From 673b7aa46f8ccbd326113eea024320f70eb7ec10 Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Mon, 7 Nov 2011 17:19:43 +1100
Subject: [PATCH] working on repo permissions code

---
 TODO                       |    2 +
 gwvplib/gwvpdatabase.php   |  145 ++++++++++++++++++++++++++++++++++++++------
 gwvplib/gwvpgitcontrol.php |   38 +++++++++++-
 gwvplib/gwvprepoadmin.php  |   13 ++--
 4 files changed, 170 insertions(+), 28 deletions(-)

diff --git a/TODO b/TODO
index 908ec14..50975cc 100644
--- a/TODO
+++ b/TODO
@@ -13,6 +13,8 @@ Current
 3) remove initial repo bit via bundle - going to leave this here for now
 4) fix up the gitbackend function once and for all
 5) add a config var and initial setup var for website name (i.e. hostname)
+6) sort gwvpdatabase.php functions into alpha order
+
 
 Alpha Release
 =============
diff --git a/gwvplib/gwvpdatabase.php b/gwvplib/gwvpdatabase.php
index 8746f0f..6b0a1f9 100644
--- a/gwvplib/gwvpdatabase.php
+++ b/gwvplib/gwvpdatabase.php
@@ -285,6 +285,21 @@ function gwvp_getUser($username=null, $email=null, $id=null)
 
 }
 
+function gwvp_getRepoOwner($repoid)
+{
+	$conn = gwvp_ConnectDB();
+
+	$sql = "select repos_owner from repos where repos_id='$repoid'";
+
+	$res = $conn->query($sql);
+	
+	$return = false;
+	foreach($res as $rown) {
+		$return = $rown["repos_owner"];
+	}
+	return $return;
+}
+
 function gwvp_getOwnedRepos($userid = null, $username = null)
 {
 	$conn = gwvp_ConnectDB();
@@ -388,7 +403,7 @@ function gwvp_deleteGroup($groupname)
 	$conn->query($sql);
 }
 
-function gwvp_getGroupsForUser($email)
+function gwvp_getGroupsForUser($email = null, $userid = null)
 {
 	$conn = gwvp_ConnectDB();
 
@@ -401,15 +416,25 @@ function gwvp_getGroupsForUser($email)
 	 gm.groupmember_groupid=g.groups_id and
 	 g.groups_name='$groupname'
 	 */
-
-	$sql = "
-			select g.groups_name from 
-				group_membership gm, groups g, users u 
-			where 
-				gm.groupmember_userid=u.users_id and
-				u.user_email='$email' and
-				gm.groupmember_groupid=g.groups_id
-	";
+	if($email != null) {
+		$sql = "
+				select g.groups_name from 
+					group_membership gm, groups g, users u 
+				where 
+					gm.groupmember_userid=u.users_id and
+					u.user_email='$email' and
+					gm.groupmember_groupid=g.groups_id
+		";
+	} else if($userid != null) {
+		$sql = "
+				select g.groups_name from 
+					group_membership gm, groups g, users u 
+				where 
+					gm.groupmember_userid=u.users_id and
+					u.users_id='$userid' and
+					gm.groupmember_groupid=g.groups_id
+		";
+	} else return false;
 
 	$res = $conn->query($sql);
 
@@ -685,7 +710,7 @@ function gwvp_IsGroupMember($email, $groupname)
 	if($result == 1) return true;
 }
 
-function gwvp_IsUserAdmin($email=null, $username = null)
+function gwvp_IsUserAdmin($email=null, $username = null, $userid = null)
 {
 	$conn = gwvp_ConnectDB();
 
@@ -694,6 +719,8 @@ function gwvp_IsUserAdmin($email=null, $username = null)
 	if($email != null) {
 		$id = gwvp_getUserId($email);
 		$sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'";
+	} else if($userid != null) {
+		$sql = "select groupmember_groupid from group_membership where groupmember_userid='$userid'";
 	} else if($username != null) {
 		$id = gwvp_getUserId(null, $username);
 		$sql = "select groupmember_groupid from group_membership where groupmember_userid='$id'";
@@ -809,15 +836,6 @@ function gwvp_ModifyGroup($groupid, $groupname = null, $group_is_admin = null, $
 	return true;
 }
 
-function gwvp_AddRepo($reponame, $repodesc, $repoowner)
-{
-	$conn = gwvp_ConnectDB();
-	
-	$sql = "insert into repos values (null, '$reponame', '$repodesc', '$repoowner')";
-	
-	$conn->query($sql);
-}
-
 function gwvp_GetRepoList()
 {
 	$conn = gwvp_ConnectDB();
@@ -849,6 +867,93 @@ function gwvp_GetRepoList()
 	
 	return $return;
 }
+
+function gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0)
+{
+	$conn = gwvp_ConnectDB();
+	
+	$sql = "insert into repos values (null, '$reponame', '$repodesc', '$repoowner')";
+	
+	$conn->query($sql);
+	
+	$sql = "select repos_id from repos where repos_name='$reponame'";
+	$res = $conn->query($sql);
+	$rid = -1;
+	foreach($res as $repos) {
+		$rid = $repos["repos_id"];
+	}
+	/*
+	 * 		CREATE TABLE "repoperms" (
+		"repoperms_id" INTEGER PRIMARY KEY AUTOINCREMENT,
+		"repo_id" INTEGER,
+		"repoperms_type" TEXT,
+		"repoperms_ref" TEXT
+
+	 */
+	
+	/*
+	 * // default perms:
+// 0 - anyone can clone/read, only owner can write
+// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo
+// 2 - only owner can see anything
+
+	 */
+
+	switch($defaultperms) {
+		case "1":
+			gwvp_addRepoPermission($rid, "visible", "anon");
+			break;
+		case "2":
+			// by 2, we do nothing, owner already has full perms
+			break;
+		default: // 0
+			gwvp_addRepoPermission($rid, "read", "anon");
+			
+	}
+}
+
+function gwvp_getRepoPermissions($repoid)
+{
+	/*
+	 * 	// this looks like null, <repoid>, <read|visible|write>, user:<uid>|group:<gid>|authed|anon
+	// where authed = any authenticated user, anon = everyone (logged in, not logged in, etc)
+	// read|visible|write = can clone from repo|can see repo exists and see description but not clone from it|can push to repo
+	// TODO: is this sufficient? i have to think about it
+	$repoperms = '
+		CREATE TABLE "repoperms" (
+		"repoperms_id" INTEGER PRIMARY KEY AUTOINCREMENT,
+		"repo_id" INTEGER,
+		"repoperms_type" TEXT,
+		"repoperms_ref" TEXT
+	)';
+
+	 */
+	$conn = gwvp_ConnectDB();
+
+	$sql = "select * from repoperms where repo_id='$repoid'";
+	
+	$res = $conn->query($sql);
+	
+	$returns = false;
+	$rn = 0;
+	foreach($res as $perm) {
+		$returns[$rn]["permid"] = $perm["repoperms_id"];
+		$returns[$rn]["type"] = $perm["repoperms_type"];
+		$returns[$rn]["ref"] = $perm["repoperms_ref"];
+		$rn++;
+	}
+	
+	return $returns;
+}
+
+function gwvp_addRepoPermission($repoid, $permtype, $permref)
+{
+	$conn = gwvp_ConnectDB();
+	
+	$sql = "insert into repoperms values(null, '$repoid', '$permtype', '$permref')";
+	
+	return $conn->query($sql);
+}
 /* functions we'll need to access data:
  *
  * getUsers(pattern)
diff --git a/gwvplib/gwvpgitcontrol.php b/gwvplib/gwvpgitcontrol.php
index 18ddde5..18956b9 100644
--- a/gwvplib/gwvpgitcontrol.php
+++ b/gwvplib/gwvpgitcontrol.php
@@ -330,7 +330,11 @@ function gwvp_repoExists($name)
 	else return false;
 }
 
-function gwvp_createGitRepo($name, $bundle=null)
+// default perms:
+// 0 - anyone can clone/read, only owner can write
+// 1 - noone can clone/read, repo is visible (i.e. name), only owner can read/write repo
+// 2 - only owner can see anything
+function gwvp_createGitRepo($name, $ownerid, $desc, $bundle=null, $defaultperms=0)
 {
 	global $repo_base;
 	
@@ -346,7 +350,39 @@ function gwvp_createGitRepo($name, $bundle=null)
 		chdir("$repo_base/$name.git");
 		exec("/usr/bin/git update-server-info");
 	}
+
+	// gwvp_AddRepo($reponame, $repodesc, $repoowner, $defaultperms = 0)
+	gwvp_AddRepo($name, $desc, $ownerid, $defaultperms);
 	
 	return true;
 }
+
+// this funciton returns one of three things, read, visible, write, none
+// as
+// 0 - none
+// 1 - visible
+// 2 - read
+// 3 - write
+function gwvp_resolvRepoPerms($userid, $repoid)
+{
+	$ownerid = gwvp_getRepoOwner($repoid);
+	$isadmin = gwvp_IsUserAdmin(null, null, $userid);
+	
+	if($isadmin) return 3;
+	
+	if($userid == $ownerid) return 3;
+	
+	// now we load the perms table and pray
+	$repoperms = gwvp_getRepoPermissions($repoid);
+	$usergroups = gwvp_getGroupsForUser(null, $userid);
+
+	$maxperm = 0;
+	foreach($repoperms as $perm) {
+		// need to go thru each perm, then check it agains the user we're trying to figure
+		// the perms on
+		
+		
+	}
+}
+
 ?>
\ No newline at end of file
diff --git a/gwvplib/gwvprepoadmin.php b/gwvplib/gwvprepoadmin.php
index 07bab8e..baa7cf1 100644
--- a/gwvplib/gwvprepoadmin.php
+++ b/gwvplib/gwvprepoadmin.php
@@ -46,6 +46,8 @@ function gwvp_CreateRepoPage()
 	gwvp_goMainPage("gwvp_CreateRepoPageBody");
 }
 
+//function gwvp_createGitRepo($name, $ownerid, $desc, $defaultperms=0, $bundle=null)
+
 function gwvp_DoCreateRepoPage()
 {
 	global $BASE_URL;
@@ -59,9 +61,11 @@ function gwvp_DoCreateRepoPage()
 		//header("Location: $BASE_URL/admin/repos/create?reponameobv=$reponame&repodescobv=$repodesc");
 	} else if($_FILES["bundlefile"]["size"] > 0) { // 		if(isset($_FILES["bundlefile"]["size"]))  <--- this needs to happen here TODO
 		error_log("bundle file tmpname is ".$_FILES["bundlefile"]["tmp_name"]);
-		gwvp_createGitRepo($reponame, $_FILES["bundlefile"]["tmp_name"]);
+		// function gwvp_createGitRepo($name, $ownerid, $desc, $defaultperms=0, $bundle=null)
+		// TODO: deal with default perms
+		gwvp_createGitRepo($reponame, $_SESSION["id"], $repodesc, $_FILES["bundlefile"]["tmp_name"]);
 		gwvp_SendMessage("info", "Repo, $reponame, created");
-	} else if(gwvp_createGitRepo($reponame)) {
+	} else if(gwvp_createGitRepo($reponame, $_SESSION["id"], $repodesc)) {
 		gwvp_SendMessage("info", "Repo, $reponame, created");
 	}
 	header("Location: $BASE_URL/admin/repos");
@@ -153,11 +157,6 @@ function gwvp_RepoAdminPageBody()
 	return;
 }
 
-// this funciton returns one of three things
-function gwvp_resolvRepoPerms($userid, $repoid)
-{
-	
-}
 
 
 
-- 
1.7.0.4