reaplced the git service code (main gitbackendinterface()) with a new

one that does permission checking

diff --git a/gwvplib/gwvpauth.php b/gwvplib/gwvpauth.php
index 3e0ddcd..086af98 100644 (file)
--- a/gwvplib/gwvpauth.php
+++ b/gwvplib/gwvpauth.php
@@ -40,7 +40,6 @@ function gwvp_AskForBasicAuth()
        if(!isset($_SERVER["PHP_AUTH_USER"])) {
                header('WWW-Authenticate: Basic realm="My Realm"');
                header('HTTP/1.0 401 Unauthorized');
-               exit(0);
        } else return; 
 }
 
@@ -59,12 +58,6 @@ function gwvp_CheckAuthLevel($levels)
        return false;
 }
 
-function gwvp_fourZeroThree()
-{
-       header("HTTP/1.0 403 Permission Denied");
-       exit(0);
-}
-
 function gwvp_AuthNoPerms()
 {
        gwvp_goMainPage("gwvp_AuthNoPermsBody");

diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php
index 7093812..a59a02b 100644 (file)
--- a/gwvplib/gwvpgitcontrol.php
+++ b/gwvplib/gwvpgitcontrol.php
@@ -33,29 +33,102 @@ function gwvp_repoPermissionCheck($repo, $user)
        return true;
 }
 
-function gwvp_gitBackendInterface_new()
+function gwvp_gitBackendInterface()
 {
        // and this is where i re-code the git backend interface from scratch
        global $BASE_URL;
        
        $repo_base = gwvp_getConfigVal("repodir");
        
+       // TODO: we need to stop passing the repo name around as "repo.git", it needs to be just "repo"
+       
        $repo = "";
+       $repoid = -1;
        $newloc = "/";
        if(isset($_REQUEST["q"])) {
                $query = $_REQUEST["q"];
                $qspl = explode("/", $query);
                $repo = $qspl[1];
+               $repoid = gwvp_resolvRepoPerms($repo);
                for($i=2; $i < count($qspl); $i++) {
                        $newloc .= "/".$qspl[$i];
                }
        }
        
+       if($repoid == -1) {
+               gwvp_fourZeroFour();
+               return;
+       }
+       
+       // so now we have the repo
+       // next we determine if this is a read or a write
+       $write = false;
+       if(isset($_REQUEST["service"])) {
+               if($_REQUEST["service"] == "git-receive-pack") {
+                       $write = true;
+               }
+       }
+       if($_SERVER["REQUEST_METHOD"] == "POST") {
+               $write = true;
+       }
+       
+       // if its a write, we push for authentication
+       if($write) {
+               $person = gwvp_checkBasicAuthLogin();
+               if($person == false) {
+                       gwvp_AskForBasicAuth();
+                       return;
+               } else {
+                       $perms = gwvp_resolvRepoPerms($person["id"], $repoid);
+                       if($perms < 3) {
+                               gwvp_fourZeroThree();
+                               return;
+                       } else {
+                               // here we pass to the git backend
+                               gwvp_callGitBackend($person["username"], $repo);
+                       }
+               }
+               return;
+       }
+       
+       // if not we figure out the anon permissions for a repo
+       $perms = gwvp_resolvRepoPerms(-1, $repoid);
+       
+       // if they're less then read, we need to then check the user auth permissions
+       if($perms < 2) {
+               // we ask for auth
+               $person = gwvp_checkBasicAuthLogin();
+               if($person == false) {
+                       gwvp_AskForBasicAuth();
+                       return;
+               } else {
+                       $perms = gwvp_resolvRepoPerms($person["id"], $repoid);
+                       if($perms < 3) {
+                               gwvp_fourZeroThree();
+                               return;
+                       }
+               }
+       }
+       
+       // if we made it this far, we a read and we have permissions to do so, just search the file from the repo
+       if(file_exists("$repo_base/$repo/$newloc")) {
+               error_log("would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc");
+               $fh = fopen("$repo_base/$repo/$newloc", "rb");
+               
+               error_log("pushing file");
+               while(!feof($fh)) {
+                       echo fread($fh, 8192);
+               }
+       } else {
+               //echo "would ask $repo,$actual_repo_name for $repo/$newloc from $repo_base/$repo/$newloc, NE";
+               gwvp_fourZeroFour();
+               return;
+       }
        
 }
 
 
-function gwvp_gitBackendInterface()
+function gwvp_gitBackendInterface_old()
 {
        global $BASE_URL;
        
@@ -175,7 +248,7 @@ function gwvp_canManageRepo($userid, $repoid)
        return false;
 }
 
-function gwvp_callGitBackend($repo)
+function gwvp_callGitBackend($username, $reponame)
 {
        // this is where things become a nightmare
                $fh   = fopen('php://input', "r");
@@ -216,7 +289,7 @@ function gwvp_callGitBackend($repo)
                $procenv["GIT_HTTP_EXPORT_ALL"] = "1";
                $procenv["QUERY_STRING"] = "$qs";
                $procenv["HTTP_USER_AGENT"] = "git/1.7.1";
-               $procenv["REMOTE_USER"] = "user";
+               $procenv["REMOTE_USER"] = "$username";
                $procenv["REMOTE_ADDR"] = "1.2.3.4";
                $procenv["AUTH_TYPE"] = "Basic";
                

diff --git a/gwvplib/gwvpweb.php b/gwvplib/gwvpweb.php
index 92ed814..3cc931c 100644 (file)
--- a/gwvplib/gwvpweb.php
+++ b/gwvplib/gwvpweb.php
@@ -226,4 +226,16 @@ function gwvp_TailBuilder()
        echo "<font size=\"-1\"><i>Copyright 2011, PJR - licensed under GPL</i></font>";
 }
 
+function gwvp_fourZeroThree()
+{
+       header("HTTP/1.0 403 Permission Denied");
+}
+
+function gwvp_fourZeroFour()
+{
+       header("HTTP/1.0 404 No Such Thing");
+}
+
+
+
 ?>
\ No newline at end of file