Fossil

Check-in [39d5e675]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add the user capability summary to the security audit.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | forum-v2
Files: files | file ages | folders
SHA3-256: 39d5e6751f0a57f34d8ff7f77b41ae32934efd2619b536cce4d1ebee4fcb02bf
User & Date: drh 2018-07-30 21:08:09.628
Context
2018-07-30
21:17
Improved CSS for the user capability summary. ... (check-in: ba232e26 user: drh tags: forum-v2)
21:08
Add the user capability summary to the security audit. ... (check-in: 39d5e675 user: drh tags: forum-v2)
19:34
Fix errors in the permission checking for email notification. ... (check-in: c286157c user: drh tags: forum-v2)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/capabilities.c. 
270
271
272
273
274
275
276




















































































     @   <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
     @ <tr><th valign="top">A</th>
     @   <td><i>Announce:</i> Send announcements</td></tr>
     @ <tr><th valign="top">D</th>
     @   <td><i>Debug:</i> Enable debugging features</td></tr>
  @ </table>
}



























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359

     @   <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
     @ <tr><th valign="top">A</th>
     @   <td><i>Announce:</i> Send announcements</td></tr>
     @ <tr><th valign="top">D</th>
     @   <td><i>Debug:</i> Enable debugging features</td></tr>
  @ </table>
}

/*
** Generate a "capability summary table" that shows the major capabilities
** against the various user categories.
*/
void capability_summary(void){
  Stmt q;
  db_prepare(&q,
    "WITH t(id,seq) AS (VALUES('nobody',1),('anonymous',2),('reader',3),"
                       "('developer',4))"
    " SELECT id, fullcap(user.cap),seq FROM t LEFT JOIN user ON t.id=user.login"
    " UNION ALL"
    " SELECT 'Regular Users', fullcap(capunion(cap)), 5 FROM user"
    " WHERE cap NOT GLOB '*[as]*'"
    " UNION ALL"
    " SELECT 'Admins', fullcap(capunion(cap)), 6 FROM user"
    " WHERE cap GLOB '*[as]*'"
    " ORDER BY 3 ASC"
  );
  @ <table id='capabilitySummary' cellpadding="0" cellspacing="0" border="1">
  @ <tr><th>&nbsp;<th>Code<th>Forum<th>Tickets<th>Wiki\
  @ <th>Unversioned Content</th></tr>
  while( db_step(&q)==SQLITE_ROW ){
    const char *zId = db_column_text(&q, 0);
    const char *zCap = db_column_text(&q, 1);
    int eType;
    static const char *azType[] = { "off", "read", "write" };

    /* Code */
    @ <tr><th align="right">%h(zId)</th>
    if( sqlite3_strglob("*[asi]*",zCap)==0 ){
      eType = 2;
    }else if( sqlite3_strglob("*[oz]*",zCap)==0 ){
      eType = 1;
    }else{
      eType = 0;
    }
    @ <td>%s(azType[eType])</td>

    /* Forum */
    if( sqlite3_strglob("*[as3456]*",zCap)==0 ){
      eType = 2;
    }else if( sqlite3_strglob("*2*",zCap)==0 ){
      eType = 1;
    }else{
      eType = 0;
    }
    @ <td>%s(azType[eType])</td>

    /* Ticket */
    if( sqlite3_strglob("*[ascdnqtw]*",zCap)==0 ){
      eType = 2;
    }else if( sqlite3_strglob("*r*",zCap)==0 ){
      eType = 1;
    }else{
      eType = 0;
    }
    @ <td>%s(azType[eType])</td>

    /* Wiki */
    if( sqlite3_strglob("*[asdfjlm]*",zCap)==0 ){
      eType = 2;
    }else if( sqlite3_strglob("*j*",zCap)==0 ){
      eType = 1;
    }else{
      eType = 0;
    }
    @ <td>%s(azType[eType])</td>

    /* Unversioned */
    if( sqlite3_strglob("*y*",zCap)==0 ){
      eType = 2;
    }else if( sqlite3_strglob("*o*",zCap)==0 ){
      eType = 1;
    }else{
      eType = 0;
    }
    @ <td>%s(azType[eType])</td>

  }
  db_finalize(&q);
  @ </table>
}
Changes to src/default_css.txt. 
691
692
693
694
695
696
697








}
div.forumSel {
  background-color: #cef;
}
div.forumObs {
  color: #bbb;
}















>
>
>
>
>
>
>

691
692
693
694
695
696
697
698
699
700
701
702
703
704

}
div.forumSel {
  background-color: #cef;
}
div.forumObs {
  color: #bbb;
}
#capabilitySummary {
  text-align: center;
}
#capabilitySummary td {
  padding-left: 3ex;
  padding-right: 3ex;
}
Changes to src/security_audit.c. 
380
381
382
383
384
385
386



387
388
389
390
391
392
393

    }else{
      fclose(pTest);
      @ <li><p>
      @ The error log at "<a href='%R/errorlog'>%h(g.zErrlog)</a>" that is
      @ %,lld(file_size(g.zErrlog, ExtFILE)) bytes in size.
    }
  }




  @ </ol>
  style_footer();
}

/*
** WEBPAGE: takeitprivate








>
>
>








380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396

    }else{
      fclose(pTest);
      @ <li><p>
      @ The error log at "<a href='%R/errorlog'>%h(g.zErrlog)</a>" that is
      @ %,lld(file_size(g.zErrlog, ExtFILE)) bytes in size.
    }
  }

  @ <li><p> User capability summary:
  capability_summary();

  @ </ol>
  style_footer();
}

/*
** WEBPAGE: takeitprivate