Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the ability to delete users to the /setup_uedit webpage. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
1e5cdd35cd0f3b12ecd5112edec3a5d3 |
| User & Date: | drh 2018-08-30 16:05:03 |
Context
|
2018-08-30
| ||
| 21:19 | Change the name of the "email.c" source file into "alerts.c". Make corresponding changes to various interfaces. Closed-Leaf check-in: cfbbc537 user: drh tags: refactor-alerts | |
| 16:13 | Silence warning about unused variable check-in: 2f72c1fb user: andygoth tags: trunk | |
| 16:05 | Add the ability to delete users to the /setup_uedit webpage. check-in: 1e5cdd35 user: drh tags: trunk | |
| 14:43 | Attempt to make the /subscribe and /alerts forms less confusing. check-in: 6d04bab4 user: drh tags: trunk | |
Changes
Changes to src/setupuser.c.
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 ... 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 ... 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 ... 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 |
** Edit information about a user or create a new user.
** Requires Admin privileges.
*/
void user_edit(void){
const char *zId, *zLogin, *zInfo, *zCap, *zPw;
const char *zGroup;
const char *zOldLogin;
int doWrite;
int uid, i;
int higherUser = 0; /* True if user being edited is SETUP and the */
/* user doing the editing is ADMIN. Disallow editing */
const char *inherit[128];
int a[128];
const char *oa[128];
/* Must have ADMIN privileges to access this page
................................................................................
}
if( P("can") ){
/* User pressed the cancel button */
cgi_redirect(cgi_referer("setup_ulist"));
return;
}
/* If we have all the necessary information, write the new or
** modified user record. After writing the user record, redirect
** to the page that displays a list of users.
*/
doWrite = cgi_all("login","info","pw") && !higherUser && cgi_csrf_safe(1);
if( doWrite ){
char c;
char zCap[70], zNm[4];
zNm[0] = 'a';
zNm[2] = 0;
for(i=0, c='a'; c<='z'; c++){
zNm[1] = c;
a[c&0x7f] = (c!='s' || g.perm.Setup) && P(zNm)!=0;
................................................................................
@ Send Announcements%s(B('A'))</label>
@ <li><label><input type="checkbox" name="aD"%s(oa['D']) />
@ Enable Debug%s(B('D'))</label>
@ </ul></div>
@ </td>
@ </tr>
@ <tr>
@ <td class="usetupEditLabel">Selected Cap.:</td>
@ <td>
@ <span id="usetupEditCapability">(missing JS?)</span>
@ <a href="%R/setup_ucap_list">(key)</a>
@ </td>
@ </tr>
if( !login_is_special(zLogin) ){
@ <tr>
................................................................................
@ <input type="radio" name="all" checked value="0">
@ Apply changes to this repository only.<br />
@ <input type="radio" name="all" value="1">
@ Apply changes to all repositories in the "<b>%h(zGroup)</b>"
@ login group.</td></tr>
}
if( !higherUser ){
@ <tr>
@ <td> </td>
@ <td><input type="submit" name="submit" value="Apply Changes" /></td>
@ </tr>
}
@ </table>
@ </div></form>
@ </div>
style_load_one_js_file("useredit.js");
@ <hr>
|
< > > > > > > > > > > > > > > > > > > > > > > > | | > > > > > > > > > | > | > > > > > > > > | > > > > |
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 ... 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 ... 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 ... 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 |
** Edit information about a user or create a new user.
** Requires Admin privileges.
*/
void user_edit(void){
const char *zId, *zLogin, *zInfo, *zCap, *zPw;
const char *zGroup;
const char *zOldLogin;
int uid, i;
char *zDeleteVerify = 0; /* Delete user verification text */
int higherUser = 0; /* True if user being edited is SETUP and the */
/* user doing the editing is ADMIN. Disallow editing */
const char *inherit[128];
int a[128];
const char *oa[128];
/* Must have ADMIN privileges to access this page
................................................................................
}
if( P("can") ){
/* User pressed the cancel button */
cgi_redirect(cgi_referer("setup_ulist"));
return;
}
/* Check for requests to delete the user */
if( P("delete") && cgi_csrf_safe(1) ){
int n;
if( P("verifydelete") ){
/* Verified delete user request */
db_multi_exec("DELETE FROM user WHERE uid=%d", uid);
cgi_redirect(cgi_referer("setup_ulist"));
return;
}
n = db_int(0, "SELECT count(*) FROM event"
" WHERE user=%Q AND objid NOT IN private",
P("login"));
if( n==0 ){
zDeleteVerify = mprintf("Check this box and press \"Delete User\" again");
}else{
zDeleteVerify = mprintf(
"User \"%s\" has %d or more artifacts in the block-chain. "
"Delete anyhow?",
P("login")/*safe-for-%s*/, n);
}
}
/* If we have all the necessary information, write the new or
** modified user record. After writing the user record, redirect
** to the page that displays a list of users.
*/
if( !cgi_all("login","info","pw","apply") ){
/* need all of the above properties to make a change. Since one or
** more are missing, no-op */
}else if( higherUser ){
/* An Admin (a) user cannot edit a Superuser (s) */
}else if( zDeleteVerify!=0 ){
/* Need to verify a delete request */
}else if( !cgi_csrf_safe(1) ){
/* This might be a cross-site request forgery, so ignore it */
}else{
/* We have all the information we need to make the change to the user */
char c;
char zCap[70], zNm[4];
zNm[0] = 'a';
zNm[2] = 0;
for(i=0, c='a'; c<='z'; c++){
zNm[1] = c;
a[c&0x7f] = (c!='s' || g.perm.Setup) && P(zNm)!=0;
................................................................................
@ Send Announcements%s(B('A'))</label>
@ <li><label><input type="checkbox" name="aD"%s(oa['D']) />
@ Enable Debug%s(B('D'))</label>
@ </ul></div>
@ </td>
@ </tr>
@ <tr>
@ <td class="usetupEditLabel">Selected Cap:</td>
@ <td>
@ <span id="usetupEditCapability">(missing JS?)</span>
@ <a href="%R/setup_ucap_list">(key)</a>
@ </td>
@ </tr>
if( !login_is_special(zLogin) ){
@ <tr>
................................................................................
@ <input type="radio" name="all" checked value="0">
@ Apply changes to this repository only.<br />
@ <input type="radio" name="all" value="1">
@ Apply changes to all repositories in the "<b>%h(zGroup)</b>"
@ login group.</td></tr>
}
if( !higherUser ){
if( zDeleteVerify ){
@ <tr>
@ <td valign="top" align="right">Verify:</td>
@ <td><label><input type="checkbox" name="verifydelete">\
@ Confirm Delete \
@ <span class="loginError">← %h(zDeleteVerify)</span>
@ </label></td>
@ <tr>
}
@ <tr>
@ <td> </td>
@ <td><input type="submit" name="apply" value="Apply Changes">
if( !login_is_special(zLogin) ){
@ <input type="submit" name="delete" value="Delete User">
}
@ <input type="submit" name="can" value="Cancel"></td>
@ </tr>
}
@ </table>
@ </div></form>
@ </div>
style_load_one_js_file("useredit.js");
@ <hr>
|