X-Git-Url: http://git.pjr.cc/?p=gwvp.git;a=blobdiff_plain;f=gwvplib%2Fgwvpgitcontrol.php;h=7c34d9b07bfaca1dd2dd98f21b0a9ceeaa726b6a;hp=5ac3df65895c0b97706f07855dae266a09a4537d;hb=942b821d861aba1da43ef6c999141853e9f8b3a8;hpb=70007a4ed44735f9d9c82fdff2d6600e2fdbfbd9 diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php index 5ac3df6..7c34d9b 100644 --- a/gwvplib/gwvpgitcontrol.php +++ b/gwvplib/gwvpgitcontrol.php @@ -6,6 +6,9 @@ $CALL_ME_FUNCTIONS["gitcontrol"] = "gwvp_gitControlCallMe"; //$MENU_ITEMS["20repos"]["link"] = "$BASE_URL/admin/repos"; $HOME_PAGE_PROVIDERS["gitlog"] = "gwvp_GitLogProvider"; +// TODO: we could actually change backend interface such that is +// will respond to any url's that contain "repo.git" rather then +// having to be $BASE_URL/git/repo.git function gwvp_gitControlCallMe() { if(isset($_REQUEST["q"])) { @@ -42,6 +45,20 @@ function gwvp_gitBackendInterface() // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo" + + /* bizare git problem that ignores 403's or continues on with a push despite them + error_log("FLAP for ".$_SERVER["REQUEST_URI"]); + if(isset($_REQUEST)) { + $dump = print_r($_REQUEST, true); + error_log("FLAP, $dump"); + } + if(isset($_SERVER["PHP_AUTH_USER"])) { + error_log("FLAP: donut hole"); + }*/ + + + + $repo = ""; $repoid = false; $newloc = "/"; @@ -71,25 +88,33 @@ function gwvp_gitBackendInterface() $write = false; if(isset($_REQUEST["service"])) { if($_REQUEST["service"] == "git-receive-pack") { + error_log("got write as receivepack in post"); $write = true; } } if($_SERVER["REQUEST_METHOD"] == "POST") { $write = true; } + // THIS MAY CAUSE ISSUES LATER ON but we do it cause the git client ignores our 403 when it uses git-receive-pack after an auth + // no, this isnt a solution cause auth'd read attempts will come up as writes... + //if(isset($_SERVER["PHP_AUTH_USER"])) { + //$write = true; + //} // if its a write, we push for authentication if($write) { + error_log("is write attempt, ask for login"); $person = gwvp_checkBasicAuthLogin(); if($person == false) { gwvp_AskForBasicAuth(); return; } else { - error_log("checking perms for $person against $repoid"); - $perms = gwvp_resolvRepoPerms(gwvp_getUserId($person), $repoid); + error_log("checking perms for $person against $repoid for repo $repo"); + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); if($perms < 3) { + error_log("perms are $perms and im not allowed"); gwvp_fourZeroThree(); - return; + exit(0); } else { // here we pass to the git backend error_log("perms are $perms and im allowed"); @@ -110,7 +135,7 @@ function gwvp_gitBackendInterface() gwvp_AskForBasicAuth(); return; } else { - $perms = gwvp_resolvRepoPerms(gwvp_getUserId($person), $repoid); + $perms = gwvp_resolvRepoPerms(gwvp_getUserId(null, $person), $repoid); if($perms < 3) { $dump = print_r($person, true); error_log("in basic read, called 403 for $perms $dump"); @@ -122,7 +147,7 @@ function gwvp_gitBackendInterface() // if we made it this far, we a read and we have permissions to do so, just search the file from the repo if(file_exists("$repo_base/$repo.git/$newloc")) { - error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc"); + error_log("would ask $repo for $repo.git/$newloc from $repo_base/$repo.git/$newloc"); $fh = fopen("$repo_base/$repo.git/$newloc", "rb"); error_log("pushing file"); @@ -463,14 +488,17 @@ function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms= // 1 - visible // 2 - read // 3 - write +// 4 - owner/administrator function gwvp_resolvRepoPerms($userid, $repoid) { $ownerid = gwvp_getRepoOwner($repoid); $isadmin = gwvp_IsUserAdmin(null, null, $userid); - if($isadmin) return 3; + error_log("USerid is $userid, ownerid $ownerid"); + + if($isadmin) return 4; - if($userid == $ownerid) return 3; + if($userid == $ownerid) return 4; // now we load the perms table and pray $repoperms = gwvp_getRepoPermissions($repoid);