Fossil

Check-in [8689cf8b]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the capability listing page: /setup_ucap_list
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 8689cf8b834bb3e9ae8139b8215fc8c8a53e4fce97771069d47ba0b18e73117b
User & Date: drh 2018-08-29 12:57:00
Context
2018-08-30
14:03
Update the built-in SQLite to the latest 3.25.0 alpha version, for testing. check-in: 57e80ad2 user: drh tags: trunk
2018-08-29
12:57
Improvements to the capability listing page: /setup_ucap_list check-in: 8689cf8b user: drh tags: trunk
11:17
Updates to the "How The Download Page Works" document. check-in: 498cfbf7 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/capabilities.c.

   203    203     if( zIn==0 ) zIn = "";
   204    204     p = capability_add(0, zIn);
   205    205     capability_expand(p);
   206    206     zOut = capability_string(p);
   207    207     sqlite3_result_text(context, zOut, -1, fossil_free);
   208    208     capability_free(p);
   209    209   }
          210  +
          211  +#if INTERFACE
          212  +/*
          213  +** Capabilities are grouped into "classes" as follows:
          214  +*/
          215  +#define CAPCLASS_CODE  0x0001
          216  +#define CAPCLASS_WIKI  0x0002
          217  +#define CAPCLASS_TKT   0x0004
          218  +#define CAPCLASS_FORUM 0x0008
          219  +#define CAPCLASS_DATA  0x0010
          220  +#define CAPCLASS_ALERT 0x0020
          221  +#define CAPCLASS_OTHER 0x0040
          222  +#define CAPCLASS_SUPER 0x0080
          223  +#define CAPCLASS_ALL   0xffff
          224  +#endif /* INTERFACE */
          225  +
          226  +
          227  +/*
          228  +** The following structure holds descriptions of the various capabilities.
          229  +*/
          230  +static struct Caps {
          231  +  char cCap;              /* The capability letter */
          232  +  unsigned short eClass;  /* The "class" for this capability */
          233  +  char *zAbbrev;          /* Abbreviated mnemonic name */
          234  +  char *zOneLiner;        /* One-line summary */
          235  +} aCap[] = {
          236  +  { 'a', CAPCLASS_SUPER,
          237  +    "Admin", "Create and delete users" },
          238  +  { 'b', CAPCLASS_WIKI|CAPCLASS_TKT,
          239  +    "Attach", "Add attchments to wiki or tickets" },
          240  +  { 'c', CAPCLASS_TKT,
          241  +    "Append-Tkt", "Append to existing tickets" },
          242  +  { 'd', CAPCLASS_WIKI|CAPCLASS_TKT,
          243  +    "Delete", "Delete wiki or tickets" },
          244  +  { 'e', CAPCLASS_DATA,
          245  +    "View-PII", "View sensitive info such as email addresses" },
          246  +  { 'f', CAPCLASS_WIKI,
          247  +    "New-Wiki", "Create new wiki pages" },
          248  +  { 'g', CAPCLASS_DATA,
          249  +    "Clone", "Clone the repository" },
          250  +  { 'h', CAPCLASS_OTHER,
          251  +    "Hyperlinks", "Show hyperlinks to detailed repository history" },
          252  +  { 'i', CAPCLASS_CODE,
          253  +    "Check-In", "Check-in code changes" },
          254  +  { 'j', CAPCLASS_WIKI,
          255  +    "Read-Wiki", "View wiki pages" },
          256  +  { 'k', CAPCLASS_WIKI,
          257  +    "Write-Wiki", "Edit wiki pages" },
          258  +  { 'l', CAPCLASS_WIKI|CAPCLASS_SUPER,
          259  +    "Mod-Wiki", "Moderator for wiki pages" },
          260  +  { 'm', CAPCLASS_WIKI,
          261  +    "Append-Wiki", "Append to wiki pages" },
          262  +  { 'n', CAPCLASS_TKT,
          263  +    "New-Tkt", "Create new tickets" },
          264  +  { 'o', CAPCLASS_CODE,
          265  +    "Check-Out", "Check out code" },
          266  +  { 'p', CAPCLASS_OTHER,
          267  +    "Password", "Change your own password" },
          268  +  { 'q', CAPCLASS_TKT|CAPCLASS_SUPER,
          269  +    "Mod-Tkt", "Moderate tickets" },
          270  +  { 'r', CAPCLASS_TKT,
          271  +    "Read-Tkt", "View tickets" },
          272  +  { 's', CAPCLASS_SUPER,
          273  +    "Superuser", "Setup and configure the respository" },
          274  +  { 't', CAPCLASS_TKT,
          275  +    "Reports", "Create new ticket report formats" },
          276  +  { 'u', CAPCLASS_OTHER,
          277  +    "Reader", "Inherit all the capabilities of the \"reader\" user" },
          278  +  { 'v', CAPCLASS_OTHER,
          279  +    "Developer", "Inherit all capabilities of the \"developer\" user" },
          280  +  { 'w', CAPCLASS_TKT,
          281  +    "Write-Tkt", "Edit tickets" },
          282  +  { 'x', CAPCLASS_DATA,
          283  +    "Private", "Push and/or pull private branches" },
          284  +  { 'y', CAPCLASS_SUPER,
          285  +    "Write-UV", "Push unversioned content" },
          286  +  { 'z', CAPCLASS_CODE,
          287  +    "Zip-Download", "Download a ZIP archive, tarball, or SQL archive" },
          288  +  { '2', CAPCLASS_FORUM,
          289  +    "Forum-Read", "Read forum posts by others" },
          290  +  { '3', CAPCLASS_FORUM,
          291  +    "Forum-Write", "Create new forum messages" },
          292  +  { '4', CAPCLASS_FORUM,
          293  +    "Forum-Trusted", "Create forum messages that bypass moderation" },
          294  +  { '5', CAPCLASS_FORUM|CAPCLASS_SUPER,
          295  +    "Forum-Mod", "Moderator for forum messages" },
          296  +  { '6', CAPCLASS_FORUM|CAPCLASS_SUPER,
          297  +    "Forum-Admin", "Set or remove capability '4' from other users" },
          298  +  { '7', CAPCLASS_ALERT,
          299  +    "Alerts", "Sign up for email alerts" },
          300  +  { 'A', CAPCLASS_ALERT|CAPCLASS_SUPER,
          301  +    "Announce", "Send announcements to all subscribers" },
          302  +  { 'D', CAPCLASS_OTHER,
          303  +    "Debug", "Enable debugging features" },
          304  +};
          305  +
   210    306   
   211    307   /*
   212    308   ** Generate HTML that lists all of the capability letters together with
   213    309   ** a brief summary of what each letter means.
   214    310   */
   215         -void capabilities_table(void){
          311  +void capabilities_table(unsigned mClass){
          312  +  int i;
   216    313     @ <table>
   217         -     @ <tr><th valign="top">a</th>
   218         -     @   <td><i>Admin:</i> Create and delete users</td></tr>
   219         -     @ <tr><th valign="top">b</th>
   220         -     @   <td><i>Attach:</i> Add attachments to wiki or tickets</td></tr>
   221         -     @ <tr><th valign="top">c</th>
   222         -     @   <td><i>Append-Tkt:</i> Append to tickets</td></tr>
   223         -     @ <tr><th valign="top">d</th>
   224         -     @   <td><i>Delete:</i> Delete wiki and tickets</td></tr>
   225         -     @ <tr><th valign="top">e</th>
   226         -     @   <td><i>View-PII:</i> \
   227         -     @ View sensitive data such as email addresses</td></tr>
   228         -     @ <tr><th valign="top">f</th>
   229         -     @   <td><i>New-Wiki:</i> Create new wiki pages</td></tr>
   230         -     @ <tr><th valign="top">g</th>
   231         -     @   <td><i>Clone:</i> Clone the repository</td></tr>
   232         -     @ <tr><th valign="top">h</th>
   233         -     @   <td><i>Hyperlinks:</i> Show hyperlinks to detailed
   234         -     @   repository history</td></tr>
   235         -     @ <tr><th valign="top">i</th>
   236         -     @   <td><i>Check-In:</i> Commit new versions in the repository</td></tr>
   237         -     @ <tr><th valign="top">j</th>
   238         -     @   <td><i>Read-Wiki:</i> View wiki pages</td></tr>
   239         -     @ <tr><th valign="top">k</th>
   240         -     @   <td><i>Write-Wiki:</i> Edit wiki pages</td></tr>
   241         -     @ <tr><th valign="top">l</th>
   242         -     @   <td><i>Mod-Wiki:</i> Moderator for wiki pages</td></tr>
   243         -     @ <tr><th valign="top">m</th>
   244         -     @   <td><i>Append-Wiki:</i> Append to wiki pages</td></tr>
   245         -     @ <tr><th valign="top">n</th>
   246         -     @   <td><i>New-Tkt:</i> Create new tickets</td></tr>
   247         -     @ <tr><th valign="top">o</th>
   248         -     @   <td><i>Check-Out:</i> Check out versions</td></tr>
   249         -     @ <tr><th valign="top">p</th>
   250         -     @   <td><i>Password:</i> Change your own password</td></tr>
   251         -     @ <tr><th valign="top">q</th>
   252         -     @   <td><i>Mod-Tkt:</i> Moderator for tickets</td></tr>
   253         -     @ <tr><th valign="top">r</th>
   254         -     @   <td><i>Read-Tkt:</i> View tickets</td></tr>
   255         -     @ <tr><th valign="top">s</th>
   256         -     @   <td><i>Setup/Super-user:</i> Setup and configure this website</td></tr>
   257         -     @ <tr><th valign="top">t</th>
   258         -     @   <td><i>Tkt-Report:</i> Create new bug summary reports</td></tr>
   259         -     @ <tr><th valign="top">u</th>
   260         -     @   <td><i>Reader:</i> Inherit privileges of
   261         -     @   user <tt>reader</tt></td></tr>
   262         -     @ <tr><th valign="top">v</th>
   263         -     @   <td><i>Developer:</i> Inherit privileges of
   264         -     @   user <tt>developer</tt></td></tr>
   265         -     @ <tr><th valign="top">w</th>
   266         -     @   <td><i>Write-Tkt:</i> Edit tickets</td></tr>
   267         -     @ <tr><th valign="top">x</th>
   268         -     @   <td><i>Private:</i> Push and/or pull private branches</td></tr>
   269         -     @ <tr><th valign="top">y</th>
   270         -     @   <td><i>Write-Unver:</i> Push unversioned files</td></tr>
   271         -     @ <tr><th valign="top">z</th>
   272         -     @   <td><i>Zip download:</i> Download a ZIP archive or tarball</td></tr>
   273         -     @ <tr><th valign="top">2</th>
   274         -     @   <td><i>Forum-Read:</i> Read forum posts by others </td></tr>
   275         -     @ <tr><th valign="top">3</th>
   276         -     @   <td><i>Forum-Append:</i> Add new forum posts</td></tr>
   277         -     @ <tr><th valign="top">4</th>
   278         -     @   <td><i>Forum-Trusted:</i> Add pre-approved forum posts </td></tr>
   279         -     @ <tr><th valign="top">5</th>
   280         -     @   <td><i>Forum-Moderator:</i> Approve or disapprove forum posts</td></tr>
   281         -     @ <tr><th valign="top">6</th>
   282         -     @   <td><i>Forum-Supervisor:</i> \
   283         -     @ Forum administrator: Set or remove capability "4" for other users
   284         -     @ <tr><th valign="top">7</th>
   285         -     @   <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
   286         -     @ <tr><th valign="top">A</th>
   287         -     @   <td><i>Announce:</i> Send announcements</td></tr>
   288         -     @ <tr><th valign="top">D</th>
   289         -     @   <td><i>Debug:</i> Enable debugging features</td></tr>
          314  +  for(i=0; i<sizeof(aCap)/sizeof(aCap[0]); i++){
          315  +    if( (aCap[i].eClass & mClass)==0 ) continue;
          316  +    @ <tr><th valign="top">%c(aCap[i].cCap)</th>
          317  +    @  <td><i>%h(aCap[i].zAbbrev):</i> %h(aCap[i].zOneLiner)</td></tr>
          318  +  }
   290    319     @ </table>
   291    320   }
   292    321   
   293    322   /*
   294    323   ** Generate a "capability summary table" that shows the major capabilities
   295    324   ** against the various user categories.
   296    325   */

Changes to src/setupuser.c.

   197    197     @ Users with privilege <span class="capability">v</span> inherit the combined
   198    198     @ privileges of <span class="usertype">developer</span>,
   199    199     @ <span class="usertype">anonymous</span>, and
   200    200     @ <span class="usertype">nobody</span>.
   201    201     @ </p></li>
   202    202     @
   203    203     @ <li><p>The permission flags are as follows:</p>
   204         -  capabilities_table();
          204  +  capabilities_table(CAPCLASS_ALL);
   205    205     @ </li>
   206    206     @ </ol>
   207    207     style_footer();
   208    208   }
   209    209   
   210    210   /*
   211    211   ** WEBPAGE: setup_ucap_list
   212    212   **
   213    213   ** A documentation page showing the meaning of the various user capabilities
   214    214   ** code letters.
   215    215   */
   216    216   void setup_ucap_list(void){
   217    217     style_header("User Capability Codes");
   218         -  capabilities_table();
          218  +  @ <h1>All capabilities</h1>
          219  +  capabilities_table(CAPCLASS_ALL);
          220  +  @ <h1>Capabilities associated with checked-in content</h1>
          221  +  capabilities_table(CAPCLASS_CODE);
          222  +  @ <h1>Capabilities associated with data transfer and sync</h1>
          223  +  capabilities_table(CAPCLASS_DATA);
          224  +  @ <h1>Capabilities associated with the forum</h1>
          225  +  capabilities_table(CAPCLASS_FORUM);
          226  +  @ <h1>Capabilities associated with tickets</h1>
          227  +  capabilities_table(CAPCLASS_TKT);
          228  +  @ <h1>Capabilities associated with wiki</h1>
          229  +  capabilities_table(CAPCLASS_WIKI);
          230  +  @ <h1>Administrative capabilities</h1>
          231  +  capabilities_table(CAPCLASS_SUPER);
          232  +  @ <h1>Miscellaneous capabilities</h1>
          233  +  capabilities_table(CAPCLASS_OTHER);
   219    234     style_footer();
   220    235   }
   221    236   
   222    237   /*
   223    238   ** Return true if zPw is a valid password string.  A valid
   224    239   ** password string is:
   225    240   **