Fossil SCM
When renaming a user, rename any matching subscription entry to avoid that the user can no longer subscribe with the new name because the email address is already mapped. Also log user renames to the admin log. This does not work across all login groups because we don't know if each member has the subscriber table.
Commit
cdcffc413d7c5ee696af252eb072502d28bec36b353e30ceec74232018d02db8
Parent
593c13baf27e01c…
2 files changed
+1
-1
+24
-1
+1
-1
| --- src/alerts.c | ||
| +++ src/alerts.c | ||
| @@ -1531,11 +1531,11 @@ | ||
| 1531 | 1531 | if( g.perm.RdForum ) cgi_set_parameter_nocopy("sf","1",1); |
| 1532 | 1532 | if( g.perm.RdTkt ) cgi_set_parameter_nocopy("st","1",1); |
| 1533 | 1533 | if( g.perm.RdWiki ) cgi_set_parameter_nocopy("sw","1",1); |
| 1534 | 1534 | } |
| 1535 | 1535 | @ <p>To receive email notifications for changes to this |
| 1536 | - @ repository, fill out the form below and press "Submit" button.</p> | |
| 1536 | + @ repository, fill out the form below and press the "Submit" button.</p> | |
| 1537 | 1537 | form_begin(0, "%R/subscribe"); |
| 1538 | 1538 | @ <table class="subscribe"> |
| 1539 | 1539 | @ <tr> |
| 1540 | 1540 | @ <td class="form_label">Email Address:</td> |
| 1541 | 1541 | @ <td><input type="text" name="e" value="%h(PD("e",""))" size="30"></td> |
| 1542 | 1542 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -1531,11 +1531,11 @@ | |
| 1531 | if( g.perm.RdForum ) cgi_set_parameter_nocopy("sf","1",1); |
| 1532 | if( g.perm.RdTkt ) cgi_set_parameter_nocopy("st","1",1); |
| 1533 | if( g.perm.RdWiki ) cgi_set_parameter_nocopy("sw","1",1); |
| 1534 | } |
| 1535 | @ <p>To receive email notifications for changes to this |
| 1536 | @ repository, fill out the form below and press "Submit" button.</p> |
| 1537 | form_begin(0, "%R/subscribe"); |
| 1538 | @ <table class="subscribe"> |
| 1539 | @ <tr> |
| 1540 | @ <td class="form_label">Email Address:</td> |
| 1541 | @ <td><input type="text" name="e" value="%h(PD("e",""))" size="30"></td> |
| 1542 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -1531,11 +1531,11 @@ | |
| 1531 | if( g.perm.RdForum ) cgi_set_parameter_nocopy("sf","1",1); |
| 1532 | if( g.perm.RdTkt ) cgi_set_parameter_nocopy("st","1",1); |
| 1533 | if( g.perm.RdWiki ) cgi_set_parameter_nocopy("sw","1",1); |
| 1534 | } |
| 1535 | @ <p>To receive email notifications for changes to this |
| 1536 | @ repository, fill out the form below and press the "Submit" button.</p> |
| 1537 | form_begin(0, "%R/subscribe"); |
| 1538 | @ <table class="subscribe"> |
| 1539 | @ <tr> |
| 1540 | @ <td class="form_label">Email Address:</td> |
| 1541 | @ <td><input type="text" name="e" value="%h(PD("e",""))" size="30"></td> |
| 1542 |
+24
-1
| --- src/setupuser.c | ||
| +++ src/setupuser.c | ||
| @@ -347,11 +347,11 @@ | ||
| 347 | 347 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 348 | 348 | int n; |
| 349 | 349 | if( P("verifydelete") ){ |
| 350 | 350 | /* Verified delete user request */ |
| 351 | 351 | db_unprotect(PROTECT_USER); |
| 352 | - if( db_table_exists("repository","subscriber") ){ | |
| 352 | + if( alert_tables_exist() ){ | |
| 353 | 353 | /* Also delete any subscriptions associated with this user */ |
| 354 | 354 | db_multi_exec("DELETE FROM subscriber WHERE suname=" |
| 355 | 355 | "(SELECT login FROM user WHERE uid=%d)", uid); |
| 356 | 356 | } |
| 357 | 357 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| @@ -447,10 +447,19 @@ | ||
| 447 | 447 | db_multi_exec( |
| 448 | 448 | "REPLACE INTO user(uid,login,info,pw,cap,mtime) " |
| 449 | 449 | "VALUES(nullif(%d,0),%Q,%Q,%Q,%Q,now())", |
| 450 | 450 | uid, zLogin, P("info"), zPw, zCap |
| 451 | 451 | ); |
| 452 | + if( zOldLogin && fossil_strcmp(zLogin, zOldLogin)!=0 ){ | |
| 453 | + if( alert_tables_exist() ){ | |
| 454 | + /* Rename matching subscriber entry, else the user cannot | |
| 455 | + re-subscribe with their same email address. */ | |
| 456 | + db_multi_exec("UPDATE subscriber SET suname=%Q WHERE suname=%Q", | |
| 457 | + zLogin, zOldLogin); | |
| 458 | + } | |
| 459 | + admin_log( "Renamed user [%q] to [%q].", zOldLogin, zLogin ); | |
| 460 | + } | |
| 452 | 461 | db_protect_pop(); |
| 453 | 462 | setup_incr_cfgcnt(); |
| 454 | 463 | admin_log( "Updated user [%q] with capabilities [%q].", |
| 455 | 464 | zLogin, zCap ); |
| 456 | 465 | if( atoi(PD("all","0"))>0 ){ |
| @@ -463,10 +472,24 @@ | ||
| 463 | 472 | " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);", |
| 464 | 473 | zLogin, zLogin |
| 465 | 474 | ); |
| 466 | 475 | zOldLogin = zLogin; |
| 467 | 476 | } |
| 477 | +#if 0 | |
| 478 | + /* Problem: when renaming a user we need to update the subcriber | |
| 479 | + ** names to match but we cannot know from here if each member of | |
| 480 | + ** the login group has the subscriber tables, so we cannot blindly | |
| 481 | + ** include this SQL. */ | |
| 482 | + else if( fossil_strcmp(zLogin, zOldLogin)!=0 | |
| 483 | + && alert_tables_exist() ){ | |
| 484 | + /* Rename matching subscriber entry, else the user cannot | |
| 485 | + re-subscribe with their same email address. */ | |
| 486 | + blob_appendf(&sql, | |
| 487 | + "UPDATE subscriber SET suname=%Q WHERE suname=%Q;", | |
| 488 | + zLogin, zOldLogin); | |
| 489 | + } | |
| 490 | +#endif | |
| 468 | 491 | blob_appendf(&sql, |
| 469 | 492 | "UPDATE user SET login=%Q," |
| 470 | 493 | " pw=coalesce(shared_secret(%Q,%Q," |
| 471 | 494 | "(SELECT value FROM config WHERE name='project-code')),pw)," |
| 472 | 495 | " info=%Q," |
| 473 | 496 |
| --- src/setupuser.c | |
| +++ src/setupuser.c | |
| @@ -347,11 +347,11 @@ | |
| 347 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 348 | int n; |
| 349 | if( P("verifydelete") ){ |
| 350 | /* Verified delete user request */ |
| 351 | db_unprotect(PROTECT_USER); |
| 352 | if( db_table_exists("repository","subscriber") ){ |
| 353 | /* Also delete any subscriptions associated with this user */ |
| 354 | db_multi_exec("DELETE FROM subscriber WHERE suname=" |
| 355 | "(SELECT login FROM user WHERE uid=%d)", uid); |
| 356 | } |
| 357 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| @@ -447,10 +447,19 @@ | |
| 447 | db_multi_exec( |
| 448 | "REPLACE INTO user(uid,login,info,pw,cap,mtime) " |
| 449 | "VALUES(nullif(%d,0),%Q,%Q,%Q,%Q,now())", |
| 450 | uid, zLogin, P("info"), zPw, zCap |
| 451 | ); |
| 452 | db_protect_pop(); |
| 453 | setup_incr_cfgcnt(); |
| 454 | admin_log( "Updated user [%q] with capabilities [%q].", |
| 455 | zLogin, zCap ); |
| 456 | if( atoi(PD("all","0"))>0 ){ |
| @@ -463,10 +472,24 @@ | |
| 463 | " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);", |
| 464 | zLogin, zLogin |
| 465 | ); |
| 466 | zOldLogin = zLogin; |
| 467 | } |
| 468 | blob_appendf(&sql, |
| 469 | "UPDATE user SET login=%Q," |
| 470 | " pw=coalesce(shared_secret(%Q,%Q," |
| 471 | "(SELECT value FROM config WHERE name='project-code')),pw)," |
| 472 | " info=%Q," |
| 473 |
| --- src/setupuser.c | |
| +++ src/setupuser.c | |
| @@ -347,11 +347,11 @@ | |
| 347 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 348 | int n; |
| 349 | if( P("verifydelete") ){ |
| 350 | /* Verified delete user request */ |
| 351 | db_unprotect(PROTECT_USER); |
| 352 | if( alert_tables_exist() ){ |
| 353 | /* Also delete any subscriptions associated with this user */ |
| 354 | db_multi_exec("DELETE FROM subscriber WHERE suname=" |
| 355 | "(SELECT login FROM user WHERE uid=%d)", uid); |
| 356 | } |
| 357 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| @@ -447,10 +447,19 @@ | |
| 447 | db_multi_exec( |
| 448 | "REPLACE INTO user(uid,login,info,pw,cap,mtime) " |
| 449 | "VALUES(nullif(%d,0),%Q,%Q,%Q,%Q,now())", |
| 450 | uid, zLogin, P("info"), zPw, zCap |
| 451 | ); |
| 452 | if( zOldLogin && fossil_strcmp(zLogin, zOldLogin)!=0 ){ |
| 453 | if( alert_tables_exist() ){ |
| 454 | /* Rename matching subscriber entry, else the user cannot |
| 455 | re-subscribe with their same email address. */ |
| 456 | db_multi_exec("UPDATE subscriber SET suname=%Q WHERE suname=%Q", |
| 457 | zLogin, zOldLogin); |
| 458 | } |
| 459 | admin_log( "Renamed user [%q] to [%q].", zOldLogin, zLogin ); |
| 460 | } |
| 461 | db_protect_pop(); |
| 462 | setup_incr_cfgcnt(); |
| 463 | admin_log( "Updated user [%q] with capabilities [%q].", |
| 464 | zLogin, zCap ); |
| 465 | if( atoi(PD("all","0"))>0 ){ |
| @@ -463,10 +472,24 @@ | |
| 472 | " SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);", |
| 473 | zLogin, zLogin |
| 474 | ); |
| 475 | zOldLogin = zLogin; |
| 476 | } |
| 477 | #if 0 |
| 478 | /* Problem: when renaming a user we need to update the subcriber |
| 479 | ** names to match but we cannot know from here if each member of |
| 480 | ** the login group has the subscriber tables, so we cannot blindly |
| 481 | ** include this SQL. */ |
| 482 | else if( fossil_strcmp(zLogin, zOldLogin)!=0 |
| 483 | && alert_tables_exist() ){ |
| 484 | /* Rename matching subscriber entry, else the user cannot |
| 485 | re-subscribe with their same email address. */ |
| 486 | blob_appendf(&sql, |
| 487 | "UPDATE subscriber SET suname=%Q WHERE suname=%Q;", |
| 488 | zLogin, zOldLogin); |
| 489 | } |
| 490 | #endif |
| 491 | blob_appendf(&sql, |
| 492 | "UPDATE user SET login=%Q," |
| 493 | " pw=coalesce(shared_secret(%Q,%Q," |
| 494 | "(SELECT value FROM config WHERE name='project-code')),pw)," |
| 495 | " info=%Q," |
| 496 |