From 3175ff316104151c9cca5d33aa09b61f2da6253c Mon Sep 17 00:00:00 2001
From: Paul J R <me@pjr.cc>
Date: Sat, 22 Sep 2012 10:10:28 +1000
Subject: [PATCH] repo view now follows permissions

---
 gwvpmini/gwvpmini_search.php |    2 +-
 gwvpmini/gwvpmini_view.php   |   25 +++++++++++++++++++++----
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/gwvpmini/gwvpmini_search.php b/gwvpmini/gwvpmini_search.php
index 852b5f0..870dc0b 100644
--- a/gwvpmini/gwvpmini_search.php
+++ b/gwvpmini/gwvpmini_search.php
@@ -84,7 +84,7 @@ function gwvpmini_SearchMainPageBody()
 			$userdets = get_gravatar($ownerinfo["email"], 40, 'mm', 'g', true);
 			$userdets .= "<br><a href=\"$BASE_URL/user/".$ownerinfo["username"]."\">".$ownerinfo["username"]."</a>";
 			
-			$repodets = "<b>".$rep["name"]."</b><br>".$rep["desc"];
+			$repodets = "<b><a href=\"$BASE_URL/view/".$rep["name"]."\">".$rep["name"]."</a></b><br>".$rep["desc"];
 			echo "<tr><td>$userdets</td><td>$repodets</td></tr>";
 		}
 		echo "</table>";
diff --git a/gwvpmini/gwvpmini_view.php b/gwvpmini/gwvpmini_view.php
index d1b7eaa..b47c152 100644
--- a/gwvpmini/gwvpmini_view.php
+++ b/gwvpmini/gwvpmini_view.php
@@ -62,6 +62,9 @@ function gwvpmini_RepoViewPageBody()
 	
 	$repo_base = gwvpmini_getConfigVal("repodir");
 
+	$bperms_f = gwvpmini_GetRepoPerms(gwvpmini_GetRepoId($repo_view_call));
+	$bperms = $bperms_f["b"];
+	
 	$owner_view = false;
 	
 	if($_SERVER["SERVER_PORT"] == 443) $proto="https://";
@@ -73,16 +76,30 @@ function gwvpmini_RepoViewPageBody()
 	
 	$owner_name = $owner["username"];
 	
-	
+	// TODO: fix this so that if user has no read access to repo, they cant see it
 	if(isset($_SESSION["id"])) {
 		if($owner["id"] == $_SESSION["id"]) {
 			$owner_view = true;
+		} else if ($bperms != "r") {
+			// check user level perms
+			$perm = gwvpmini_GetRepoPerm($rid, $_SESSION["id"]);
+			if($perm < 1) {
+				header("Location: $BASE_URL");
+				return;
+			}
+		}
+	} else {
+		if($bperms != "a") {
+			header("Location: $BASE_URL");
+			return;
 		}
 	}
 	
 	
 	error_log("STUFF:".print_r($owner,true));
-	$cloneurl = "git clone $proto$sname$BASE_URL/git/$repo_view_call.git";
+	if($bperms != "a") $login = $_SESSION["username"]."@password:";
+	else $login = "";
+	$cloneurl = "git clone $proto$login$sname$BASE_URL/git/$repo_view_call.git";
 	echo "<textarea rows=1 cols=".strlen($cloneurl).">$cloneurl</textarea><br>";
 	
 	if($owner_view) $owner_extra = " (YOU)";
@@ -92,9 +109,9 @@ function gwvpmini_RepoViewPageBody()
 	echo "<b>$desc</b><br>";
 	
 	if($owner_view) {
-		$bperms_f = gwvpmini_GetRepoPerms(gwvpmini_GetRepoId($repo_view_call));
 		
-		$bperms = $bperms_f["b"];
+		
+
 		
 		$anyo = "";
 		$regd = "";
-- 
1.7.0.4