Fossil

Check-in [59442179]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:On the /setup_ucap_list page, show the number of users having each capability, with a link to a list of users. This only works for administrators.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:594421796a9ab8f2ab59250e3f09b704b76e2d9a6efc2f038bcc4a872de1f250
User & Date: drh 2018-10-04 14:56:03
Context
2018-10-04
18:35
Activate CSP for the bootstrap skin. check-in: a762ba1f user: drh tags: trunk
14:56
On the /setup_ucap_list page, show the number of users having each capability, with a link to a list of users. This only works for administrators. check-in: 59442179 user: drh tags: trunk
14:08
Update list of common commands in man page check-in: cc6f7a92 user: andygoth tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/capabilities.c.

226
227
228
229
230
231
232

233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304





















305
306
307
308
309
310
311
312

313

314

315
316
317





318



319
320
321
322
323
324
325

/*
** The following structure holds descriptions of the various capabilities.
*/
static struct Caps {
  char cCap;              /* The capability letter */
  unsigned short eClass;  /* The "class" for this capability */

  char *zAbbrev;          /* Abbreviated mnemonic name */
  char *zOneLiner;        /* One-line summary */
} aCap[] = {
  { 'a', CAPCLASS_SUPER,
    "Admin", "Create and delete users" },
  { 'b', CAPCLASS_WIKI|CAPCLASS_TKT,
    "Attach", "Add attchments to wiki or tickets" },
  { 'c', CAPCLASS_TKT,
    "Append-Tkt", "Append to existing tickets" },
  { 'd', CAPCLASS_WIKI|CAPCLASS_TKT,
    "Delete", "Delete wiki or tickets" },
  { 'e', CAPCLASS_DATA,
    "View-PII", "View sensitive info such as email addresses" },
  { 'f', CAPCLASS_WIKI,
    "New-Wiki", "Create new wiki pages" },
  { 'g', CAPCLASS_DATA,
    "Clone", "Clone the repository" },
  { 'h', CAPCLASS_OTHER,
    "Hyperlinks", "Show hyperlinks to detailed repository history" },
  { 'i', CAPCLASS_CODE,
    "Check-In", "Check-in code changes" },
  { 'j', CAPCLASS_WIKI,
    "Read-Wiki", "View wiki pages" },
  { 'k', CAPCLASS_WIKI,
    "Write-Wiki", "Edit wiki pages" },
  { 'l', CAPCLASS_WIKI|CAPCLASS_SUPER,
    "Mod-Wiki", "Moderator for wiki pages" },
  { 'm', CAPCLASS_WIKI,
    "Append-Wiki", "Append to wiki pages" },
  { 'n', CAPCLASS_TKT,
    "New-Tkt", "Create new tickets" },
  { 'o', CAPCLASS_CODE,
    "Check-Out", "Check out code" },
  { 'p', CAPCLASS_OTHER,
    "Password", "Change your own password" },
  { 'q', CAPCLASS_TKT|CAPCLASS_SUPER,
    "Mod-Tkt", "Moderate tickets" },
  { 'r', CAPCLASS_TKT,
    "Read-Tkt", "View tickets" },
  { 's', CAPCLASS_SUPER,
    "Superuser", "Setup and configure the respository" },
  { 't', CAPCLASS_TKT,
    "Reports", "Create new ticket report formats" },
  { 'u', CAPCLASS_OTHER,
    "Reader", "Inherit all the capabilities of the \"reader\" user" },
  { 'v', CAPCLASS_OTHER,
    "Developer", "Inherit all capabilities of the \"developer\" user" },
  { 'w', CAPCLASS_TKT,
    "Write-Tkt", "Edit tickets" },
  { 'x', CAPCLASS_DATA,
    "Private", "Push and/or pull private branches" },
  { 'y', CAPCLASS_SUPER,
    "Write-UV", "Push unversioned content" },
  { 'z', CAPCLASS_CODE,
    "Zip-Download", "Download a ZIP archive, tarball, or SQL archive" },
  { '2', CAPCLASS_FORUM,
    "Forum-Read", "Read forum posts by others" },
  { '3', CAPCLASS_FORUM,
    "Forum-Write", "Create new forum messages" },
  { '4', CAPCLASS_FORUM,
    "Forum-Trusted", "Create forum messages that bypass moderation" },
  { '5', CAPCLASS_FORUM|CAPCLASS_SUPER,
    "Forum-Mod", "Moderator for forum messages" },
  { '6', CAPCLASS_FORUM|CAPCLASS_SUPER,
    "Forum-Admin", "Set or remove capability '4' from other users" },
  { '7', CAPCLASS_ALERT,
    "Alerts", "Sign up for email alerts" },
  { 'A', CAPCLASS_ALERT|CAPCLASS_SUPER,
    "Announce", "Send announcements to all subscribers" },
  { 'D', CAPCLASS_OTHER,
    "Debug", "Enable debugging features" },
};























/*
** Generate HTML that lists all of the capability letters together with
** a brief summary of what each letter means.
*/
void capabilities_table(unsigned mClass){
  int i;

  @ <table>

  for(i=0; i<sizeof(aCap)/sizeof(aCap[0]); i++){

    if( (aCap[i].eClass & mClass)==0 ) continue;
    @ <tr><th valign="top">%c(aCap[i].cCap)</th>
    @  <td><i>%h(aCap[i].zAbbrev):</i> %h(aCap[i].zOneLiner)</td></tr>





  }



  @ </table>
}

/*
** Generate a "capability summary table" that shows the major capabilities
** against the various user categories.
*/







>



|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|


>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








>

>

>


<
>
>
>
>
>
|
>
>
>







226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341

342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357

/*
** The following structure holds descriptions of the various capabilities.
*/
static struct Caps {
  char cCap;              /* The capability letter */
  unsigned short eClass;  /* The "class" for this capability */
  unsigned nUser;         /* Number of users with this capability */
  char *zAbbrev;          /* Abbreviated mnemonic name */
  char *zOneLiner;        /* One-line summary */
} aCap[] = {
  { 'a', CAPCLASS_SUPER, 0,
    "Admin", "Create and delete users" },
  { 'b', CAPCLASS_WIKI|CAPCLASS_TKT, 0,
    "Attach", "Add attchments to wiki or tickets" },
  { 'c', CAPCLASS_TKT, 0,
    "Append-Tkt", "Append to existing tickets" },
  { 'd', CAPCLASS_WIKI|CAPCLASS_TKT, 0,
    "Delete", "Delete wiki or tickets" },
  { 'e', CAPCLASS_DATA, 0,
    "View-PII", "View sensitive info such as email addresses" },
  { 'f', CAPCLASS_WIKI, 0,
    "New-Wiki", "Create new wiki pages" },
  { 'g', CAPCLASS_DATA, 0,
    "Clone", "Clone the repository" },
  { 'h', CAPCLASS_OTHER, 0,
    "Hyperlinks", "Show hyperlinks to detailed repository history" },
  { 'i', CAPCLASS_CODE, 0,
    "Check-In", "Check-in code changes" },
  { 'j', CAPCLASS_WIKI, 0,
    "Read-Wiki", "View wiki pages" },
  { 'k', CAPCLASS_WIKI, 0,
    "Write-Wiki", "Edit wiki pages" },
  { 'l', CAPCLASS_WIKI|CAPCLASS_SUPER, 0,
    "Mod-Wiki", "Moderator for wiki pages" },
  { 'm', CAPCLASS_WIKI, 0,
    "Append-Wiki", "Append to wiki pages" },
  { 'n', CAPCLASS_TKT, 0,
    "New-Tkt", "Create new tickets" },
  { 'o', CAPCLASS_CODE, 0,
    "Check-Out", "Check out code" },
  { 'p', CAPCLASS_OTHER, 0,
    "Password", "Change your own password" },
  { 'q', CAPCLASS_TKT|CAPCLASS_SUPER, 0,
    "Mod-Tkt", "Moderate tickets" },
  { 'r', CAPCLASS_TKT, 0,
    "Read-Tkt", "View tickets" },
  { 's', CAPCLASS_SUPER, 0,
    "Superuser", "Setup and configure the respository" },
  { 't', CAPCLASS_TKT, 0,
    "Reports", "Create new ticket report formats" },
  { 'u', CAPCLASS_OTHER, 0,
    "Reader", "Inherit all the capabilities of the \"reader\" user" },
  { 'v', CAPCLASS_OTHER, 0,
    "Developer", "Inherit all capabilities of the \"developer\" user" },
  { 'w', CAPCLASS_TKT, 0,
    "Write-Tkt", "Edit tickets" },
  { 'x', CAPCLASS_DATA, 0,
    "Private", "Push and/or pull private branches" },
  { 'y', CAPCLASS_SUPER, 0,
    "Write-UV", "Push unversioned content" },
  { 'z', CAPCLASS_CODE, 0,
    "Zip-Download", "Download a ZIP archive, tarball, or SQL archive" },
  { '2', CAPCLASS_FORUM, 0,
    "Forum-Read", "Read forum posts by others" },
  { '3', CAPCLASS_FORUM, 0,
    "Forum-Write", "Create new forum messages" },
  { '4', CAPCLASS_FORUM, 0,
    "Forum-Trusted", "Create forum messages that bypass moderation" },
  { '5', CAPCLASS_FORUM|CAPCLASS_SUPER, 0,
    "Forum-Mod", "Moderator for forum messages" },
  { '6', CAPCLASS_FORUM|CAPCLASS_SUPER, 0,
    "Forum-Admin", "Set or remove capability '4' from other users" },
  { '7', CAPCLASS_ALERT, 0,
    "Alerts", "Sign up for email alerts" },
  { 'A', CAPCLASS_ALERT|CAPCLASS_SUPER, 0,
    "Announce", "Send announcements to all subscribers" },
  { 'D', CAPCLASS_OTHER, 0,
    "Debug", "Enable debugging features" },
};

/*
** Populate the aCap[].nUser values based on the current content
** of the USER table.
*/
void capabilities_count(void){
  int i;
  static int done = 0;
  Stmt q;
  if( done ) return;
  db_prepare(&q, "SELECT fullcap(cap) FROM user");
  while( db_step(&q)==SQLITE_ROW ){
    const char *zCap = db_column_text(&q, 0);
    if( zCap==0 || zCap[0]==0 ) continue;
    for(i=0; i<sizeof(aCap)/sizeof(aCap[0]); i++){
      if( strchr(zCap, aCap[i].cCap) ) aCap[i].nUser++;
    }
  }
  db_finalize(&q);
  done = 1;
}


/*
** Generate HTML that lists all of the capability letters together with
** a brief summary of what each letter means.
*/
void capabilities_table(unsigned mClass){
  int i;
  if( g.perm.Admin ) capabilities_count();
  @ <table>
  @ <tbody>
  for(i=0; i<sizeof(aCap)/sizeof(aCap[0]); i++){
    int n;
    if( (aCap[i].eClass & mClass)==0 ) continue;
    @ <tr><th valign="top">%c(aCap[i].cCap)</th>

    @  <td>%h(aCap[i].zAbbrev)</td><td>%h(aCap[i].zOneLiner)</td>\
    n = aCap[i].nUser;
    if( n && g.perm.Admin ){
      @ <td><a href="%R/setup_ulist?with=%c(aCap[i].cCap)">\
      @ %d(n) user%s(n>1?"s":"")</a></td>\
    }
    @ </tr>
  }
  @ </tbody>
  @ </table>
}

/*
** Generate a "capability summary table" that shows the major capabilities
** against the various user categories.
*/

Changes to src/setupuser.c.

40
41
42
43
44
45
46
47
48
49
50
51

52
53
54
55
56
57
58
..
85
86
87
88
89
90
91
92
93
94
95
96








97
98
99
100
101
102
103

  login_check_credentials();
  if( !g.perm.Admin ){
    login_needed(0);
    return;
  }

  if( zWith==0 || zWith[0]==0 ){
    style_submenu_element("Add", "setup_uedit");
    style_submenu_element("Log", "access_log");
    style_submenu_element("Help", "setup_ulist_notes");
    style_header("User List");

    @ <table border=1 cellpadding=2 cellspacing=0 class='userTable'>
    @ <thead><tr>
    @   <th>Category
    @   <th>Capabilities (<a href='%R/setup_ucap_list'>key</a>)
    @   <th>Info <th>Last Change</tr></thead>
    @ <tbody>
    db_prepare(&s,
................................................................................
        @ <td>%h(zDate)
      }else{
        @ <td>
      }
      @ </tr>
    }
    db_finalize(&s);
  }else{
    style_header("Users With Capabilities \"%h\"", zWith);
  }
  @ </tbody></table>
  @ <div class='section'>Users</div>








  @ <table border=1 cellpadding=2 cellspacing=0 class='userTable sortable' \
  @  data-column-types='ktxTTK' data-init-sort='2'>
  @ <thead><tr>
  @ <th>Login Name<th>Caps<th>Info<th>Date<th>Expire<th>Last Login</tr></thead>
  @ <tbody>
  db_multi_exec(
    "CREATE TEMP TABLE lastAccess(uname TEXT PRIMARY KEY, atime REAL)"







<
|
|
|
|
>







 







<
<
<
|
|
>
>
>
>
>
>
>
>







40
41
42
43
44
45
46

47
48
49
50
51
52
53
54
55
56
57
58
..
85
86
87
88
89
90
91



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

  login_check_credentials();
  if( !g.perm.Admin ){
    login_needed(0);
    return;
  }


  style_submenu_element("Add", "setup_uedit");
  style_submenu_element("Log", "access_log");
  style_submenu_element("Help", "setup_ulist_notes");
  style_header("User List");
  if( zWith==0 || zWith[0]==0 ){
    @ <table border=1 cellpadding=2 cellspacing=0 class='userTable'>
    @ <thead><tr>
    @   <th>Category
    @   <th>Capabilities (<a href='%R/setup_ucap_list'>key</a>)
    @   <th>Info <th>Last Change</tr></thead>
    @ <tbody>
    db_prepare(&s,
................................................................................
        @ <td>%h(zDate)
      }else{
        @ <td>
      }
      @ </tr>
    }
    db_finalize(&s);



    @ </tbody></table>
    @ <div class='section'>Users</div>
  }else{
    style_submenu_element("All Users", "setup_ulist");
    if( zWith[1]==0 ){
      @ <div class='section'>Users with capability "%h(zWith)"</div>
    }else{
      @ <div class='section'>Users with any capability in "%h(zWith)"</div>
    }
  }
  @ <table border=1 cellpadding=2 cellspacing=0 class='userTable sortable' \
  @  data-column-types='ktxTTK' data-init-sort='2'>
  @ <thead><tr>
  @ <th>Login Name<th>Caps<th>Info<th>Date<th>Expire<th>Last Login</tr></thead>
  @ <tbody>
  db_multi_exec(
    "CREATE TEMP TABLE lastAccess(uname TEXT PRIMARY KEY, atime REAL)"