNORE_U)==0 ){
		@@ -792,36 +792,36 @@
792	792	int i;
793	793	int rc = 1;
794	794	if( nCap<0 ) nCap = strlen(zCap);
795	795	for(i=0; i<nCap && rc && zCap[i]; i++){
796	796	switch( zCap[i] ){
797		- case 'a': rc = g.okAdmin; break;
798		- case 'b': rc = g.okAttach; break;
799		- case 'c': rc = g.okApndTkt; break;
800		- case 'd': rc = g.okDelete; break;
801		- case 'e': rc = g.okRdAddr; break;
802		- case 'f': rc = g.okNewWiki; break;
803		- case 'g': rc = g.okClone; break;
804		- case 'h': rc = g.okHistory; break;
805		- case 'i': rc = g.okWrite; break;
806		- case 'j': rc = g.okRdWiki; break;
807		- case 'k': rc = g.okWrWiki; break;
	797	+ case 'a': rc = g.perm.Admin; break;
	798	+ case 'b': rc = g.perm.Attach; break;
	799	+ case 'c': rc = g.perm.ApndTkt; break;
	800	+ case 'd': rc = g.perm.Delete; break;
	801	+ case 'e': rc = g.perm.RdAddr; break;
	802	+ case 'f': rc = g.perm.NewWiki; break;
	803	+ case 'g': rc = g.perm.Clone; break;
	804	+ case 'h': rc = g.perm.History; break;
	805	+ case 'i': rc = g.perm.Write; break;
	806	+ case 'j': rc = g.perm.RdWiki; break;
	807	+ case 'k': rc = g.perm.WrWiki; break;
808	808	/* case 'l': */
809		- case 'm': rc = g.okApndWiki; break;
810		- case 'n': rc = g.okNewTkt; break;
811		- case 'o': rc = g.okRead; break;
812		- case 'p': rc = g.okPassword; break;
	809	+ case 'm': rc = g.perm.ApndWiki; break;
	810	+ case 'n': rc = g.perm.NewTkt; break;
	811	+ case 'o': rc = g.perm.Read; break;
	812	+ case 'p': rc = g.perm.Password; break;
813	813	/* case 'q': */
814		- case 'r': rc = g.okRdTkt; break;
815		- case 's': rc = g.okSetup; break;
816		- case 't': rc = g.okTktFmt; break;
	814	+ case 'r': rc = g.perm.RdTkt; break;
	815	+ case 's': rc = g.perm.Setup; break;
	816	+ case 't': rc = g.perm.TktFmt; break;
817	817	/* case 'u': READER */
818	818	/* case 'v': DEVELOPER */
819		- case 'w': rc = g.okWrTkt; break;
820		- case 'x': rc = g.okPrivate; break;
	819	+ case 'w': rc = g.perm.WrTkt; break;
	820	+ case 'x': rc = g.perm.Private; break;
821	821	/* case 'y': */
822		- case 'z': rc = g.okZip; break;
	822	+ case 'z': rc = g.perm.Zip; break;
823	823	default: rc = 0; break;
824	824	}
825	825	}
826	826	return rc;
827	827	}
		@@ -831,32 +831,11 @@
831	831	*/
832	832	void login_as_user(const char *zUser){
833	833	char zCap = ""; / New capabilities */
834	834
835	835	/* Turn off all capabilities from prior logins */
836		- g.okSetup = 0;
837		- g.okAdmin = 0;
838		- g.okDelete = 0;
839		- g.okPassword = 0;
840		- g.okQuery = 0;
841		- g.okWrite = 0;
842		- g.okRead = 0;
843		- g.okHistory = 0;
844		- g.okClone = 0;
845		- g.okRdWiki = 0;
846		- g.okNewWiki = 0;
847		- g.okApndWiki = 0;
848		- g.okWrWiki = 0;
849		- g.okRdTkt = 0;
850		- g.okNewTkt = 0;
851		- g.okApndTkt = 0;
852		- g.okWrTkt = 0;
853		- g.okAttach = 0;
854		- g.okTktFmt = 0;
855		- g.okRdAddr = 0;
856		- g.okZip = 0;
857		- g.okPrivate = 0;
	836	+ memset( &g.perm, 0, sizeof(g.perm) );
858	837
859	838	/* Set the global variables recording the userid and login. The
860	839	** "nobody" user is a special case in that g.zLogin==0.
861	840	*/
862	841	g.userUid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUser);
		@@ -892,11 +871,11 @@
892	871	** the anonymous user has okHistory permission, then paint a mesage
893	872	** to inform the user that much more information is available by
894	873	** logging in as anonymous.
895	874	*/
896	875	void login_anonymous_available(void){
897		- if( !g.okHistory &&
	876	+ if( !g.perm.History &&
898	877	db_exists("SELECT 1 FROM user"
899	878	" WHERE login='anonymous'"
900	879	" AND cap LIKE '%%h%%'") ){
901	880	const char *zUrl = PD("REQUEST_URI", "index");
902	881	@ <p>Many <span class="disabled">hyperlinks are disabled.</span><br />
903	882

	--- src/login.c
	+++ src/login.c
	@@ -226,11 +226,11 @@
226	/* To logout, change the cookie value to an empty string */
227	const char *zCookieName = login_cookie_name();
228	cgi_set_cookie(zCookieName, "", login_cookie_path(), -86400);
229	redirect_to_g();
230	}
231	if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
232	/* The user requests a password change */
233	zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
234	if( db_int(1, "SELECT 0 FROM user"
235	" WHERE uid=%d AND (pw=%Q OR pw=%Q)",
236	g.userUid, zPasswd, zSha1Pw) ){
	@@ -431,11 +431,11 @@
431	@ <p>To log off the system (and delete your login cookie)
432	@ press the following button:<br />
433	@ <input type="submit" name="out" value="Logout" /></p>
434	}
435	@ </form>
436	if( g.okPassword ){
437	@ <hr />
438	@ <p>To change your password, enter your old password and your
439	@ new password twice below then press the "Change Password"
440	@ button.</p>
441	@ <form action="login" method="post">
	@@ -541,11 +541,11 @@
541
542	/*
543	** This routine examines the login cookie to see if it exists and
544	** and is valid. If the login cookie checks out, it then sets
545	** global variables appropriately. Global variables set include
546	** g.userUid and g.zLogin and of the g.okRead family of permission
547	** booleans.
548	**
549	*/
550	void login_check_credentials(void){
551	int uid = 0; /* User id */
	@@ -725,40 +725,40 @@
725	*/
726	void login_set_capabilities(const char *zCap, unsigned flags){
727	int i;
728	for(i=0; zCap[i]; i++){
729	switch( zCap[i] ){
730	case 's': g.okSetup = 1; /* Fall thru into Admin */
731	case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip =
732	g.okRdWiki = g.okWrWiki = g.okNewWiki =
733	g.okApndWiki = g.okHistory = g.okClone =
734	g.okNewTkt = g.okPassword = g.okRdAddr =
735	g.okTktFmt = g.okAttach = g.okApndTkt = 1;
736	/* Fall thru into Read/Write */
737	case 'i': g.okRead = g.okWrite = 1; break;
738	case 'o': g.okRead = 1; break;
739	case 'z': g.okZip = 1; break;
740
741	case 'd': g.okDelete = 1; break;
742	case 'h': g.okHistory = 1; break;
743	case 'g': g.okClone = 1; break;
744	case 'p': g.okPassword = 1; break;
745
746	case 'j': g.okRdWiki = 1; break;
747	case 'k': g.okWrWiki = g.okRdWiki = g.okApndWiki =1; break;
748	case 'm': g.okApndWiki = 1; break;
749	case 'f': g.okNewWiki = 1; break;
750
751	case 'e': g.okRdAddr = 1; break;
752	case 'r': g.okRdTkt = 1; break;
753	case 'n': g.okNewTkt = 1; break;
754	case 'w': g.okWrTkt = g.okRdTkt = g.okNewTkt =
755	g.okApndTkt = 1; break;
756	case 'c': g.okApndTkt = 1; break;
757	case 't': g.okTktFmt = 1; break;
758	case 'b': g.okAttach = 1; break;
759	case 'x': g.okPrivate = 1; break;
760
761	/* The "u" privileges is a little different. It recursively
762	** inherits all privileges of the user named "reader" */
763	case 'u': {
764	if( (flags & LOGIN_IGNORE_U)==0 ){
	@@ -792,36 +792,36 @@
792	int i;
793	int rc = 1;
794	if( nCap<0 ) nCap = strlen(zCap);
795	for(i=0; i<nCap && rc && zCap[i]; i++){
796	switch( zCap[i] ){
797	case 'a': rc = g.okAdmin; break;
798	case 'b': rc = g.okAttach; break;
799	case 'c': rc = g.okApndTkt; break;
800	case 'd': rc = g.okDelete; break;
801	case 'e': rc = g.okRdAddr; break;
802	case 'f': rc = g.okNewWiki; break;
803	case 'g': rc = g.okClone; break;
804	case 'h': rc = g.okHistory; break;
805	case 'i': rc = g.okWrite; break;
806	case 'j': rc = g.okRdWiki; break;
807	case 'k': rc = g.okWrWiki; break;
808	/* case 'l': */
809	case 'm': rc = g.okApndWiki; break;
810	case 'n': rc = g.okNewTkt; break;
811	case 'o': rc = g.okRead; break;
812	case 'p': rc = g.okPassword; break;
813	/* case 'q': */
814	case 'r': rc = g.okRdTkt; break;
815	case 's': rc = g.okSetup; break;
816	case 't': rc = g.okTktFmt; break;
817	/* case 'u': READER */
818	/* case 'v': DEVELOPER */
819	case 'w': rc = g.okWrTkt; break;
820	case 'x': rc = g.okPrivate; break;
821	/* case 'y': */
822	case 'z': rc = g.okZip; break;
823	default: rc = 0; break;
824	}
825	}
826	return rc;
827	}
	@@ -831,32 +831,11 @@
831	*/
832	void login_as_user(const char *zUser){
833	char zCap = ""; / New capabilities */
834
835	/* Turn off all capabilities from prior logins */
836	g.okSetup = 0;
837	g.okAdmin = 0;
838	g.okDelete = 0;
839	g.okPassword = 0;
840	g.okQuery = 0;
841	g.okWrite = 0;
842	g.okRead = 0;
843	g.okHistory = 0;
844	g.okClone = 0;
845	g.okRdWiki = 0;
846	g.okNewWiki = 0;
847	g.okApndWiki = 0;
848	g.okWrWiki = 0;
849	g.okRdTkt = 0;
850	g.okNewTkt = 0;
851	g.okApndTkt = 0;
852	g.okWrTkt = 0;
853	g.okAttach = 0;
854	g.okTktFmt = 0;
855	g.okRdAddr = 0;
856	g.okZip = 0;
857	g.okPrivate = 0;
858
859	/* Set the global variables recording the userid and login. The
860	** "nobody" user is a special case in that g.zLogin==0.
861	*/
862	g.userUid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUser);
	@@ -892,11 +871,11 @@
892	** the anonymous user has okHistory permission, then paint a mesage
893	** to inform the user that much more information is available by
894	** logging in as anonymous.
895	*/
896	void login_anonymous_available(void){
897	if( !g.okHistory &&
898	db_exists("SELECT 1 FROM user"
899	" WHERE login='anonymous'"
900	" AND cap LIKE '%%h%%'") ){
901	const char *zUrl = PD("REQUEST_URI", "index");
902	@ <p>Many <span class="disabled">hyperlinks are disabled.</span><br />
903

	--- src/login.c
	+++ src/login.c
	@@ -226,11 +226,11 @@
226	/* To logout, change the cookie value to an empty string */
227	const char *zCookieName = login_cookie_name();
228	cgi_set_cookie(zCookieName, "", login_cookie_path(), -86400);
229	redirect_to_g();
230	}
231	if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
232	/* The user requests a password change */
233	zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
234	if( db_int(1, "SELECT 0 FROM user"
235	" WHERE uid=%d AND (pw=%Q OR pw=%Q)",
236	g.userUid, zPasswd, zSha1Pw) ){
	@@ -431,11 +431,11 @@
431	@ <p>To log off the system (and delete your login cookie)
432	@ press the following button:<br />
433	@ <input type="submit" name="out" value="Logout" /></p>
434	}
435	@ </form>
436	if( g.perm.Password ){
437	@ <hr />
438	@ <p>To change your password, enter your old password and your
439	@ new password twice below then press the "Change Password"
440	@ button.</p>
441	@ <form action="login" method="post">
	@@ -541,11 +541,11 @@
541
542	/*
543	** This routine examines the login cookie to see if it exists and
544	** and is valid. If the login cookie checks out, it then sets
545	** global variables appropriately. Global variables set include
546	** g.userUid and g.zLogin and of the g.perm.Read family of permission
547	** booleans.
548	**
549	*/
550	void login_check_credentials(void){
551	int uid = 0; /* User id */
	@@ -725,40 +725,40 @@
725	*/
726	void login_set_capabilities(const char *zCap, unsigned flags){
727	int i;
728	for(i=0; zCap[i]; i++){
729	switch( zCap[i] ){
730	case 's': g.perm.Setup = 1; /* Fall thru into Admin */
731	case 'a': g.perm.Admin = g.perm.RdTkt = g.perm.WrTkt = g.perm.Zip =
732	g.perm.RdWiki = g.perm.WrWiki = g.perm.NewWiki =
733	g.perm.ApndWiki = g.perm.History = g.perm.Clone =
734	g.perm.NewTkt = g.perm.Password = g.perm.RdAddr =
735	g.perm.TktFmt = g.perm.Attach = g.perm.ApndTkt = 1;
736	/* Fall thru into Read/Write */
737	case 'i': g.perm.Read = g.perm.Write = 1; break;
738	case 'o': g.perm.Read = 1; break;
739	case 'z': g.perm.Zip = 1; break;
740
741	case 'd': g.perm.Delete = 1; break;
742	case 'h': g.perm.History = 1; break;
743	case 'g': g.perm.Clone = 1; break;
744	case 'p': g.perm.Password = 1; break;
745
746	case 'j': g.perm.RdWiki = 1; break;
747	case 'k': g.perm.WrWiki = g.perm.RdWiki = g.perm.ApndWiki =1; break;
748	case 'm': g.perm.ApndWiki = 1; break;
749	case 'f': g.perm.NewWiki = 1; break;
750
751	case 'e': g.perm.RdAddr = 1; break;
752	case 'r': g.perm.RdTkt = 1; break;
753	case 'n': g.perm.NewTkt = 1; break;
754	case 'w': g.perm.WrTkt = g.perm.RdTkt = g.perm.NewTkt =
755	g.perm.ApndTkt = 1; break;
756	case 'c': g.perm.ApndTkt = 1; break;
757	case 't': g.perm.TktFmt = 1; break;
758	case 'b': g.perm.Attach = 1; break;
759	case 'x': g.perm.Private = 1; break;
760
761	/* The "u" privileges is a little different. It recursively
762	** inherits all privileges of the user named "reader" */
763	case 'u': {
764	if( (flags & LOGIN_IGNORE_U)==0 ){
	@@ -792,36 +792,36 @@
792	int i;
793	int rc = 1;
794	if( nCap<0 ) nCap = strlen(zCap);
795	for(i=0; i<nCap && rc && zCap[i]; i++){
796	switch( zCap[i] ){
797	case 'a': rc = g.perm.Admin; break;
798	case 'b': rc = g.perm.Attach; break;
799	case 'c': rc = g.perm.ApndTkt; break;
800	case 'd': rc = g.perm.Delete; break;
801	case 'e': rc = g.perm.RdAddr; break;
802	case 'f': rc = g.perm.NewWiki; break;
803	case 'g': rc = g.perm.Clone; break;
804	case 'h': rc = g.perm.History; break;
805	case 'i': rc = g.perm.Write; break;
806	case 'j': rc = g.perm.RdWiki; break;
807	case 'k': rc = g.perm.WrWiki; break;
808	/* case 'l': */
809	case 'm': rc = g.perm.ApndWiki; break;
810	case 'n': rc = g.perm.NewTkt; break;
811	case 'o': rc = g.perm.Read; break;
812	case 'p': rc = g.perm.Password; break;
813	/* case 'q': */
814	case 'r': rc = g.perm.RdTkt; break;
815	case 's': rc = g.perm.Setup; break;
816	case 't': rc = g.perm.TktFmt; break;
817	/* case 'u': READER */
818	/* case 'v': DEVELOPER */
819	case 'w': rc = g.perm.WrTkt; break;
820	case 'x': rc = g.perm.Private; break;
821	/* case 'y': */
822	case 'z': rc = g.perm.Zip; break;
823	default: rc = 0; break;
824	}
825	}
826	return rc;
827	}
	@@ -831,32 +831,11 @@
831	*/
832	void login_as_user(const char *zUser){
833	char zCap = ""; / New capabilities */
834
835	/* Turn off all capabilities from prior logins */
836	memset( &g.perm, 0, sizeof(g.perm) );





















837
838	/* Set the global variables recording the userid and login. The
839	** "nobody" user is a special case in that g.zLogin==0.
840	*/
841	g.userUid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUser);
	@@ -892,11 +871,11 @@
871	** the anonymous user has okHistory permission, then paint a mesage
872	** to inform the user that much more information is available by
873	** logging in as anonymous.
874	*/
875	void login_anonymous_available(void){
876	if( !g.perm.History &&
877	db_exists("SELECT 1 FROM user"
878	" WHERE login='anonymous'"
879	" AND cap LIKE '%%h%%'") ){
880	const char *zUrl = PD("REQUEST_URI", "index");
881	@ <p>Many <span class="disabled">hyperlinks are disabled.</span><br />
882

M src/main.c

+30 -23

		--- src/main.c
		+++ src/main.c
		@@ -42,10 +42,38 @@
42	42	/*
43	43	** Maximum number of auxiliary parameters on reports
44	44	*/
45	45	#define MX_AUX 5
46	46
	47	+/*
	48	+** Holds flags for fossil user permissions.
	49	+*/
	50	+struct FossilUserPerms {
	51	+ char Setup; /* s: use Setup screens on web interface */
	52	+ char Admin; /* a: administrative permission */
	53	+ char Delete; /* d: delete wiki or tickets */
	54	+ char Password; /* p: change password */
	55	+ char Query; /* q: create new reports */
	56	+ char Write; /* i: xfer inbound. checkin */
	57	+ char Read; /* o: xfer outbound. checkout */
	58	+ char History; /* h: access historical information. */
	59	+ char Clone; /* g: clone */
	60	+ char RdWiki; /* j: view wiki via web */
	61	+ char NewWiki; /* f: create new wiki via web */
	62	+ char ApndWiki; /* m: append to wiki via web */
	63	+ char WrWiki; /* k: edit wiki via web */
	64	+ char RdTkt; /* r: view tickets via web */
	65	+ char NewTkt; /* n: create new tickets */
	66	+ char ApndTkt; /* c: append to tickets via the web */
	67	+ char WrTkt; /* w: make changes to tickets via web */
	68	+ char Attach; /* b: add attachments */
	69	+ char TktFmt; /* t: create new ticket report formats */
	70	+ char RdAddr; /* e: read email addresses or other private data */
	71	+ char Zip; /* z: download zipped artifact via /zip URL */
	72	+ char Private; /* x: can send and receive private content */
	73	+};
	74	+
47	75	/*
48	76	** All global variables are in this structure.
49	77	*/
50	78	struct Global {
51	79	int argc; char *argv; / Command-line arguments to the program */
		@@ -116,32 +144,11 @@
116	144	int rcvid; /* The rcvid. 0 if not yet defined. */
117	145	char zIpAddr; / The remote IP address */
118	146	char zNonce; / The nonce used for login */
119	147
120	148	/* permissions used by the server */
121		- int okSetup; /* s: use Setup screens on web interface */
122		- int okAdmin; /* a: administrative permission */
123		- int okDelete; /* d: delete wiki or tickets */
124		- int okPassword; /* p: change password */
125		- int okQuery; /* q: create new reports */
126		- int okWrite; /* i: xfer inbound. checkin */
127		- int okRead; /* o: xfer outbound. checkout */
128		- int okHistory; /* h: access historical information. */
129		- int okClone; /* g: clone */
130		- int okRdWiki; /* j: view wiki via web */
131		- int okNewWiki; /* f: create new wiki via web */
132		- int okApndWiki; /* m: append to wiki via web */
133		- int okWrWiki; /* k: edit wiki via web */
134		- int okRdTkt; /* r: view tickets via web */
135		- int okNewTkt; /* n: create new tickets */
136		- int okApndTkt; /* c: append to tickets via the web */
137		- int okWrTkt; /* w: make changes to tickets via web */
138		- int okAttach; /* b: add attachments */
139		- int okTktFmt; /* t: create new ticket report formats */
140		- int okRdAddr; /* e: read email addresses or other private data */
141		- int okZip; /* z: download zipped artifact via /zip URL */
142		- int okPrivate; /* x: can send and receive private content */
	149	+ struct FossilUserPerms perm;
143	150
144	151	/* For defense against Cross-site Request Forgery attacks */
145	152	char zCsrfToken[12]; /* Value of the anti-CSRF token */
146	153	int okCsrf; /* Anti-CSRF token is present and valid */
147	154
		@@ -1008,11 +1015,11 @@
1008	1015	file_simplify_name(zAltRepo, -1);
1009	1016	}
1010	1017	db_close(1);
1011	1018	db_open_repository(zAltRepo);
1012	1019	login_as_user(zUser);
1013		- g.okPassword = 0;
	1020	+ g.perm.Password = 0;
1014	1021	zPath += i;
1015	1022	nHost = g.zTop - g.zBaseURL;
1016	1023	g.zBaseURL = mprintf("%z/%s", g.zBaseURL, g.zPath);
1017	1024	g.zTop = g.zBaseURL + nHost;
1018	1025	continue;
1019	1026

	--- src/main.c
	+++ src/main.c
	@@ -42,10 +42,38 @@
42	/*
43	** Maximum number of auxiliary parameters on reports
44	*/
45	#define MX_AUX 5
46




























47	/*
48	** All global variables are in this structure.
49	*/
50	struct Global {
51	int argc; char *argv; / Command-line arguments to the program */
	@@ -116,32 +144,11 @@
116	int rcvid; /* The rcvid. 0 if not yet defined. */
117	char zIpAddr; / The remote IP address */
118	char zNonce; / The nonce used for login */
119
120	/* permissions used by the server */
121	int okSetup; /* s: use Setup screens on web interface */
122	int okAdmin; /* a: administrative permission */
123	int okDelete; /* d: delete wiki or tickets */
124	int okPassword; /* p: change password */
125	int okQuery; /* q: create new reports */
126	int okWrite; /* i: xfer inbound. checkin */
127	int okRead; /* o: xfer outbound. checkout */
128	int okHistory; /* h: access historical information. */
129	int okClone; /* g: clone */
130	int okRdWiki; /* j: view wiki via web */
131	int okNewWiki; /* f: create new wiki via web */
132	int okApndWiki; /* m: append to wiki via web */
133	int okWrWiki; /* k: edit wiki via web */
134	int okRdTkt; /* r: view tickets via web */
135	int okNewTkt; /* n: create new tickets */
136	int okApndTkt; /* c: append to tickets via the web */
137	int okWrTkt; /* w: make changes to tickets via web */
138	int okAttach; /* b: add attachments */
139	int okTktFmt; /* t: create new ticket report formats */
140	int okRdAddr; /* e: read email addresses or other private data */
141	int okZip; /* z: download zipped artifact via /zip URL */
142	int okPrivate; /* x: can send and receive private content */
143
144	/* For defense against Cross-site Request Forgery attacks */
145	char zCsrfToken[12]; /* Value of the anti-CSRF token */
146	int okCsrf; /* Anti-CSRF token is present and valid */
147
	@@ -1008,11 +1015,11 @@
1008	file_simplify_name(zAltRepo, -1);
1009	}
1010	db_close(1);
1011	db_open_repository(zAltRepo);
1012	login_as_user(zUser);
1013	g.okPassword = 0;
1014	zPath += i;
1015	nHost = g.zTop - g.zBaseURL;
1016	g.zBaseURL = mprintf("%z/%s", g.zBaseURL, g.zPath);
1017	g.zTop = g.zBaseURL + nHost;
1018	continue;
1019

	--- src/main.c
	+++ src/main.c
	@@ -42,10 +42,38 @@
42	/*
43	** Maximum number of auxiliary parameters on reports
44	*/
45	#define MX_AUX 5
46
47	/*
48	** Holds flags for fossil user permissions.
49	*/
50	struct FossilUserPerms {
51	char Setup; /* s: use Setup screens on web interface */
52	char Admin; /* a: administrative permission */
53	char Delete; /* d: delete wiki or tickets */
54	char Password; /* p: change password */
55	char Query; /* q: create new reports */
56	char Write; /* i: xfer inbound. checkin */
57	char Read; /* o: xfer outbound. checkout */
58	char History; /* h: access historical information. */
59	char Clone; /* g: clone */
60	char RdWiki; /* j: view wiki via web */
61	char NewWiki; /* f: create new wiki via web */
62	char ApndWiki; /* m: append to wiki via web */
63	char WrWiki; /* k: edit wiki via web */
64	char RdTkt; /* r: view tickets via web */
65	char NewTkt; /* n: create new tickets */
66	char ApndTkt; /* c: append to tickets via the web */
67	char WrTkt; /* w: make changes to tickets via web */
68	char Attach; /* b: add attachments */
69	char TktFmt; /* t: create new ticket report formats */
70	char RdAddr; /* e: read email addresses or other private data */
71	char Zip; /* z: download zipped artifact via /zip URL */
72	char Private; /* x: can send and receive private content */
73	};
74
75	/*
76	** All global variables are in this structure.
77	*/
78	struct Global {
79	int argc; char *argv; / Command-line arguments to the program */
	@@ -116,32 +144,11 @@
144	int rcvid; /* The rcvid. 0 if not yet defined. */
145	char zIpAddr; / The remote IP address */
146	char zNonce; / The nonce used for login */
147
148	/* permissions used by the server */
149	struct FossilUserPerms perm;





















150
151	/* For defense against Cross-site Request Forgery attacks */
152	char zCsrfToken[12]; /* Value of the anti-CSRF token */
153	int okCsrf; /* Anti-CSRF token is present and valid */
154
	@@ -1008,11 +1015,11 @@
1015	file_simplify_name(zAltRepo, -1);
1016	}
1017	db_close(1);
1018	db_open_repository(zAltRepo);
1019	login_as_user(zUser);
1020	g.perm.Password = 0;
1021	zPath += i;
1022	nHost = g.zTop - g.zBaseURL;
1023	g.zBaseURL = mprintf("%z/%s", g.zBaseURL, g.zPath);
1024	g.zTop = g.zBaseURL + nHost;
1025	continue;
1026

M src/report.c

+23 -23

		--- src/report.c
		+++ src/report.c
		@@ -34,11 +34,11 @@
34	34	Stmt q;
35	35	int rn = 0;
36	36	int cnt = 0;
37	37
38	38	login_check_credentials();
39		- if( !g.okRdTkt && !g.okNewTkt ){ login_needed(); return; }
	39	+ if( !g.perm.RdTkt && !g.perm.NewTkt ){ login_needed(); return; }
40	40	style_header("Ticket Main Menu");
41	41	if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST<br />\n", -1);
42	42	zScript = ticket_reportlist_code();
43	43	if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST_SCRIPT<br />\n", -1);
44	44
		@@ -47,11 +47,11 @@
47	47
48	48	db_prepare(&q, "SELECT rn, title, owner FROM reportfmt ORDER BY title");
49	49	while( db_step(&q)==SQLITE_ROW ){
50	50	const char *zTitle = db_column_text(&q, 1);
51	51	const char *zOwner = db_column_text(&q, 2);
52		- if( zTitle[0] =='_' && !g.okTktFmt ){
	52	+ if( zTitle[0] =='_' && !g.perm.TktFmt ){
53	53	continue;
54	54	}
55	55	rn = db_column_int(&q, 0);
56	56	cnt++;
57	57	blob_appendf(&ril, "<li>");
		@@ -59,22 +59,22 @@
59	59	blob_appendf(&ril, "%s", zTitle);
60	60	} else {
61	61	blob_appendf(&ril, "<a href=\"rptview?rn=%d\" rel=\"nofollow\">%h</a>", rn, zTitle);
62	62	}
63	63	blob_appendf(&ril, "   ");
64		- if( g.okWrite && zOwner && zOwner[0] ){
	64	+ if( g.perm.Write && zOwner && zOwner[0] ){
65	65	blob_appendf(&ril, "(by <i>%h</i></i>) ", zOwner);
66	66	}
67		- if( g.okTktFmt ){
	67	+ if( g.perm.TktFmt ){
68	68	blob_appendf(&ril, "[<a href=\"rptedit?rn=%d&copy=1\" rel=\"nofollow\">copy</a>] ", rn);
69	69	}
70		- if( g.okAdmin
71		- \|\| (g.okWrTkt && zOwner && fossil_strcmp(g.zLogin,zOwner)==0)
	70	+ if( g.perm.Admin
	71	+ \|\| (g.perm.WrTkt && zOwner && fossil_strcmp(g.zLogin,zOwner)==0)
72	72	){
73	73	blob_appendf(&ril, "[<a href=\"rptedit?rn=%d\" rel=\"nofollow\">edit</a>] ", rn);
74	74	}
75		- if( g.okTktFmt ){
	75	+ if( g.perm.TktFmt ){
76	76	blob_appendf(&ril, "[<a href=\"rptsql?rn=%d\" rel=\"nofollow\">sql</a>] ", rn);
77	77	}
78	78	blob_appendf(&ril, "</li>\n");
79	79	}
80	80
		@@ -184,11 +184,11 @@
184	184	if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
185	185	}
186	186	if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
187	187	(char*)pError = mprintf("access to table \"%s\" is restricted",zArg1);
188	188	rc = SQLITE_DENY;
189		- }else if( !g.okRdAddr && strncmp(zArg2, "private_", 8)==0 ){
	189	+ }else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
190	190	rc = SQLITE_IGNORE;
191	191	}
192	192	break;
193	193	}
194	194	default: {
		@@ -275,11 +275,11 @@
275	275	const char *zOwner;
276	276	const char *zClrKey;
277	277	Stmt q;
278	278
279	279	login_check_credentials();
280		- if( !g.okTktFmt ){
	280	+ if( !g.perm.TktFmt ){
281	281	login_needed();
282	282	return;
283	283	}
284	284	rn = atoi(PD("rn","0"));
285	285	db_prepare(&q, "SELECT title, sqlcode, owner, cols "
		@@ -323,11 +323,11 @@
323	323	const char *zClrKey;
324	324	char *zSQL;
325	325	char *zErr = 0;
326	326
327	327	login_check_credentials();
328		- if( !g.okTktFmt ){
	328	+ if( !g.perm.TktFmt ){
329	329	login_needed();
330	330	return;
331	331	}
332	332	/view_add_functions(0);/
333	333	rn = atoi(PD("rn","0"));
		@@ -430,11 +430,11 @@
430	430	@ <input type="text" name="t" value="%h(zTitle)" size="60" /></p>
431	431	@ <p>Enter a complete SQL query statement against the "TICKET" table:<br />
432	432	@ <textarea name="s" rows="20" cols="80">%h(zSQL)</textarea>
433	433	@ </p>
434	434	login_insert_csrf_secret();
435		- if( g.okAdmin ){
	435	+ if( g.perm.Admin ){
436	436	@ <p>Report owner:
437	437	@ <input type="text" name="w" size="20" value="%h(zOwner)" />
438	438	@ </p>
439	439	} else {
440	440	@ <input type="hidden" name="w" value="%h(zOwner)" />
		@@ -443,11 +443,11 @@
443	443	@ color key is displayed.) Each line contains the text for a single
444	444	@ entry in the key. The first token of each line is the background
445	445	@ color for that line.<br />
446	446	@ <textarea name="k" rows="8" cols="50">%h(zClrKey)</textarea>
447	447	@ </p>
448		- if( !g.okAdmin && fossil_strcmp(zOwner,g.zLogin)!=0 ){
	448	+ if( !g.perm.Admin && fossil_strcmp(zOwner,g.zLogin)!=0 ){
449	449	@ <p>This report format is owned by %h(zOwner). You are not allowed
450	450	@ to change it.</p>
451	451	@ </form>
452	452	report_format_hints();
453	453	style_footer();
		@@ -659,11 +659,11 @@
659	659	for(i=0; i<nArg; i++){
660	660	if( azName[i][0]=='b' && fossil_strcmp(azName[i],"bgcolor")==0 ){
661	661	pState->iBg = i;
662	662	continue;
663	663	}
664		- if( g.okWrite && azName[i][0]=='#' ){
	664	+ if( g.perm.Write && azName[i][0]=='#' ){
665	665	pState->nCol++;
666	666	}
667	667	if( !pState->isMultirow ){
668	668	if( azName[i][0]=='_' ){
669	669	pState->isMultirow = 1;
		@@ -680,11 +680,11 @@
680	680	zTid = 0;
681	681	for(i=0; i<nArg; i++){
682	682	char *zName = azName[i];
683	683	if( i==pState->iBg ) continue;
684	684	if( pState->iNewRow>=0 && i>=pState->iNewRow ){
685		- if( g.okWrite && zTid ){
	685	+ if( g.perm.Write && zTid ){
686	686	@ <th> </th>
687	687	zTid = 0;
688	688	}
689	689	if( zName[0]=='_' ) zName++;
690	690	@ </tr><tr><th colspan=%d(pState->nCol)>%h(zName)</th>
		@@ -693,11 +693,11 @@
693	693	zTid = zName;
694	694	}
695	695	@ <th>%h(zName)</th>
696	696	}
697	697	}
698		- if( g.okWrite && zTid ){
	698	+ if( g.perm.Write && zTid ){
699	699	@ <th> </th>
700	700	}
701	701	@ </tr>
702	702	}
703	703	if( azArg==0 ){
		@@ -726,11 +726,11 @@
726	726	char *zData;
727	727	if( i==pState->iBg ) continue;
728	728	zData = azArg[i];
729	729	if( zData==0 ) zData = "";
730	730	if( pState->iNewRow>=0 && i>=pState->iNewRow ){
731		- if( zTid && g.okWrite ){
	731	+ if( zTid && g.perm.Write ){
732	732	@ <td valign="top"><a href="tktedit/%h(zTid)">edit</a></td>
733	733	zTid = 0;
734	734	}
735	735	if( zData[0] ){
736	736	Blob content;
		@@ -739,11 +739,11 @@
739	739	wiki_convert(&content, 0, 0);
740	740	blob_reset(&content);
741	741	}
742	742	}else if( azName[i][0]=='#' ){
743	743	zTid = zData;
744		- if( g.okHistory ){
	744	+ if( g.perm.History ){
745	745	@ <td valign="top"><a href="tktview?name=%h(zData)">%h(zData)</a></td>
746	746	}else{
747	747	@ <td valign="top">%h(zData)</td>
748	748	}
749	749	}else if( zData[0]==0 ){
		@@ -752,11 +752,11 @@
752	752	@ <td valign="top">
753	753	@ %h(zData)
754	754	@ </td>
755	755	}
756	756	}
757		- if( zTid && g.okWrite ){
	757	+ if( zTid && g.perm.Write ){
758	758	@ <td valign="top"><a href="tktedit/%h(zTid)">edit</a></td>
759	759	}
760	760	@ </tr>
761	761	return 0;
762	762	}
		@@ -915,11 +915,11 @@
915	915	Stmt q;
916	916	char *zErr1 = 0;
917	917	char *zErr2 = 0;
918	918
919	919	login_check_credentials();
920		- if( !g.okRdTkt ){ login_needed(); return; }
	920	+ if( !g.perm.RdTkt ){ login_needed(); return; }
921	921	rn = atoi(PD("rn","0"));
922	922	if( rn==0 ){
923	923	cgi_redirect("reportlist");
924	924	return;
925	925	}
		@@ -957,18 +957,18 @@
957	957	struct GenerateHTML sState;
958	958
959	959	db_multi_exec("PRAGMA empty_result_callbacks=ON");
960	960	style_submenu_element("Raw", "Raw",
961	961	"rptview?tablist=1&%h", PD("QUERY_STRING",""));
962		- if( g.okAdmin
963		- \|\| (g.okTktFmt && g.zLogin && fossil_strcmp(g.zLogin,zOwner)==0) ){
	962	+ if( g.perm.Admin
	963	+ \|\| (g.perm.TktFmt && g.zLogin && fossil_strcmp(g.zLogin,zOwner)==0) ){
964	964	style_submenu_element("Edit", "Edit", "rptedit?rn=%d", rn);
965	965	}
966		- if( g.okTktFmt ){
	966	+ if( g.perm.TktFmt ){
967	967	style_submenu_element("SQL", "SQL", "rptsql?rn=%d",rn);
968	968	}
969		- if( g.okNewTkt ){
	969	+ if( g.perm.NewTkt ){
970	970	style_submenu_element("New Ticket", "Create a new ticket",
971	971	"%s/tktnew", g.zTop);
972	972	}
973	973	style_header(zTitle);
974	974	output_color_key(zClrKey, 1,
975	975

	--- src/report.c
	+++ src/report.c
	@@ -34,11 +34,11 @@
34	Stmt q;
35	int rn = 0;
36	int cnt = 0;
37
38	login_check_credentials();
39	if( !g.okRdTkt && !g.okNewTkt ){ login_needed(); return; }
40	style_header("Ticket Main Menu");
41	if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST<br />\n", -1);
42	zScript = ticket_reportlist_code();
43	if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST_SCRIPT<br />\n", -1);
44
	@@ -47,11 +47,11 @@
47
48	db_prepare(&q, "SELECT rn, title, owner FROM reportfmt ORDER BY title");
49	while( db_step(&q)==SQLITE_ROW ){
50	const char *zTitle = db_column_text(&q, 1);
51	const char *zOwner = db_column_text(&q, 2);
52	if( zTitle[0] =='_' && !g.okTktFmt ){
53	continue;
54	}
55	rn = db_column_int(&q, 0);
56	cnt++;
57	blob_appendf(&ril, "<li>");
	@@ -59,22 +59,22 @@
59	blob_appendf(&ril, "%s", zTitle);
60	} else {
61	blob_appendf(&ril, "<a href=\"rptview?rn=%d\" rel=\"nofollow\">%h</a>", rn, zTitle);
62	}
63	blob_appendf(&ril, "   ");
64	if( g.okWrite && zOwner && zOwner[0] ){
65	blob_appendf(&ril, "(by <i>%h</i></i>) ", zOwner);
66	}
67	if( g.okTktFmt ){
68	blob_appendf(&ril, "[<a href=\"rptedit?rn=%d&copy=1\" rel=\"nofollow\">copy</a>] ", rn);
69	}
70	if( g.okAdmin
71	\|\| (g.okWrTkt && zOwner && fossil_strcmp(g.zLogin,zOwner)==0)
72	){
73	blob_appendf(&ril, "[<a href=\"rptedit?rn=%d\" rel=\"nofollow\">edit</a>] ", rn);
74	}
75	if( g.okTktFmt ){
76	blob_appendf(&ril, "[<a href=\"rptsql?rn=%d\" rel=\"nofollow\">sql</a>] ", rn);
77	}
78	blob_appendf(&ril, "</li>\n");
79	}
80
	@@ -184,11 +184,11 @@
184	if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
185	}
186	if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
187	(char*)pError = mprintf("access to table \"%s\" is restricted",zArg1);
188	rc = SQLITE_DENY;
189	}else if( !g.okRdAddr && strncmp(zArg2, "private_", 8)==0 ){
190	rc = SQLITE_IGNORE;
191	}
192	break;
193	}
194	default: {
	@@ -275,11 +275,11 @@
275	const char *zOwner;
276	const char *zClrKey;
277	Stmt q;
278
279	login_check_credentials();
280	if( !g.okTktFmt ){
281	login_needed();
282	return;
283	}
284	rn = atoi(PD("rn","0"));
285	db_prepare(&q, "SELECT title, sqlcode, owner, cols "
	@@ -323,11 +323,11 @@
323	const char *zClrKey;
324	char *zSQL;
325	char *zErr = 0;
326
327	login_check_credentials();
328	if( !g.okTktFmt ){
329	login_needed();
330	return;
331	}
332	/view_add_functions(0);/
333	rn = atoi(PD("rn","0"));
	@@ -430,11 +430,11 @@
430	@ <input type="text" name="t" value="%h(zTitle)" size="60" /></p>
431	@ <p>Enter a complete SQL query statement against the "TICKET" table:<br />
432	@ <textarea name="s" rows="20" cols="80">%h(zSQL)</textarea>
433	@ </p>
434	login_insert_csrf_secret();
435	if( g.okAdmin ){
436	@ <p>Report owner:
437	@ <input type="text" name="w" size="20" value="%h(zOwner)" />
438	@ </p>
439	} else {
440	@ <input type="hidden" name="w" value="%h(zOwner)" />
	@@ -443,11 +443,11 @@
443	@ color key is displayed.) Each line contains the text for a single
444	@ entry in the key. The first token of each line is the background
445	@ color for that line.<br />
446	@ <textarea name="k" rows="8" cols="50">%h(zClrKey)</textarea>
447	@ </p>
448	if( !g.okAdmin && fossil_strcmp(zOwner,g.zLogin)!=0 ){
449	@ <p>This report format is owned by %h(zOwner). You are not allowed
450	@ to change it.</p>
451	@ </form>
452	report_format_hints();
453	style_footer();
	@@ -659,11 +659,11 @@
659	for(i=0; i<nArg; i++){
660	if( azName[i][0]=='b' && fossil_strcmp(azName[i],"bgcolor")==0 ){
661	pState->iBg = i;
662	continue;
663	}
664	if( g.okWrite && azName[i][0]=='#' ){
665	pState->nCol++;
666	}
667	if( !pState->isMultirow ){
668	if( azName[i][0]=='_' ){
669	pState->isMultirow = 1;
	@@ -680,11 +680,11 @@
680	zTid = 0;
681	for(i=0; i<nArg; i++){
682	char *zName = azName[i];
683	if( i==pState->iBg ) continue;
684	if( pState->iNewRow>=0 && i>=pState->iNewRow ){
685	if( g.okWrite && zTid ){
686	@ <th> </th>
687	zTid = 0;
688	}
689	if( zName[0]=='_' ) zName++;
690	@ </tr><tr><th colspan=%d(pState->nCol)>%h(zName)</th>
	@@ -693,11 +693,11 @@
693	zTid = zName;
694	}
695	@ <th>%h(zName)</th>
696	}
697	}
698	if( g.okWrite && zTid ){
699	@ <th> </th>
700	}
701	@ </tr>
702	}
703	if( azArg==0 ){
	@@ -726,11 +726,11 @@
726	char *zData;
727	if( i==pState->iBg ) continue;
728	zData = azArg[i];
729	if( zData==0 ) zData = "";
730	if( pState->iNewRow>=0 && i>=pState->iNewRow ){
731	if( zTid && g.okWrite ){
732	@ <td valign="top"><a href="tktedit/%h(zTid)">edit</a></td>
733	zTid = 0;
734	}
735	if( zData[0] ){
736	Blob content;
	@@ -739,11 +739,11 @@
739	wiki_convert(&content, 0, 0);
740	blob_reset(&content);
741	}
742	}else if( azName[i][0]=='#' ){
743	zTid = zData;
744	if( g.okHistory ){
745	@ <td valign="top"><a href="tktview?name=%h(zData)">%h(zData)</a></td>
746	}else{
747	@ <td valign="top">%h(zData)</td>
748	}
749	}else if( zData[0]==0 ){
	@@ -752,11 +752,11 @@
752	@ <td valign="top">
753	@ %h(zData)
754	@ </td>
755	}
756	}
757	if( zTid && g.okWrite ){
758	@ <td valign="top"><a href="tktedit/%h(zTid)">edit</a></td>
759	}
760	@ </tr>
761	return 0;
762	}
	@@ -915,11 +915,11 @@
915	Stmt q;
916	char *zErr1 = 0;
917	char *zErr2 = 0;
918
919	login_check_credentials();
920	if( !g.okRdTkt ){ login_needed(); return; }
921	rn = atoi(PD("rn","0"));
922	if( rn==0 ){
923	cgi_redirect("reportlist");
924	return;
925	}
	@@ -957,18 +957,18 @@
957	struct GenerateHTML sState;
958
959	db_multi_exec("PRAGMA empty_result_callbacks=ON");
960	style_submenu_element("Raw", "Raw",
961	"rptview?tablist=1&%h", PD("QUERY_STRING",""));
962	if( g.okAdmin
963	\|\| (g.okTktFmt && g.zLogin && fossil_strcmp(g.zLogin,zOwner)==0) ){
964	style_submenu_element("Edit", "Edit", "rptedit?rn=%d", rn);
965	}
966	if( g.okTktFmt ){
967	style_submenu_element("SQL", "SQL", "rptsql?rn=%d",rn);
968	}
969	if( g.okNewTkt ){
970	style_submenu_element("New Ticket", "Create a new ticket",
971	"%s/tktnew", g.zTop);
972	}
973	style_header(zTitle);
974	output_color_key(zClrKey, 1,
975

	--- src/report.c
	+++ src/report.c
	@@ -34,11 +34,11 @@
34	Stmt q;
35	int rn = 0;
36	int cnt = 0;
37
38	login_check_credentials();
39	if( !g.perm.RdTkt && !g.perm.NewTkt ){ login_needed(); return; }
40	style_header("Ticket Main Menu");
41	if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST<br />\n", -1);
42	zScript = ticket_reportlist_code();
43	if( g.thTrace ) Th_Trace("BEGIN_REPORTLIST_SCRIPT<br />\n", -1);
44
	@@ -47,11 +47,11 @@
47
48	db_prepare(&q, "SELECT rn, title, owner FROM reportfmt ORDER BY title");
49	while( db_step(&q)==SQLITE_ROW ){
50	const char *zTitle = db_column_text(&q, 1);
51	const char *zOwner = db_column_text(&q, 2);
52	if( zTitle[0] =='_' && !g.perm.TktFmt ){
53	continue;
54	}
55	rn = db_column_int(&q, 0);
56	cnt++;
57	blob_appendf(&ril, "<li>");
	@@ -59,22 +59,22 @@
59	blob_appendf(&ril, "%s", zTitle);
60	} else {
61	blob_appendf(&ril, "<a href=\"rptview?rn=%d\" rel=\"nofollow\">%h</a>", rn, zTitle);
62	}
63	blob_appendf(&ril, "   ");
64	if( g.perm.Write && zOwner && zOwner[0] ){
65	blob_appendf(&ril, "(by <i>%h</i></i>) ", zOwner);
66	}
67	if( g.perm.TktFmt ){
68	blob_appendf(&ril, "[<a href=\"rptedit?rn=%d&copy=1\" rel=\"nofollow\">copy</a>] ", rn);
69	}
70	if( g.perm.Admin
71	\|\| (g.perm.WrTkt && zOwner && fossil_strcmp(g.zLogin,zOwner)==0)
72	){
73	blob_appendf(&ril, "[<a href=\"rptedit?rn=%d\" rel=\"nofollow\">edit</a>] ", rn);
74	}
75	if( g.perm.TktFmt ){
76	blob_appendf(&ril, "[<a href=\"rptsql?rn=%d\" rel=\"nofollow\">sql</a>] ", rn);
77	}
78	blob_appendf(&ril, "</li>\n");
79	}
80
	@@ -184,11 +184,11 @@
184	if( fossil_stricmp(zArg1, azAllowed[i])==0 ) break;
185	}
186	if( i>=sizeof(azAllowed)/sizeof(azAllowed[0]) ){
187	(char*)pError = mprintf("access to table \"%s\" is restricted",zArg1);
188	rc = SQLITE_DENY;
189	}else if( !g.perm.RdAddr && strncmp(zArg2, "private_", 8)==0 ){
190	rc = SQLITE_IGNORE;
191	}
192	break;
193	}
194	default: {
	@@ -275,11 +275,11 @@
275	const char *zOwner;
276	const char *zClrKey;
277	Stmt q;
278
279	login_check_credentials();
280	if( !g.perm.TktFmt ){
281	login_needed();
282	return;
283	}
284	rn = atoi(PD("rn","0"));
285	db_prepare(&q, "SELECT title, sqlcode, owner, cols "
	@@ -323,11 +323,11 @@
323	const char *zClrKey;
324	char *zSQL;
325	char *zErr = 0;
326
327	login_check_credentials();
328	if( !g.perm.TktFmt ){
329	login_needed();
330	return;
331	}
332	/view_add_functions(0);/
333	rn = atoi(PD("rn","0"));
	@@ -430,11 +430,11 @@
430	@ <input type="text" name="t" value="%h(zTitle)" size="60" /></p>
431	@ <p>Enter a complete SQL query statement against the "TICKET" table:<br />
432	@ <textarea name="s" rows="20" cols="80">%h(zSQL)</textarea>
433	@ </p>
434	login_insert_csrf_secret();
435	if( g.perm.Admin ){
436	@ <p>Report owner:
437	@ <input type="text" name="w" size="20" value="%h(zOwner)" />
438	@ </p>
439	} else {
440	@ <input type="hidden" name="w" value="%h(zOwner)" />
	@@ -443,11 +443,11 @@
443	@ color key is displayed.) Each line contains the text for a single
444	@ entry in the key. The first token of each line is the background
445	@ color for that line.<br />
446	@ <textarea name="k" rows="8" cols="50">%h(zClrKey)</textarea>
447	@ </p>
448	if( !g.perm.Admin && fossil_strcmp(zOwner,g.zLogin)!=0 ){
449	@ <p>This report format is owned by %h(zOwner). You are not allowed
450	@ to change it.</p>
451	@ </form>
452	report_format_hints();
453	style_footer();
	@@ -659,11 +659,11 @@
659	for(i=0; i<nArg; i++){
660	if( azName[i][0]=='b' && fossil_strcmp(azName[i],"bgcolor")==0 ){
661	pState->iBg = i;
662	continue;
663	}
664	if( g.perm.Write && azName[i][0]=='#' ){
665	pState->nCol++;
666	}
667	if( !pState->isMultirow ){
668	if( azName[i][0]=='_' ){
669	pState->isMultirow = 1;
	@@ -680,11 +680,11 @@
680	zTid = 0;
681	for(i=0; i<nArg; i++){
682	char *zName = azName[i];
683	if( i==pState->iBg ) continue;
684	if( pState->iNewRow>=0 && i>=pState->iNewRow ){
685	if( g.perm.Write && zTid ){
686	@ <th> </th>
687	zTid = 0;
688	}
689	if( zName[0]=='_' ) zName++;
690	@ </tr><tr><th colspan=%d(pState->nCol)>%h(zName)</th>
	@@ -693,11 +693,11 @@
693	zTid = zName;
694	}
695	@ <th>%h(zName)</th>
696	}
697	}
698	if( g.perm.Write && zTid ){
699	@ <th> </th>
700	}
701	@ </tr>
702	}
703	if( azArg==0 ){
	@@ -726,11 +726,11 @@
726	char *zData;
727	if( i==pState->iBg ) continue;
728	zData = azArg[i];
729	if( zData==0 ) zData = "";
730	if( pState->iNewRow>=0 && i>=pState->iNewRow ){
731	if( zTid && g.perm.Write ){
732	@ <td valign="top"><a href="tktedit/%h(zTid)">edit</a></td>
733	zTid = 0;
734	}
735	if( zData[0] ){
736	Blob content;
	@@ -739,11 +739,11 @@
739	wiki_convert(&content, 0, 0);
740	blob_reset(&content);
741	}
742	}else if( azName[i][0]=='#' ){
743	zTid = zData;
744	if( g.perm.History ){
745	@ <td valign="top"><a href="tktview?name=%h(zData)">%h(zData)</a></td>
746	}else{
747	@ <td valign="top">%h(zData)</td>
748	}
749	}else if( zData[0]==0 ){
	@@ -752,11 +752,11 @@
752	@ <td valign="top">
753	@ %h(zData)
754	@ </td>
755	}
756	}
757	if( zTid && g.perm.Write ){
758	@ <td valign="top"><a href="tktedit/%h(zTid)">edit</a></td>
759	}
760	@ </tr>
761	return 0;
762	}
	@@ -915,11 +915,11 @@
915	Stmt q;
916	char *zErr1 = 0;
917	char *zErr2 = 0;
918
919	login_check_credentials();
920	if( !g.perm.RdTkt ){ login_needed(); return; }
921	rn = atoi(PD("rn","0"));
922	if( rn==0 ){
923	cgi_redirect("reportlist");
924	return;
925	}
	@@ -957,18 +957,18 @@
957	struct GenerateHTML sState;
958
959	db_multi_exec("PRAGMA empty_result_callbacks=ON");
960	style_submenu_element("Raw", "Raw",
961	"rptview?tablist=1&%h", PD("QUERY_STRING",""));
962	if( g.perm.Admin
963	\|\| (g.perm.TktFmt && g.zLogin && fossil_strcmp(g.zLogin,zOwner)==0) ){
964	style_submenu_element("Edit", "Edit", "rptedit?rn=%d", rn);
965	}
966	if( g.perm.TktFmt ){
967	style_submenu_element("SQL", "SQL", "rptsql?rn=%d",rn);
968	}
969	if( g.perm.NewTkt ){
970	style_submenu_element("New Ticket", "Create a new ticket",
971	"%s/tktnew", g.zTop);
972	}
973	style_header(zTitle);
974	output_color_key(zClrKey, 1,
975

M src/rss.c

+11 -11

		--- src/rss.c
		+++ src/rss.c
		@@ -44,39 +44,39 @@
44	44	@ FROM event, blob
45	45	@ WHERE blob.rid=event.objid
46	46	;
47	47
48	48	login_check_credentials();
49		- if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){
	49	+ if( !g.perm.Read && !g.perm.RdTkt && !g.perm.RdWiki ){
50	50	return;
51	51	}
52	52
53	53	blob_zero(&bSQL);
54	54	blob_append( &bSQL, zSQL1, -1 );
55	55
56	56	if( zType[0]!='a' ){
57		- if( zType[0]=='c' && !g.okRead ) zType = "x";
58		- if( zType[0]=='w' && !g.okRdWiki ) zType = "x";
59		- if( zType[0]=='t' && !g.okRdTkt ) zType = "x";
	57	+ if( zType[0]=='c' && !g.perm.Read ) zType = "x";
	58	+ if( zType[0]=='w' && !g.perm.RdWiki ) zType = "x";
	59	+ if( zType[0]=='t' && !g.perm.RdTkt ) zType = "x";
60	60	blob_appendf(&bSQL, " AND event.type=%Q", zType);
61	61	}else{
62		- if( !g.okRead ){
63		- if( g.okRdTkt && g.okRdWiki ){
	62	+ if( !g.perm.Read ){
	63	+ if( g.perm.RdTkt && g.perm.RdWiki ){
64	64	blob_append(&bSQL, " AND event.type!='ci'", -1);
65		- }else if( g.okRdTkt ){
	65	+ }else if( g.perm.RdTkt ){
66	66	blob_append(&bSQL, " AND event.type=='t'", -1);
67	67	}else{
68	68	blob_append(&bSQL, " AND event.type=='w'", -1);
69	69	}
70		- }else if( !g.okRdWiki ){
71		- if( g.okRdTkt ){
	70	+ }else if( !g.perm.RdWiki ){
	71	+ if( g.perm.RdTkt ){
72	72	blob_append(&bSQL, " AND event.type!='w'", -1);
73	73	}else{
74	74	blob_append(&bSQL, " AND event.type=='ci'", -1);
75	75	}
76		- }else if( !g.okRdTkt ){
77		- assert( !g.okRdTkt &&& g.okRead && g.okRdWiki );
	76	+ }else if( !g.perm.RdTkt ){
	77	+ assert( !g.perm.RdTkt &&& g.perm.Read && g.perm.RdWiki );
78	78	blob_append(&bSQL, " AND event.type!='t'", -1);
79	79	}
80	80	}
81	81
82	82	blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 );
83	83

	--- src/rss.c
	+++ src/rss.c
	@@ -44,39 +44,39 @@
44	@ FROM event, blob
45	@ WHERE blob.rid=event.objid
46	;
47
48	login_check_credentials();
49	if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){
50	return;
51	}
52
53	blob_zero(&bSQL);
54	blob_append( &bSQL, zSQL1, -1 );
55
56	if( zType[0]!='a' ){
57	if( zType[0]=='c' && !g.okRead ) zType = "x";
58	if( zType[0]=='w' && !g.okRdWiki ) zType = "x";
59	if( zType[0]=='t' && !g.okRdTkt ) zType = "x";
60	blob_appendf(&bSQL, " AND event.type=%Q", zType);
61	}else{
62	if( !g.okRead ){
63	if( g.okRdTkt && g.okRdWiki ){
64	blob_append(&bSQL, " AND event.type!='ci'", -1);
65	}else if( g.okRdTkt ){
66	blob_append(&bSQL, " AND event.type=='t'", -1);
67	}else{
68	blob_append(&bSQL, " AND event.type=='w'", -1);
69	}
70	}else if( !g.okRdWiki ){
71	if( g.okRdTkt ){
72	blob_append(&bSQL, " AND event.type!='w'", -1);
73	}else{
74	blob_append(&bSQL, " AND event.type=='ci'", -1);
75	}
76	}else if( !g.okRdTkt ){
77	assert( !g.okRdTkt &&& g.okRead && g.okRdWiki );
78	blob_append(&bSQL, " AND event.type!='t'", -1);
79	}
80	}
81
82	blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 );
83

	--- src/rss.c
	+++ src/rss.c
	@@ -44,39 +44,39 @@
44	@ FROM event, blob
45	@ WHERE blob.rid=event.objid
46	;
47
48	login_check_credentials();
49	if( !g.perm.Read && !g.perm.RdTkt && !g.perm.RdWiki ){
50	return;
51	}
52
53	blob_zero(&bSQL);
54	blob_append( &bSQL, zSQL1, -1 );
55
56	if( zType[0]!='a' ){
57	if( zType[0]=='c' && !g.perm.Read ) zType = "x";
58	if( zType[0]=='w' && !g.perm.RdWiki ) zType = "x";
59	if( zType[0]=='t' && !g.perm.RdTkt ) zType = "x";
60	blob_appendf(&bSQL, " AND event.type=%Q", zType);
61	}else{
62	if( !g.perm.Read ){
63	if( g.perm.RdTkt && g.perm.RdWiki ){
64	blob_append(&bSQL, " AND event.type!='ci'", -1);
65	}else if( g.perm.RdTkt ){
66	blob_append(&bSQL, " AND event.type=='t'", -1);
67	}else{
68	blob_append(&bSQL, " AND event.type=='w'", -1);
69	}
70	}else if( !g.perm.RdWiki ){
71	if( g.perm.RdTkt ){
72	blob_append(&bSQL, " AND event.type!='w'", -1);
73	}else{
74	blob_append(&bSQL, " AND event.type=='ci'", -1);
75	}
76	}else if( !g.perm.RdTkt ){
77	assert( !g.perm.RdTkt &&& g.perm.Read && g.perm.RdWiki );
78	blob_append(&bSQL, " AND event.type!='t'", -1);
79	}
80	}
81
82	blob_append( &bSQL, " ORDER BY event.mtime DESC", -1 );
83

M src/setup.c

+17 -17

		--- src/setup.c
		+++ src/setup.c
		@@ -52,11 +52,11 @@
52	52	/*
53	53	** WEBPAGE: /setup
54	54	*/
55	55	void setup_page(void){
56	56	login_check_credentials();
57		- if( !g.okSetup ){
	57	+ if( !g.perm.Setup ){
58	58	login_needed();
59	59	}
60	60
61	61	style_header("Server Administration");
62	62	@ <table border="0" cellspacing="7">
		@@ -106,11 +106,11 @@
106	106	*/
107	107	void setup_ulist(void){
108	108	Stmt s;
109	109
110	110	login_check_credentials();
111		- if( !g.okAdmin ){
	111	+ if( !g.perm.Admin ){
112	112	login_needed();
113	113	return;
114	114	}
115	115
116	116	style_submenu_element("Add", "Add User", "setup_uedit");
		@@ -127,15 +127,15 @@
127	127	db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login");
128	128	while( db_step(&s)==SQLITE_ROW ){
129	129	const char *zCap = db_column_text(&s, 2);
130	130	@ <tr>
131	131	@ <td class="usetupListUser" style="text-align: right;padding-right: 20px;white-space:nowrap;">
132		- if( g.okAdmin && (zCap[0]!='s' \|\| g.okSetup) ){
	132	+ if( g.perm.Admin && (zCap[0]!='s' \|\| g.perm.Setup) ){
133	133	@ <a href="setup_uedit?id=%d(db_column_int(&s,0))">
134	134	}
135	135	@ %h(db_column_text(&s,1))
136		- if( g.okAdmin ){
	136	+ if( g.perm.Admin ){
137	137	@ </a>
138	138	}
139	139	@ </td>
140	140	@ <td class="usetupListCap" style="text-align: center;padding-right: 15px;">%s(zCap)</td>
141	141	@ <td class="usetupListCon" style="text-align: left;">%s(db_column_text(&s,3))</td>
		@@ -259,18 +259,18 @@
259	259	/* user doing the editing is ADMIN. Disallow editing */
260	260
261	261	/* Must have ADMIN privleges to access this page
262	262	*/
263	263	login_check_credentials();
264		- if( !g.okAdmin ){ login_needed(); return; }
	264	+ if( !g.perm.Admin ){ login_needed(); return; }
265	265
266	266	/* Check to see if an ADMIN user is trying to edit a SETUP account.
267	267	** Don't allow that.
268	268	*/
269	269	zId = PD("id", "0");
270	270	uid = atoi(zId);
271		- if( zId && !g.okSetup && uid>0 ){
	271	+ if( zId && !g.perm.Setup && uid>0 ){
272	272	char *zOldCaps;
273	273	zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid);
274	274	higherUser = zOldCaps && strchr(zOldCaps,'s');
275	275	}
276	276
		@@ -296,11 +296,11 @@
296	296	int ak = P("ak")!=0;
297	297	int an = P("an")!=0;
298	298	int ao = P("ao")!=0;
299	299	int ap = P("ap")!=0;
300	300	int ar = P("ar")!=0;
301		- int as = g.okSetup && P("as")!=0;
	301	+ int as = g.perm.Setup && P("as")!=0;
302	302	int aw = P("aw")!=0;
303	303	int ac = P("ac")!=0;
304	304	int af = P("af")!=0;
305	305	int am = P("am")!=0;
306	306	int ah = P("ah")!=0;
		@@ -513,11 +513,11 @@
513	513	@ </tr>
514	514	@ <tr>
515	515	@ <td class="usetupEditLabel">Capabilities:</td>
516	516	@ <td>
517	517	#define B(x) inherit[x]
518		- if( g.okSetup ){
	518	+ if( g.perm.Setup ){
519	519	@ <input type="checkbox" name="as"%s(oas) />%s(B('s'))Setup<br />
520	520	}
521	521	@ <input type="checkbox" name="aa"%s(oaa) />%s(B('a'))Admin<br />
522	522	@ <input type="checkbox" name="ad"%s(oad) />%s(B('d'))Delete<br />
523	523	@ <input type="checkbox" name="ae"%s(oae) />%s(B('e'))Email<br />
		@@ -816,11 +816,11 @@
816	816	/*
817	817	** WEBPAGE: setup_access
818	818	*/
819	819	void setup_access(void){
820	820	login_check_credentials();
821		- if( !g.okSetup ){
	821	+ if( !g.perm.Setup ){
822	822	login_needed();
823	823	}
824	824
825	825	style_header("Access Control Settings");
826	826	db_begin_transaction();
		@@ -918,11 +918,11 @@
918	918	const char *zLogin = PD("login", "");
919	919	const char *zPw = PD("pw", "");
920	920	const char *zNewName = PD("newname", "New Login Group");
921	921
922	922	login_check_credentials();
923		- if( !g.okSetup ){
	923	+ if( !g.perm.Setup ){
924	924	login_needed();
925	925	}
926	926	file_canonical_name(g.zRepositoryName, &fullName);
927	927	zSelfRepo = mprintf(blob_str(&fullName));
928	928	blob_reset(&fullName);
		@@ -1004,11 +1004,11 @@
1004	1004	/*
1005	1005	** WEBPAGE: setup_timeline
1006	1006	*/
1007	1007	void setup_timeline(void){
1008	1008	login_check_credentials();
1009		- if( !g.okSetup ){
	1009	+ if( !g.perm.Setup ){
1010	1010	login_needed();
1011	1011	}
1012	1012
1013	1013	style_header("Timeline Display Preferences");
1014	1014	db_begin_transaction();
		@@ -1053,11 +1053,11 @@
1053	1053	*/
1054	1054	void setup_settings(void){
1055	1055	struct stControlSettings const *pSet;
1056	1056
1057	1057	login_check_credentials();
1058		- if( !g.okSetup ){
	1058	+ if( !g.perm.Setup ){
1059	1059	login_needed();
1060	1060	}
1061	1061
1062	1062	style_header("Settings");
1063	1063	db_open_local();
		@@ -1107,11 +1107,11 @@
1107	1107	/*
1108	1108	** WEBPAGE: setup_config
1109	1109	*/
1110	1110	void setup_config(void){
1111	1111	login_check_credentials();
1112		- if( !g.okSetup ){
	1112	+ if( !g.perm.Setup ){
1113	1113	login_needed();
1114	1114	}
1115	1115
1116	1116	style_header("WWW Configuration");
1117	1117	db_begin_transaction();
		@@ -1171,11 +1171,11 @@
1171	1171	/*
1172	1172	** WEBPAGE: setup_editcss
1173	1173	*/
1174	1174	void setup_editcss(void){
1175	1175	login_check_credentials();
1176		- if( !g.okSetup ){
	1176	+ if( !g.perm.Setup ){
1177	1177	login_needed();
1178	1178	}
1179	1179	db_begin_transaction();
1180	1180	if( P("clear")!=0 ){
1181	1181	db_multi_exec("DELETE FROM config WHERE name='css'");
		@@ -1215,11 +1215,11 @@
1215	1215	/*
1216	1216	** WEBPAGE: setup_header
1217	1217	*/
1218	1218	void setup_header(void){
1219	1219	login_check_credentials();
1220		- if( !g.okSetup ){
	1220	+ if( !g.perm.Setup ){
1221	1221	login_needed();
1222	1222	}
1223	1223	db_begin_transaction();
1224	1224	if( P("clear")!=0 ){
1225	1225	db_multi_exec("DELETE FROM config WHERE name='header'");
		@@ -1253,11 +1253,11 @@
1253	1253	/*
1254	1254	** WEBPAGE: setup_footer
1255	1255	*/
1256	1256	void setup_footer(void){
1257	1257	login_check_credentials();
1258		- if( !g.okSetup ){
	1258	+ if( !g.perm.Setup ){
1259	1259	login_needed();
1260	1260	}
1261	1261	db_begin_transaction();
1262	1262	if( P("clear")!=0 ){
1263	1263	db_multi_exec("DELETE FROM config WHERE name='footer'");
		@@ -1296,11 +1296,11 @@
1296	1296	int szImg = atoi(PD("im:bytes","0"));
1297	1297	if( szImg>0 ){
1298	1298	zMime = PD("im:mimetype","image/gif");
1299	1299	}
1300	1300	login_check_credentials();
1301		- if( !g.okSetup ){
	1301	+ if( !g.perm.Setup ){
1302	1302	login_needed();
1303	1303	}
1304	1304	db_begin_transaction();
1305	1305	if( P("set")!=0 && zMime && zMime[0] && szImg>0 ){
1306	1306	Blob img;
1307	1307

	--- src/setup.c
	+++ src/setup.c
	@@ -52,11 +52,11 @@
52	/*
53	** WEBPAGE: /setup
54	*/
55	void setup_page(void){
56	login_check_credentials();
57	if( !g.okSetup ){
58	login_needed();
59	}
60
61	style_header("Server Administration");
62	@ <table border="0" cellspacing="7">
	@@ -106,11 +106,11 @@
106	*/
107	void setup_ulist(void){
108	Stmt s;
109
110	login_check_credentials();
111	if( !g.okAdmin ){
112	login_needed();
113	return;
114	}
115
116	style_submenu_element("Add", "Add User", "setup_uedit");
	@@ -127,15 +127,15 @@
127	db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login");
128	while( db_step(&s)==SQLITE_ROW ){
129	const char *zCap = db_column_text(&s, 2);
130	@ <tr>
131	@ <td class="usetupListUser" style="text-align: right;padding-right: 20px;white-space:nowrap;">
132	if( g.okAdmin && (zCap[0]!='s' \|\| g.okSetup) ){
133	@ <a href="setup_uedit?id=%d(db_column_int(&s,0))">
134	}
135	@ %h(db_column_text(&s,1))
136	if( g.okAdmin ){
137	@ </a>
138	}
139	@ </td>
140	@ <td class="usetupListCap" style="text-align: center;padding-right: 15px;">%s(zCap)</td>
141	@ <td class="usetupListCon" style="text-align: left;">%s(db_column_text(&s,3))</td>
	@@ -259,18 +259,18 @@
259	/* user doing the editing is ADMIN. Disallow editing */
260
261	/* Must have ADMIN privleges to access this page
262	*/
263	login_check_credentials();
264	if( !g.okAdmin ){ login_needed(); return; }
265
266	/* Check to see if an ADMIN user is trying to edit a SETUP account.
267	** Don't allow that.
268	*/
269	zId = PD("id", "0");
270	uid = atoi(zId);
271	if( zId && !g.okSetup && uid>0 ){
272	char *zOldCaps;
273	zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid);
274	higherUser = zOldCaps && strchr(zOldCaps,'s');
275	}
276
	@@ -296,11 +296,11 @@
296	int ak = P("ak")!=0;
297	int an = P("an")!=0;
298	int ao = P("ao")!=0;
299	int ap = P("ap")!=0;
300	int ar = P("ar")!=0;
301	int as = g.okSetup && P("as")!=0;
302	int aw = P("aw")!=0;
303	int ac = P("ac")!=0;
304	int af = P("af")!=0;
305	int am = P("am")!=0;
306	int ah = P("ah")!=0;
	@@ -513,11 +513,11 @@
513	@ </tr>
514	@ <tr>
515	@ <td class="usetupEditLabel">Capabilities:</td>
516	@ <td>
517	#define B(x) inherit[x]
518	if( g.okSetup ){
519	@ <input type="checkbox" name="as"%s(oas) />%s(B('s'))Setup<br />
520	}
521	@ <input type="checkbox" name="aa"%s(oaa) />%s(B('a'))Admin<br />
522	@ <input type="checkbox" name="ad"%s(oad) />%s(B('d'))Delete<br />
523	@ <input type="checkbox" name="ae"%s(oae) />%s(B('e'))Email<br />
	@@ -816,11 +816,11 @@
816	/*
817	** WEBPAGE: setup_access
818	*/
819	void setup_access(void){
820	login_check_credentials();
821	if( !g.okSetup ){
822	login_needed();
823	}
824
825	style_header("Access Control Settings");
826	db_begin_transaction();
	@@ -918,11 +918,11 @@
918	const char *zLogin = PD("login", "");
919	const char *zPw = PD("pw", "");
920	const char *zNewName = PD("newname", "New Login Group");
921
922	login_check_credentials();
923	if( !g.okSetup ){
924	login_needed();
925	}
926	file_canonical_name(g.zRepositoryName, &fullName);
927	zSelfRepo = mprintf(blob_str(&fullName));
928	blob_reset(&fullName);
	@@ -1004,11 +1004,11 @@
1004	/*
1005	** WEBPAGE: setup_timeline
1006	*/
1007	void setup_timeline(void){
1008	login_check_credentials();
1009	if( !g.okSetup ){
1010	login_needed();
1011	}
1012
1013	style_header("Timeline Display Preferences");
1014	db_begin_transaction();
	@@ -1053,11 +1053,11 @@
1053	*/
1054	void setup_settings(void){
1055	struct stControlSettings const *pSet;
1056
1057	login_check_credentials();
1058	if( !g.okSetup ){
1059	login_needed();
1060	}
1061
1062	style_header("Settings");
1063	db_open_local();
	@@ -1107,11 +1107,11 @@
1107	/*
1108	** WEBPAGE: setup_config
1109	*/
1110	void setup_config(void){
1111	login_check_credentials();
1112	if( !g.okSetup ){
1113	login_needed();
1114	}
1115
1116	style_header("WWW Configuration");
1117	db_begin_transaction();
	@@ -1171,11 +1171,11 @@
1171	/*
1172	** WEBPAGE: setup_editcss
1173	*/
1174	void setup_editcss(void){
1175	login_check_credentials();
1176	if( !g.okSetup ){
1177	login_needed();
1178	}
1179	db_begin_transaction();
1180	if( P("clear")!=0 ){
1181	db_multi_exec("DELETE FROM config WHERE name='css'");
	@@ -1215,11 +1215,11 @@
1215	/*
1216	** WEBPAGE: setup_header
1217	*/
1218	void setup_header(void){
1219	login_check_credentials();
1220	if( !g.okSetup ){
1221	login_needed();
1222	}
1223	db_begin_transaction();
1224	if( P("clear")!=0 ){
1225	db_multi_exec("DELETE FROM config WHERE name='header'");
	@@ -1253,11 +1253,11 @@
1253	/*
1254	** WEBPAGE: setup_footer
1255	*/
1256	void setup_footer(void){
1257	login_check_credentials();
1258	if( !g.okSetup ){
1259	login_needed();
1260	}
1261	db_begin_transaction();
1262	if( P("clear")!=0 ){
1263	db_multi_exec("DELETE FROM config WHERE name='footer'");
	@@ -1296,11 +1296,11 @@
1296	int szImg = atoi(PD("im:bytes","0"));
1297	if( szImg>0 ){
1298	zMime = PD("im:mimetype","image/gif");
1299	}
1300	login_check_credentials();
1301	if( !g.okSetup ){
1302	login_needed();
1303	}
1304	db_begin_transaction();
1305	if( P("set")!=0 && zMime && zMime[0] && szImg>0 ){
1306	Blob img;
1307

	--- src/setup.c
	+++ src/setup.c
	@@ -52,11 +52,11 @@
52	/*
53	** WEBPAGE: /setup
54	*/
55	void setup_page(void){
56	login_check_credentials();
57	if( !g.perm.Setup ){
58	login_needed();
59	}
60
61	style_header("Server Administration");
62	@ <table border="0" cellspacing="7">
	@@ -106,11 +106,11 @@
106	*/
107	void setup_ulist(void){
108	Stmt s;
109
110	login_check_credentials();
111	if( !g.perm.Admin ){
112	login_needed();
113	return;
114	}
115
116	style_submenu_element("Add", "Add User", "setup_uedit");
	@@ -127,15 +127,15 @@
127	db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login");
128	while( db_step(&s)==SQLITE_ROW ){
129	const char *zCap = db_column_text(&s, 2);
130	@ <tr>
131	@ <td class="usetupListUser" style="text-align: right;padding-right: 20px;white-space:nowrap;">
132	if( g.perm.Admin && (zCap[0]!='s' \|\| g.perm.Setup) ){
133	@ <a href="setup_uedit?id=%d(db_column_int(&s,0))">
134	}
135	@ %h(db_column_text(&s,1))
136	if( g.perm.Admin ){
137	@ </a>
138	}
139	@ </td>
140	@ <td class="usetupListCap" style="text-align: center;padding-right: 15px;">%s(zCap)</td>
141	@ <td class="usetupListCon" style="text-align: left;">%s(db_column_text(&s,3))</td>
	@@ -259,18 +259,18 @@
259	/* user doing the editing is ADMIN. Disallow editing */
260
261	/* Must have ADMIN privleges to access this page
262	*/
263	login_check_credentials();
264	if( !g.perm.Admin ){ login_needed(); return; }
265
266	/* Check to see if an ADMIN user is trying to edit a SETUP account.
267	** Don't allow that.
268	*/
269	zId = PD("id", "0");
270	uid = atoi(zId);
271	if( zId && !g.perm.Setup && uid>0 ){
272	char *zOldCaps;
273	zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid);
274	higherUser = zOldCaps && strchr(zOldCaps,'s');
275	}
276
	@@ -296,11 +296,11 @@
296	int ak = P("ak")!=0;
297	int an = P("an")!=0;
298	int ao = P("ao")!=0;
299	int ap = P("ap")!=0;
300	int ar = P("ar")!=0;
301	int as = g.perm.Setup && P("as")!=0;
302	int aw = P("aw")!=0;
303	int ac = P("ac")!=0;
304	int af = P("af")!=0;
305	int am = P("am")!=0;
306	int ah = P("ah")!=0;
	@@ -513,11 +513,11 @@
513	@ </tr>
514	@ <tr>
515	@ <td class="usetupEditLabel">Capabilities:</td>
516	@ <td>
517	#define B(x) inherit[x]
518	if( g.perm.Setup ){
519	@ <input type="checkbox" name="as"%s(oas) />%s(B('s'))Setup<br />
520	}
521	@ <input type="checkbox" name="aa"%s(oaa) />%s(B('a'))Admin<br />
522	@ <input type="checkbox" name="ad"%s(oad) />%s(B('d'))Delete<br />
523	@ <input type="checkbox" name="ae"%s(oae) />%s(B('e'))Email<br />
	@@ -816,11 +816,11 @@
816	/*
817	** WEBPAGE: setup_access
818	*/
819	void setup_access(void){
820	login_check_credentials();
821	if( !g.perm.Setup ){
822	login_needed();
823	}
824
825	style_header("Access Control Settings");
826	db_begin_transaction();
	@@ -918,11 +918,11 @@
918	const char *zLogin = PD("login", "");
919	const char *zPw = PD("pw", "");
920	const char *zNewName = PD("newname", "New Login Group");
921
922	login_check_credentials();
923	if( !g.perm.Setup ){
924	login_needed();
925	}
926	file_canonical_name(g.zRepositoryName, &fullName);
927	zSelfRepo = mprintf(blob_str(&fullName));
928	blob_reset(&fullName);
	@@ -1004,11 +1004,11 @@
1004	/*
1005	** WEBPAGE: setup_timeline
1006	*/
1007	void setup_timeline(void){
1008	login_check_credentials();
1009	if( !g.perm.Setup ){
1010	login_needed();
1011	}
1012
1013	style_header("Timeline Display Preferences");
1014	db_begin_transaction();
	@@ -1053,11 +1053,11 @@
1053	*/
1054	void setup_settings(void){
1055	struct stControlSettings const *pSet;
1056
1057	login_check_credentials();
1058	if( !g.perm.Setup ){
1059	login_needed();
1060	}
1061
1062	style_header("Settings");
1063	db_open_local();
	@@ -1107,11 +1107,11 @@
1107	/*
1108	** WEBPAGE: setup_config
1109	*/
1110	void setup_config(void){
1111	login_check_credentials();
1112	if( !g.perm.Setup ){
1113	login_needed();
1114	}
1115
1116	style_header("WWW Configuration");
1117	db_begin_transaction();
	@@ -1171,11 +1171,11 @@
1171	/*
1172	** WEBPAGE: setup_editcss
1173	*/
1174	void setup_editcss(void){
1175	login_check_credentials();
1176	if( !g.perm.Setup ){
1177	login_needed();
1178	}
1179	db_begin_transaction();
1180	if( P("clear")!=0 ){
1181	db_multi_exec("DELETE FROM config WHERE name='css'");
	@@ -1215,11 +1215,11 @@
1215	/*
1216	** WEBPAGE: setup_header
1217	*/
1218	void setup_header(void){
1219	login_check_credentials();
1220	if( !g.perm.Setup ){
1221	login_needed();
1222	}
1223	db_begin_transaction();
1224	if( P("clear")!=0 ){
1225	db_multi_exec("DELETE FROM config WHERE name='header'");
	@@ -1253,11 +1253,11 @@
1253	/*
1254	** WEBPAGE: setup_footer
1255	*/
1256	void setup_footer(void){
1257	login_check_credentials();
1258	if( !g.perm.Setup ){
1259	login_needed();
1260	}
1261	db_begin_transaction();
1262	if( P("clear")!=0 ){
1263	db_multi_exec("DELETE FROM config WHERE name='footer'");
	@@ -1296,11 +1296,11 @@
1296	int szImg = atoi(PD("im:bytes","0"));
1297	if( szImg>0 ){
1298	zMime = PD("im:mimetype","image/gif");
1299	}
1300	login_check_credentials();
1301	if( !g.perm.Setup ){
1302	login_needed();
1303	}
1304	db_begin_transaction();
1305	if( P("set")!=0 && zMime && zMime[0] && szImg>0 ){
1306	Blob img;
1307

M src/shun.c

+3 -3

		--- src/shun.c
		+++ src/shun.c
		@@ -44,11 +44,11 @@
44	44	const char *zUuid = P("uuid");
45	45	int nUuid;
46	46	char zCanonical[UUID_SIZE+1];
47	47
48	48	login_check_credentials();
49		- if( !g.okAdmin ){
	49	+ if( !g.perm.Admin ){
50	50	login_needed();
51	51	}
52	52	if( P("rebuild") ){
53	53	db_close(1);
54	54	db_open_repository(g.zRepositoryName);
		@@ -219,11 +219,11 @@
219	219	int ofst = atoi(PD("ofst","0"));
220	220	int cnt;
221	221	Stmt q;
222	222
223	223	login_check_credentials();
224		- if( !g.okAdmin ){
	224	+ if( !g.perm.Admin ){
225	225	login_needed();
226	226	}
227	227	style_header("Content Sources");
228	228	if( ofst>0 ){
229	229	style_submenu_element("Newer", "Newer", "rcvfromlist?ofst=%d",
		@@ -282,11 +282,11 @@
282	282	void rcvfrom_page(void){
283	283	int rcvid = atoi(PD("rcvid","0"));
284	284	Stmt q;
285	285
286	286	login_check_credentials();
287		- if( !g.okAdmin ){
	287	+ if( !g.perm.Admin ){
288	288	login_needed();
289	289	}
290	290	style_header("Content Source %d", rcvid);
291	291	db_prepare(&q,
292	292	"SELECT login, datetime(rcvfrom.mtime), rcvfrom.ipaddr"
293	293

	--- src/shun.c
	+++ src/shun.c
	@@ -44,11 +44,11 @@
44	const char *zUuid = P("uuid");
45	int nUuid;
46	char zCanonical[UUID_SIZE+1];
47
48	login_check_credentials();
49	if( !g.okAdmin ){
50	login_needed();
51	}
52	if( P("rebuild") ){
53	db_close(1);
54	db_open_repository(g.zRepositoryName);
	@@ -219,11 +219,11 @@
219	int ofst = atoi(PD("ofst","0"));
220	int cnt;
221	Stmt q;
222
223	login_check_credentials();
224	if( !g.okAdmin ){
225	login_needed();
226	}
227	style_header("Content Sources");
228	if( ofst>0 ){
229	style_submenu_element("Newer", "Newer", "rcvfromlist?ofst=%d",
	@@ -282,11 +282,11 @@
282	void rcvfrom_page(void){
283	int rcvid = atoi(PD("rcvid","0"));
284	Stmt q;
285
286	login_check_credentials();
287	if( !g.okAdmin ){
288	login_needed();
289	}
290	style_header("Content Source %d", rcvid);
291	db_prepare(&q,
292	"SELECT login, datetime(rcvfrom.mtime), rcvfrom.ipaddr"
293

	--- src/shun.c
	+++ src/shun.c
	@@ -44,11 +44,11 @@
44	const char *zUuid = P("uuid");
45	int nUuid;
46	char zCanonical[UUID_SIZE+1];
47
48	login_check_credentials();
49	if( !g.perm.Admin ){
50	login_needed();
51	}
52	if( P("rebuild") ){
53	db_close(1);
54	db_open_repository(g.zRepositoryName);
	@@ -219,11 +219,11 @@
219	int ofst = atoi(PD("ofst","0"));
220	int cnt;
221	Stmt q;
222
223	login_check_credentials();
224	if( !g.perm.Admin ){
225	login_needed();
226	}
227	style_header("Content Sources");
228	if( ofst>0 ){
229	style_submenu_element("Newer", "Newer", "rcvfromlist?ofst=%d",
	@@ -282,11 +282,11 @@
282	void rcvfrom_page(void){
283	int rcvid = atoi(PD("rcvid","0"));
284	Stmt q;
285
286	login_check_credentials();
287	if( !g.perm.Admin ){
288	login_needed();
289	}
290	style_header("Content Source %d", rcvid);
291	db_prepare(&q,
292	"SELECT login, datetime(rcvfrom.mtime), rcvfrom.ipaddr"
293

M src/skins.c

+1 -1

		--- src/skins.c
		+++ src/skins.c
		@@ -1025,11 +1025,11 @@
1025	1025	const char zCurrent; / Current skin */
1026	1026	int i; /* Loop counter */
1027	1027	Stmt q;
1028	1028
1029	1029	login_check_credentials();
1030		- if( !g.okSetup ){
	1030	+ if( !g.perm.Setup ){
1031	1031	login_needed();
1032	1032	}
1033	1033	db_begin_transaction();
1034	1034
1035	1035	/* Process requests to delete a user-defined skin */
1036	1036

	--- src/skins.c
	+++ src/skins.c
	@@ -1025,11 +1025,11 @@
1025	const char zCurrent; / Current skin */
1026	int i; /* Loop counter */
1027	Stmt q;
1028
1029	login_check_credentials();
1030	if( !g.okSetup ){
1031	login_needed();
1032	}
1033	db_begin_transaction();
1034
1035	/* Process requests to delete a user-defined skin */
1036

	--- src/skins.c
	+++ src/skins.c
	@@ -1025,11 +1025,11 @@
1025	const char zCurrent; / Current skin */
1026	int i; /* Loop counter */
1027	Stmt q;
1028
1029	login_check_credentials();
1030	if( !g.perm.Setup ){
1031	login_needed();
1032	}
1033	db_begin_transaction();
1034
1035	/* Process requests to delete a user-defined skin */
1036

M src/stat.c

+1 -1

		--- src/stat.c
		+++ src/stat.c
		@@ -34,11 +34,11 @@
34	34	const char *zDb;
35	35	int brief;
36	36	char zBuf[100];
37	37
38	38	login_check_credentials();
39		- if( !g.okRead ){ login_needed(); return; }
	39	+ if( !g.perm.Read ){ login_needed(); return; }
40	40	brief = P("brief")!=0;
41	41	style_header("Repository Statistics");
42	42	@ <table class="label-value">
43	43	@ <tr><th>Repository Size:</th><td>
44	44	fsize = file_size(g.zRepositoryName);
45	45

	--- src/stat.c
	+++ src/stat.c
	@@ -34,11 +34,11 @@
34	const char *zDb;
35	int brief;
36	char zBuf[100];
37
38	login_check_credentials();
39	if( !g.okRead ){ login_needed(); return; }
40	brief = P("brief")!=0;
41	style_header("Repository Statistics");
42	@ <table class="label-value">
43	@ <tr><th>Repository Size:</th><td>
44	fsize = file_size(g.zRepositoryName);
45

	--- src/stat.c
	+++ src/stat.c
	@@ -34,11 +34,11 @@
34	const char *zDb;
35	int brief;
36	char zBuf[100];
37
38	login_check_credentials();
39	if( !g.perm.Read ){ login_needed(); return; }
40	brief = P("brief")!=0;
41	style_header("Repository Statistics");
42	@ <table class="label-value">
43	@ <tr><th>Repository Size:</th><td>
44	fsize = file_size(g.zRepositoryName);
45

M src/style.c

+1 -1

		--- src/style.c
		+++ src/style.c
		@@ -820,11 +820,11 @@
820	820	@ g.userUid = %d(g.userUid)<br />
821	821	@ g.zLogin = %h(g.zLogin)<br />
822	822	@ capabilities = %s(zCap)<br />
823	823	@ <hr>
824	824	cgi_print_all();
825		- if( g.okSetup ){
	825	+ if( g.perm.Setup ){
826	826	const char *zRedir = P("redirect");
827	827	if( zRedir ) cgi_redirect(zRedir);
828	828	}
829	829	style_footer();
830	830	}
831	831

	--- src/style.c
	+++ src/style.c
	@@ -820,11 +820,11 @@
820	@ g.userUid = %d(g.userUid)<br />
821	@ g.zLogin = %h(g.zLogin)<br />
822	@ capabilities = %s(zCap)<br />
823	@ <hr>
824	cgi_print_all();
825	if( g.okSetup ){
826	const char *zRedir = P("redirect");
827	if( zRedir ) cgi_redirect(zRedir);
828	}
829	style_footer();
830	}
831

	--- src/style.c
	+++ src/style.c
	@@ -820,11 +820,11 @@
820	@ g.userUid = %d(g.userUid)<br />
821	@ g.zLogin = %h(g.zLogin)<br />
822	@ capabilities = %s(zCap)<br />
823	@ <hr>
824	cgi_print_all();
825	if( g.perm.Setup ){
826	const char *zRedir = P("redirect");
827	if( zRedir ) cgi_redirect(zRedir);
828	}
829	style_footer();
830	}
831

M src/tag.c

+3 -3

		--- src/tag.c
		+++ src/tag.c
		@@ -529,11 +529,11 @@
529	529	*/
530	530	void taglist_page(void){
531	531	Stmt q;
532	532
533	533	login_check_credentials();
534		- if( !g.okRead ){
	534	+ if( !g.perm.Read ){
535	535	login_needed();
536	536	}
537	537	login_anonymous_available();
538	538	style_header("Tags");
539	539	style_submenu_element("Timeline", "Timeline", "tagtimeline");
		@@ -548,11 +548,11 @@
548	548	" ORDER BY tagname"
549	549	);
550	550	@ <ul>
551	551	while( db_step(&q)==SQLITE_ROW ){
552	552	const char *zName = db_column_text(&q, 0);
553		- if( g.okHistory ){
	553	+ if( g.perm.History ){
554	554	@ <li><a class="tagLink" href="%s(g.zTop)/timeline?t=%T(zName)">
555	555	@ %h(zName)</a></li>
556	556	}else{
557	557	@ <li><span class="tagDsp">%h(zName)</span></li>
558	558	}
		@@ -567,11 +567,11 @@
567	567	*/
568	568	void tagtimeline_page(void){
569	569	Stmt q;
570	570
571	571	login_check_credentials();
572		- if( !g.okRead ){ login_needed(); return; }
	572	+ if( !g.perm.Read ){ login_needed(); return; }
573	573
574	574	style_header("Tagged Check-ins");
575	575	style_submenu_element("List", "List", "taglist");
576	576	login_anonymous_available();
577	577	@ <h2>Check-ins with non-propagating tags:</h2>
578	578

	--- src/tag.c
	+++ src/tag.c
	@@ -529,11 +529,11 @@
529	*/
530	void taglist_page(void){
531	Stmt q;
532
533	login_check_credentials();
534	if( !g.okRead ){
535	login_needed();
536	}
537	login_anonymous_available();
538	style_header("Tags");
539	style_submenu_element("Timeline", "Timeline", "tagtimeline");
	@@ -548,11 +548,11 @@
548	" ORDER BY tagname"
549	);
550	@ <ul>
551	while( db_step(&q)==SQLITE_ROW ){
552	const char *zName = db_column_text(&q, 0);
553	if( g.okHistory ){
554	@ <li><a class="tagLink" href="%s(g.zTop)/timeline?t=%T(zName)">
555	@ %h(zName)</a></li>
556	}else{
557	@ <li><span class="tagDsp">%h(zName)</span></li>
558	}
	@@ -567,11 +567,11 @@
567	*/
568	void tagtimeline_page(void){
569	Stmt q;
570
571	login_check_credentials();
572	if( !g.okRead ){ login_needed(); return; }
573
574	style_header("Tagged Check-ins");
575	style_submenu_element("List", "List", "taglist");
576	login_anonymous_available();
577	@ <h2>Check-ins with non-propagating tags:</h2>
578

	--- src/tag.c
	+++ src/tag.c
	@@ -529,11 +529,11 @@
529	*/
530	void taglist_page(void){
531	Stmt q;
532
533	login_check_credentials();
534	if( !g.perm.Read ){
535	login_needed();
536	}
537	login_anonymous_available();
538	style_header("Tags");
539	style_submenu_element("Timeline", "Timeline", "tagtimeline");
	@@ -548,11 +548,11 @@
548	" ORDER BY tagname"
549	);
550	@ <ul>
551	while( db_step(&q)==SQLITE_ROW ){
552	const char *zName = db_column_text(&q, 0);
553	if( g.perm.History ){
554	@ <li><a class="tagLink" href="%s(g.zTop)/timeline?t=%T(zName)">
555	@ %h(zName)</a></li>
556	}else{
557	@ <li><span class="tagDsp">%h(zName)</span></li>
558	}
	@@ -567,11 +567,11 @@
567	*/
568	void tagtimeline_page(void){
569	Stmt q;
570
571	login_check_credentials();
572	if( !g.perm.Read ){ login_needed(); return; }
573
574	style_header("Tagged Check-ins");
575	style_submenu_element("List", "List", "taglist");
576	login_anonymous_available();
577	@ <h2>Check-ins with non-propagating tags:</h2>
578

M src/tar.c

+1 -1

		--- src/tar.c
		+++ src/tar.c
		@@ -572,11 +572,11 @@
572	572	char zName, zRid;
573	573	int nName, nRid;
574	574	Blob tarball;
575	575
576	576	login_check_credentials();
577		- if( !g.okZip ){ login_needed(); return; }
	577	+ if( !g.perm.Zip ){ login_needed(); return; }
578	578	zName = mprintf("%s", PD("name",""));
579	579	nName = strlen(zName);
580	580	zRid = mprintf("%s", PD("uuid",""));
581	581	nRid = strlen(zRid);
582	582	if( nName>7 && fossil_strcmp(&zName[nName-7], ".tar.gz")==0 ){
583	583

	--- src/tar.c
	+++ src/tar.c
	@@ -572,11 +572,11 @@
572	char zName, zRid;
573	int nName, nRid;
574	Blob tarball;
575
576	login_check_credentials();
577	if( !g.okZip ){ login_needed(); return; }
578	zName = mprintf("%s", PD("name",""));
579	nName = strlen(zName);
580	zRid = mprintf("%s", PD("uuid",""));
581	nRid = strlen(zRid);
582	if( nName>7 && fossil_strcmp(&zName[nName-7], ".tar.gz")==0 ){
583

	--- src/tar.c
	+++ src/tar.c
	@@ -572,11 +572,11 @@
572	char zName, zRid;
573	int nName, nRid;
574	Blob tarball;
575
576	login_check_credentials();
577	if( !g.perm.Zip ){ login_needed(); return; }
578	zName = mprintf("%s", PD("name",""));
579	nName = strlen(zName);
580	zRid = mprintf("%s", PD("uuid",""));
581	nRid = strlen(zRid);
582	if( nName>7 && fossil_strcmp(&zName[nName-7], ".tar.gz")==0 ){
583

M src/timeline.c

+31 -31

		--- src/timeline.c
		+++ src/timeline.c
		@@ -47,11 +47,11 @@
47	47	** Generate a hyperlink to a version.
48	48	*/
49	49	void hyperlink_to_uuid(const char *zUuid){
50	50	char z[UUID_SIZE+1];
51	51	shorten_uuid(z, zUuid);
52		- if( g.okHistory ){
	52	+ if( g.perm.History ){
53	53	@ <a class="timelineHistLink" href="%s(g.zTop)/info/%s(z)">[%s(z)]</a>
54	54	}else{
55	55	@ <span class="timelineHistDsp">[%s(z)]</span>
56	56	}
57	57	}
		@@ -58,11 +58,11 @@
58	58
59	59	/*
60	60	** Generate a hyperlink to a diff between two versions.
61	61	*/
62	62	void hyperlink_to_diff(const char zV1, const char zV2){
63		- if( g.okHistory ){
	63	+ if( g.perm.History ){
64	64	if( zV2==0 ){
65	65	@ <a href="%s(g.zTop)/diff?v2=%s(zV1)">[diff]</a>
66	66	}else{
67	67	@ <a href="%s(g.zTop)/diff?v1=%s(zV1)&v2=%s(zV2)">[diff]</a>
68	68	}
		@@ -72,11 +72,11 @@
72	72	/*
73	73	** Generate a hyperlink to a date & time.
74	74	*/
75	75	void hyperlink_to_date(const char zDate, const char zSuffix){
76	76	if( zSuffix==0 ) zSuffix = "";
77		- if( g.okHistory ){
	77	+ if( g.perm.History ){
78	78	@ <a href="%s(g.zTop)/timeline?c=%T(zDate)">%s(zDate)</a>%s(zSuffix)
79	79	}else{
80	80	@ %s(zDate)%s(zSuffix)
81	81	}
82	82	}
		@@ -86,11 +86,11 @@
86	86	** events by that user. If the date+time is specified, then the timeline
87	87	** is centered on that date+time.
88	88	*/
89	89	void hyperlink_to_user(const char zU, const char zD, const char *zSuf){
90	90	if( zSuf==0 ) zSuf = "";
91		- if( g.okHistory ){
	91	+ if( g.perm.History ){
92	92	if( zD && zD[0] ){
93	93	@ <a href="%s(g.zTop)/timeline?c=%T(zD)&u=%T(zU)">%h(zU)</a>%s(zSuf)
94	94	}else{
95	95	@ <a href="%s(g.zTop)/timeline?u=%T(zU)">%h(zU)</a>%s(zSuf)
96	96	}
		@@ -350,11 +350,11 @@
350	350
351	351	/* Generate the "user: USERNAME" at the end of the comment, together
352	352	** with a hyperlink to another timeline for that user.
353	353	*/
354	354	if( zTagList && zTagList[0]==0 ) zTagList = 0;
355		- if( g.okHistory && fossil_strcmp(zUser, zThisUser)!=0 ){
	355	+ if( g.perm.History && fossil_strcmp(zUser, zThisUser)!=0 ){
356	356	char *zLink = mprintf("%s/timeline?u=%h&c=%t&nd",
357	357	g.zTop, zUser, zDate);
358	358	@ (user: <a href="%s(zLink)">%h(zUser)</a>%s(zTagList?",":"\051")
359	359	fossil_free(zLink);
360	360	}else{
		@@ -363,11 +363,11 @@
363	363
364	364	/* Generate the "tags: TAGLIST" at the end of the comment, together
365	365	** with hyperlinks to the tag list.
366	366	*/
367	367	if( zTagList ){
368		- if( g.okHistory ){
	368	+ if( g.perm.History ){
369	369	int i;
370	370	const char *z = zTagList;
371	371	Blob links;
372	372	blob_zero(&links);
373	373	while( z && z[0] ){
		@@ -394,11 +394,11 @@
394	394	if( xExtra ){
395	395	xExtra(rid);
396	396	}
397	397
398	398	/* Generate the file-change list if requested */
399		- if( (tmFlags & TIMELINE_FCHANGES)!=0 && zType[0]=='c' && g.okHistory ){
	399	+ if( (tmFlags & TIMELINE_FCHANGES)!=0 && zType[0]=='c' && g.perm.History ){
400	400	int inUl = 0;
401	401	if( !fchngQueryInit ){
402	402	db_prepare(&fchngQuery,
403	403	"SELECT (pid==0) AS isnew,"
404	404	" (fid==0) AS isdel,"
		@@ -896,15 +896,15 @@
896	896	int you_rid = name_to_typed_rid(P("you"),"ci");/* you= for common ancst */
897	897
898	898	/* To view the timeline, must have permission to read project data.
899	899	*/
900	900	login_check_credentials();
901		- if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){ login_needed(); return; }
902		- if( zTagName && g.okRead ){
	901	+ if( !g.perm.Read && !g.perm.RdTkt && !g.perm.RdWiki ){ login_needed(); return; }
	902	+ if( zTagName && g.perm.Read ){
903	903	tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'", zTagName);
904	904	zThisTag = zTagName;
905		- }else if( zBrName && g.okRead ){
	905	+ }else if( zBrName && g.perm.Read ){
906	906	tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'",zBrName);
907	907	zThisTag = zBrName;
908	908	}else{
909	909	tagid = 0;
910	910	}
		@@ -930,11 +930,11 @@
930	930	if( P("fc")!=0 \|\| P("detail")!=0 ){
931	931	tmFlags \|= TIMELINE_FCHANGES;
932	932	url_add_parameter(&url, "fc", 0);
933	933	}
934	934	if( !useDividers ) url_add_parameter(&url, "nd", 0);
935		- if( ((from_rid && to_rid) \|\| (me_rid && you_rid)) && g.okRead ){
	935	+ if( ((from_rid && to_rid) \|\| (me_rid && you_rid)) && g.perm.Read ){
936	936	/* If from= and to= are present, display all nodes on a path connecting
937	937	** the two */
938	938	PathNode *p = 0;
939	939	const char *zFrom = 0;
940	940	const char *zTo = 0;
		@@ -956,24 +956,24 @@
956	956	p = p->u.pTo;
957	957	}
958	958	blob_append(&sql, ")", -1);
959	959	path_reset();
960	960	blob_append(&desc, "All nodes on the path from ", -1);
961		- if( g.okHistory ){
	961	+ if( g.perm.History ){
962	962	blob_appendf(&desc, "<a href='%s/info/%h'>[%h]</a>", g.zTop,zFrom,zFrom);
963	963	}else{
964	964	blob_appendf(&desc, "[%h]", zFrom);
965	965	}
966	966	blob_append(&desc, " and ", -1);
967		- if( g.okHistory ){
	967	+ if( g.perm.History ){
968	968	blob_appendf(&desc, "<a href='%s/info/%h'>[%h]</a>.", g.zTop, zTo, zTo);
969	969	}else{
970	970	blob_appendf(&desc, "[%h].", zTo);
971	971	}
972	972	tmFlags \|= TIMELINE_DISJOINT;
973	973	db_multi_exec("%s", blob_str(&sql));
974		- }else if( (p_rid \|\| d_rid) && g.okRead ){
	974	+ }else if( (p_rid \|\| d_rid) && g.perm.Read ){
975	975	/* If p= or d= is present, ignore all other parameters other than n= */
976	976	char *zUuid;
977	977	int np, nd;
978	978
979	979	if( p_rid && d_rid ){
		@@ -1005,17 +1005,17 @@
1005	1005	blob_appendf(&desc, "%d ancestors", np);
1006	1006	db_multi_exec("%s", blob_str(&sql));
1007	1007	}
1008	1008	if( d_rid==0 && useDividers ) timeline_add_dividers(0, p_rid);
1009	1009	}
1010		- if( g.okHistory ){
	1010	+ if( g.perm.History ){
1011	1011	blob_appendf(&desc, " of <a href='%s/info/%s'>[%.10s]</a>",
1012	1012	g.zTop, zUuid, zUuid);
1013	1013	}else{
1014	1014	blob_appendf(&desc, " of check-in [%.10s]", zUuid);
1015	1015	}
1016		- }else if( f_rid && g.okRead ){
	1016	+ }else if( f_rid && g.perm.Read ){
1017	1017	/* If f= is present, ignore all other parameters other than n= */
1018	1018	char *zUuid;
1019	1019	db_multi_exec(
1020	1020	"CREATE TEMP TABLE IF NOT EXISTS ok(rid INTEGER PRIMARY KEY);"
1021	1021	"INSERT INTO ok VALUES(%d);"
		@@ -1026,11 +1026,11 @@
1026	1026	blob_appendf(&sql, " AND event.objid IN ok");
1027	1027	db_multi_exec("%s", blob_str(&sql));
1028	1028	if( useDividers ) timeline_add_dividers(0, f_rid);
1029	1029	blob_appendf(&desc, "Parents and children of check-in ");
1030	1030	zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", f_rid);
1031		- if( g.okHistory ){
	1031	+ if( g.perm.History ){
1032	1032	blob_appendf(&desc, "<a href='%s/info/%s'>[%.10s]</a>",
1033	1033	g.zTop, zUuid, zUuid);
1034	1034	}else{
1035	1035	blob_appendf(&desc, "[%.10s]", zUuid);
1036	1036	}
		@@ -1071,30 +1071,30 @@
1071	1071	}else{
1072	1072	url_add_parameter(&url, "t", zTagName);
1073	1073	}
1074	1074	blob_appendf(&sql, ")");
1075	1075	}
1076		- if( (zType[0]=='w' && !g.okRdWiki)
1077		- \|\| (zType[0]=='t' && !g.okRdTkt)
1078		- \|\| (zType[0]=='e' && !g.okRdWiki)
1079		- \|\| (zType[0]=='c' && !g.okRead)
	1076	+ if( (zType[0]=='w' && !g.perm.RdWiki)
	1077	+ \|\| (zType[0]=='t' && !g.perm.RdTkt)
	1078	+ \|\| (zType[0]=='e' && !g.perm.RdWiki)
	1079	+ \|\| (zType[0]=='c' && !g.perm.Read)
1080	1080	){
1081	1081	zType = "all";
1082	1082	}
1083	1083	if( zType[0]=='a' ){
1084		- if( !g.okRead \|\| !g.okRdWiki \|\| !g.okRdTkt ){
	1084	+ if( !g.perm.Read \|\| !g.perm.RdWiki \|\| !g.perm.RdTkt ){
1085	1085	char cSep = '(';
1086	1086	blob_appendf(&sql, " AND event.type IN ");
1087		- if( g.okRead ){
	1087	+ if( g.perm.Read ){
1088	1088	blob_appendf(&sql, "%c'ci'", cSep);
1089	1089	cSep = ',';
1090	1090	}
1091		- if( g.okRdWiki ){
	1091	+ if( g.perm.RdWiki ){
1092	1092	blob_appendf(&sql, "%c'w','e'", cSep);
1093	1093	cSep = ',';
1094	1094	}
1095		- if( g.okRdTkt ){
	1095	+ if( g.perm.RdTkt ){
1096	1096	blob_appendf(&sql, "%c't'", cSep);
1097	1097	cSep = ',';
1098	1098	}
1099	1099	blob_appendf(&sql, ")");
1100	1100	}
		@@ -1200,11 +1200,11 @@
1200	1200	blob_appendf(&desc, " occurring around %h.<br />", zCirca);
1201	1201	}
1202	1202	if( zSearch ){
1203	1203	blob_appendf(&desc, " matching \"%h\"", zSearch);
1204	1204	}
1205		- if( g.okHistory ){
	1205	+ if( g.perm.History ){
1206	1206	if( zAfter \|\| n==nEntry ){
1207	1207	zDate = db_text(0, "SELECT min(timestamp) FROM timeline /scan/");
1208	1208	timeline_submenu(&url, "Older", "b", zDate, "a");
1209	1209	free(zDate);
1210	1210	}
		@@ -1214,20 +1214,20 @@
1214	1214	free(zDate);
1215	1215	}else if( tagid==0 ){
1216	1216	if( zType[0]!='a' ){
1217	1217	timeline_submenu(&url, "All Types", "y", "all", 0);
1218	1218	}
1219		- if( zType[0]!='w' && g.okRdWiki ){
	1219	+ if( zType[0]!='w' && g.perm.RdWiki ){
1220	1220	timeline_submenu(&url, "Wiki Only", "y", "w", 0);
1221	1221	}
1222		- if( zType[0]!='c' && g.okRead ){
	1222	+ if( zType[0]!='c' && g.perm.Read ){
1223	1223	timeline_submenu(&url, "Checkins Only", "y", "ci", 0);
1224	1224	}
1225		- if( zType[0]!='t' && g.okRdTkt ){
	1225	+ if( zType[0]!='t' && g.perm.RdTkt ){
1226	1226	timeline_submenu(&url, "Tickets Only", "y", "t", 0);
1227	1227	}
1228		- if( zType[0]!='e' && g.okRdWiki ){
	1228	+ if( zType[0]!='e' && g.perm.RdWiki ){
1229	1229	timeline_submenu(&url, "Events Only", "y", "e", 0);
1230	1230	}
1231	1231	}
1232	1232	if( nEntry>20 ){
1233	1233	timeline_submenu(&url, "20 Entries", "n", "20", 0);
		@@ -1602,11 +1602,11 @@
1602	1602	*/
1603	1603	void test_timewarp_page(void){
1604	1604	Stmt q;
1605	1605
1606	1606	login_check_credentials();
1607		- if( !g.okRead \|\| !g.okHistory ){ login_needed(); return; }
	1607	+ if( !g.perm.Read \|\| !g.perm.History ){ login_needed(); return; }
1608	1608	style_header("Instances of timewarp");
1609	1609	@ <ul>
1610	1610	db_prepare(&q,
1611	1611	"SELECT blob.uuid "
1612	1612	" FROM plink p, plink c, blob"
1613	1613

	--- src/timeline.c
	+++ src/timeline.c
	@@ -47,11 +47,11 @@
47	** Generate a hyperlink to a version.
48	*/
49	void hyperlink_to_uuid(const char *zUuid){
50	char z[UUID_SIZE+1];
51	shorten_uuid(z, zUuid);
52	if( g.okHistory ){
53	@ <a class="timelineHistLink" href="%s(g.zTop)/info/%s(z)">[%s(z)]</a>
54	}else{
55	@ <span class="timelineHistDsp">[%s(z)]</span>
56	}
57	}
	@@ -58,11 +58,11 @@
58
59	/*
60	** Generate a hyperlink to a diff between two versions.
61	*/
62	void hyperlink_to_diff(const char zV1, const char zV2){
63	if( g.okHistory ){
64	if( zV2==0 ){
65	@ <a href="%s(g.zTop)/diff?v2=%s(zV1)">[diff]</a>
66	}else{
67	@ <a href="%s(g.zTop)/diff?v1=%s(zV1)&v2=%s(zV2)">[diff]</a>
68	}
	@@ -72,11 +72,11 @@
72	/*
73	** Generate a hyperlink to a date & time.
74	*/
75	void hyperlink_to_date(const char zDate, const char zSuffix){
76	if( zSuffix==0 ) zSuffix = "";
77	if( g.okHistory ){
78	@ <a href="%s(g.zTop)/timeline?c=%T(zDate)">%s(zDate)</a>%s(zSuffix)
79	}else{
80	@ %s(zDate)%s(zSuffix)
81	}
82	}
	@@ -86,11 +86,11 @@
86	** events by that user. If the date+time is specified, then the timeline
87	** is centered on that date+time.
88	*/
89	void hyperlink_to_user(const char zU, const char zD, const char *zSuf){
90	if( zSuf==0 ) zSuf = "";
91	if( g.okHistory ){
92	if( zD && zD[0] ){
93	@ <a href="%s(g.zTop)/timeline?c=%T(zD)&u=%T(zU)">%h(zU)</a>%s(zSuf)
94	}else{
95	@ <a href="%s(g.zTop)/timeline?u=%T(zU)">%h(zU)</a>%s(zSuf)
96	}
	@@ -350,11 +350,11 @@
350
351	/* Generate the "user: USERNAME" at the end of the comment, together
352	** with a hyperlink to another timeline for that user.
353	*/
354	if( zTagList && zTagList[0]==0 ) zTagList = 0;
355	if( g.okHistory && fossil_strcmp(zUser, zThisUser)!=0 ){
356	char *zLink = mprintf("%s/timeline?u=%h&c=%t&nd",
357	g.zTop, zUser, zDate);
358	@ (user: <a href="%s(zLink)">%h(zUser)</a>%s(zTagList?",":"\051")
359	fossil_free(zLink);
360	}else{
	@@ -363,11 +363,11 @@
363
364	/* Generate the "tags: TAGLIST" at the end of the comment, together
365	** with hyperlinks to the tag list.
366	*/
367	if( zTagList ){
368	if( g.okHistory ){
369	int i;
370	const char *z = zTagList;
371	Blob links;
372	blob_zero(&links);
373	while( z && z[0] ){
	@@ -394,11 +394,11 @@
394	if( xExtra ){
395	xExtra(rid);
396	}
397
398	/* Generate the file-change list if requested */
399	if( (tmFlags & TIMELINE_FCHANGES)!=0 && zType[0]=='c' && g.okHistory ){
400	int inUl = 0;
401	if( !fchngQueryInit ){
402	db_prepare(&fchngQuery,
403	"SELECT (pid==0) AS isnew,"
404	" (fid==0) AS isdel,"
	@@ -896,15 +896,15 @@
896	int you_rid = name_to_typed_rid(P("you"),"ci");/* you= for common ancst */
897
898	/* To view the timeline, must have permission to read project data.
899	*/
900	login_check_credentials();
901	if( !g.okRead && !g.okRdTkt && !g.okRdWiki ){ login_needed(); return; }
902	if( zTagName && g.okRead ){
903	tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'", zTagName);
904	zThisTag = zTagName;
905	}else if( zBrName && g.okRead ){
906	tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'",zBrName);
907	zThisTag = zBrName;
908	}else{
909	tagid = 0;
910	}
	@@ -930,11 +930,11 @@
930	if( P("fc")!=0 \|\| P("detail")!=0 ){
931	tmFlags \|= TIMELINE_FCHANGES;
932	url_add_parameter(&url, "fc", 0);
933	}
934	if( !useDividers ) url_add_parameter(&url, "nd", 0);
935	if( ((from_rid && to_rid) \|\| (me_rid && you_rid)) && g.okRead ){
936	/* If from= and to= are present, display all nodes on a path connecting
937	** the two */
938	PathNode *p = 0;
939	const char *zFrom = 0;
940	const char *zTo = 0;
	@@ -956,24 +956,24 @@
956	p = p->u.pTo;
957	}
958	blob_append(&sql, ")", -1);
959	path_reset();
960	blob_append(&desc, "All nodes on the path from ", -1);
961	if( g.okHistory ){
962	blob_appendf(&desc, "<a href='%s/info/%h'>[%h]</a>", g.zTop,zFrom,zFrom);
963	}else{
964	blob_appendf(&desc, "[%h]", zFrom);
965	}
966	blob_append(&desc, " and ", -1);
967	if( g.okHistory ){
968	blob_appendf(&desc, "<a href='%s/info/%h'>[%h]</a>.", g.zTop, zTo, zTo);
969	}else{
970	blob_appendf(&desc, "[%h].", zTo);
971	}
972	tmFlags \|= TIMELINE_DISJOINT;
973	db_multi_exec("%s", blob_str(&sql));
974	}else if( (p_rid \|\| d_rid) && g.okRead ){
975	/* If p= or d= is present, ignore all other parameters other than n= */
976	char *zUuid;
977	int np, nd;
978
979	if( p_rid && d_rid ){
	@@ -1005,17 +1005,17 @@
1005	blob_appendf(&desc, "%d ancestors", np);
1006	db_multi_exec("%s", blob_str(&sql));
1007	}
1008	if( d_rid==0 && useDividers ) timeline_add_dividers(0, p_rid);
1009	}
1010	if( g.okHistory ){
1011	blob_appendf(&desc, " of <a href='%s/info/%s'>[%.10s]</a>",
1012	g.zTop, zUuid, zUuid);
1013	}else{
1014	blob_appendf(&desc, " of check-in [%.10s]", zUuid);
1015	}
1016	}else if( f_rid && g.okRead ){
1017	/* If f= is present, ignore all other parameters other than n= */
1018	char *zUuid;
1019	db_multi_exec(
1020	"CREATE TEMP TABLE IF NOT EXISTS ok(rid INTEGER PRIMARY KEY);"
1021	"INSERT INTO ok VALUES(%d);"
	@@ -1026,11 +1026,11 @@
1026	blob_appendf(&sql, " AND event.objid IN ok");
1027	db_multi_exec("%s", blob_str(&sql));
1028	if( useDividers ) timeline_add_dividers(0, f_rid);
1029	blob_appendf(&desc, "Parents and children of check-in ");
1030	zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", f_rid);
1031	if( g.okHistory ){
1032	blob_appendf(&desc, "<a href='%s/info/%s'>[%.10s]</a>",
1033	g.zTop, zUuid, zUuid);
1034	}else{
1035	blob_appendf(&desc, "[%.10s]", zUuid);
1036	}
	@@ -1071,30 +1071,30 @@
1071	}else{
1072	url_add_parameter(&url, "t", zTagName);
1073	}
1074	blob_appendf(&sql, ")");
1075	}
1076	if( (zType[0]=='w' && !g.okRdWiki)
1077	\|\| (zType[0]=='t' && !g.okRdTkt)
1078	\|\| (zType[0]=='e' && !g.okRdWiki)
1079	\|\| (zType[0]=='c' && !g.okRead)
1080	){
1081	zType = "all";
1082	}
1083	if( zType[0]=='a' ){
1084	if( !g.okRead \|\| !g.okRdWiki \|\| !g.okRdTkt ){
1085	char cSep = '(';
1086	blob_appendf(&sql, " AND event.type IN ");
1087	if( g.okRead ){
1088	blob_appendf(&sql, "%c'ci'", cSep);
1089	cSep = ',';
1090	}
1091	if( g.okRdWiki ){
1092	blob_appendf(&sql, "%c'w','e'", cSep);
1093	cSep = ',';
1094	}
1095	if( g.okRdTkt ){
1096	blob_appendf(&sql, "%c't'", cSep);
1097	cSep = ',';
1098	}
1099	blob_appendf(&sql, ")");
1100	}
	@@ -1200,11 +1200,11 @@
1200	blob_appendf(&desc, " occurring around %h.<br />", zCirca);
1201	}
1202	if( zSearch ){
1203	blob_appendf(&desc, " matching \"%h\"", zSearch);
1204	}
1205	if( g.okHistory ){
1206	if( zAfter \|\| n==nEntry ){
1207	zDate = db_text(0, "SELECT min(timestamp) FROM timeline /scan/");
1208	timeline_submenu(&url, "Older", "b", zDate, "a");
1209	free(zDate);
1210	}
	@@ -1214,20 +1214,20 @@
1214	free(zDate);
1215	}else if( tagid==0 ){
1216	if( zType[0]!='a' ){
1217	timeline_submenu(&url, "All Types", "y", "all", 0);
1218	}
1219	if( zType[0]!='w' && g.okRdWiki ){
1220	timeline_submenu(&url, "Wiki Only", "y", "w", 0);
1221	}
1222	if( zType[0]!='c' && g.okRead ){
1223	timeline_submenu(&url, "Checkins Only", "y", "ci", 0);
1224	}
1225	if( zType[0]!='t' && g.okRdTkt ){
1226	timeline_submenu(&url, "Tickets Only", "y", "t", 0);
1227	}
1228	if( zType[0]!='e' && g.okRdWiki ){
1229	timeline_submenu(&url, "Events Only", "y", "e", 0);
1230	}
1231	}
1232	if( nEntry>20 ){
1233	timeline_submenu(&url, "20 Entries", "n", "20", 0);
	@@ -1602,11 +1602,11 @@
1602	*/
1603	void test_timewarp_page(void){
1604	Stmt q;
1605
1606	login_check_credentials();
1607	if( !g.okRead \|\| !g.okHistory ){ login_needed(); return; }
1608	style_header("Instances of timewarp");
1609	@ <ul>
1610	db_prepare(&q,
1611	"SELECT blob.uuid "
1612	" FROM plink p, plink c, blob"
1613

	--- src/timeline.c
	+++ src/timeline.c
	@@ -47,11 +47,11 @@
47	** Generate a hyperlink to a version.
48	*/
49	void hyperlink_to_uuid(const char *zUuid){
50	char z[UUID_SIZE+1];
51	shorten_uuid(z, zUuid);
52	if( g.perm.History ){
53	@ <a class="timelineHistLink" href="%s(g.zTop)/info/%s(z)">[%s(z)]</a>
54	}else{
55	@ <span class="timelineHistDsp">[%s(z)]</span>
56	}
57	}
	@@ -58,11 +58,11 @@
58
59	/*
60	** Generate a hyperlink to a diff between two versions.
61	*/
62	void hyperlink_to_diff(const char zV1, const char zV2){
63	if( g.perm.History ){
64	if( zV2==0 ){
65	@ <a href="%s(g.zTop)/diff?v2=%s(zV1)">[diff]</a>
66	}else{
67	@ <a href="%s(g.zTop)/diff?v1=%s(zV1)&v2=%s(zV2)">[diff]</a>
68	}
	@@ -72,11 +72,11 @@
72	/*
73	** Generate a hyperlink to a date & time.
74	*/
75	void hyperlink_to_date(const char zDate, const char zSuffix){
76	if( zSuffix==0 ) zSuffix = "";
77	if( g.perm.History ){
78	@ <a href="%s(g.zTop)/timeline?c=%T(zDate)">%s(zDate)</a>%s(zSuffix)
79	}else{
80	@ %s(zDate)%s(zSuffix)
81	}
82	}
	@@ -86,11 +86,11 @@
86	** events by that user. If the date+time is specified, then the timeline
87	** is centered on that date+time.
88	*/
89	void hyperlink_to_user(const char zU, const char zD, const char *zSuf){
90	if( zSuf==0 ) zSuf = "";
91	if( g.perm.History ){
92	if( zD && zD[0] ){
93	@ <a href="%s(g.zTop)/timeline?c=%T(zD)&u=%T(zU)">%h(zU)</a>%s(zSuf)
94	}else{
95	@ <a href="%s(g.zTop)/timeline?u=%T(zU)">%h(zU)</a>%s(zSuf)
96	}
	@@ -350,11 +350,11 @@
350
351	/* Generate the "user: USERNAME" at the end of the comment, together
352	** with a hyperlink to another timeline for that user.
353	*/
354	if( zTagList && zTagList[0]==0 ) zTagList = 0;
355	if( g.perm.History && fossil_strcmp(zUser, zThisUser)!=0 ){
356	char *zLink = mprintf("%s/timeline?u=%h&c=%t&nd",
357	g.zTop, zUser, zDate);
358	@ (user: <a href="%s(zLink)">%h(zUser)</a>%s(zTagList?",":"\051")
359	fossil_free(zLink);
360	}else{
	@@ -363,11 +363,11 @@
363
364	/* Generate the "tags: TAGLIST" at the end of the comment, together
365	** with hyperlinks to the tag list.
366	*/
367	if( zTagList ){
368	if( g.perm.History ){
369	int i;
370	const char *z = zTagList;
371	Blob links;
372	blob_zero(&links);
373	while( z && z[0] ){
	@@ -394,11 +394,11 @@
394	if( xExtra ){
395	xExtra(rid);
396	}
397
398	/* Generate the file-change list if requested */
399	if( (tmFlags & TIMELINE_FCHANGES)!=0 && zType[0]=='c' && g.perm.History ){
400	int inUl = 0;
401	if( !fchngQueryInit ){
402	db_prepare(&fchngQuery,
403	"SELECT (pid==0) AS isnew,"
404	" (fid==0) AS isdel,"
	@@ -896,15 +896,15 @@
896	int you_rid = name_to_typed_rid(P("you"),"ci");/* you= for common ancst */
897
898	/* To view the timeline, must have permission to read project data.
899	*/
900	login_check_credentials();
901	if( !g.perm.Read && !g.perm.RdTkt && !g.perm.RdWiki ){ login_needed(); return; }
902	if( zTagName && g.perm.Read ){
903	tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'", zTagName);
904	zThisTag = zTagName;
905	}else if( zBrName && g.perm.Read ){
906	tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'",zBrName);
907	zThisTag = zBrName;
908	}else{
909	tagid = 0;
910	}
	@@ -930,11 +930,11 @@
930	if( P("fc")!=0 \|\| P("detail")!=0 ){
931	tmFlags \|= TIMELINE_FCHANGES;
932	url_add_parameter(&url, "fc", 0);
933	}
934	if( !useDividers ) url_add_parameter(&url, "nd", 0);
935	if( ((from_rid && to_rid) \|\| (me_rid && you_rid)) && g.perm.Read ){
936	/* If from= and to= are present, display all nodes on a path connecting
937	** the two */
938	PathNode *p = 0;
939	const char *zFrom = 0;
940	const char *zTo = 0;
	@@ -956,24 +956,24 @@
956	p = p->u.pTo;
957	}
958	blob_append(&sql, ")", -1);
959	path_reset();
960	blob_append(&desc, "All nodes on the path from ", -1);
961	if( g.perm.History ){
962	blob_appendf(&desc, "<a href='%s/info/%h'>[%h]</a>", g.zTop,zFrom,zFrom);
963	}else{
964	blob_appendf(&desc, "[%h]", zFrom);
965	}
966	blob_append(&desc, " and ", -1);
967	if( g.perm.History ){
968	blob_appendf(&desc, "<a href='%s/info/%h'>[%h]</a>.", g.zTop, zTo, zTo);
969	}else{
970	blob_appendf(&desc, "[%h].", zTo);
971	}
972	tmFlags \|= TIMELINE_DISJOINT;
973	db_multi_exec("%s", blob_str(&sql));
974	}else if( (p_rid \|\| d_rid) && g.perm.Read ){
975	/* If p= or d= is present, ignore all other parameters other than n= */
976	char *zUuid;
977	int np, nd;
978
979	if( p_rid && d_rid ){
	@@ -1005,17 +1005,17 @@
1005	blob_appendf(&desc, "%d ancestors", np);
1006	db_multi_exec("%s", blob_str(&sql));
1007	}
1008	if( d_rid==0 && useDividers ) timeline_add_dividers(0, p_rid);
1009	}
1010	if( g.perm.History ){
1011	blob_appendf(&desc, " of <a href='%s/info/%s'>[%.10s]</a>",
1012	g.zTop, zUuid, zUuid);
1013	}else{
1014	blob_appendf(&desc, " of check-in [%.10s]", zUuid);
1015	}
1016	}else if( f_rid && g.perm.Read ){
1017	/* If f= is present, ignore all other parameters other than n= */
1018	char *zUuid;
1019	db_multi_exec(
1020	"CREATE TEMP TABLE IF NOT EXISTS ok(rid INTEGER PRIMARY KEY);"
1021	"INSERT INTO ok VALUES(%d);"
	@@ -1026,11 +1026,11 @@
1026	blob_appendf(&sql, " AND event.objid IN ok");
1027	db_multi_exec("%s", blob_str(&sql));
1028	if( useDividers ) timeline_add_dividers(0, f_rid);
1029	blob_appendf(&desc, "Parents and children of check-in ");
1030	zUuid = db_text("", "SELECT uuid FROM blob WHERE rid=%d", f_rid);
1031	if( g.perm.History ){
1032	blob_appendf(&desc, "<a href='%s/info/%s'>[%.10s]</a>",
1033	g.zTop, zUuid, zUuid);
1034	}else{
1035	blob_appendf(&desc, "[%.10s]", zUuid);
1036	}
	@@ -1071,30 +1071,30 @@
1071	}else{
1072	url_add_parameter(&url, "t", zTagName);
1073	}
1074	blob_appendf(&sql, ")");
1075	}
1076	if( (zType[0]=='w' && !g.perm.RdWiki)
1077	\|\| (zType[0]=='t' && !g.perm.RdTkt)
1078	\|\| (zType[0]=='e' && !g.perm.RdWiki)
1079	\|\| (zType[0]=='c' && !g.perm.Read)
1080	){
1081	zType = "all";
1082	}
1083	if( zType[0]=='a' ){
1084	if( !g.perm.Read \|\| !g.perm.RdWiki \|\| !g.perm.RdTkt ){
1085	char cSep = '(';
1086	blob_appendf(&sql, " AND event.type IN ");
1087	if( g.perm.Read ){
1088	blob_appendf(&sql, "%c'ci'", cSep);
1089	cSep = ',';
1090	}
1091	if( g.perm.RdWiki ){
1092	blob_appendf(&sql, "%c'w','e'", cSep);
1093	cSep = ',';
1094	}
1095	if( g.perm.RdTkt ){
1096	blob_appendf(&sql, "%c't'", cSep);
1097	cSep = ',';
1098	}
1099	blob_appendf(&sql, ")");
1100	}
	@@ -1200,11 +1200,11 @@
1200	blob_appendf(&desc, " occurring around %h.<br />", zCirca);
1201	}
1202	if( zSearch ){
1203	blob_appendf(&desc, " matching \"%h\"", zSearch);
1204	}
1205	if( g.perm.History ){
1206	if( zAfter \|\| n==nEntry ){
1207	zDate = db_text(0, "SELECT min(timestamp) FROM timeline /scan/");
1208	timeline_submenu(&url, "Older", "b", zDate, "a");
1209	free(zDate);
1210	}
	@@ -1214,20 +1214,20 @@
1214	free(zDate);
1215	}else if( tagid==0 ){
1216	if( zType[0]!='a' ){
1217	timeline_submenu(&url, "All Types", "y", "all", 0);
1218	}
1219	if( zType[0]!='w' && g.perm.RdWiki ){
1220	timeline_submenu(&url, "Wiki Only", "y", "w", 0);
1221	}
1222	if( zType[0]!='c' && g.perm.Read ){
1223	timeline_submenu(&url, "Checkins Only", "y", "ci", 0);
1224	}
1225	if( zType[0]!='t' && g.perm.RdTkt ){
1226	timeline_submenu(&url, "Tickets Only", "y", "t", 0);
1227	}
1228	if( zType[0]!='e' && g.perm.RdWiki ){
1229	timeline_submenu(&url, "Events Only", "y", "e", 0);
1230	}
1231	}
1232	if( nEntry>20 ){
1233	timeline_submenu(&url, "20 Entries", "n", "20", 0);
	@@ -1602,11 +1602,11 @@
1602	*/
1603	void test_timewarp_page(void){
1604	Stmt q;
1605
1606	login_check_credentials();
1607	if( !g.perm.Read \|\| !g.perm.History ){ login_needed(); return; }
1608	style_header("Instances of timewarp");
1609	@ <ul>
1610	db_prepare(&q,
1611	"SELECT blob.uuid "
1612	" FROM plink p, plink c, blob"
1613

M src/tkt.c

+12 -12

		--- src/tkt.c
		+++ src/tkt.c
		@@ -89,11 +89,11 @@
89	89	**
90	90	** Only load those fields which do not already exist as
91	91	** variables.
92	92	**
93	93	** Fields of the TICKET table that begin with "private_" are
94		-** expanded using the db_reveal() function. If g.okRdAddr is
	94	+** expanded using the db_reveal() function. If g.perm.RdAddr is
95	95	** true, then the db_reveal() function will decode the content
96	96	** using the CONCEALED table so that the content legable.
97	97	** Otherwise, db_reveal() is a no-op and the content remains
98	98	** obscured.
99	99	*/
		@@ -292,28 +292,28 @@
292	292	const char *zScript;
293	293	char *zFullName;
294	294	const char *zUuid = PD("name","");
295	295
296	296	login_check_credentials();
297		- if( !g.okRdTkt ){ login_needed(); return; }
298		- if( g.okWrTkt \|\| g.okApndTkt ){
	297	+ if( !g.perm.RdTkt ){ login_needed(); return; }
	298	+ if( g.perm.WrTkt \|\| g.perm.ApndTkt ){
299	299	style_submenu_element("Edit", "Edit The Ticket", "%s/tktedit?name=%T",
300	300	g.zTop, PD("name",""));
301	301	}
302		- if( g.okHistory ){
	302	+ if( g.perm.History ){
303	303	style_submenu_element("History", "History Of This Ticket",
304	304	"%s/tkthistory/%T", g.zTop, zUuid);
305	305	style_submenu_element("Timeline", "Timeline Of This Ticket",
306	306	"%s/tkttimeline/%T", g.zTop, zUuid);
307	307	style_submenu_element("Check-ins", "Check-ins Of This Ticket",
308	308	"%s/tkttimeline/%T?y=ci", g.zTop, zUuid);
309	309	}
310		- if( g.okNewTkt ){
	310	+ if( g.perm.NewTkt ){
311	311	style_submenu_element("New Ticket", "Create a new ticket",
312	312	"%s/tktnew", g.zTop);
313	313	}
314		- if( g.okApndTkt && g.okAttach ){
	314	+ if( g.perm.ApndTkt && g.perm.Attach ){
315	315	style_submenu_element("Attach", "Add An Attachment",
316	316	"%s/attachadd?tkt=%T&from=%s/tktview/%t",
317	317	g.zTop, zUuid, g.zTop, zUuid);
318	318	}
319	319	style_header("View Ticket");
		@@ -345,19 +345,19 @@
345	345	@ <hr /><h2>Attachments:</h2>
346	346	@ <ul>
347	347	}
348	348	cnt++;
349	349	@ <li>
350		- if( g.okRead && g.okHistory ){
	350	+ if( g.perm.Read && g.perm.History ){
351	351	@ <a href="%s(g.zTop)/attachview?tkt=%s(zFullName)&file=%t(zFile)">
352	352	@ %h(zFile)</a>
353	353	}else{
354	354	@ %h(zFile)
355	355	}
356	356	@ added by %h(zUser) on
357	357	hyperlink_to_date(zDate, ".");
358		- if( g.okWrTkt && g.okAttach ){
	358	+ if( g.perm.WrTkt && g.perm.Attach ){
359	359	@ [<a href="%s(g.zTop)/attachdelete?tkt=%s(zFullName)&file=%t(zFile)&from=%s(g.zTop)/tktview%%3fname=%s(zFullName)">delete</a>]
360	360	}
361	361	@ </li>
362	362	}
363	363	if( cnt ){
		@@ -510,11 +510,11 @@
510	510	void tktnew_page(void){
511	511	const char *zScript;
512	512	char *zNewUuid = 0;
513	513
514	514	login_check_credentials();
515		- if( !g.okNewTkt ){ login_needed(); return; }
	515	+ if( !g.perm.NewTkt ){ login_needed(); return; }
516	516	if( P("cancel") ){
517	517	cgi_redirect("home");
518	518	}
519	519	style_header("New Ticket");
520	520	if( g.thTrace ) Th_Trace("BEGIN_TKTNEW<br />\n", -1);
		@@ -556,11 +556,11 @@
556	556	int nName;
557	557	const char *zName;
558	558	int nRec;
559	559
560	560	login_check_credentials();
561		- if( !g.okApndTkt && !g.okWrTkt ){ login_needed(); return; }
	561	+ if( !g.perm.ApndTkt && !g.perm.WrTkt ){ login_needed(); return; }
562	562	zName = P("name");
563	563	if( P("cancel") ){
564	564	cgi_redirectf("tktview?name=%T", zName);
565	565	}
566	566	style_header("Edit Ticket");
		@@ -651,11 +651,11 @@
651	651	int tagid;
652	652	char zGlobPattern[50];
653	653	const char *zType;
654	654
655	655	login_check_credentials();
656		- if( !g.okHistory \|\| !g.okRdTkt ){ login_needed(); return; }
	656	+ if( !g.perm.History \|\| !g.perm.RdTkt ){ login_needed(); return; }
657	657	zUuid = PD("name","");
658	658	zType = PD("y","a");
659	659	if( zType[0]!='c' ){
660	660	style_submenu_element("Check-ins", "Check-ins",
661	661	"%s/tkttimeline?name=%T&y=ci", g.zTop, zUuid);
		@@ -725,11 +725,11 @@
725	725	char *zTitle;
726	726	const char *zUuid;
727	727	int tagid;
728	728
729	729	login_check_credentials();
730		- if( !g.okHistory \|\| !g.okRdTkt ){ login_needed(); return; }
	730	+ if( !g.perm.History \|\| !g.perm.RdTkt ){ login_needed(); return; }
731	731	zUuid = PD("name","");
732	732	zTitle = mprintf("History Of Ticket %h", zUuid);
733	733	style_submenu_element("Status", "Status",
734	734	"%s/info/%s", g.zTop, zUuid);
735	735	style_submenu_element("Check-ins", "Check-ins",
736	736

	--- src/tkt.c
	+++ src/tkt.c
	@@ -89,11 +89,11 @@
89	**
90	** Only load those fields which do not already exist as
91	** variables.
92	**
93	** Fields of the TICKET table that begin with "private_" are
94	** expanded using the db_reveal() function. If g.okRdAddr is
95	** true, then the db_reveal() function will decode the content
96	** using the CONCEALED table so that the content legable.
97	** Otherwise, db_reveal() is a no-op and the content remains
98	** obscured.
99	*/
	@@ -292,28 +292,28 @@
292	const char *zScript;
293	char *zFullName;
294	const char *zUuid = PD("name","");
295
296	login_check_credentials();
297	if( !g.okRdTkt ){ login_needed(); return; }
298	if( g.okWrTkt \|\| g.okApndTkt ){
299	style_submenu_element("Edit", "Edit The Ticket", "%s/tktedit?name=%T",
300	g.zTop, PD("name",""));
301	}
302	if( g.okHistory ){
303	style_submenu_element("History", "History Of This Ticket",
304	"%s/tkthistory/%T", g.zTop, zUuid);
305	style_submenu_element("Timeline", "Timeline Of This Ticket",
306	"%s/tkttimeline/%T", g.zTop, zUuid);
307	style_submenu_element("Check-ins", "Check-ins Of This Ticket",
308	"%s/tkttimeline/%T?y=ci", g.zTop, zUuid);
309	}
310	if( g.okNewTkt ){
311	style_submenu_element("New Ticket", "Create a new ticket",
312	"%s/tktnew", g.zTop);
313	}
314	if( g.okApndTkt && g.okAttach ){
315	style_submenu_element("Attach", "Add An Attachment",
316	"%s/attachadd?tkt=%T&from=%s/tktview/%t",
317	g.zTop, zUuid, g.zTop, zUuid);
318	}
319	style_header("View Ticket");
	@@ -345,19 +345,19 @@
345	@ <hr /><h2>Attachments:</h2>
346	@ <ul>
347	}
348	cnt++;
349	@ <li>
350	if( g.okRead && g.okHistory ){
351	@ <a href="%s(g.zTop)/attachview?tkt=%s(zFullName)&file=%t(zFile)">
352	@ %h(zFile)</a>
353	}else{
354	@ %h(zFile)
355	}
356	@ added by %h(zUser) on
357	hyperlink_to_date(zDate, ".");
358	if( g.okWrTkt && g.okAttach ){
359	@ [<a href="%s(g.zTop)/attachdelete?tkt=%s(zFullName)&file=%t(zFile)&from=%s(g.zTop)/tktview%%3fname=%s(zFullName)">delete</a>]
360	}
361	@ </li>
362	}
363	if( cnt ){
	@@ -510,11 +510,11 @@
510	void tktnew_page(void){
511	const char *zScript;
512	char *zNewUuid = 0;
513
514	login_check_credentials();
515	if( !g.okNewTkt ){ login_needed(); return; }
516	if( P("cancel") ){
517	cgi_redirect("home");
518	}
519	style_header("New Ticket");
520	if( g.thTrace ) Th_Trace("BEGIN_TKTNEW<br />\n", -1);
	@@ -556,11 +556,11 @@
556	int nName;
557	const char *zName;
558	int nRec;
559
560	login_check_credentials();
561	if( !g.okApndTkt && !g.okWrTkt ){ login_needed(); return; }
562	zName = P("name");
563	if( P("cancel") ){
564	cgi_redirectf("tktview?name=%T", zName);
565	}
566	style_header("Edit Ticket");
	@@ -651,11 +651,11 @@
651	int tagid;
652	char zGlobPattern[50];
653	const char *zType;
654
655	login_check_credentials();
656	if( !g.okHistory \|\| !g.okRdTkt ){ login_needed(); return; }
657	zUuid = PD("name","");
658	zType = PD("y","a");
659	if( zType[0]!='c' ){
660	style_submenu_element("Check-ins", "Check-ins",
661	"%s/tkttimeline?name=%T&y=ci", g.zTop, zUuid);
	@@ -725,11 +725,11 @@
725	char *zTitle;
726	const char *zUuid;
727	int tagid;
728
729	login_check_credentials();
730	if( !g.okHistory \|\| !g.okRdTkt ){ login_needed(); return; }
731	zUuid = PD("name","");
732	zTitle = mprintf("History Of Ticket %h", zUuid);
733	style_submenu_element("Status", "Status",
734	"%s/info/%s", g.zTop, zUuid);
735	style_submenu_element("Check-ins", "Check-ins",
736

	--- src/tkt.c
	+++ src/tkt.c
	@@ -89,11 +89,11 @@
89	**
90	** Only load those fields which do not already exist as
91	** variables.
92	**
93	** Fields of the TICKET table that begin with "private_" are
94	** expanded using the db_reveal() function. If g.perm.RdAddr is
95	** true, then the db_reveal() function will decode the content
96	** using the CONCEALED table so that the content legable.
97	** Otherwise, db_reveal() is a no-op and the content remains
98	** obscured.
99	*/
	@@ -292,28 +292,28 @@
292	const char *zScript;
293	char *zFullName;
294	const char *zUuid = PD("name","");
295
296	login_check_credentials();
297	if( !g.perm.RdTkt ){ login_needed(); return; }
298	if( g.perm.WrTkt \|\| g.perm.ApndTkt ){
299	style_submenu_element("Edit", "Edit The Ticket", "%s/tktedit?name=%T",
300	g.zTop, PD("name",""));
301	}
302	if( g.perm.History ){
303	style_submenu_element("History", "History Of This Ticket",
304	"%s/tkthistory/%T", g.zTop, zUuid);
305	style_submenu_element("Timeline", "Timeline Of This Ticket",
306	"%s/tkttimeline/%T", g.zTop, zUuid);
307	style_submenu_element("Check-ins", "Check-ins Of This Ticket",
308	"%s/tkttimeline/%T?y=ci", g.zTop, zUuid);
309	}
310	if( g.perm.NewTkt ){
311	style_submenu_element("New Ticket", "Create a new ticket",
312	"%s/tktnew", g.zTop);
313	}
314	if( g.perm.ApndTkt && g.perm.Attach ){
315	style_submenu_element("Attach", "Add An Attachment",
316	"%s/attachadd?tkt=%T&from=%s/tktview/%t",
317	g.zTop, zUuid, g.zTop, zUuid);
318	}
319	style_header("View Ticket");
	@@ -345,19 +345,19 @@
345	@ <hr /><h2>Attachments:</h2>
346	@ <ul>
347	}
348	cnt++;
349	@ <li>
350	if( g.perm.Read && g.perm.History ){
351	@ <a href="%s(g.zTop)/attachview?tkt=%s(zFullName)&file=%t(zFile)">
352	@ %h(zFile)</a>
353	}else{
354	@ %h(zFile)
355	}
356	@ added by %h(zUser) on
357	hyperlink_to_date(zDate, ".");
358	if( g.perm.WrTkt && g.perm.Attach ){
359	@ [<a href="%s(g.zTop)/attachdelete?tkt=%s(zFullName)&file=%t(zFile)&from=%s(g.zTop)/tktview%%3fname=%s(zFullName)">delete</a>]
360	}
361	@ </li>
362	}
363	if( cnt ){
	@@ -510,11 +510,11 @@
510	void tktnew_page(void){
511	const char *zScript;
512	char *zNewUuid = 0;
513
514	login_check_credentials();
515	if( !g.perm.NewTkt ){ login_needed(); return; }
516	if( P("cancel") ){
517	cgi_redirect("home");
518	}
519	style_header("New Ticket");
520	if( g.thTrace ) Th_Trace("BEGIN_TKTNEW<br />\n", -1);
	@@ -556,11 +556,11 @@
556	int nName;
557	const char *zName;
558	int nRec;
559
560	login_check_credentials();
561	if( !g.perm.ApndTkt && !g.perm.WrTkt ){ login_needed(); return; }
562	zName = P("name");
563	if( P("cancel") ){
564	cgi_redirectf("tktview?name=%T", zName);
565	}
566	style_header("Edit Ticket");
	@@ -651,11 +651,11 @@
651	int tagid;
652	char zGlobPattern[50];
653	const char *zType;
654
655	login_check_credentials();
656	if( !g.perm.History \|\| !g.perm.RdTkt ){ login_needed(); return; }
657	zUuid = PD("name","");
658	zType = PD("y","a");
659	if( zType[0]!='c' ){
660	style_submenu_element("Check-ins", "Check-ins",
661	"%s/tkttimeline?name=%T&y=ci", g.zTop, zUuid);
	@@ -725,11 +725,11 @@
725	char *zTitle;
726	const char *zUuid;
727	int tagid;
728
729	login_check_credentials();
730	if( !g.perm.History \|\| !g.perm.RdTkt ){ login_needed(); return; }
731	zUuid = PD("name","");
732	zTitle = mprintf("History Of Ticket %h", zUuid);
733	style_submenu_element("Status", "Status",
734	"%s/info/%s", g.zTop, zUuid);
735	style_submenu_element("Check-ins", "Check-ins",
736

M src/tktsetup.c

+3 -3

		--- src/tktsetup.c
		+++ src/tktsetup.c
		@@ -26,11 +26,11 @@
26	26	** Main sub-menu for configuring the ticketing system.
27	27	** WEBPAGE: tktsetup
28	28	*/
29	29	void tktsetup_page(void){
30	30	login_check_credentials();
31		- if( !g.okSetup ){
	31	+ if( !g.perm.Setup ){
32	32	login_needed();
33	33	}
34	34
35	35	style_header("Ticket Setup");
36	36	@ <table border="0" cellspacing="20">
		@@ -102,11 +102,11 @@
102	102	){
103	103	const char *z;
104	104	int isSubmit;
105	105
106	106	login_check_credentials();
107		- if( !g.okSetup ){
	107	+ if( !g.perm.Setup ){
108	108	login_needed();
109	109	}
110	110	if( P("setup") ){
111	111	cgi_redirect("tktsetup");
112	112	}
		@@ -690,11 +690,11 @@
690	690	/*
691	691	** WEBPAGE: tktsetup_timeline
692	692	*/
693	693	void tktsetup_timeline_page(void){
694	694	login_check_credentials();
695		- if( !g.okSetup ){
	695	+ if( !g.perm.Setup ){
696	696	login_needed();
697	697	}
698	698
699	699	if( P("setup") ){
700	700	cgi_redirect("tktsetup");
701	701

	--- src/tktsetup.c
	+++ src/tktsetup.c
	@@ -26,11 +26,11 @@
26	** Main sub-menu for configuring the ticketing system.
27	** WEBPAGE: tktsetup
28	*/
29	void tktsetup_page(void){
30	login_check_credentials();
31	if( !g.okSetup ){
32	login_needed();
33	}
34
35	style_header("Ticket Setup");
36	@ <table border="0" cellspacing="20">
	@@ -102,11 +102,11 @@
102	){
103	const char *z;
104	int isSubmit;
105
106	login_check_credentials();
107	if( !g.okSetup ){
108	login_needed();
109	}
110	if( P("setup") ){
111	cgi_redirect("tktsetup");
112	}
	@@ -690,11 +690,11 @@
690	/*
691	** WEBPAGE: tktsetup_timeline
692	*/
693	void tktsetup_timeline_page(void){
694	login_check_credentials();
695	if( !g.okSetup ){
696	login_needed();
697	}
698
699	if( P("setup") ){
700	cgi_redirect("tktsetup");
701

	--- src/tktsetup.c
	+++ src/tktsetup.c
	@@ -26,11 +26,11 @@
26	** Main sub-menu for configuring the ticketing system.
27	** WEBPAGE: tktsetup
28	*/
29	void tktsetup_page(void){
30	login_check_credentials();
31	if( !g.perm.Setup ){
32	login_needed();
33	}
34
35	style_header("Ticket Setup");
36	@ <table border="0" cellspacing="20">
	@@ -102,11 +102,11 @@
102	){
103	const char *z;
104	int isSubmit;
105
106	login_check_credentials();
107	if( !g.perm.Setup ){
108	login_needed();
109	}
110	if( P("setup") ){
111	cgi_redirect("tktsetup");
112	}
	@@ -690,11 +690,11 @@
690	/*
691	** WEBPAGE: tktsetup_timeline
692	*/
693	void tktsetup_timeline_page(void){
694	login_check_credentials();
695	if( !g.perm.Setup ){
696	login_needed();
697	}
698
699	if( P("setup") ){
700	cgi_redirect("tktsetup");
701

M src/user.c

+1 -1

		--- src/user.c
		+++ src/user.c
		@@ -393,11 +393,11 @@
393	393	Stmt q;
394	394	int cnt = 0;
395	395	int rc;
396	396
397	397	login_check_credentials();
398		- if( !g.okAdmin ){ login_needed(); return; }
	398	+ if( !g.perm.Admin ){ login_needed(); return; }
399	399	create_accesslog_table();
400	400
401	401	if( P("delall") && P("delallbtn") ){
402	402	db_multi_exec("DELETE FROM accesslog");
403	403	cgi_redirectf("%s/access_log?y=%d&n=%d&o=%o", g.zTop, y, n, skip);
404	404

	--- src/user.c
	+++ src/user.c
	@@ -393,11 +393,11 @@
393	Stmt q;
394	int cnt = 0;
395	int rc;
396
397	login_check_credentials();
398	if( !g.okAdmin ){ login_needed(); return; }
399	create_accesslog_table();
400
401	if( P("delall") && P("delallbtn") ){
402	db_multi_exec("DELETE FROM accesslog");
403	cgi_redirectf("%s/access_log?y=%d&n=%d&o=%o", g.zTop, y, n, skip);
404

	--- src/user.c
	+++ src/user.c
	@@ -393,11 +393,11 @@
393	Stmt q;
394	int cnt = 0;
395	int rc;
396
397	login_check_credentials();
398	if( !g.perm.Admin ){ login_needed(); return; }
399	create_accesslog_table();
400
401	if( P("delall") && P("delallbtn") ){
402	db_multi_exec("DELETE FROM accesslog");
403	cgi_redirectf("%s/access_log?y=%d&n=%d&o=%o", g.zTop, y, n, skip);
404

M src/wiki.c

+18 -18

		--- src/wiki.c
		+++ src/wiki.c
		@@ -90,11 +90,11 @@
90	90	if( fossil_strcmp(zIndexPage, zPathInfo)==0 ) zIndexPage = 0;
91	91	}
92	92	if( zIndexPage ){
93	93	cgi_redirectf("%s/%s", g.zTop, zIndexPage);
94	94	}
95		- if( !g.okRdWiki ){
	95	+ if( !g.perm.RdWiki ){
96	96	cgi_redirectf("%s/login?g=%s/home", g.zTop, g.zTop);
97	97	}
98	98	if( zPageName ){
99	99	login_check_credentials();
100	100	g.zExtra = zPageName;
		@@ -135,11 +135,11 @@
135	135	char *zBody = mprintf("%s","<i>Empty Page</i>");
136	136	Stmt q;
137	137	int cnt = 0;
138	138
139	139	login_check_credentials();
140		- if( !g.okRdWiki ){ login_needed(); return; }
	140	+ if( !g.perm.RdWiki ){ login_needed(); return; }
141	141	zPageName = P("name");
142	142	if( zPageName==0 ){
143	143	style_header("Wiki");
144	144	@ <ul>
145	145	{ char *zHomePageName = db_get("project-name",0);
		@@ -152,13 +152,13 @@
152	152	@ pages. </li>
153	153	@ <li> <a href="%s(g.zTop)/wiki_rules">Formatting rules</a> for
154	154	@ wiki.</li>
155	155	@ <li> Use the <a href="%s(g.zTop)/wiki?name=Sandbox">Sandbox</a>
156	156	@ to experiment.</li>
157		- if( g.okNewWiki ){
	157	+ if( g.perm.NewWiki ){
158	158	@ <li> Create a <a href="%s(g.zTop)/wikinew">new wiki page</a>.</li>
159		- if( g.okWrite ){
	159	+ if( g.perm.Write ){
160	160	@ <li> Create a <a href="%s(g.zTop)/eventedit">new event</a>.</li>
161	161	}
162	162	}
163	163	@ <li> <a href="%s(g.zTop)/wcontent">List of All Wiki Pages</a>
164	164	@ available on this server.</li>
		@@ -186,24 +186,24 @@
186	186	if( pWiki ){
187	187	zBody = pWiki->zWiki;
188	188	}
189	189	}
190	190	if( !g.isHome ){
191		- if( (rid && g.okWrWiki) \|\| (!rid && g.okNewWiki) ){
	191	+ if( (rid && g.perm.WrWiki) \|\| (!rid && g.perm.NewWiki) ){
192	192	style_submenu_element("Edit", "Edit Wiki Page", "%s/wikiedit?name=%T",
193	193	g.zTop, zPageName);
194	194	}
195		- if( rid && g.okApndWiki && g.okAttach ){
	195	+ if( rid && g.perm.ApndWiki && g.perm.Attach ){
196	196	style_submenu_element("Attach", "Add An Attachment",
197	197	"%s/attachadd?page=%T&from=%s/wiki%%3fname=%T",
198	198	g.zTop, zPageName, g.zTop, zPageName);
199	199	}
200		- if( rid && g.okApndWiki ){
	200	+ if( rid && g.perm.ApndWiki ){
201	201	style_submenu_element("Append", "Add A Comment", "%s/wikiappend?name=%T",
202	202	g.zTop, zPageName);
203	203	}
204		- if( g.okHistory ){
	204	+ if( g.perm.History ){
205	205	style_submenu_element("History", "History", "%s/whistory?name=%T",
206	206	g.zTop, zPageName);
207	207	}
208	208	}
209	209	style_header(zPageName);
		@@ -225,19 +225,19 @@
225	225	@ <hr /><h2>Attachments:</h2>
226	226	@ <ul>
227	227	}
228	228	cnt++;
229	229	@ <li>
230		- if( g.okHistory && g.okRead ){
	230	+ if( g.perm.History && g.perm.Read ){
231	231	@ <a href="%s(g.zTop)/attachview?page=%s(zPageName)&file=%t(zFile)">
232	232	@ %h(zFile)</a>
233	233	}else{
234	234	@ <li>%h(zFile)
235	235	}
236	236	@ added by %h(zUser) on
237	237	hyperlink_to_date(zDate, ".");
238		- if( g.okWrWiki && g.okAttach ){
	238	+ if( g.perm.WrWiki && g.perm.Attach ){
239	239	@ [<a href="%s(g.zTop)/attachdelete?page=%s(zPageName)&file=%t(zFile)&from=%s(g.zTop)/wiki%%3fname=%s(zPageName)">delete</a>]
240	240	}
241	241	@ </li>
242	242	}
243	243	if( cnt ){
		@@ -271,11 +271,11 @@
271	271	login_check_credentials();
272	272	zPageName = PD("name","");
273	273	if( check_name(zPageName) ) return;
274	274	isSandbox = is_sandbox(zPageName);
275	275	if( isSandbox ){
276		- if( !g.okWrWiki ){
	276	+ if( !g.perm.WrWiki ){
277	277	login_needed();
278	278	return;
279	279	}
280	280	if( zBody==0 ){
281	281	zBody = db_get("sandbox","");
		@@ -286,11 +286,11 @@
286	286	"SELECT rid FROM tagxref"
287	287	" WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)"
288	288	" ORDER BY mtime DESC", zTag
289	289	);
290	290	free(zTag);
291		- if( (rid && !g.okWrWiki) \|\| (!rid && !g.okNewWiki) ){
	291	+ if( (rid && !g.perm.WrWiki) \|\| (!rid && !g.perm.NewWiki) ){
292	292	login_needed();
293	293	return;
294	294	}
295	295	if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI))!=0 ){
296	296	zBody = pWiki->zWiki;
		@@ -375,11 +375,11 @@
375	375	** to the wikiedit screen for that new page.
376	376	*/
377	377	void wikinew_page(void){
378	378	const char *zName;
379	379	login_check_credentials();
380		- if( !g.okNewWiki ){
	380	+ if( !g.perm.NewWiki ){
381	381	login_needed();
382	382	return;
383	383	}
384	384	zName = PD("name","");
385	385	if( zName[0] && wiki_name_is_wellformed((const unsigned char *)zName) ){
		@@ -450,11 +450,11 @@
450	450	if( !rid ){
451	451	fossil_redirect_home();
452	452	return;
453	453	}
454	454	}
455		- if( !g.okApndWiki ){
	455	+ if( !g.perm.ApndWiki ){
456	456	login_needed();
457	457	return;
458	458	}
459	459	if( P("submit")!=0 && P("r")!=0 && P("u")!=0 ){
460	460	char *zDate;
		@@ -560,11 +560,11 @@
560	560	Stmt q;
561	561	char *zTitle;
562	562	char *zSQL;
563	563	const char *zPageName;
564	564	login_check_credentials();
565		- if( !g.okHistory ){ login_needed(); return; }
	565	+ if( !g.perm.History ){ login_needed(); return; }
566	566	zPageName = PD("name","");
567	567	zTitle = mprintf("History Of %s", zPageName);
568	568	style_header(zTitle);
569	569	free(zTitle);
570	570
		@@ -596,11 +596,11 @@
596	596	Manifest pW1, pW2 = 0;
597	597	Blob w1, w2, d;
598	598
599	599	login_check_credentials();
600	600	rid1 = atoi(PD("a","0"));
601		- if( !g.okHistory ){ login_needed(); return; }
	601	+ if( !g.perm.History ){ login_needed(); return; }
602	602	if( rid1==0 ) fossil_redirect_home();
603	603	rid2 = atoi(PD("b","0"));
604	604	zPageName = PD("name","");
605	605	zTitle = mprintf("Changes To %s", zPageName);
606	606	style_header(zTitle);
		@@ -642,11 +642,11 @@
642	642	void wcontent_page(void){
643	643	Stmt q;
644	644	int showAll = P("all")!=0;
645	645
646	646	login_check_credentials();
647		- if( !g.okRdWiki ){ login_needed(); return; }
	647	+ if( !g.perm.RdWiki ){ login_needed(); return; }
648	648	style_header("Available Wiki Pages");
649	649	if( showAll ){
650	650	style_submenu_element("Active", "Only Active Pages", "%s/wcontent", g.zTop);
651	651	}else{
652	652	style_submenu_element("All", "All", "%s/wcontent?all=1", g.zTop);
		@@ -681,11 +681,11 @@
681	681	*/
682	682	void wfind_page(void){
683	683	Stmt q;
684	684	const char * zTitle;
685	685	login_check_credentials();
686		- if( !g.okRdWiki ){ login_needed(); return; }
	686	+ if( !g.perm.RdWiki ){ login_needed(); return; }
687	687	zTitle = PD("title","*");
688	688	style_header("Wiki Pages Found");
689	689	@ <ul>
690	690	db_prepare(&q,
691	691	"SELECT substr(tagname, 6, 1000) FROM tag WHERE tagname like 'wiki-%%%q%%'"
692	692

	--- src/wiki.c
	+++ src/wiki.c
	@@ -90,11 +90,11 @@
90	if( fossil_strcmp(zIndexPage, zPathInfo)==0 ) zIndexPage = 0;
91	}
92	if( zIndexPage ){
93	cgi_redirectf("%s/%s", g.zTop, zIndexPage);
94	}
95	if( !g.okRdWiki ){
96	cgi_redirectf("%s/login?g=%s/home", g.zTop, g.zTop);
97	}
98	if( zPageName ){
99	login_check_credentials();
100	g.zExtra = zPageName;
	@@ -135,11 +135,11 @@
135	char *zBody = mprintf("%s","<i>Empty Page</i>");
136	Stmt q;
137	int cnt = 0;
138
139	login_check_credentials();
140	if( !g.okRdWiki ){ login_needed(); return; }
141	zPageName = P("name");
142	if( zPageName==0 ){
143	style_header("Wiki");
144	@ <ul>
145	{ char *zHomePageName = db_get("project-name",0);
	@@ -152,13 +152,13 @@
152	@ pages. </li>
153	@ <li> <a href="%s(g.zTop)/wiki_rules">Formatting rules</a> for
154	@ wiki.</li>
155	@ <li> Use the <a href="%s(g.zTop)/wiki?name=Sandbox">Sandbox</a>
156	@ to experiment.</li>
157	if( g.okNewWiki ){
158	@ <li> Create a <a href="%s(g.zTop)/wikinew">new wiki page</a>.</li>
159	if( g.okWrite ){
160	@ <li> Create a <a href="%s(g.zTop)/eventedit">new event</a>.</li>
161	}
162	}
163	@ <li> <a href="%s(g.zTop)/wcontent">List of All Wiki Pages</a>
164	@ available on this server.</li>
	@@ -186,24 +186,24 @@
186	if( pWiki ){
187	zBody = pWiki->zWiki;
188	}
189	}
190	if( !g.isHome ){
191	if( (rid && g.okWrWiki) \|\| (!rid && g.okNewWiki) ){
192	style_submenu_element("Edit", "Edit Wiki Page", "%s/wikiedit?name=%T",
193	g.zTop, zPageName);
194	}
195	if( rid && g.okApndWiki && g.okAttach ){
196	style_submenu_element("Attach", "Add An Attachment",
197	"%s/attachadd?page=%T&from=%s/wiki%%3fname=%T",
198	g.zTop, zPageName, g.zTop, zPageName);
199	}
200	if( rid && g.okApndWiki ){
201	style_submenu_element("Append", "Add A Comment", "%s/wikiappend?name=%T",
202	g.zTop, zPageName);
203	}
204	if( g.okHistory ){
205	style_submenu_element("History", "History", "%s/whistory?name=%T",
206	g.zTop, zPageName);
207	}
208	}
209	style_header(zPageName);
	@@ -225,19 +225,19 @@
225	@ <hr /><h2>Attachments:</h2>
226	@ <ul>
227	}
228	cnt++;
229	@ <li>
230	if( g.okHistory && g.okRead ){
231	@ <a href="%s(g.zTop)/attachview?page=%s(zPageName)&file=%t(zFile)">
232	@ %h(zFile)</a>
233	}else{
234	@ <li>%h(zFile)
235	}
236	@ added by %h(zUser) on
237	hyperlink_to_date(zDate, ".");
238	if( g.okWrWiki && g.okAttach ){
239	@ [<a href="%s(g.zTop)/attachdelete?page=%s(zPageName)&file=%t(zFile)&from=%s(g.zTop)/wiki%%3fname=%s(zPageName)">delete</a>]
240	}
241	@ </li>
242	}
243	if( cnt ){
	@@ -271,11 +271,11 @@
271	login_check_credentials();
272	zPageName = PD("name","");
273	if( check_name(zPageName) ) return;
274	isSandbox = is_sandbox(zPageName);
275	if( isSandbox ){
276	if( !g.okWrWiki ){
277	login_needed();
278	return;
279	}
280	if( zBody==0 ){
281	zBody = db_get("sandbox","");
	@@ -286,11 +286,11 @@
286	"SELECT rid FROM tagxref"
287	" WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)"
288	" ORDER BY mtime DESC", zTag
289	);
290	free(zTag);
291	if( (rid && !g.okWrWiki) \|\| (!rid && !g.okNewWiki) ){
292	login_needed();
293	return;
294	}
295	if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI))!=0 ){
296	zBody = pWiki->zWiki;
	@@ -375,11 +375,11 @@
375	** to the wikiedit screen for that new page.
376	*/
377	void wikinew_page(void){
378	const char *zName;
379	login_check_credentials();
380	if( !g.okNewWiki ){
381	login_needed();
382	return;
383	}
384	zName = PD("name","");
385	if( zName[0] && wiki_name_is_wellformed((const unsigned char *)zName) ){
	@@ -450,11 +450,11 @@
450	if( !rid ){
451	fossil_redirect_home();
452	return;
453	}
454	}
455	if( !g.okApndWiki ){
456	login_needed();
457	return;
458	}
459	if( P("submit")!=0 && P("r")!=0 && P("u")!=0 ){
460	char *zDate;
	@@ -560,11 +560,11 @@
560	Stmt q;
561	char *zTitle;
562	char *zSQL;
563	const char *zPageName;
564	login_check_credentials();
565	if( !g.okHistory ){ login_needed(); return; }
566	zPageName = PD("name","");
567	zTitle = mprintf("History Of %s", zPageName);
568	style_header(zTitle);
569	free(zTitle);
570
	@@ -596,11 +596,11 @@
596	Manifest pW1, pW2 = 0;
597	Blob w1, w2, d;
598
599	login_check_credentials();
600	rid1 = atoi(PD("a","0"));
601	if( !g.okHistory ){ login_needed(); return; }
602	if( rid1==0 ) fossil_redirect_home();
603	rid2 = atoi(PD("b","0"));
604	zPageName = PD("name","");
605	zTitle = mprintf("Changes To %s", zPageName);
606	style_header(zTitle);
	@@ -642,11 +642,11 @@
642	void wcontent_page(void){
643	Stmt q;
644	int showAll = P("all")!=0;
645
646	login_check_credentials();
647	if( !g.okRdWiki ){ login_needed(); return; }
648	style_header("Available Wiki Pages");
649	if( showAll ){
650	style_submenu_element("Active", "Only Active Pages", "%s/wcontent", g.zTop);
651	}else{
652	style_submenu_element("All", "All", "%s/wcontent?all=1", g.zTop);
	@@ -681,11 +681,11 @@
681	*/
682	void wfind_page(void){
683	Stmt q;
684	const char * zTitle;
685	login_check_credentials();
686	if( !g.okRdWiki ){ login_needed(); return; }
687	zTitle = PD("title","*");
688	style_header("Wiki Pages Found");
689	@ <ul>
690	db_prepare(&q,
691	"SELECT substr(tagname, 6, 1000) FROM tag WHERE tagname like 'wiki-%%%q%%'"
692

	--- src/wiki.c
	+++ src/wiki.c
	@@ -90,11 +90,11 @@
90	if( fossil_strcmp(zIndexPage, zPathInfo)==0 ) zIndexPage = 0;
91	}
92	if( zIndexPage ){
93	cgi_redirectf("%s/%s", g.zTop, zIndexPage);
94	}
95	if( !g.perm.RdWiki ){
96	cgi_redirectf("%s/login?g=%s/home", g.zTop, g.zTop);
97	}
98	if( zPageName ){
99	login_check_credentials();
100	g.zExtra = zPageName;
	@@ -135,11 +135,11 @@
135	char *zBody = mprintf("%s","<i>Empty Page</i>");
136	Stmt q;
137	int cnt = 0;
138
139	login_check_credentials();
140	if( !g.perm.RdWiki ){ login_needed(); return; }
141	zPageName = P("name");
142	if( zPageName==0 ){
143	style_header("Wiki");
144	@ <ul>
145	{ char *zHomePageName = db_get("project-name",0);
	@@ -152,13 +152,13 @@
152	@ pages. </li>
153	@ <li> <a href="%s(g.zTop)/wiki_rules">Formatting rules</a> for
154	@ wiki.</li>
155	@ <li> Use the <a href="%s(g.zTop)/wiki?name=Sandbox">Sandbox</a>
156	@ to experiment.</li>
157	if( g.perm.NewWiki ){
158	@ <li> Create a <a href="%s(g.zTop)/wikinew">new wiki page</a>.</li>
159	if( g.perm.Write ){
160	@ <li> Create a <a href="%s(g.zTop)/eventedit">new event</a>.</li>
161	}
162	}
163	@ <li> <a href="%s(g.zTop)/wcontent">List of All Wiki Pages</a>
164	@ available on this server.</li>
	@@ -186,24 +186,24 @@
186	if( pWiki ){
187	zBody = pWiki->zWiki;
188	}
189	}
190	if( !g.isHome ){
191	if( (rid && g.perm.WrWiki) \|\| (!rid && g.perm.NewWiki) ){
192	style_submenu_element("Edit", "Edit Wiki Page", "%s/wikiedit?name=%T",
193	g.zTop, zPageName);
194	}
195	if( rid && g.perm.ApndWiki && g.perm.Attach ){
196	style_submenu_element("Attach", "Add An Attachment",
197	"%s/attachadd?page=%T&from=%s/wiki%%3fname=%T",
198	g.zTop, zPageName, g.zTop, zPageName);
199	}
200	if( rid && g.perm.ApndWiki ){
201	style_submenu_element("Append", "Add A Comment", "%s/wikiappend?name=%T",
202	g.zTop, zPageName);
203	}
204	if( g.perm.History ){
205	style_submenu_element("History", "History", "%s/whistory?name=%T",
206	g.zTop, zPageName);
207	}
208	}
209	style_header(zPageName);
	@@ -225,19 +225,19 @@
225	@ <hr /><h2>Attachments:</h2>
226	@ <ul>
227	}
228	cnt++;
229	@ <li>
230	if( g.perm.History && g.perm.Read ){
231	@ <a href="%s(g.zTop)/attachview?page=%s(zPageName)&file=%t(zFile)">
232	@ %h(zFile)</a>
233	}else{
234	@ <li>%h(zFile)
235	}
236	@ added by %h(zUser) on
237	hyperlink_to_date(zDate, ".");
238	if( g.perm.WrWiki && g.perm.Attach ){
239	@ [<a href="%s(g.zTop)/attachdelete?page=%s(zPageName)&file=%t(zFile)&from=%s(g.zTop)/wiki%%3fname=%s(zPageName)">delete</a>]
240	}
241	@ </li>
242	}
243	if( cnt ){
	@@ -271,11 +271,11 @@
271	login_check_credentials();
272	zPageName = PD("name","");
273	if( check_name(zPageName) ) return;
274	isSandbox = is_sandbox(zPageName);
275	if( isSandbox ){
276	if( !g.perm.WrWiki ){
277	login_needed();
278	return;
279	}
280	if( zBody==0 ){
281	zBody = db_get("sandbox","");
	@@ -286,11 +286,11 @@
286	"SELECT rid FROM tagxref"
287	" WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)"
288	" ORDER BY mtime DESC", zTag
289	);
290	free(zTag);
291	if( (rid && !g.perm.WrWiki) \|\| (!rid && !g.perm.NewWiki) ){
292	login_needed();
293	return;
294	}
295	if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI))!=0 ){
296	zBody = pWiki->zWiki;
	@@ -375,11 +375,11 @@
375	** to the wikiedit screen for that new page.
376	*/
377	void wikinew_page(void){
378	const char *zName;
379	login_check_credentials();
380	if( !g.perm.NewWiki ){
381	login_needed();
382	return;
383	}
384	zName = PD("name","");
385	if( zName[0] && wiki_name_is_wellformed((const unsigned char *)zName) ){
	@@ -450,11 +450,11 @@
450	if( !rid ){
451	fossil_redirect_home();
452	return;
453	}
454	}
455	if( !g.perm.ApndWiki ){
456	login_needed();
457	return;
458	}
459	if( P("submit")!=0 && P("r")!=0 && P("u")!=0 ){
460	char *zDate;
	@@ -560,11 +560,11 @@
560	Stmt q;
561	char *zTitle;
562	char *zSQL;
563	const char *zPageName;
564	login_check_credentials();
565	if( !g.perm.History ){ login_needed(); return; }
566	zPageName = PD("name","");
567	zTitle = mprintf("History Of %s", zPageName);
568	style_header(zTitle);
569	free(zTitle);
570
	@@ -596,11 +596,11 @@
596	Manifest pW1, pW2 = 0;
597	Blob w1, w2, d;
598
599	login_check_credentials();
600	rid1 = atoi(PD("a","0"));
601	if( !g.perm.History ){ login_needed(); return; }
602	if( rid1==0 ) fossil_redirect_home();
603	rid2 = atoi(PD("b","0"));
604	zPageName = PD("name","");
605	zTitle = mprintf("Changes To %s", zPageName);
606	style_header(zTitle);
	@@ -642,11 +642,11 @@
642	void wcontent_page(void){
643	Stmt q;
644	int showAll = P("all")!=0;
645
646	login_check_credentials();
647	if( !g.perm.RdWiki ){ login_needed(); return; }
648	style_header("Available Wiki Pages");
649	if( showAll ){
650	style_submenu_element("Active", "Only Active Pages", "%s/wcontent", g.zTop);
651	}else{
652	style_submenu_element("All", "All", "%s/wcontent?all=1", g.zTop);
	@@ -681,11 +681,11 @@
681	*/
682	void wfind_page(void){
683	Stmt q;
684	const char * zTitle;
685	login_check_credentials();
686	if( !g.perm.RdWiki ){ login_needed(); return; }
687	zTitle = PD("title","*");
688	style_header("Wiki Pages Found");
689	@ <ul>
690	db_prepare(&q,
691	"SELECT substr(tagname, 6, 1000) FROM tag WHERE tagname like 'wiki-%%%q%%'"
692

M src/wikiformat.c

+5 -5

		--- src/wikiformat.c
		+++ src/wikiformat.c
		@@ -1043,17 +1043,17 @@
1043	1043	\|\| strncmp(zTarget, "mailto:", 7)==0
1044	1044	){
1045	1045	blob_appendf(p->pOut, "<a href=\"%s\">", zTarget);
1046	1046	/* zTerm = "⟾</a>"; // doesn't work on windows */
1047	1047	}else if( zTarget[0]=='/' ){
1048		- if( 1 /* g.okHistory */ ){
	1048	+ if( 1 /* g.perm.History */ ){
1049	1049	blob_appendf(p->pOut, "<a href=\"%s%h\">", g.zTop, zTarget);
1050	1050	}else{
1051	1051	zTerm = "";
1052	1052	}
1053	1053	}else if( zTarget[0]=='.' \|\| zTarget[0]=='#' ){
1054		- if( 1 /* g.okHistory */ ){
	1054	+ if( 1 /* g.perm.History */ ){
1055	1055	blob_appendf(p->pOut, "<a href=\"%h\">", zTarget);
1056	1056	}else{
1057	1057	zTerm = "";
1058	1058	}
1059	1059	}else if( is_valid_uuid(zTarget) ){
		@@ -1061,11 +1061,11 @@
1061	1061	if( is_ticket(zTarget, &isClosed) ){
1062	1062	/* Special display processing for tickets. Display the hyperlink
1063	1063	** as crossed out if the ticket is closed.
1064	1064	*/
1065	1065	if( isClosed ){
1066		- if( g.okHistory ){
	1066	+ if( g.perm.History ){
1067	1067	blob_appendf(p->pOut,
1068	1068	"<a href=\"%s/info/%s\"><span class=\"wikiTagCancelled\">[",
1069	1069	g.zTop, zTarget
1070	1070	);
1071	1071	zTerm = "]</span></a>";
		@@ -1072,11 +1072,11 @@
1072	1072	}else{
1073	1073	blob_appendf(p->pOut,"<span class=\"wikiTagCancelled\">[");
1074	1074	zTerm = "]</span>";
1075	1075	}
1076	1076	}else{
1077		- if( g.okHistory ){
	1077	+ if( g.perm.History ){
1078	1078	blob_appendf(p->pOut,"<a href=\"%s/info/%s\">[",
1079	1079	g.zTop, zTarget
1080	1080	);
1081	1081	zTerm = "]</a>";
1082	1082	}else{
		@@ -1085,11 +1085,11 @@
1085	1085	}
1086	1086	}
1087	1087	}else if( !in_this_repo(zTarget) ){
1088	1088	blob_appendf(p->pOut, "<span class=\"brokenlink\">[", zTarget);
1089	1089	zTerm = "]</span>";
1090		- }else if( g.okHistory ){
	1090	+ }else if( g.perm.History ){
1091	1091	blob_appendf(p->pOut, "<a href=\"%s/info/%s\">[", g.zTop, zTarget);
1092	1092	zTerm = "]</a>";
1093	1093	}
1094	1094	}else if( strlen(zTarget)>=10 && fossil_isdigit(zTarget[0]) && zTarget[4]=='-'
1095	1095	&& db_int(0, "SELECT datetime(%Q) NOT NULL", zTarget) ){
1096	1096

	--- src/wikiformat.c
	+++ src/wikiformat.c
	@@ -1043,17 +1043,17 @@
1043	\|\| strncmp(zTarget, "mailto:", 7)==0
1044	){
1045	blob_appendf(p->pOut, "<a href=\"%s\">", zTarget);
1046	/* zTerm = "⟾</a>"; // doesn't work on windows */
1047	}else if( zTarget[0]=='/' ){
1048	if( 1 /* g.okHistory */ ){
1049	blob_appendf(p->pOut, "<a href=\"%s%h\">", g.zTop, zTarget);
1050	}else{
1051	zTerm = "";
1052	}
1053	}else if( zTarget[0]=='.' \|\| zTarget[0]=='#' ){
1054	if( 1 /* g.okHistory */ ){
1055	blob_appendf(p->pOut, "<a href=\"%h\">", zTarget);
1056	}else{
1057	zTerm = "";
1058	}
1059	}else if( is_valid_uuid(zTarget) ){
	@@ -1061,11 +1061,11 @@
1061	if( is_ticket(zTarget, &isClosed) ){
1062	/* Special display processing for tickets. Display the hyperlink
1063	** as crossed out if the ticket is closed.
1064	*/
1065	if( isClosed ){
1066	if( g.okHistory ){
1067	blob_appendf(p->pOut,
1068	"<a href=\"%s/info/%s\"><span class=\"wikiTagCancelled\">[",
1069	g.zTop, zTarget
1070	);
1071	zTerm = "]</span></a>";
	@@ -1072,11 +1072,11 @@
1072	}else{
1073	blob_appendf(p->pOut,"<span class=\"wikiTagCancelled\">[");
1074	zTerm = "]</span>";
1075	}
1076	}else{
1077	if( g.okHistory ){
1078	blob_appendf(p->pOut,"<a href=\"%s/info/%s\">[",
1079	g.zTop, zTarget
1080	);
1081	zTerm = "]</a>";
1082	}else{
	@@ -1085,11 +1085,11 @@
1085	}
1086	}
1087	}else if( !in_this_repo(zTarget) ){
1088	blob_appendf(p->pOut, "<span class=\"brokenlink\">[", zTarget);
1089	zTerm = "]</span>";
1090	}else if( g.okHistory ){
1091	blob_appendf(p->pOut, "<a href=\"%s/info/%s\">[", g.zTop, zTarget);
1092	zTerm = "]</a>";
1093	}
1094	}else if( strlen(zTarget)>=10 && fossil_isdigit(zTarget[0]) && zTarget[4]=='-'
1095	&& db_int(0, "SELECT datetime(%Q) NOT NULL", zTarget) ){
1096

	--- src/wikiformat.c
	+++ src/wikiformat.c
	@@ -1043,17 +1043,17 @@
1043	\|\| strncmp(zTarget, "mailto:", 7)==0
1044	){
1045	blob_appendf(p->pOut, "<a href=\"%s\">", zTarget);
1046	/* zTerm = "⟾</a>"; // doesn't work on windows */
1047	}else if( zTarget[0]=='/' ){
1048	if( 1 /* g.perm.History */ ){
1049	blob_appendf(p->pOut, "<a href=\"%s%h\">", g.zTop, zTarget);
1050	}else{
1051	zTerm = "";
1052	}
1053	}else if( zTarget[0]=='.' \|\| zTarget[0]=='#' ){
1054	if( 1 /* g.perm.History */ ){
1055	blob_appendf(p->pOut, "<a href=\"%h\">", zTarget);
1056	}else{
1057	zTerm = "";
1058	}
1059	}else if( is_valid_uuid(zTarget) ){
	@@ -1061,11 +1061,11 @@
1061	if( is_ticket(zTarget, &isClosed) ){
1062	/* Special display processing for tickets. Display the hyperlink
1063	** as crossed out if the ticket is closed.
1064	*/
1065	if( isClosed ){
1066	if( g.perm.History ){
1067	blob_appendf(p->pOut,
1068	"<a href=\"%s/info/%s\"><span class=\"wikiTagCancelled\">[",
1069	g.zTop, zTarget
1070	);
1071	zTerm = "]</span></a>";
	@@ -1072,11 +1072,11 @@
1072	}else{
1073	blob_appendf(p->pOut,"<span class=\"wikiTagCancelled\">[");
1074	zTerm = "]</span>";
1075	}
1076	}else{
1077	if( g.perm.History ){
1078	blob_appendf(p->pOut,"<a href=\"%s/info/%s\">[",
1079	g.zTop, zTarget
1080	);
1081	zTerm = "]</a>";
1082	}else{
	@@ -1085,11 +1085,11 @@
1085	}
1086	}
1087	}else if( !in_this_repo(zTarget) ){
1088	blob_appendf(p->pOut, "<span class=\"brokenlink\">[", zTarget);
1089	zTerm = "]</span>";
1090	}else if( g.perm.History ){
1091	blob_appendf(p->pOut, "<a href=\"%s/info/%s\">[", g.zTop, zTarget);
1092	zTerm = "]</a>";
1093	}
1094	}else if( strlen(zTarget)>=10 && fossil_isdigit(zTarget[0]) && zTarget[4]=='-'
1095	&& db_int(0, "SELECT datetime(%Q) NOT NULL", zTarget) ){
1096

M src/xfer.c

+16 -16

		--- src/xfer.c
		+++ src/xfer.c
		@@ -129,11 +129,11 @@
129	129	blob_extract(pXfer->pIn, n, &content);
130	130	if( !cloneFlag && uuid_is_shunned(blob_str(&pXfer->aToken[1])) ){
131	131	/* Ignore files that have been shunned */
132	132	return;
133	133	}
134		- if( isPriv && !g.okPrivate ){
	134	+ if( isPriv && !g.perm.Private ){
135	135	/* Do not accept private files if not authorized */
136	136	return;
137	137	}
138	138	if( cloneFlag ){
139	139	if( pXfer->nToken==4 ){
		@@ -227,11 +227,11 @@
227	227	\|\| (pXfer->nToken==5 && !blob_is_uuid(&pXfer->aToken[2]))
228	228	){
229	229	blob_appendf(&pXfer->err, "malformed cfile line");
230	230	return;
231	231	}
232		- if( isPriv && !g.okPrivate ){
	232	+ if( isPriv && !g.perm.Private ){
233	233	/* Do not accept private files if not authorized */
234	234	return;
235	235	}
236	236	blob_zero(&content);
237	237	blob_extract(pXfer->pIn, szC, &content);
		@@ -908,11 +908,11 @@
908	908	&& blob_is_uuid(&xfer.aToken[1])
909	909	){
910	910	if( isPush ){
911	911	if( xfer.nToken==2 \|\| blob_eq(&xfer.aToken[2],"1")==0 ){
912	912	rid_from_uuid(&xfer.aToken[1], 1, 0);
913		- }else if( g.okPrivate ){
	913	+ }else if( g.perm.Private ){
914	914	rid_from_uuid(&xfer.aToken[1], 1, 1);
915	915	}else{
916	916	server_private_xfer_not_authorized();
917	917	}
918	918	}
		@@ -941,19 +941,19 @@
941	941	nErr++;
942	942	break;
943	943	}
944	944	login_check_credentials();
945	945	if( blob_eq(&xfer.aToken[0], "pull") ){
946		- if( !g.okRead ){
	946	+ if( !g.perm.Read ){
947	947	cgi_reset_content();
948	948	@ error not\sauthorized\sto\sread
949	949	nErr++;
950	950	break;
951	951	}
952	952	isPull = 1;
953	953	}else{
954		- if( !g.okWrite ){
	954	+ if( !g.perm.Write ){
955	955	if( !isPull ){
956	956	cgi_reset_content();
957	957	@ error not\sauthorized\sto\swrite
958	958	nErr++;
959	959	}else{
		@@ -970,11 +970,11 @@
970	970	** The client knows nothing. Tell all.
971	971	*/
972	972	if( blob_eq(&xfer.aToken[0], "clone") ){
973	973	int iVers;
974	974	login_check_credentials();
975		- if( !g.okClone ){
	975	+ if( !g.perm.Clone ){
976	976	cgi_reset_content();
977	977	@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
978	978	@ error not\sauthorized\sto\sclone
979	979	nErr++;
980	980	break;
		@@ -1014,11 +1014,11 @@
1014	1014	*/
1015	1015	if( blob_eq(&xfer.aToken[0], "login")
1016	1016	&& xfer.nToken==4
1017	1017	){
1018	1018	if( disableLogin ){
1019		- g.okRead = g.okWrite = g.okPrivate = g.okAdmin = 1;
	1019	+ g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
1020	1020	}else{
1021	1021	if( check_tail_hash(&xfer.aToken[2], xfer.pIn)
1022	1022	\|\| check_login(&xfer.aToken[1], &xfer.aToken[2], &xfer.aToken[3])
1023	1023	){
1024	1024	cgi_reset_content();
		@@ -1034,17 +1034,17 @@
1034	1034	** Request a configuration value
1035	1035	*/
1036	1036	if( blob_eq(&xfer.aToken[0], "reqconfig")
1037	1037	&& xfer.nToken==2
1038	1038	){
1039		- if( g.okRead ){
	1039	+ if( g.perm.Read ){
1040	1040	char *zName = blob_str(&xfer.aToken[1]);
1041	1041	if( zName[0]=='/' ){
1042	1042	/* New style configuration transfer */
1043	1043	int groupMask = configure_name_to_mask(&zName[1], 0);
1044		- if( !g.okAdmin ) groupMask &= ~CONFIGSET_USER;
1045		- if( !g.okRdAddr ) groupMask &= ~CONFIGSET_ADDR;
	1044	+ if( !g.perm.Admin ) groupMask &= ~CONFIGSET_USER;
	1045	+ if( !g.perm.RdAddr ) groupMask &= ~CONFIGSET_ADDR;
1046	1046	configure_send_group(xfer.pOut, groupMask, 0);
1047	1047	}else if( configure_is_exportable(zName) ){
1048	1048	/* Old style configuration transfer */
1049	1049	send_legacy_config_card(&xfer, zName);
1050	1050	}
		@@ -1060,11 +1060,11 @@
1060	1060	&& blob_is_int(&xfer.aToken[2], &size) ){
1061	1061	const char *zName = blob_str(&xfer.aToken[1]);
1062	1062	Blob content;
1063	1063	blob_zero(&content);
1064	1064	blob_extract(xfer.pIn, size, &content);
1065		- if( !g.okAdmin ){
	1065	+ if( !g.perm.Admin ){
1066	1066	cgi_reset_content();
1067	1067	@ error not\sauthorized\sto\spush\sconfiguration
1068	1068	nErr++;
1069	1069	break;
1070	1070	}
		@@ -1105,11 +1105,11 @@
1105	1105	**
1106	1106	** This card indicates that the next "file" or "cfile" will contain
1107	1107	** private content.
1108	1108	*/
1109	1109	if( blob_eq(&xfer.aToken[0], "private") ){
1110		- if( !g.okPrivate ){
	1110	+ if( !g.perm.Private ){
1111	1111	server_private_xfer_not_authorized();
1112	1112	}else{
1113	1113	xfer.nextIsPrivate = 1;
1114	1114	}
1115	1115	}else
		@@ -1128,11 +1128,11 @@
1128	1128	** it is not automatic with "a" or "s") then this pragma causes
1129	1129	** private information to be pulled in addition to public records.
1130	1130	*/
1131	1131	if( blob_eq(&xfer.aToken[1], "send-private") ){
1132	1132	login_check_credentials();
1133		- if( !g.okPrivate ){
	1133	+ if( !g.perm.Private ){
1134	1134	server_private_xfer_not_authorized();
1135	1135	}else{
1136	1136	xfer.syncPrivate = 1;
1137	1137	}
1138	1138	}
		@@ -1266,11 +1266,11 @@
1266	1266	memset(&xfer, 0, sizeof(xfer));
1267	1267	xfer.pIn = &recv;
1268	1268	xfer.pOut = &send;
1269	1269	xfer.mxSend = db_get_int("max-upload", 250000);
1270	1270	if( privateFlag ){
1271		- g.okPrivate = 1;
	1271	+ g.perm.Private = 1;
1272	1272	xfer.syncPrivate = 1;
1273	1273	}
1274	1274
1275	1275	assert( pushFlag \| pullFlag \| cloneFlag \| configRcvMask \| configSendMask );
1276	1276	db_begin_transaction();
		@@ -1508,11 +1508,11 @@
1508	1508	int rid;
1509	1509	int isPriv = xfer.nToken>=3 && blob_eq(&xfer.aToken[2],"1");
1510	1510	rid = rid_from_uuid(&xfer.aToken[1], 0, 0);
1511	1511	if( rid>0 ){
1512	1512	if( !isPriv ) content_make_public(rid);
1513		- }else if( isPriv && !g.okPrivate ){
	1513	+ }else if( isPriv && !g.perm.Private ){
1514	1514	/* ignore private files */
1515	1515	}else if( pullFlag \|\| cloneFlag ){
1516	1516	rid = content_new(blob_str(&xfer.aToken[1]), isPriv);
1517	1517	if( rid ) newPhantom = 1;
1518	1518	}
		@@ -1553,11 +1553,11 @@
1553	1553	&& blob_is_int(&xfer.aToken[2], &size) ){
1554	1554	const char *zName = blob_str(&xfer.aToken[1]);
1555	1555	Blob content;
1556	1556	blob_zero(&content);
1557	1557	blob_extract(xfer.pIn, size, &content);
1558		- g.okAdmin = g.okRdAddr = 1;
	1558	+ g.perm.Admin = g.perm.RdAddr = 1;
1559	1559	configure_receive(zName, &content, origConfigRcvMask);
1560	1560	nCardSent++;
1561	1561	blob_reset(&content);
1562	1562	blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
1563	1563	}else
1564	1564

	--- src/xfer.c
	+++ src/xfer.c
	@@ -129,11 +129,11 @@
129	blob_extract(pXfer->pIn, n, &content);
130	if( !cloneFlag && uuid_is_shunned(blob_str(&pXfer->aToken[1])) ){
131	/* Ignore files that have been shunned */
132	return;
133	}
134	if( isPriv && !g.okPrivate ){
135	/* Do not accept private files if not authorized */
136	return;
137	}
138	if( cloneFlag ){
139	if( pXfer->nToken==4 ){
	@@ -227,11 +227,11 @@
227	\|\| (pXfer->nToken==5 && !blob_is_uuid(&pXfer->aToken[2]))
228	){
229	blob_appendf(&pXfer->err, "malformed cfile line");
230	return;
231	}
232	if( isPriv && !g.okPrivate ){
233	/* Do not accept private files if not authorized */
234	return;
235	}
236	blob_zero(&content);
237	blob_extract(pXfer->pIn, szC, &content);
	@@ -908,11 +908,11 @@
908	&& blob_is_uuid(&xfer.aToken[1])
909	){
910	if( isPush ){
911	if( xfer.nToken==2 \|\| blob_eq(&xfer.aToken[2],"1")==0 ){
912	rid_from_uuid(&xfer.aToken[1], 1, 0);
913	}else if( g.okPrivate ){
914	rid_from_uuid(&xfer.aToken[1], 1, 1);
915	}else{
916	server_private_xfer_not_authorized();
917	}
918	}
	@@ -941,19 +941,19 @@
941	nErr++;
942	break;
943	}
944	login_check_credentials();
945	if( blob_eq(&xfer.aToken[0], "pull") ){
946	if( !g.okRead ){
947	cgi_reset_content();
948	@ error not\sauthorized\sto\sread
949	nErr++;
950	break;
951	}
952	isPull = 1;
953	}else{
954	if( !g.okWrite ){
955	if( !isPull ){
956	cgi_reset_content();
957	@ error not\sauthorized\sto\swrite
958	nErr++;
959	}else{
	@@ -970,11 +970,11 @@
970	** The client knows nothing. Tell all.
971	*/
972	if( blob_eq(&xfer.aToken[0], "clone") ){
973	int iVers;
974	login_check_credentials();
975	if( !g.okClone ){
976	cgi_reset_content();
977	@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
978	@ error not\sauthorized\sto\sclone
979	nErr++;
980	break;
	@@ -1014,11 +1014,11 @@
1014	*/
1015	if( blob_eq(&xfer.aToken[0], "login")
1016	&& xfer.nToken==4
1017	){
1018	if( disableLogin ){
1019	g.okRead = g.okWrite = g.okPrivate = g.okAdmin = 1;
1020	}else{
1021	if( check_tail_hash(&xfer.aToken[2], xfer.pIn)
1022	\|\| check_login(&xfer.aToken[1], &xfer.aToken[2], &xfer.aToken[3])
1023	){
1024	cgi_reset_content();
	@@ -1034,17 +1034,17 @@
1034	** Request a configuration value
1035	*/
1036	if( blob_eq(&xfer.aToken[0], "reqconfig")
1037	&& xfer.nToken==2
1038	){
1039	if( g.okRead ){
1040	char *zName = blob_str(&xfer.aToken[1]);
1041	if( zName[0]=='/' ){
1042	/* New style configuration transfer */
1043	int groupMask = configure_name_to_mask(&zName[1], 0);
1044	if( !g.okAdmin ) groupMask &= ~CONFIGSET_USER;
1045	if( !g.okRdAddr ) groupMask &= ~CONFIGSET_ADDR;
1046	configure_send_group(xfer.pOut, groupMask, 0);
1047	}else if( configure_is_exportable(zName) ){
1048	/* Old style configuration transfer */
1049	send_legacy_config_card(&xfer, zName);
1050	}
	@@ -1060,11 +1060,11 @@
1060	&& blob_is_int(&xfer.aToken[2], &size) ){
1061	const char *zName = blob_str(&xfer.aToken[1]);
1062	Blob content;
1063	blob_zero(&content);
1064	blob_extract(xfer.pIn, size, &content);
1065	if( !g.okAdmin ){
1066	cgi_reset_content();
1067	@ error not\sauthorized\sto\spush\sconfiguration
1068	nErr++;
1069	break;
1070	}
	@@ -1105,11 +1105,11 @@
1105	**
1106	** This card indicates that the next "file" or "cfile" will contain
1107	** private content.
1108	*/
1109	if( blob_eq(&xfer.aToken[0], "private") ){
1110	if( !g.okPrivate ){
1111	server_private_xfer_not_authorized();
1112	}else{
1113	xfer.nextIsPrivate = 1;
1114	}
1115	}else
	@@ -1128,11 +1128,11 @@
1128	** it is not automatic with "a" or "s") then this pragma causes
1129	** private information to be pulled in addition to public records.
1130	*/
1131	if( blob_eq(&xfer.aToken[1], "send-private") ){
1132	login_check_credentials();
1133	if( !g.okPrivate ){
1134	server_private_xfer_not_authorized();
1135	}else{
1136	xfer.syncPrivate = 1;
1137	}
1138	}
	@@ -1266,11 +1266,11 @@
1266	memset(&xfer, 0, sizeof(xfer));
1267	xfer.pIn = &recv;
1268	xfer.pOut = &send;
1269	xfer.mxSend = db_get_int("max-upload", 250000);
1270	if( privateFlag ){
1271	g.okPrivate = 1;
1272	xfer.syncPrivate = 1;
1273	}
1274
1275	assert( pushFlag \| pullFlag \| cloneFlag \| configRcvMask \| configSendMask );
1276	db_begin_transaction();
	@@ -1508,11 +1508,11 @@
1508	int rid;
1509	int isPriv = xfer.nToken>=3 && blob_eq(&xfer.aToken[2],"1");
1510	rid = rid_from_uuid(&xfer.aToken[1], 0, 0);
1511	if( rid>0 ){
1512	if( !isPriv ) content_make_public(rid);
1513	}else if( isPriv && !g.okPrivate ){
1514	/* ignore private files */
1515	}else if( pullFlag \|\| cloneFlag ){
1516	rid = content_new(blob_str(&xfer.aToken[1]), isPriv);
1517	if( rid ) newPhantom = 1;
1518	}
	@@ -1553,11 +1553,11 @@
1553	&& blob_is_int(&xfer.aToken[2], &size) ){
1554	const char *zName = blob_str(&xfer.aToken[1]);
1555	Blob content;
1556	blob_zero(&content);
1557	blob_extract(xfer.pIn, size, &content);
1558	g.okAdmin = g.okRdAddr = 1;
1559	configure_receive(zName, &content, origConfigRcvMask);
1560	nCardSent++;
1561	blob_reset(&content);
1562	blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
1563	}else
1564

	--- src/xfer.c
	+++ src/xfer.c
	@@ -129,11 +129,11 @@
129	blob_extract(pXfer->pIn, n, &content);
130	if( !cloneFlag && uuid_is_shunned(blob_str(&pXfer->aToken[1])) ){
131	/* Ignore files that have been shunned */
132	return;
133	}
134	if( isPriv && !g.perm.Private ){
135	/* Do not accept private files if not authorized */
136	return;
137	}
138	if( cloneFlag ){
139	if( pXfer->nToken==4 ){
	@@ -227,11 +227,11 @@
227	\|\| (pXfer->nToken==5 && !blob_is_uuid(&pXfer->aToken[2]))
228	){
229	blob_appendf(&pXfer->err, "malformed cfile line");
230	return;
231	}
232	if( isPriv && !g.perm.Private ){
233	/* Do not accept private files if not authorized */
234	return;
235	}
236	blob_zero(&content);
237	blob_extract(pXfer->pIn, szC, &content);
	@@ -908,11 +908,11 @@
908	&& blob_is_uuid(&xfer.aToken[1])
909	){
910	if( isPush ){
911	if( xfer.nToken==2 \|\| blob_eq(&xfer.aToken[2],"1")==0 ){
912	rid_from_uuid(&xfer.aToken[1], 1, 0);
913	}else if( g.perm.Private ){
914	rid_from_uuid(&xfer.aToken[1], 1, 1);
915	}else{
916	server_private_xfer_not_authorized();
917	}
918	}
	@@ -941,19 +941,19 @@
941	nErr++;
942	break;
943	}
944	login_check_credentials();
945	if( blob_eq(&xfer.aToken[0], "pull") ){
946	if( !g.perm.Read ){
947	cgi_reset_content();
948	@ error not\sauthorized\sto\sread
949	nErr++;
950	break;
951	}
952	isPull = 1;
953	}else{
954	if( !g.perm.Write ){
955	if( !isPull ){
956	cgi_reset_content();
957	@ error not\sauthorized\sto\swrite
958	nErr++;
959	}else{
	@@ -970,11 +970,11 @@
970	** The client knows nothing. Tell all.
971	*/
972	if( blob_eq(&xfer.aToken[0], "clone") ){
973	int iVers;
974	login_check_credentials();
975	if( !g.perm.Clone ){
976	cgi_reset_content();
977	@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
978	@ error not\sauthorized\sto\sclone
979	nErr++;
980	break;
	@@ -1014,11 +1014,11 @@
1014	*/
1015	if( blob_eq(&xfer.aToken[0], "login")
1016	&& xfer.nToken==4
1017	){
1018	if( disableLogin ){
1019	g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
1020	}else{
1021	if( check_tail_hash(&xfer.aToken[2], xfer.pIn)
1022	\|\| check_login(&xfer.aToken[1], &xfer.aToken[2], &xfer.aToken[3])
1023	){
1024	cgi_reset_content();
	@@ -1034,17 +1034,17 @@
1034	** Request a configuration value
1035	*/
1036	if( blob_eq(&xfer.aToken[0], "reqconfig")
1037	&& xfer.nToken==2
1038	){
1039	if( g.perm.Read ){
1040	char *zName = blob_str(&xfer.aToken[1]);
1041	if( zName[0]=='/' ){
1042	/* New style configuration transfer */
1043	int groupMask = configure_name_to_mask(&zName[1], 0);
1044	if( !g.perm.Admin ) groupMask &= ~CONFIGSET_USER;
1045	if( !g.perm.RdAddr ) groupMask &= ~CONFIGSET_ADDR;
1046	configure_send_group(xfer.pOut, groupMask, 0);
1047	}else if( configure_is_exportable(zName) ){
1048	/* Old style configuration transfer */
1049	send_legacy_config_card(&xfer, zName);
1050	}
	@@ -1060,11 +1060,11 @@
1060	&& blob_is_int(&xfer.aToken[2], &size) ){
1061	const char *zName = blob_str(&xfer.aToken[1]);
1062	Blob content;
1063	blob_zero(&content);
1064	blob_extract(xfer.pIn, size, &content);
1065	if( !g.perm.Admin ){
1066	cgi_reset_content();
1067	@ error not\sauthorized\sto\spush\sconfiguration
1068	nErr++;
1069	break;
1070	}
	@@ -1105,11 +1105,11 @@
1105	**
1106	** This card indicates that the next "file" or "cfile" will contain
1107	** private content.
1108	*/
1109	if( blob_eq(&xfer.aToken[0], "private") ){
1110	if( !g.perm.Private ){
1111	server_private_xfer_not_authorized();
1112	}else{
1113	xfer.nextIsPrivate = 1;
1114	}
1115	}else
	@@ -1128,11 +1128,11 @@
1128	** it is not automatic with "a" or "s") then this pragma causes
1129	** private information to be pulled in addition to public records.
1130	*/
1131	if( blob_eq(&xfer.aToken[1], "send-private") ){
1132	login_check_credentials();
1133	if( !g.perm.Private ){
1134	server_private_xfer_not_authorized();
1135	}else{
1136	xfer.syncPrivate = 1;
1137	}
1138	}
	@@ -1266,11 +1266,11 @@
1266	memset(&xfer, 0, sizeof(xfer));
1267	xfer.pIn = &recv;
1268	xfer.pOut = &send;
1269	xfer.mxSend = db_get_int("max-upload", 250000);
1270	if( privateFlag ){
1271	g.perm.Private = 1;
1272	xfer.syncPrivate = 1;
1273	}
1274
1275	assert( pushFlag \| pullFlag \| cloneFlag \| configRcvMask \| configSendMask );
1276	db_begin_transaction();
	@@ -1508,11 +1508,11 @@
1508	int rid;
1509	int isPriv = xfer.nToken>=3 && blob_eq(&xfer.aToken[2],"1");
1510	rid = rid_from_uuid(&xfer.aToken[1], 0, 0);
1511	if( rid>0 ){
1512	if( !isPriv ) content_make_public(rid);
1513	}else if( isPriv && !g.perm.Private ){
1514	/* ignore private files */
1515	}else if( pullFlag \|\| cloneFlag ){
1516	rid = content_new(blob_str(&xfer.aToken[1]), isPriv);
1517	if( rid ) newPhantom = 1;
1518	}
	@@ -1553,11 +1553,11 @@
1553	&& blob_is_int(&xfer.aToken[2], &size) ){
1554	const char *zName = blob_str(&xfer.aToken[1]);
1555	Blob content;
1556	blob_zero(&content);
1557	blob_extract(xfer.pIn, size, &content);
1558	g.perm.Admin = g.perm.RdAddr = 1;
1559	configure_receive(zName, &content, origConfigRcvMask);
1560	nCardSent++;
1561	blob_reset(&content);
1562	blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
1563	}else
1564

M src/zip.c

+1 -1

		--- src/zip.c
		+++ src/zip.c
		@@ -426,11 +426,11 @@
426	426	char zName, zRid;
427	427	int nName, nRid;
428	428	Blob zip;
429	429
430	430	login_check_credentials();
431		- if( !g.okZip ){ login_needed(); return; }
	431	+ if( !g.perm.Zip ){ login_needed(); return; }
432	432	zName = mprintf("%s", PD("name",""));
433	433	nName = strlen(zName);
434	434	zRid = mprintf("%s", PD("uuid",""));
435	435	nRid = strlen(zRid);
436	436	for(nName=strlen(zName)-1; nName>5; nName--){
437	437

	--- src/zip.c
	+++ src/zip.c
	@@ -426,11 +426,11 @@
426	char zName, zRid;
427	int nName, nRid;
428	Blob zip;
429
430	login_check_credentials();
431	if( !g.okZip ){ login_needed(); return; }
432	zName = mprintf("%s", PD("name",""));
433	nName = strlen(zName);
434	zRid = mprintf("%s", PD("uuid",""));
435	nRid = strlen(zRid);
436	for(nName=strlen(zName)-1; nName>5; nName--){
437

	--- src/zip.c
	+++ src/zip.c
	@@ -426,11 +426,11 @@
426	char zName, zRid;
427	int nName, nRid;
428	Blob zip;
429
430	login_check_credentials();
431	if( !g.perm.Zip ){ login_needed(); return; }
432	zName = mprintf("%s", PD("name",""));
433	nName = strlen(zName);
434	zRid = mprintf("%s", PD("uuid",""));
435	nRid = strlen(zRid);
436	for(nName=strlen(zName)-1; nName>5; nName--){
437

Fossil SCM

Keyboard Shortcuts