X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpgitcontrol.php;h=7c34d9b07bfaca1dd2dd98f21b0a9ceeaa726b6a;hp=18ddde565c164c9ee1fda78b9d929fb266655852;hb=942b821d861aba1da43ef6c999141853e9f8b3a8;hpb=1a1ed3388655bbc4001022fd91f3f5ea3ad4d03a

diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php
index 18ddde5..7c34d9b 100644
--- a/gwvplib/gwvpgitcontrol.php
+++ b/gwvplib/gwvpgitcontrol.php
@@ -4,7 +4,11 @@ $CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe";
 
 //$MENU_ITEMS["20repos"]["text"] = "Repo Admin";
 //$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos";
+$HOME_PAGE_PROVIDERS["gitlog"] = "gwvp_GitLogProvider";
 
+// TODO: we could actually change backend interface such that is
+// will respond to any url's that contain "repo.git" rather then
+// having to be $BASE_URL/git/repo.git
 function gwvp_gitControlCallMe()
 {
 	if(isset($_REQUEST["q"])) {
@@ -22,36 +26,148 @@ function gwvp_gitControlCallMe()
 	
 }
 
+function gwvp_GitLogProvider()
+{
+	echo "<br>gitload provider loaded on homepage<br>";
+}
+
 function gwvp_repoPermissionCheck($repo, $user)
 {
 	return true;
 }
 
-function gwvp_gitBackendInterface_new()
+function gwvp_gitBackendInterface()
 {
 	// and this is where i re-code the git backend interface from scratch
-	global $repo_base, $BASE_URL;
+	global $BASE_URL;
+	
+	$repo_base = gwvp_getConfigVal("repodir");
 	
+	// TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo"
+	
+	
+	/* bizare git problem that ignores 403's or continues on with a push despite them 
+	error_log("FLAP for ".$_SERVER["REQUEST_URI"]);
+	if(isset($_REQUEST)) {
+		$dump = print_r($_REQUEST, true);
+		error_log("FLAP, $dump");
+	}
+	if(isset($_SERVER["PHP_AUTH_USER"])) {
+		error_log("FLAP: donut hole");
+	}*/
+	
+	
+
 	
 	$repo = "";
+	$repoid = false;
 	$newloc = "/";
 	if(isset($_REQUEST["q"])) {
 		$query = $_REQUEST["q"];
 		$qspl = explode("/", $query);
-		$repo = $qspl[1];
+		// TODO do this with 
+		$repo = preg_replace("/\.git$/", "", $qspl[1]);
+		$repoid = gwvp_GetRepoId($repo);
 		for($i=2; $i < count($qspl); $i++) {
 			$newloc .= "/".$qspl[$i];
 		}
 	}
 	
+	if($repoid == false) {
+		gwvp_fourZeroFour();
+		return;
+	}
+	
+	// we do an update server cause its weird and i cant figure out when it actually needs to happen
+	chdir("$repo_base/$repo.git");
+	exec("/usr/bin/git update-server-info");
+	
+	
+	// so now we have the repo
+	// next we determine if this is a read or a write
+	$write = false;
+	if(isset($_REQUEST["service"])) {
+		if($_REQUEST["service"] == "git-receive-pack") {
+			error_log("got write as receivepack in post");
+			$write = true;
+		}
+	}
+	if($_SERVER["REQUEST_METHOD"] == "POST") {
+		$write = true;
+	}
+	// THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth
+	// no, this isnt a solution cause auth'd read attempts will come up as writes...
+	//if(isset($_SERVER["PHP_AUTH_USER"])) {
+		//$write = true;
+	//}
+	
+	// if its a write, we push for authentication
+	if($write) {
+		error_log("is write attempt, ask for login");
+		$person = gwvp_checkBasicAuthLogin();
+		if($person == false) {
+			gwvp_AskForBasicAuth();
+			return;
+		} else {
+			error_log("checking perms for $person against $repoid for repo $repo");
+			$perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid);
+			if($perms < 3) {
+				error_log("perms are $perms and im not allowed");
+				gwvp_fourZeroThree();
+				exit(0);
+			} else {
+				// here we pass to the git backend
+				error_log("perms are $perms and im allowed");
+				gwvp_callGitBackend($person["username"], $repo);
+			}
+		}
+		return;
+	}
+	
+	// if not we figure out the anon permissions for a repo
+	$perms = gwvp_resolvRepoPerms(-1, $repoid);
+	
+	// if they're less then read, we need to then check the user auth permissions
+	if($perms < 2) {
+		// we ask for auth
+		$person = gwvp_checkBasicAuthLogin();
+		if($person == false) {
+			gwvp_AskForBasicAuth();
+			return;
+		} else {
+			$perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid);
+			if($perms < 3) {
+				$dump = print_r($person, true);
+				error_log("in basic read, called 403 for $perms $dump");
+				gwvp_fourZeroThree();
+				return;
+			}
+		}
+	}
+	
+	// if we made it this far, we a read and we have permissions to do so, just search the file from the repo
+	if(file_exists("$repo_base/$repo.git/$newloc")) {
+		error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc");
+		$fh = fopen("$repo_base/$repo.git/$newloc", "rb");
+		
+		error_log("pushing file");
+		while(!feof($fh)) {
+			echo fread($fh, 8192);
+		}
+	} else {
+		//echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
+		gwvp_fourZeroFour();
+		return;
+	}
 	
 }
 
 
-function gwvp_gitBackendInterface()
+function gwvp_gitBackendInterface_old()
 {
-	global $repo_base, $BASE_URL;
+	global $BASE_URL;
 	
+	$repo_base = gwvp_getConfigVal("repodir");
 	
 	$repo = "";
 	$newloc = "/";
@@ -157,14 +273,23 @@ function gwvp_gitBackendInterface()
 	}
 }
 
+function gwvp_canManageRepo($userid, $repoid)
+{
+	// only the owner or an admin can do these tasks
+	error_log("Checking repoid, $repoid against userid $userid");
+	
+	if(gwvp_IsUserAdmin(null, null, $userid)) return true;
+	if(gwvp_IsRepoOwner($userid, $repoid)) return true;
+	return false;
+}
 
-function gwvp_callGitBackend($repo)
+function gwvp_callGitBackend($username, $repo)
 {
 	// this is where things become a nightmare
 		$fh   = fopen('php://input', "r");
 		
 		$ruri = $_SERVER["REQUEST_URI"];
-		$strrem = "git/$repo";
+		$strrem = "git/$repo.git";
 		$euri = str_replace($strrem, "", $_REQUEST["q"]);
 		//$euri = preg_replace("/^git\/$repo\.git/", "", $_REQUEST["q"]);
 		
@@ -194,12 +319,12 @@ function gwvp_callGitBackend($repo)
 		// setup env
 		if(isset($procenv))	unset($procenv);
 		$procenv["GATEWAY_INTERFACE"] = "CGI/1.1";
-		$procenv["PATH_TRANSLATED"] = "/tmp/$repo/$euri";
+		$procenv["PATH_TRANSLATED"] = "/tmp/$repo.git/$euri";
 		$procenv["REQUEST_METHOD"] = "$rmeth";
 		$procenv["GIT_HTTP_EXPORT_ALL"] = "1";
 		$procenv["QUERY_STRING"] = "$qs";
 		$procenv["HTTP_USER_AGENT"] = "git/1.7.1";
-		$procenv["REMOTE_USER"] = "user";
+		$procenv["REMOTE_USER"] = "$username";
 		$procenv["REMOTE_ADDR"] = "1.2.3.4";
 		$procenv["AUTH_TYPE"] = "Basic";
 		
@@ -212,7 +337,7 @@ function gwvp_callGitBackend($repo)
 			$procenv["CONTENT_LENGTH"] = $_SERVER["CONTENT_LENGTH"];
 		}
 		
-		error_log("path trans'd is /tmp/$repo/$euri from $ruri with ".$_REQUEST["q"]." $strrem");
+		error_log("path trans'd is /tmp/$repo.git/$euri from $ruri with ".$_REQUEST["q"]." $strrem");
 		
 		
 		
@@ -324,15 +449,19 @@ function gwvp_callGitBackend($repo)
 
 function gwvp_repoExists($name)
 {
-	global $repo_base;
+	$repo_base = gwvp_getConfigVal("repodir");
 	
 	if(file_exists("$repo_base/$name.git")) return true;
 	else return false;
 }
 
-function gwvp_createGitRepo($name, $bundle=null)
+// default perms:
+// 0 - anyone can clone/read, only owner can write
+// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo
+// 2 - only owner can see anything
+function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0)
 {
-	global $repo_base;
+	$repo_base = gwvp_getConfigVal("repodir");
 	
 	// phew, this works, but i tell you this - bundles arent quite as nice as they should be
 	if($bundle == null) {
@@ -346,7 +475,79 @@ function gwvp_createGitRepo($name, $bundle=null)
 		chdir("$repo_base/$name.git");
 		exec("/usr/bin/git update-server-info");
 	}
+
+	// gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0)
+	gwvp_AddRepo($name, $desc, $ownerid, $defaultperms);
 	
 	return true;
 }
+
+// this funciton returns one of three things, read, visible, write, none
+// as
+// 0 - none
+// 1 - visible
+// 2 - read
+// 3 - write
+// 4 - owner/administrator
+function gwvp_resolvRepoPerms($userid, $repoid)
+{
+	$ownerid = gwvp_getRepoOwner($repoid);
+	$isadmin = gwvp_IsUserAdmin(null, null, $userid);
+	
+	error_log("USerid is $userid, ownerid $ownerid");
+	
+	if($isadmin) return 4;
+	
+	if($userid == $ownerid) return 4;
+	
+	// now we load the perms table and pray
+	$repoperms = gwvp_getRepoPermissions($repoid);
+	$usergroups = gwvp_getGroupsForUser(null, $userid);
+
+	$maxperm = 0;
+	if($repoperms != false) foreach($repoperms as $perm) {
+		// need to go thru each perm, then check it agains the user we're trying to figure
+		// the perms on
+		switch($perm["type"]) {
+			case "read":
+				$permval = 2;
+				break;
+			case "visible":
+				$permval = 1;
+				break;
+			case "write":
+				$permval = 3;
+				break;
+			default:
+				$permval = 0;
+		}
+		
+		// we only var if permval is greater then current
+		if($permval > $maxperm) {
+			//error_log("going into check for $maxperm/$permval, ".$perm["ref"]);
+			if($perm["ref"] == "anon") {
+				$maxperm = $permval;
+			} else if($perm["ref"] == "authed") {
+				$maxperm = $permval;
+			} else {
+				// now we do splits
+				$spl = explode(":", $perm["ref"]);
+				$idtype = $spl[0];
+				$idval = $spl[1];
+				if($idtype == "group") {
+					// function gwvp_IsGroupMember($email, $groupname)
+					if(gwvp_IsGroupMemberById($userid, $idval)) $maxperm = $permval;
+				} else if ($idtype == "user") {
+					//error_log("checking $userid, $idval");
+					if($userid == $idval) $maxperm = $permval;
+				}
+			}
+		}
+	}
+	
+	// thats TOTALLY going to work... -_0 we should really write a unit test for this, but thats a bit
+	// hard given the db req's so for now, we'll leave it as is
+	return $maxperm;
+}
+
 ?>
\ No newline at end of file