From: paulr Date: Mon, 7 Nov 2011 06:19:43 +0000 (+1100) Subject: working on repo permissions code X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=673b7aa46f8ccbd326113eea024320f70eb7ec10;p=gwvp.git working on repo permissions code --- diff --git a/TODO b/TODO index 908ec14..50975cc 100644 --- a/TODO +++ b/TODO @@ -13,6 +13,8 @@ Current 3) remove initial repo bit via bundle - going to leave this here for now 4) fix up the gitbackend function once and for all 5) add a config var and initial setup var for website name (i.e. hostname) +6) sort gwvpdatabase.php functions into alpha order + Alpha Release ============= diff --git a/gwvplib/gwvpdatabase.php b/gwvplib/gwvpdatabase.php index 8746f0f..6b0a1f9 100644 --- a/gwvplib/gwvpdatabase.php +++ b/gwvplib/gwvpdatabase.php @@ -285,6 +285,21 @@ function gwvp_getUser($username=null, $email=null, $id=null) } +function gwvp_getRepoOwner($repoid) +{ + $conn = gwvp_ConnectDB(); + + $sql = "select repos_owner from repos where repos_id='$repoid'"; + + $res = $conn->query($sql); + + $return = false; + foreach($res as $rown) { + $return = $rown["repos_owner"]; + } + return $return; +} + function gwvp_getOwnedRepos($userid = null, $username = null) { $conn = gwvp_ConnectDB(); @@ -388,7 +403,7 @@ function gwvp_deleteGroup($groupname) $conn->query($sql); } -function gwvp_getGroupsForUser($email) +function gwvp_getGroupsForUser($email = null, $userid = null) { $conn = gwvp_ConnectDB(); @@ -401,15 +416,25 @@ function gwvp_getGroupsForUser($email) gm.groupmember_groupid=g.groups_id and g.groups_name='$groupname' */ - - $sql = " - select g.groups_name from - group_membership gm, groups g, users u - where - gm.groupmember_userid=u.users_id and - u.user_email='$email' and - gm.groupmember_groupid=g.groups_id - "; + if($email != null) { + $sql = " + select g.groups_name from + group_membership gm, groups g, users u + where + gm.groupmember_userid=u.users_id and + u.user_email='$email' and + gm.groupmember_groupid=g.groups_id + "; + } else if($userid != null) { + $sql = " + select g.groups_name from + group_membership gm, groups g, users u + where + gm.groupmember_userid=u.users_id and + u.users_id='$userid' and + gm.groupmember_groupid=g.groups_id + "; + } else return false; $res = $conn->query($sql); @@ -685,7 +710,7 @@ function gwvp_IsGroupMember($email, $groupname) if($result == 1) return true; } -function gwvp_IsUserAdmin($email=null, $username = null) +function gwvp_IsUserAdmin($email=null, $username = null, $userid = null) { $conn = gwvp_ConnectDB(); @@ -694,6 +719,8 @@ function gwvp_IsUserAdmin($email=null, $username = null) if($email != null) { $id = gwvp_getUserId($email); $sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'"; + } else if($userid != null) { + $sql = "select groupmember_groupid from group_membership where groupmember_userid='$userid'"; } else if($username != null) { $id = gwvp_getUserId(null, $username); $sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'"; @@ -809,15 +836,6 @@ function gwvp_ModifyGroup($groupid, $groupname = null, $group_is_admin = null, $ return true; } -function gwvp_AddRepo($reponame, $repodesc, $repoowner) -{ - $conn = gwvp_ConnectDB(); - - $sql = "insert into repos values (null, '$reponame', '$repodesc', '$repoowner')"; - - $conn->query($sql); -} - function gwvp_GetRepoList() { $conn = gwvp_ConnectDB(); @@ -849,6 +867,93 @@ function gwvp_GetRepoList() return $return; } + +function gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0) +{ + $conn = gwvp_ConnectDB(); + + $sql = "insert into repos values (null, '$reponame', '$repodesc', '$repoowner')"; + + $conn->query($sql); + + $sql = "select repos_id from repos where repos_name='$reponame'"; + $res = $conn->query($sql); + $rid = -1; + foreach($res as $repos) { + $rid = $repos["repos_id"]; + } + /* + * CREATE TABLE "repoperms" ( + "repoperms_id" INTEGER PRIMARY KEY AUTOINCREMENT, + "repo_id" INTEGER, + "repoperms_type" TEXT, + "repoperms_ref" TEXT + + */ + + /* + * // default perms: +// 0 - anyone can clone/read, only owner can write +// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo +// 2 - only owner can see anything + + */ + + switch($defaultperms) { + case "1": + gwvp_addRepoPermission($rid, "visible", "anon"); + break; + case "2": + // by 2, we do nothing, owner already has full perms + break; + default: // 0 + gwvp_addRepoPermission($rid, "read", "anon"); + + } +} + +function gwvp_getRepoPermissions($repoid) +{ + /* + * // this looks like null, , , user:|group:|authed|anon + // where authed = any authenticated user, anon = everyone (logged in, not logged in, etc) + // read|visible|write = can clone from repo|can see repo exists and see description but not clone from it|can push to repo + // TODO: is this sufficient? i have to think about it + $repoperms = ' + CREATE TABLE "repoperms" ( + "repoperms_id" INTEGER PRIMARY KEY AUTOINCREMENT, + "repo_id" INTEGER, + "repoperms_type" TEXT, + "repoperms_ref" TEXT + )'; + + */ + $conn = gwvp_ConnectDB(); + + $sql = "select * from repoperms where repo_id='$repoid'"; + + $res = $conn->query($sql); + + $returns = false; + $rn = 0; + foreach($res as $perm) { + $returns[$rn]["permid"] = $perm["repoperms_id"]; + $returns[$rn]["type"] = $perm["repoperms_type"]; + $returns[$rn]["ref"] = $perm["repoperms_ref"]; + $rn++; + } + + return $returns; +} + +function gwvp_addRepoPermission($repoid, $permtype, $permref) +{ + $conn = gwvp_ConnectDB(); + + $sql = "insert into repoperms values(null, '$repoid', '$permtype', '$permref')"; + + return $conn->query($sql); +} /* functions we'll need to access data: * * getUsers(pattern) diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php index 18ddde5..18956b9 100644 --- a/gwvplib/gwvpgitcontrol.php +++ b/gwvplib/gwvpgitcontrol.php @@ -330,7 +330,11 @@ function gwvp_repoExists($name) else return false; } -function gwvp_createGitRepo($name, $bundle=null) +// default perms: +// 0 - anyone can clone/read, only owner can write +// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo +// 2 - only owner can see anything +function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0) { global $repo_base; @@ -346,7 +350,39 @@ function gwvp_createGitRepo($name, $bundle=null) chdir("$repo_base/$name.git"); exec("/usr/bin/git update-server-info"); } + + // gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0) + gwvp_AddRepo($name, $desc, $ownerid, $defaultperms); return true; } + +// this funciton returns one of three things, read, visible, write, none +// as +// 0 - none +// 1 - visible +// 2 - read +// 3 - write +function gwvp_resolvRepoPerms($userid, $repoid) +{ + $ownerid = gwvp_getRepoOwner($repoid); + $isadmin = gwvp_IsUserAdmin(null, null, $userid); + + if($isadmin) return 3; + + if($userid == $ownerid) return 3; + + // now we load the perms table and pray + $repoperms = gwvp_getRepoPermissions($repoid); + $usergroups = gwvp_getGroupsForUser(null, $userid); + + $maxperm = 0; + foreach($repoperms as $perm) { + // need to go thru each perm, then check it agains the user we're trying to figure + // the perms on + + + } +} + ?> \ No newline at end of file diff --git a/gwvplib/gwvprepoadmin.php b/gwvplib/gwvprepoadmin.php index 07bab8e..baa7cf1 100644 --- a/gwvplib/gwvprepoadmin.php +++ b/gwvplib/gwvprepoadmin.php @@ -46,6 +46,8 @@ function gwvp_CreateRepoPage() gwvp_goMainPage("gwvp_CreateRepoPageBody"); } +//function gwvp_createGitRepo($name, $ownerid, $desc, $defaultperms=0, $bundle=null) + function gwvp_DoCreateRepoPage() { global $BASE_URL; @@ -59,9 +61,11 @@ function gwvp_DoCreateRepoPage() //header("Location: $BASE_URL/admin/repos/create?reponameobv=$reponame&repodescobv=$repodesc"); } else if($_FILES["bundlefile"]["size"] > 0) { // if(isset($_FILES["bundlefile"]["size"])) <--- this needs to happen here TODO error_log("bundle file tmpname is ".$_FILES["bundlefile"]["tmp_name"]); - gwvp_createGitRepo($reponame, $_FILES["bundlefile"]["tmp_name"]); + // function gwvp_createGitRepo($name, $ownerid, $desc, $defaultperms=0, $bundle=null) + // TODO: deal with default perms + gwvp_createGitRepo($reponame, $_SESSION["id"], $repodesc, $_FILES["bundlefile"]["tmp_name"]); gwvp_SendMessage("info", "Repo, $reponame, created"); - } else if(gwvp_createGitRepo($reponame)) { + } else if(gwvp_createGitRepo($reponame, $_SESSION["id"], $repodesc)) { gwvp_SendMessage("info", "Repo, $reponame, created"); } header("Location: $BASE_URL/admin/repos"); @@ -153,11 +157,6 @@ function gwvp_RepoAdminPageBody() return; } -// this funciton returns one of three things -function gwvp_resolvRepoPerms($userid, $repoid) -{ - -}