From 8f8e22554423f3738bddbc6266851032c0fb62c1 Mon Sep 17 00:00:00 2001 From: Paul J R Date: Fri, 21 Sep 2012 11:30:13 +1000 Subject: [PATCH] repo permissions management complete (though pretty ugly code) --- gwvpmini/gwvpmini_db.php | 16 ++-- gwvpmini/gwvpmini_view.php | 278 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 283 insertions(+), 11 deletions(-) diff --git a/gwvpmini/gwvpmini_db.php b/gwvpmini/gwvpmini_db.php index 63b8f84..c3ac22b 100644 --- a/gwvpmini/gwvpmini_db.php +++ b/gwvpmini/gwvpmini_db.php @@ -122,7 +122,11 @@ function gwvpmini_ChangeRepoPerm($rid, $uid, $acc) $permsarray[$uid] = $acc; } else { $permsarray = unserialize(base64_decode($cperms_t)); - $permsarray[$uid] = $acc; + $permsarray[$uid] = $acc; + if($acc == 0) { + error_log("PERMSUPDATE: REMOVE $uid"); + unset($permsarray[$uid]); + } } // check if base is now r or a, we can drop any 1's @@ -155,15 +159,11 @@ function gwvpmini_GetRepoPerms($rid) $cperms_t = $row[0]; } - if($cperms_t === false) return 0; - - error_log("PERMSCHECK $rid, $uid:".print_r($dets, true)); - - if($dets === false) return 0; - - if($dets["ownerid"] == $uid) return 2; + if($cperms_t === false) return false; $permsarray = unserialize(base64_decode($cperms_t)); + + return $permsarray; } //returns 0 for none, 1 for read, 2 for writes diff --git a/gwvpmini/gwvpmini_view.php b/gwvpmini/gwvpmini_view.php index 5862068..d1b7eaa 100644 --- a/gwvpmini/gwvpmini_view.php +++ b/gwvpmini/gwvpmini_view.php @@ -24,6 +24,18 @@ function gwvpmini_RepoViewCallMe() if($qspl[0] == "updaterepobaseperms") { return "gwvpmini_UpdateRepoBasePerms"; } + if($qspl[0] == "repoaddreader") { + return "gwvpmini_AddRepoReader"; + } + if($qspl[0] == "repoaddcontrib") { + return "gwvpmini_AddRepoContributor"; + } + if($qspl[0] == "reporemovereaders") { + return "gwvpmini_RemoveRepoReader"; + } + if($qspl[0] == "reporemovecontribs") { + return "gwvpmini_RemoveRepoContributor"; + } return false; } else return false; @@ -80,7 +92,9 @@ function gwvpmini_RepoViewPageBody() echo "$desc
"; if($owner_view) { - $bperms = gwvpmini_GetRepoPerm(gwvpmini_GetRepoId($repo_view_call), "b"); + $bperms_f = gwvpmini_GetRepoPerms(gwvpmini_GetRepoId($repo_view_call)); + + $bperms = $bperms_f["b"]; $anyo = ""; $regd = ""; @@ -104,13 +118,36 @@ function gwvpmini_RepoViewPageBody() echo ""; echo ""; if($bperms == "x") { - echo "Readers
"; + echo "Readers
"; + echo "
"; + $nl = 0; + foreach($bperms_f as $key=>$val) { + if($val == 1) { + $dets = gwvpmini_getUser(null, null, $key); + echo get_gravatar($dets["email"], 18, 'mm', 'g', true)." ".$dets["username"]."
"; + $nl = 1; + } + } + if($nl==1) echo ""; + echo "
"; echo "
"; echo " "; echo "

"; } - echo "Contributors"; + echo "Contributors
"; + echo "
"; + $nl = 0; + foreach($bperms_f as $key=>$val) { + if($val == 2) { + $dets = gwvpmini_getUser(null, null, $key); + echo get_gravatar($dets["email"], 18, 'mm', 'g', true)." ".$dets["username"]."
"; + $nl = 1; + } + } + if($nl==1) echo ""; + echo "
"; + echo "
"; echo " "; echo "

"; @@ -202,6 +239,241 @@ function gwvpmini_UpdateRepoBasePerms() } header("Location: $BASE_URL/view/$repo_view_call"); +} + +function gwvpmini_AddRepoReader() +{ + global $BASE_URL, $repo_view_call; + + if(isset($_REQUEST["q"])) { + $query = $_REQUEST["q"]; + $qspl = explode("/", $query); + error_log("PLOOP:qview".print_r($qspl, true)); + } + + if(isset($qspl[1])) $repo_view_call = $qspl[1]; + else { + error_log("PLOOP: no repo name"); + // TODO: btw, this makes no sense + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + $newperms = $_REQUEST["base_perms"]; + + $owner = gwvpmini_GetRepoOwnerDetailsFromName($repo_view_call); + $desc = gwvpmini_GetRepoDescFromName($repo_view_call); + + $owner_name = $owner["username"]; + + $owner_view = false; + if(isset($_SESSION["id"])) { + if($owner["id"] == $_SESSION["id"]) { + $owner_view = true; + } + } + if(!$owner_view) { + gwvpmini_SendMessage("error", "failure updating permission for repo"); + error_log("PLOOP: attempt to update from non-owner"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + $auid = gwvpmini_GetUserId($_REQUEST["readerusername"]); + + if($auid == $_SESSION["id"]) { + gwvpmini_SendMessage("error", "You cannot add yourself as a reader as you already own the repo"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + if($auid > 0) { + $rid = gwvpmini_GetRepoId($repo_view_call); + + gwvpmini_ChangeRepoPerm($rid, $auid, 1); + gwvpmini_SendMessage("info", "Added user ".$_REQUEST["readerusername"]." as a reader"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } else { + gwvpmini_SendMessage("error", "Couldnt find user with username of ".$_REQUEST["readerusername"]); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + +} + +function gwvpmini_AddRepoContributor() +{ + global $BASE_URL, $repo_view_call; + + if(isset($_REQUEST["q"])) { + $query = $_REQUEST["q"]; + $qspl = explode("/", $query); + error_log("PLOOP:qview".print_r($qspl, true)); + } + + if(isset($qspl[1])) $repo_view_call = $qspl[1]; + else { + error_log("PLOOP: no repo name"); + // TODO: btw, this makes no sense + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + $newperms = $_REQUEST["base_perms"]; + + $owner = gwvpmini_GetRepoOwnerDetailsFromName($repo_view_call); + $desc = gwvpmini_GetRepoDescFromName($repo_view_call); + + $owner_name = $owner["username"]; + + $owner_view = false; + if(isset($_SESSION["id"])) { + if($owner["id"] == $_SESSION["id"]) { + $owner_view = true; + } + } + if(!$owner_view) { + gwvpmini_SendMessage("error", "failure updating permission for repo"); + error_log("PLOOP: attempt to update from non-owner"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + $auid = gwvpmini_GetUserId($_REQUEST["contribusername"]); + + if($auid == $_SESSION["id"]) { + gwvpmini_SendMessage("error", "You cannot add yourself as a contributor as you already own the repo"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + if($auid > 0) { + $rid = gwvpmini_GetRepoId($repo_view_call); + + gwvpmini_ChangeRepoPerm($rid, $auid, 2); + gwvpmini_SendMessage("info", "Added user ".$_REQUEST["contribusername"]." as a contributor"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } else { + gwvpmini_SendMessage("error", "Couldnt find user with username of ".$_REQUEST["contribusername"]); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } +} + +function gwvpmini_RemoveRepoContributor() +{ + + global $BASE_URL, $repo_view_call; + + if(isset($_REQUEST["q"])) { + $query = $_REQUEST["q"]; + $qspl = explode("/", $query); + error_log("PLOOP:qview".print_r($qspl, true)); + } + + if(isset($qspl[1])) $repo_view_call = $qspl[1]; + else { + error_log("PLOOP: no repo name"); + // TODO: btw, this makes no sense + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + + $owner = gwvpmini_GetRepoOwnerDetailsFromName($repo_view_call); + $desc = gwvpmini_GetRepoDescFromName($repo_view_call); + + $owner_name = $owner["username"]; + + $owner_view = false; + if(isset($_SESSION["id"])) { + if($owner["id"] == $_SESSION["id"]) { + $owner_view = true; + } + } + if(!$owner_view) { + gwvpmini_SendMessage("error", "failure updating permission for repo"); + error_log("PLOOP: attempt to update from non-owner"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + $rid = gwvpmini_GetRepoId($repo_view_call); + + $bperms_f = gwvpmini_GetRepoPerms($rid); + + foreach($bperms_f as $key=>$val) { + if($val == 2) { + if(isset($_REQUEST["$key"])) { + gwvpmini_ChangeRepoPerm($rid, $key, 0); + } + } + } + + gwvpmini_SendMessage("info", "Repo permissions updated"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + +} + + +function gwvpmini_RemoveRepoReader() +{ + + global $BASE_URL, $repo_view_call; + + if(isset($_REQUEST["q"])) { + $query = $_REQUEST["q"]; + $qspl = explode("/", $query); + error_log("PLOOP:qview".print_r($qspl, true)); + } + + if(isset($qspl[1])) $repo_view_call = $qspl[1]; + else { + error_log("PLOOP: no repo name"); + // TODO: btw, this makes no sense + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + + $owner = gwvpmini_GetRepoOwnerDetailsFromName($repo_view_call); + $desc = gwvpmini_GetRepoDescFromName($repo_view_call); + + $owner_name = $owner["username"]; + + $owner_view = false; + if(isset($_SESSION["id"])) { + if($owner["id"] == $_SESSION["id"]) { + $owner_view = true; + } + } + if(!$owner_view) { + gwvpmini_SendMessage("error", "failure updating permission for repo"); + error_log("PLOOP: attempt to update from non-owner"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } + + $rid = gwvpmini_GetRepoId($repo_view_call); + + $bperms_f = gwvpmini_GetRepoPerms($rid); + + foreach($bperms_f as $key=>$val) { + if($val == 1) { + if(isset($_REQUEST["$key"])) { + gwvpmini_ChangeRepoPerm($rid, $key, 0); + } + } + } + + gwvpmini_SendMessage("info", "Repo permissions updated"); + header("Location: $BASE_URL/view/$repo_view_call"); + return; + } ?> \ No newline at end of file -- 1.7.0.4