Fossil

Check-in [60e8a08f]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not allow edits to wiki pages associated with branches, checkins, or tags for users who do not also have checkin privileges.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | describe-objects-using-wiki
Files: files | file ages | folders
SHA3-256: 60e8a08f2200140bd5d94fedbc195bcfc59d595da4a28c4089eb0463683236c8
User & Date: drh 2018-12-31 14:33:51.374
Context
2018-12-31
20:10
Allow wiki pages with names like "branch/BRANCH", "checkin/HASH", and "tag/TAGNAME" to automatically link to displays of the corresponding branch, checkin, or tag. ... (check-in: 56023854 user: drh tags: trunk)
14:33
Do not allow edits to wiki pages associated with branches, checkins, or tags for users who do not also have checkin privileges. ... (Closed-Leaf check-in: 60e8a08f user: drh tags: describe-objects-using-wiki)
02:13
Change the /info page Overview section to have "Wiki:" links for wiki display, instead of "Edit Wiki:" links. Users who want to edit, can do the additional "Edit" click from the wiki page. Also have /info honor the nowiki query parameter. ... (check-in: f17a5198 user: drh tags: describe-objects-using-wiki)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/info.c.
689
690
691
692
693
694
695

696
697
698
699
700
701
702
    char *zEUser, *zEComment;
    const char *zUser;
    const char *zOrigUser;
    const char *zComment;
    const char *zDate;
    const char *zOrigDate;
    const char *zBrName;

    Blob wiki_links = BLOB_INITIALIZER;

    style_header("Check-in [%S]", zUuid);
    login_anonymous_available();
    zEUser = db_text(0,
                   "SELECT value FROM tagxref"
                   " WHERE tagid=%d AND rid=%d AND tagtype>0",







>







689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
    char *zEUser, *zEComment;
    const char *zUser;
    const char *zOrigUser;
    const char *zComment;
    const char *zDate;
    const char *zOrigDate;
    const char *zBrName;
    int okWiki = 0;
    Blob wiki_links = BLOB_INITIALIZER;

    style_header("Check-in [%S]", zUuid);
    login_anonymous_available();
    zEUser = db_text(0,
                   "SELECT value FROM tagxref"
                   " WHERE tagid=%d AND rid=%d AND tagtype>0",
759
760
761
762
763
764
765

766
767

768
769

770
771

772
773
774
775
776
777
778
                   " WHERE rid=%d AND tagtype>0 "
                   "   AND tag.tagid=tagxref.tagid "
                   "   AND +tag.tagname GLOB 'sym-*'", rid);
    while( db_step(&q2)==SQLITE_ROW ){
      const char *zTagName = db_column_text(&q2, 0);
      if( fossil_strcmp(zTagName,zBrName)==0 ){
        @  | %z(href("%R/timeline?r=%T&unhide",zTagName))%h(zTagName)</a>

        blob_appendf(&wiki_links, " | %z%h</a>",
            href("%R/wiki?name=branch/%h",zTagName), zTagName);

      }else{
        @  | %z(href("%R/timeline?t=%T&unhide",zTagName))%h(zTagName)</a>

        blob_appendf(&wiki_links, " | %z%h</a>",
            href("%R/wiki?name=tag/%h",zTagName), zTagName);

      }
    }
    db_finalize(&q2);
    @ </td></tr>

    @ <tr><th>Files:</th>
    @   <td>







>
|
|
>


>
|
|
>







760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
                   " WHERE rid=%d AND tagtype>0 "
                   "   AND tag.tagid=tagxref.tagid "
                   "   AND +tag.tagname GLOB 'sym-*'", rid);
    while( db_step(&q2)==SQLITE_ROW ){
      const char *zTagName = db_column_text(&q2, 0);
      if( fossil_strcmp(zTagName,zBrName)==0 ){
        @  | %z(href("%R/timeline?r=%T&unhide",zTagName))%h(zTagName)</a>
        if( g.perm.Write || wiki_tagid2("branch",zTagName)!=0 ){
          blob_appendf(&wiki_links, " | %z%h</a>",
              href("%R/wiki?name=branch/%h",zTagName), zTagName);
        }
      }else{
        @  | %z(href("%R/timeline?t=%T&unhide",zTagName))%h(zTagName)</a>
        if( g.perm.Write || wiki_tagid2("tag",zTagName)!=0 ){
          blob_appendf(&wiki_links, " | %z%h</a>",
              href("%R/wiki?name=tag/%h",zTagName), zTagName);
        }
      }
    }
    db_finalize(&q2);
    @ </td></tr>

    @ <tr><th>Files:</th>
    @   <td>
814
815
816
817
818
819
820







821



822

823

824
825

826
827
828
829
830
831
832
        const char *zDate = db_column_text(&q2, 2);
        if( zUser==0 || zUser[0]==0 ) zUser = "unknown";
        @ <tr><th>Received&nbsp;From:</th>
        @ <td>%h(zUser) @ %h(zIpAddr) on %s(zDate)</td></tr>
      }
      db_finalize(&q2);
    }







    if( g.perm.RdWiki && db_get_boolean("wiki-about",1) ){



      @ <tr><th>Wiki:</th>

      @ <td>%z(href("%R/wiki?name=checkin/%s",zUuid))this checkin</a>

      @ %b(&wiki_links)</td>
    }

    if( g.perm.Hyperlink ){
      @ <tr><th>Other&nbsp;Links:</th>
      @   <td>
      @   %z(href("%R/artifact/%!S",zUuid))manifest</a>
      @ | %z(href("%R/ci_tags/%!S",zUuid))tags</a>
      if( g.perm.Admin ){
        @   | %z(href("%R/mlink?ci=%!S",zUuid))mlink table</a>







>
>
>
>
>
>
>
|
>
>
>
|
>
|
>
|

>







819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
        const char *zDate = db_column_text(&q2, 2);
        if( zUser==0 || zUser[0]==0 ) zUser = "unknown";
        @ <tr><th>Received&nbsp;From:</th>
        @ <td>%h(zUser) @ %h(zIpAddr) on %s(zDate)</td></tr>
      }
      db_finalize(&q2);
    }

    /* Only show links to wiki pages if the users can read wiki,
    ** and only if the wiki pages already exist or the user has the
    ** ability to create new ones. */
    if( g.perm.RdWiki
     && (g.perm.Write || blob_size(&wiki_links)>0
           || (okWiki = wiki_tagid2("checkin",zUuid))!=0)
     && db_get_boolean("wiki-about",1)
    ){
      const char *zLinks = blob_str(&wiki_links);
      if( zLinks[0] ) zLinks += 3;
      @ <tr><th>Wiki:</th><td>\
      if( g.perm.Write || okWiki ){
        @ %z(href("%R/wiki?name=checkin/%s",zUuid))this checkin</a> | \
      }
      @ %s(zLinks)</td></tr>
    }

    if( g.perm.Hyperlink ){
      @ <tr><th>Other&nbsp;Links:</th>
      @   <td>
      @   %z(href("%R/artifact/%!S",zUuid))manifest</a>
      @ | %z(href("%R/ci_tags/%!S",zUuid))tags</a>
      if( g.perm.Admin ){
        @   | %z(href("%R/mlink?ci=%!S",zUuid))mlink table</a>
Changes to src/wiki.c.
76
77
78
79
80
81
82




83
84
85
86
87
88
89

/*
** Return the tagid associated with a particular wiki page.
*/
int wiki_tagid(const char *zPageName){
  return db_int(0, "SELECT tagid FROM tag WHERE tagname='wiki-%q'",zPageName);
}





/*
** Return the RID of the next or previous version of a wiki page.  
** Return 0 if rid is the last/first version.
*/
int wiki_next(int tagid, double mtime){
  return db_int(0,







>
>
>
>







76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

/*
** Return the tagid associated with a particular wiki page.
*/
int wiki_tagid(const char *zPageName){
  return db_int(0, "SELECT tagid FROM tag WHERE tagname='wiki-%q'",zPageName);
}
int wiki_tagid2(const char *zPrefix, const char *zPageName){
  return db_int(0, "SELECT tagid FROM tag WHERE tagname='wiki-%q/%q'",
                zPrefix, zPageName);
}

/*
** Return the RID of the next or previous version of a wiki page.  
** Return 0 if rid is the last/first version.
*/
int wiki_next(int tagid, double mtime){
  return db_int(0,
369
370
371
372
373
374
375




















376
377
378
379
380
381
382
    style_header("Notes About Tag %h", zPageName + 4);
    style_submenu_element("Tag Timeline","%R/timeline?t=%t",zPageName + 4);
  }
  else{
    style_header("%s%s", zExtra, zPageName);
  }
}





















/*
** WEBPAGE: wiki
** URL: /wiki?name=PAGENAME
*/
void wiki_page(void){
  char *zTag;







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
    style_header("Notes About Tag %h", zPageName + 4);
    style_submenu_element("Tag Timeline","%R/timeline?t=%t",zPageName + 4);
  }
  else{
    style_header("%s%s", zExtra, zPageName);
  }
}

/*
** Wiki pages with special names "branch/...", "checkin/...", and "tag/..."
** requires perm.Write privilege in addition to perm.WrWiki in order
** to write.  This function determines whether the extra perm.Write
** is required and available.  Return true if writing to the wiki page
** may proceed, and return false if permission is lacking.
*/
static int wiki_special_permission(const char *zPageName){
  if( strncmp(zPageName,"branch/",7)!=0
   && strncmp(zPageName,"checkin/",8)!=0
   && strncmp(zPageName,"tag/",4)!=0
  ){
    return 1;
  }
  if( db_get_boolean("wiki-about",1)==0 ){
    return 1;
  }
  return g.perm.Write;
}

/*
** WEBPAGE: wiki
** URL: /wiki?name=PAGENAME
*/
void wiki_page(void){
  char *zTag;
422
423
424
425
426
427
428
429


430
431
432
433
434
435
436
    if( pWiki ){
      zBody = pWiki->zWiki;
      zMimetype = pWiki->zMimetype;
    }
  }
  zMimetype = wiki_filter_mimetypes(zMimetype);
  if( !g.isHome ){
    if( (rid && g.perm.WrWiki) || (!rid && g.perm.NewWiki) ){


      if( db_get_boolean("wysiwyg-wiki", 0) ){
        style_submenu_element("Edit", "%s/wikiedit?name=%T&wysiwyg=1",
             g.zTop, zPageName);
      }else{
        style_submenu_element("Edit", "%s/wikiedit?name=%T", g.zTop, zPageName);
      }
    }







|
>
>







446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
    if( pWiki ){
      zBody = pWiki->zWiki;
      zMimetype = pWiki->zMimetype;
    }
  }
  zMimetype = wiki_filter_mimetypes(zMimetype);
  if( !g.isHome ){
    if( ((rid && g.perm.WrWiki) || (!rid && g.perm.NewWiki))
     && wiki_special_permission(zPageName)
    ){
      if( db_get_boolean("wysiwyg-wiki", 0) ){
        style_submenu_element("Edit", "%s/wikiedit?name=%T&wysiwyg=1",
             g.zTop, zPageName);
      }else{
        style_submenu_element("Edit", "%s/wikiedit?name=%T", g.zTop, zPageName);
      }
    }
552
553
554
555
556
557
558




559
560
561
562
563
564
565
    zTag = mprintf("wiki-%s", zPageName);
    rid = db_int(0,
      "SELECT rid FROM tagxref"
      " WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)"
      " ORDER BY mtime DESC", zTag
    );
    free(zTag);




    if( (rid && !g.perm.WrWiki) || (!rid && !g.perm.NewWiki) ){
      login_needed(rid ? g.anon.WrWiki : g.anon.NewWiki);
      return;
    }
    if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI, 0))!=0 ){
      zBody = pWiki->zWiki;
      zMimetype = pWiki->zMimetype;







>
>
>
>







578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
    zTag = mprintf("wiki-%s", zPageName);
    rid = db_int(0,
      "SELECT rid FROM tagxref"
      " WHERE tagid=(SELECT tagid FROM tag WHERE tagname=%Q)"
      " ORDER BY mtime DESC", zTag
    );
    free(zTag);
    if( !wiki_special_permission(zPageName) ){
      login_needed(0);
      return;
    }
    if( (rid && !g.perm.WrWiki) || (!rid && !g.perm.NewWiki) ){
      login_needed(rid ? g.anon.WrWiki : g.anon.NewWiki);
      return;
    }
    if( zBody==0 && (pWiki = manifest_get(rid, CFTYPE_WIKI, 0))!=0 ){
      zBody = pWiki->zWiki;
      zMimetype = pWiki->zMimetype;