Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Allow Admin user to changes user information. Add a "User" link on the main menu for Admin users. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | f8831f447afc6de276525f5f47ff6e0f |
| User & Date: | drh 2008-07-19 16:03:02 |
Context
|
2008-07-19
| ||
| 18:18 | Add the ability to edit check-in comments and users from the web interface. check-in: f0474b87 user: drh tags: trunk | |
| 16:03 | Allow Admin user to changes user information. Add a "User" link on the main menu for Admin users. check-in: f8831f44 user: drh tags: trunk | |
| 15:40 | Improved explanation of privileges on the User Edit screen. check-in: 92f6d3d7 user: drh tags: trunk | |
Changes
Changes to src/setup.c.
91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 ... 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 ... 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 ... 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 |
** Show a list of users. Clicking on any user jumps to the edit
** screen for that user.
*/
void setup_ulist(void){
Stmt s;
login_check_credentials();
if( !g.okSetup ){
login_needed();
return;
}
style_submenu_element("Add", "Add User", "setup_uedit");
style_header("User List");
@ <table border="0" cellpadding="0" cellspacing="25">
................................................................................
@ <tr>
@ <th align="right">User ID</th><td width="20"> </td>
@ <th>Capabilities</th><td width="15"> </td>
@ <th>Contact Info</th>
@ </tr>
db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login");
while( db_step(&s)==SQLITE_ROW ){
@ <tr>
@ <td align="right">
if( g.okAdmin ){
@ <a href="setup_uedit?id=%d(db_column_int(&s,0))">
}
@ <nobr>%h(db_column_text(&s,1))</nobr>
if( g.okAdmin ){
@ </a>
}
@ </td><td> </td>
@ <td align="center">%s(db_column_text(&s,2))</td>
@ <td> </td>
@ <td align="left">%s(db_column_text(&s,3))</td>
@ </tr>
}
@ </table></td></tr></table>
@ <td valign="top">
@ <b>Notes:</b>
................................................................................
/* Check to see if an ADMIN user is trying to edit a SETUP account.
** Don't allow that.
*/
zId = PD("id", "0");
uid = atoi(zId);
if( zId && !g.okSetup && uid>0 ){
char *zOldCaps;
zOldCaps = db_text(0, "SELECT caps FROM user WHERE uid=%d",uid);
higherUser = zOldCaps && strchr(zOldCaps,'s');
}
if( P("can") ){
cgi_redirect("setup_ulist");
return;
}
................................................................................
@ <td><input type="submit" name="submit" value="Apply Changes">
@ </tr>
}
@ </table></td></tr></table>
@ <p><b>Notes:</b></p>
@ <ol>
if( higherUser ){
@ <li><p>
@ User %h(zId) has Setup privileges and you only have Admin privileges
@ so you are not permitted to make changes to %h(zId).
@ </p></li>
@
}
@
@ <li><p>
@ The <b>Setup</b> user can make arbitrary configuration changes.
@ An <b>Admin</b> user can add other users and change user privileges
@ and reset user passwords.
@ Use these two settings with discretion.
@ </p></li>
@
@ <li><p>
@ The <b>Delete</b> privilege give the user the ability to erase
@ wiki, tickets, and attachments that have been added by anonymous
@ users. This capability is intended for deletion of spam. The
@ delete capability is only in effect for 24 hours after the item
|
| > > | | | | | | | | | |
91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 ... 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 ... 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 ... 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 |
** Show a list of users. Clicking on any user jumps to the edit
** screen for that user.
*/
void setup_ulist(void){
Stmt s;
login_check_credentials();
if( !g.okAdmin ){
login_needed();
return;
}
style_submenu_element("Add", "Add User", "setup_uedit");
style_header("User List");
@ <table border="0" cellpadding="0" cellspacing="25">
................................................................................
@ <tr>
@ <th align="right">User ID</th><td width="20"> </td>
@ <th>Capabilities</th><td width="15"> </td>
@ <th>Contact Info</th>
@ </tr>
db_prepare(&s, "SELECT uid, login, cap, info FROM user ORDER BY login");
while( db_step(&s)==SQLITE_ROW ){
const char *zCap = db_column_text(&s, 2);
if( strstr(zCap, "s") ) zCap = "s";
@ <tr>
@ <td align="right">
if( g.okAdmin && (zCap[0]!='s' || g.okSetup) ){
@ <a href="setup_uedit?id=%d(db_column_int(&s,0))">
}
@ <nobr>%h(db_column_text(&s,1))</nobr>
if( g.okAdmin ){
@ </a>
}
@ </td><td> </td>
@ <td align="center">%s(zCap)</td>
@ <td> </td>
@ <td align="left">%s(db_column_text(&s,3))</td>
@ </tr>
}
@ </table></td></tr></table>
@ <td valign="top">
@ <b>Notes:</b>
................................................................................
/* Check to see if an ADMIN user is trying to edit a SETUP account.
** Don't allow that.
*/
zId = PD("id", "0");
uid = atoi(zId);
if( zId && !g.okSetup && uid>0 ){
char *zOldCaps;
zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid);
higherUser = zOldCaps && strchr(zOldCaps,'s');
}
if( P("can") ){
cgi_redirect("setup_ulist");
return;
}
................................................................................
@ <td><input type="submit" name="submit" value="Apply Changes">
@ </tr>
}
@ </table></td></tr></table>
@ <p><b>Notes:</b></p>
@ <ol>
if( higherUser ){
@ <li><p><font color="blue"><b>
@ User %h(zLogin) has Setup privileges and you only have Admin privileges
@ so you are not permitted to make changes to %h(zLogin).
@ </b></font></p></li>
@
}
@
@ <li><p>
@ The <b>Setup</b> user can make arbitrary configuration changes.
@ An <b>Admin</b> user can add other users and change user privileges
@ and reset user passwords. Both automatically get all other privileges
@ listed below. Use these two settings with discretion.
@ </p></li>
@
@ <li><p>
@ The <b>Delete</b> privilege give the user the ability to erase
@ wiki, tickets, and attachments that have been added by anonymous
@ users. This capability is intended for deletion of spam. The
@ delete capability is only in effect for 24 hours after the item
|
Changes to src/style.c.
188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
@ html "<a href='$baseurl/reportlist'>Bugs</a>"
@ }
@ if {[hascap j]} {
@ html "<a href='$baseurl/wiki'>Wiki</a>"
@ }
@ if {[hascap s]} {
@ html "<a href='$baseurl/setup'>Setup</a>"
@ }
@ if {[info exists login]} {
@ html "<a href='$baseurl/login'>Logout</a>"
@ } else {
@ html "<a href='$baseurl/login'>Login</a>"
@ }
@ </th1></div>
|
> > |
188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 |
@ html "<a href='$baseurl/reportlist'>Bugs</a>"
@ }
@ if {[hascap j]} {
@ html "<a href='$baseurl/wiki'>Wiki</a>"
@ }
@ if {[hascap s]} {
@ html "<a href='$baseurl/setup'>Setup</a>"
@ } elseif {[hascap a]} {
@ html "<a href='$baseurl/setup_ulist'>Users</a>"
@ }
@ if {[info exists login]} {
@ html "<a href='$baseurl/login'>Logout</a>"
@ } else {
@ html "<a href='$baseurl/login'>Login</a>"
@ }
@ </th1></div>
|