Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Changes In Branch jeremy_c-timeline Excluding Merge-Ins
This is equivalent to a diff from dddc514053 to 71ad9b62a7
2009-12-31
| ||
19:10 | Alternative implementation of timeline security changes - this implementation always shows the timeline link if it is applicable, even if the history capability is disabled. check-in: 9b70675778 user: drh tags: trunk | |
14:59 | • Changed security for timeline. To view the timeline, you must now have History access. The timeline will then display only items which you have access to. "o" (Check-out) is required for source history, "j" (Read-Wiki) is required for Wiki history and "r" (Read-Tkt) is required for Ticket history. Closed-Leaf check-in: 71ad9b62a7 user: jeremy_c tags: jeremy_c-timeline | |
14:49 | Fixed minor spelling error check-in: efdad08182 user: jeremy_c tags: jeremy_c-timeline | |
14:49 | • Fixed security bug in ticket reports, you previously had to have Check-out security to view a ticket report, you now have to have "r" (Read-tkt) to view ticket reports. check-in: 6ee7316567 user: jeremy_c tags: jeremy_c-timeline | |
04:42 | [886c302b3f] Added documentation for [#anchor] style links check-in: dddc514053 user: jeremy_c tags: trunk | |
2009-12-30
| ||
01:57 | Added a 's' parameter to the web timeline view. This will search the comment and brief fields for the given text via LIKE '%value%'. check-in: 1e2ec3ff87 user: jeremy_c tags: trunk | |
Changes to src/report.c.
871 871 char *zClrKey; 872 872 int tabs; 873 873 Stmt q; 874 874 char *zErr1 = 0; 875 875 char *zErr2 = 0; 876 876 877 877 login_check_credentials(); 878 - if( !g.okRead ){ login_needed(); return; } 878 + if( !g.okRdTkt ){ login_needed(); return; } 879 879 rn = atoi(PD("rn","0")); 880 880 if( rn==0 ){ 881 881 cgi_redirect("reportlist"); 882 882 return; 883 883 } 884 884 tabs = P("tablist")!=0; 885 885 /* view_add_functions(tabs); */
Changes to src/search.c.
173 173 174 174 /* 175 175 ** Testing the search function. 176 176 ** 177 177 ** COMMAND: search 178 178 ** %fossil search pattern... 179 179 ** 180 -** Search for timeline entrys matching the pattern. 180 +** Search for timeline entries matching the pattern. 181 181 */ 182 182 void search_cmd(void){ 183 183 Search *p; 184 184 Blob pattern; 185 185 int i; 186 186 Stmt q; 187 187 int iBest;
Changes to src/skins.c.
186 186 @ <div class="mainmenu"><th1> 187 187 @ html "<a href=''$baseurl$index_page''>Home</a> " 188 188 @ if {[hascap h]} { 189 189 @ html "<a href=''$baseurl/dir''>Files</a> " 190 190 @ } 191 191 @ if {[hascap o]} { 192 192 @ html "<a href=''$baseurl/leaves''>Leaves</a> " 193 -@ html "<a href=''$baseurl/timeline''>Timeline</a> " 194 193 @ html "<a href=''$baseurl/brlist''>Branches</a> " 195 194 @ html "<a href=''$baseurl/taglist''>Tags</a> " 196 195 @ } 196 +@ if {[hascap h]} { 197 +@ html "<a href=''$baseurl/timeline''>Timeline</a> " 198 +@ } 197 199 @ if {[hascap r]} { 198 200 @ html "<a href=''$baseurl/reportlist''>Tickets</a> " 199 201 @ } 200 202 @ if {[hascap j]} { 201 203 @ html "<a href=''$baseurl/wiki''>Wiki</a> " 202 204 @ } 203 205 @ if {[hascap s]} { ................................................................................ 386 388 @ <div class="mainmenu"><th1> 387 389 @ html "<a href=''$baseurl$index_page''>Home</a> " 388 390 @ if {[hascap h]} { 389 391 @ html "<a href=''$baseurl/dir''>Files</a> " 390 392 @ } 391 393 @ if {[hascap o]} { 392 394 @ html "<a href=''$baseurl/leaves''>Leaves</a> " 393 -@ html "<a href=''$baseurl/timeline''>Timeline</a> " 394 395 @ html "<a href=''$baseurl/brlist''>Branches</a> " 395 396 @ html "<a href=''$baseurl/taglist''>Tags</a> " 396 397 @ } 398 +@ if {[hascap h]} { 399 +@ html "<a href=''$baseurl/timeline''>Timeline</a> " 400 +@ } 397 401 @ if {[hascap r]} { 398 402 @ html "<a href=''$baseurl/reportlist''>Tickets</a> " 399 403 @ } 400 404 @ if {[hascap j]} { 401 405 @ html "<a href=''$baseurl/wiki''>Wiki</a> " 402 406 @ } 403 407 @ if {[hascap s]} { ................................................................................ 619 623 @ <div class="mainmenu"><ul><th1> 620 624 @ html "<li><a href=''$baseurl$index_page''>Home</a></li>" 621 625 @ if {[hascap h]} { 622 626 @ html "<li><a href=''$baseurl/dir''>Files</a></li>" 623 627 @ } 624 628 @ if {[hascap o]} { 625 629 @ html "<li><a href=''$baseurl/leaves''>Leaves</a></li>" 626 -@ html "<li><a href=''$baseurl/timeline''>Timeline</a></li>" 627 630 @ html "<li><a href=''$baseurl/brlist''>Branches</a></li>" 628 631 @ html "<li><a href=''$baseurl/taglist''>Tags</a></li>" 629 632 @ } 633 +@ if {[hascap h]} { 634 +@ html "<li><a href=''$baseurl/timeline''>Timeline</a></li>" 635 +@ } 630 636 @ if {[hascap r]} { 631 637 @ html "<li><a href=''$baseurl/reportlist''>Tickets</a></li>" 632 638 @ } 633 639 @ if {[hascap j]} { 634 640 @ html "<li><a href=''$baseurl/wiki''>Wiki</a></li>" 635 641 @ } 636 642 @ if {[hascap s]} {
Changes to src/style.c.
208 208 @ <div class="mainmenu"><th1> 209 209 @ html "<a href='$baseurl$index_page'>Home</a> " 210 210 @ if {[hascap h]} { 211 211 @ html "<a href='$baseurl/dir'>Files</a> " 212 212 @ } 213 213 @ if {[hascap o]} { 214 214 @ html "<a href='$baseurl/leaves'>Leaves</a> " 215 -@ html "<a href='$baseurl/timeline'>Timeline</a> " 216 215 @ html "<a href='$baseurl/brlist'>Branches</a> " 217 216 @ html "<a href='$baseurl/taglist'>Tags</a> " 218 217 @ } 218 +@ if {[hascap h]} { 219 +@ html "<a href='$baseurl/timeline'>Timeline</a> " 220 +@ } 219 221 @ if {[hascap r]} { 220 222 @ html "<a href='$baseurl/reportlist'>Tickets</a> " 221 223 @ } 222 224 @ if {[hascap j]} { 223 225 @ html "<a href='$baseurl/wiki'>Wiki</a> " 224 226 @ } 225 227 @ if {[hascap s]} {
Changes to src/timeline.c.
443 443 const char *zCirca = P("c"); /* Events near this time */ 444 444 const char *zTagName = P("t"); /* Show events with this tag */ 445 445 const char *zString = P("s"); /* String text search of comment and brief */ 446 446 HQuery url; /* URL for various branch links */ 447 447 int tagid; /* Tag ID */ 448 448 int tmFlags; /* Timeline flags */ 449 449 450 - /* To view the timeline, must have permission to read project data. 451 - */ 450 + /* To view the timeline, must have permission to project history.*/ 452 451 login_check_credentials(); 453 - if( !g.okRead ){ login_needed(); return; } 452 + if( !g.okHistory ){ login_needed(); return; } 453 + 454 + /* Prevent them from getting an empty list due to security constraints */ 455 + if( (p_rid || d_rid) && !g.okRead ){ login_needed(); return; } 456 + if( zType[0]=='c' && zType[1]=='i' && !g.okRead){ login_needed(); return; } 457 + if( zType[0]=='t' && !g.okRdTkt){ login_needed(); return; } 458 + if( zType[0]=='w' && !g.okRdWiki){ login_needed(); return; } 459 + 454 460 if( zTagName ){ 455 461 tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'", zTagName); 456 462 }else{ 457 463 tagid = 0; 458 464 } 459 465 if( zType[0]=='a' ){ 460 466 tmFlags = TIMELINE_BRIEF; ................................................................................ 465 471 style_header("Timeline"); 466 472 login_anonymous_available(); 467 473 timeline_temp_table(); 468 474 blob_zero(&sql); 469 475 blob_zero(&desc); 470 476 blob_append(&sql, "INSERT OR IGNORE INTO timeline ", -1); 471 477 blob_append(&sql, timeline_query_for_www(), -1); 478 + /* limit the types of objects found in history */ 479 + if( !g.okRead ){ 480 + blob_appendf(&sql, " AND event.type<>'ci'"); 481 + } 482 + if( !g.okRdTkt ){ 483 + blob_appendf(&sql, " AND event.type<>'t'"); 484 + } 485 + if( !g.okRdWiki ){ 486 + blob_appendf(&sql, " AND event.type<>'w'"); 487 + } 472 488 if( p_rid || d_rid ){ 473 489 /* If p= or d= is present, ignore all other parameters other than n= */ 474 490 char *zUuid; 475 491 int np, nd; 476 492 477 493 if( p_rid && d_rid ){ 478 494 if( p_rid!=d_rid ) p_rid = d_rid; ................................................................................ 634 650 zDate = db_text(0, "SELECT max(timestamp) FROM timeline"); 635 651 timeline_submenu(&url, "Newer", "a", zDate, "b"); 636 652 free(zDate); 637 653 }else if( tagid==0 ){ 638 654 if( zType[0]!='a' ){ 639 655 timeline_submenu(&url, "All Types", "y", "all", 0); 640 656 } 641 - if( zType[0]!='w' ){ 657 + if( zType[0]!='w' && g.okRdWiki ){ 642 658 timeline_submenu(&url, "Wiki Only", "y", "w", 0); 643 659 } 644 - if( zType[0]!='c' ){ 660 + if( zType[0]!='c' && g.okRead ){ 645 661 timeline_submenu(&url, "Checkins Only", "y", "ci", 0); 646 662 } 647 - if( zType[0]!='t' ){ 663 + if( zType[0]!='t' && g.okRdTkt ){ 648 664 timeline_submenu(&url, "Tickets Only", "y", "t", 0); 649 665 } 650 666 } 651 667 if( nEntry>20 ){ 652 668 timeline_submenu(&url, "20 Events", "n", "20", 0); 653 669 } 654 670 if( nEntry<200 ){