Fossil: Check-in [55a76439]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	An extension of [3941824d] to remove all mention of 'd' capability from the code, not just ifdef or comment it out. Also removes it from the docs and from the default capability set for Developer, dei -> ei.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| eradicate-d-cap
Files:	files \| file ages \| folders
SHA3-256:	55a76439382ffc5df495a610392f222fff567463a915abc4b75bcd374babebda
User & Date:	wyoung 2020-03-12 16:56:27

Context

2020-03-12
18:02		Removed a "#if 0" related to this branch. ... (check-in: dfa6609a user: wyoung tags: eradicate-d-cap)
16:56		An extension of [3941824d] to remove all mention of 'd' capability from the code, not just ifdef or comment it out. Also removes it from the docs and from the default capability set for Developer, dei -> ei. ... (check-in: 55a76439 user: wyoung tags: eradicate-d-cap)
10:50		Omit the 'd' capability (the ability to delete wiki and tickets). This capability does not do anything. Apparently, it is a hold-over from the old CVSTrac code. ... (check-in: 3941824d user: drh tags: trunk)

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/db.c.

Changes to src/json.c.

Changes to src/login.c.

Changes to src/main.c.

Changes to www/caps/index.md.

Changes to www/caps/ref.html.

︙			︙
1225 1226 1227 1228 1229 1230 1231 ~~1232~~ 1233 1234 1235 1236 1237 1238 1239 1240 ~~1241~~ 1242 1243 1244 1245 1246 1247 1248	switch( zCap[i] ){ case 's': p->Setup = 1; /* Fall thru into Admin / case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip = p->RdWiki = p->WrWiki = p->NewWiki = p->ApndWiki = p->Hyperlink = p->Clone = p->NewTkt = p->Password = p->RdAddr = p->TktFmt = p->Attach = p->ApndTkt = ~~p->ModWiki = p->ModTkt = ~~p->Delete =~~~~ p->RdForum = p->WrForum = p->ModForum = p->WrTForum = p->AdminForum = p->EmailAlert = p->Announce = p->Debug = 1; / Fall thru into Read/Write / case 'i': p->Read = p->Write = 1; break; case 'o': p->Read = 1; break; case 'z': p->Zip = 1; break; ~~case 'd': p->Delete = 1; / Not Used */ break;~~ case 'h': p->Hyperlink = 1; break; case 'g': p->Clone = 1; break; case 'p': p->Password = 1; break; case 'j': p->RdWiki = 1; break; case 'k': p->WrWiki = p->RdWiki = p->ApndWiki =1; break; case 'm': p->ApndWiki = 1; break;	\| <	1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247	switch( zCap[i] ){ case 's': p->Setup = 1; /* Fall thru into Admin / case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip = p->RdWiki = p->WrWiki = p->NewWiki = p->ApndWiki = p->Hyperlink = p->Clone = p->NewTkt = p->Password = p->RdAddr = p->TktFmt = p->Attach = p->ApndTkt = p->ModWiki = p->ModTkt = p->RdForum = p->WrForum = p->ModForum = p->WrTForum = p->AdminForum = p->EmailAlert = p->Announce = p->Debug = 1; / Fall thru into Read/Write */ case 'i': p->Read = p->Write = 1; break; case 'o': p->Read = 1; break; case 'z': p->Zip = 1; break; case 'h': p->Hyperlink = 1; break; case 'g': p->Clone = 1; break; case 'p': p->Password = 1; break; case 'j': p->RdWiki = 1; break; case 'k': p->WrWiki = p->RdWiki = p->ApndWiki =1; break; case 'm': p->ApndWiki = 1; break;
︙			︙
1318 1319 1320 1321 1322 1323 1324 ~~1325~~ 1326 1327 1328 1329 1330 1331 1332	FossilUserPerms p = (flgs & LOGIN_ANON) ? &g.anon : &g.perm; if( nCap<0 ) nCap = strlen(zCap); for(i=0; i<nCap && rc && zCap[i]; i++){ switch( zCap[i] ){ case 'a': rc = p->Admin; break; case 'b': rc = p->Attach; break; case 'c': rc = p->ApndTkt; break; ~~case 'd': rc = p->Delete; break; / Not used */~~ case 'e': rc = p->RdAddr; break; case 'f': rc = p->NewWiki; break; case 'g': rc = p->Clone; break; case 'h': rc = p->Hyperlink; break; case 'i': rc = p->Write; break; case 'j': rc = p->RdWiki; break; case 'k': rc = p->WrWiki; break;	<	1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330	FossilUserPerms *p = (flgs & LOGIN_ANON) ? &g.anon : &g.perm; if( nCap<0 ) nCap = strlen(zCap); for(i=0; i<nCap && rc && zCap[i]; i++){ switch( zCap[i] ){ case 'a': rc = p->Admin; break; case 'b': rc = p->Attach; break; case 'c': rc = p->ApndTkt; break; case 'e': rc = p->RdAddr; break; case 'f': rc = p->NewWiki; break; case 'g': rc = p->Clone; break; case 'h': rc = p->Hyperlink; break; case 'i': rc = p->Write; break; case 'j': rc = p->RdWiki; break; case 'k': rc = p->WrWiki; break;
︙			︙

︙			︙
63 64 65 66 67 68 69 ~~70 71~~ 72 73 74 75 76 77 78	category. Fossil shows how these capabilities apply hierarchically in the user editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]` tags next to each capability check box. If a user gets a capability from one of the user categories already assigned to it, there is no value in redundantly assigning that same cap to the user explicitly. For example, ~~with the default dei cap set for the “developer” category, the cap set ve is redundant because v grants dei, which includes~~ e. We suggest that you lean heavily on these fixed user categories when setting up new users. Ideally, your users will group neatly into one of the predefined categories, but if not, you might be able to shoehorn them into our fixed scheme. For example, the administrator of a wiki-only Fossil repo for non-developers could treat the “developer”	\| \|	63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78	category. Fossil shows how these capabilities apply hierarchically in the user editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]` tags next to each capability check box. If a user gets a capability from one of the user categories already assigned to it, there is no value in redundantly assigning that same cap to the user explicitly. For example, with the default ei cap set for the “developer” category, the cap set ve is redundant because v grants ei, which includes e. We suggest that you lean heavily on these fixed user categories when setting up new users. Ideally, your users will group neatly into one of the predefined categories, but if not, you might be able to shoehorn them into our fixed scheme. For example, the administrator of a wiki-only Fossil repo for non-developers could treat the “developer”
︙			︙
149 150 151 152 153 154 155 ~~156 157~~ 158 159 160 161 162 163 164	[k][k][p][p][t][t][w][w] caps to those granted by “nobody” and “anonymous”. This category is not well-named, because the default caps are all about modifying repository content: edit existing wiki pages, change one’s own password, create new ticket report formats, and modify existing tickets. This category would be better named “participant”. Those in the “developer” category get the “nobody” and “anonymous” cap ~~sets plus [~~d][d][~~e][e][i][i]: ~~delete wiki articles and tickets,~~ view sensitive user material, and check in changes.~~ [bot]: ../antibot.wiki ## <a name="pvt"></a>Consequences of Taking a Repository Private When you click Admin → Security-Audit → “Take it private,” one of the	\| \|	149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164	[k][k][p][p][t][t][w][w] caps to those granted by “nobody” and “anonymous”. This category is not well-named, because the default caps are all about modifying repository content: edit existing wiki pages, change one’s own password, create new ticket report formats, and modify existing tickets. This category would be better named “participant”. Those in the “developer” category get the “nobody” and “anonymous” cap sets plus [e][e][i][i]: view sensitive user material and check in changes. [bot]: ../antibot.wiki ## <a name="pvt"></a>Consequences of Taking a Repository Private When you click Admin → Security-Audit → “Take it private,” one of the
︙			︙