From 6c1b92d76da061444557f79b494f0e4a3c5258c0 Mon Sep 17 00:00:00 2001 From: Paul J R Date: Sat, 22 Sep 2012 07:52:09 +1000 Subject: [PATCH] permissions now apply properly to repo, however the git client behaves strangely when it can read, but not write. --- gwvpmini/gwvpmini_gitbackend.php | 58 ++++++++++++++++++++++--------------- gwvpmini/gwvpmini_web.php | 4 +- 2 files changed, 36 insertions(+), 26 deletions(-) diff --git a/gwvpmini/gwvpmini_gitbackend.php b/gwvpmini/gwvpmini_gitbackend.php index 69c828f..192bb06 100644 --- a/gwvpmini/gwvpmini_gitbackend.php +++ b/gwvpmini/gwvpmini_gitbackend.php @@ -92,40 +92,50 @@ function gwvpmini_gitBackendInterface() //$write = true; //} - $perms = 5; + $person = gwvpmini_checkBasicAuthLogin(); //$write = true; + // next, figure out permissions for repo + $rid = gwvpmini_GetRepoId($repo); + $uid = -1; + error_log("AT THIS POINT WE HAVE $uid, $rid, $repo $person"); - // if its a write, we push for authentication - if($write) { - error_log("is write attempt, ask for login"); - $person = gwvpmini_checkBasicAuthLogin(); - if($person == false) { - error_log("person is false, push auth"); + if(!$person) { + if($write) { + error_log("ASK FOR BASIC AUTH"); gwvpmini_AskForBasicAuth(); - echo "Login"; return; } else { - error_log("checking perms for $person against $repoid for repo $repo"); - // here we pass to the git backend - error_log("perms are $perms and im allowed"); - gwvpmini_callGitBackend($person["username"], $repo); + $perm = gwvpmini_GetRepoPerm($rid, "a"); + if($perm < 1) { + error_log("ASK FOR BASIC AUTH 2"); + gwvpmini_AskForBasicAuth(); + return; + } } - return; - } - - - // if they're less then read, we need to then check the user auth permissions - if($perms < 2) { - // we ask for auth - $person = gwvpmini_checkBasicAuthLogin(); - if($person == false) { - gwvpmini_AskForBasicAuth(); - return; + } else { + $uid = gwvpmini_GetUserId($person); + $perm = gwvpmini_GetRepoPerm($rid, $uid); + if($write) { + if($perm < 2) { + error_log("SEND FOFF"); + gwvpmini_fourZeroThree(); + return; + } } else { + if($perm < 1) { + gwvpmini_fourZeroThree(); + return; + } } } + // if its a write, we push for authentication + if($write) { + gwvpmini_callGitBackend($person, $repo); + return; + } + // if we made it this far, we a read and we have permissions to do so, just search the file from the repo if(file_exists("$repo_base/$repo.git/$newloc")) { error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc"); diff --git a/gwvpmini/gwvpmini_web.php b/gwvpmini/gwvpmini_web.php index 3243998..eb1a7c5 100644 --- a/gwvpmini/gwvpmini_web.php +++ b/gwvpmini/gwvpmini_web.php @@ -243,13 +243,13 @@ function gwvpmini_emailToUserLink($email) function gwvpmini_fourZeroThree() { error_log("403 called"); - header("HTTP/1.0 403 Permission Denied"); + header("HTTP/1.1 403 Permission Denied"); } function gwvpmini_fourZeroFour() { error_log("404 called"); - header("HTTP/1.0 404 No Such Thing"); + header("HTTP/1.1 404 No Such Thing"); } -- 1.7.0.4