Changes On Branch jeremy_c-timeline
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes In Branch jeremy_c-timeline Excluding Merge-Ins

This is equivalent to a diff from dddc514053 to 71ad9b62a7

2009-12-31
19:10
Alternative implementation of timeline security changes - this implementation always shows the timeline link if it is applicable, even if the history capability is disabled. check-in: 9b70675778 user: drh tags: trunk
14:59
• Changed security for timeline. To view the timeline, you must now have History access. The timeline will then display only items which you have access to. "o" (Check-out) is required for source history, "j" (Read-Wiki) is required for Wiki history and "r" (Read-Tkt) is required for Ticket history. Closed-Leaf check-in: 71ad9b62a7 user: jeremy_c tags: jeremy_c-timeline
14:49
Fixed minor spelling error check-in: efdad08182 user: jeremy_c tags: jeremy_c-timeline
14:49
• Fixed security bug in ticket reports, you previously had to have Check-out security to view a ticket report, you now have to have "r" (Read-tkt) to view ticket reports. check-in: 6ee7316567 user: jeremy_c tags: jeremy_c-timeline
04:42
[886c302b3f] Added documentation for [#anchor] style links check-in: dddc514053 user: jeremy_c tags: trunk
2009-12-30
01:57
Added a 's' parameter to the web timeline view. This will search the comment and brief fields for the given text via LIKE '%value%'. check-in: 1e2ec3ff87 user: jeremy_c tags: trunk

Changes to src/report.c.

   871    871     char *zClrKey;
   872    872     int tabs;
   873    873     Stmt q;
   874    874     char *zErr1 = 0;
   875    875     char *zErr2 = 0;
   876    876   
   877    877     login_check_credentials();
   878         -  if( !g.okRead ){ login_needed(); return; }
          878  +  if( !g.okRdTkt ){ login_needed(); return; }
   879    879     rn = atoi(PD("rn","0"));
   880    880     if( rn==0 ){
   881    881       cgi_redirect("reportlist");
   882    882       return;
   883    883     }
   884    884     tabs = P("tablist")!=0;
   885    885     /* view_add_functions(tabs); */

Changes to src/search.c.

   173    173   
   174    174   /*
   175    175   ** Testing the search function.
   176    176   **
   177    177   ** COMMAND: search
   178    178   ** %fossil search pattern...
   179    179   **
   180         -** Search for timeline entrys matching the pattern.
          180  +** Search for timeline entries matching the pattern.
   181    181   */
   182    182   void search_cmd(void){
   183    183     Search *p;
   184    184     Blob pattern;
   185    185     int i;
   186    186     Stmt q;
   187    187     int iBest;

Changes to src/skins.c.

   186    186   @ <div class="mainmenu"><th1>
   187    187   @ html "<a href=''$baseurl$index_page''>Home</a> "
   188    188   @ if {[hascap h]} {
   189    189   @   html "<a href=''$baseurl/dir''>Files</a> "
   190    190   @ }
   191    191   @ if {[hascap o]} {
   192    192   @   html "<a href=''$baseurl/leaves''>Leaves</a> "
   193         -@   html "<a href=''$baseurl/timeline''>Timeline</a> "
   194    193   @   html "<a href=''$baseurl/brlist''>Branches</a> "
   195    194   @   html "<a href=''$baseurl/taglist''>Tags</a> "
   196    195   @ }
          196  +@ if {[hascap h]} {
          197  +@   html "<a href=''$baseurl/timeline''>Timeline</a> "
          198  +@ }
   197    199   @ if {[hascap r]} {
   198    200   @   html "<a href=''$baseurl/reportlist''>Tickets</a> "
   199    201   @ }
   200    202   @ if {[hascap j]} {
   201    203   @   html "<a href=''$baseurl/wiki''>Wiki</a> "
   202    204   @ }
   203    205   @ if {[hascap s]} {
................................................................................
   386    388   @ <div class="mainmenu"><th1>
   387    389   @ html "<a href=''$baseurl$index_page''>Home</a> "
   388    390   @ if {[hascap h]} {
   389    391   @   html "<a href=''$baseurl/dir''>Files</a> "
   390    392   @ }
   391    393   @ if {[hascap o]} {
   392    394   @   html "<a href=''$baseurl/leaves''>Leaves</a> "
   393         -@   html "<a href=''$baseurl/timeline''>Timeline</a> "
   394    395   @   html "<a href=''$baseurl/brlist''>Branches</a> "
   395    396   @   html "<a href=''$baseurl/taglist''>Tags</a> "
   396    397   @ }
          398  +@ if {[hascap h]} {
          399  +@   html "<a href=''$baseurl/timeline''>Timeline</a> "
          400  +@ }
   397    401   @ if {[hascap r]} {
   398    402   @   html "<a href=''$baseurl/reportlist''>Tickets</a> "
   399    403   @ }
   400    404   @ if {[hascap j]} {
   401    405   @   html "<a href=''$baseurl/wiki''>Wiki</a> "
   402    406   @ }
   403    407   @ if {[hascap s]} {
................................................................................
   619    623   @ <div class="mainmenu"><ul><th1>
   620    624   @ html "<li><a href=''$baseurl$index_page''>Home</a></li>"
   621    625   @ if {[hascap h]} {
   622    626   @   html "<li><a href=''$baseurl/dir''>Files</a></li>"
   623    627   @ }
   624    628   @ if {[hascap o]} {
   625    629   @   html "<li><a href=''$baseurl/leaves''>Leaves</a></li>"
   626         -@   html "<li><a href=''$baseurl/timeline''>Timeline</a></li>"
   627    630   @   html "<li><a href=''$baseurl/brlist''>Branches</a></li>"
   628    631   @   html "<li><a href=''$baseurl/taglist''>Tags</a></li>"
   629    632   @ }
          633  +@ if {[hascap h]} {
          634  +@   html "<li><a href=''$baseurl/timeline''>Timeline</a></li>"
          635  +@ }
   630    636   @ if {[hascap r]} {
   631    637   @   html "<li><a href=''$baseurl/reportlist''>Tickets</a></li>"
   632    638   @ }
   633    639   @ if {[hascap j]} {
   634    640   @   html "<li><a href=''$baseurl/wiki''>Wiki</a></li>"
   635    641   @ }
   636    642   @ if {[hascap s]} {

Changes to src/style.c.

   208    208   @ <div class="mainmenu"><th1>
   209    209   @ html "<a href='$baseurl$index_page'>Home</a> "
   210    210   @ if {[hascap h]} {
   211    211   @   html "<a href='$baseurl/dir'>Files</a> "
   212    212   @ }
   213    213   @ if {[hascap o]} {
   214    214   @   html "<a href='$baseurl/leaves'>Leaves</a> "
   215         -@   html "<a href='$baseurl/timeline'>Timeline</a> "
   216    215   @   html "<a href='$baseurl/brlist'>Branches</a> "
   217    216   @   html "<a href='$baseurl/taglist'>Tags</a> "
   218    217   @ }
          218  +@ if {[hascap h]} {
          219  +@   html "<a href='$baseurl/timeline'>Timeline</a> "
          220  +@ }
   219    221   @ if {[hascap r]} {
   220    222   @   html "<a href='$baseurl/reportlist'>Tickets</a> "
   221    223   @ }
   222    224   @ if {[hascap j]} {
   223    225   @   html "<a href='$baseurl/wiki'>Wiki</a> "
   224    226   @ }
   225    227   @ if {[hascap s]} {

Changes to src/timeline.c.

   443    443     const char *zCirca = P("c");       /* Events near this time */
   444    444     const char *zTagName = P("t");     /* Show events with this tag */
   445    445     const char *zString = P("s");      /* String text search of comment and brief */
   446    446     HQuery url;                        /* URL for various branch links */
   447    447     int tagid;                         /* Tag ID */
   448    448     int tmFlags;                       /* Timeline flags */
   449    449   
   450         -  /* To view the timeline, must have permission to read project data.
   451         -  */
          450  +  /* To view the timeline, must have permission to project history.*/
   452    451     login_check_credentials();
   453         -  if( !g.okRead ){ login_needed(); return; }
          452  +  if( !g.okHistory ){ login_needed(); return; }
          453  +  
          454  +  /* Prevent them from getting an empty list due to security constraints */
          455  +  if( (p_rid || d_rid) && !g.okRead ){ login_needed(); return; }
          456  +  if( zType[0]=='c' && zType[1]=='i' && !g.okRead){ login_needed(); return; }
          457  +  if( zType[0]=='t' && !g.okRdTkt){ login_needed(); return; }
          458  +  if( zType[0]=='w' && !g.okRdWiki){ login_needed(); return; }
          459  +  
   454    460     if( zTagName ){
   455    461       tagid = db_int(0, "SELECT tagid FROM tag WHERE tagname='sym-%q'", zTagName);
   456    462     }else{
   457    463       tagid = 0;
   458    464     }
   459    465     if( zType[0]=='a' ){
   460    466       tmFlags = TIMELINE_BRIEF;
................................................................................
   465    471     style_header("Timeline");
   466    472     login_anonymous_available();
   467    473     timeline_temp_table();
   468    474     blob_zero(&sql);
   469    475     blob_zero(&desc);
   470    476     blob_append(&sql, "INSERT OR IGNORE INTO timeline ", -1);
   471    477     blob_append(&sql, timeline_query_for_www(), -1);
          478  +  /* limit the types of objects found in history */
          479  +  if( !g.okRead ){
          480  +    blob_appendf(&sql, " AND event.type<>'ci'");
          481  +  }
          482  +  if( !g.okRdTkt ){
          483  +    blob_appendf(&sql, " AND event.type<>'t'");
          484  +  }
          485  +  if( !g.okRdWiki ){
          486  +    blob_appendf(&sql, " AND event.type<>'w'");
          487  +  }
   472    488     if( p_rid || d_rid ){
   473    489       /* If p= or d= is present, ignore all other parameters other than n= */
   474    490       char *zUuid;
   475    491       int np, nd;
   476    492   
   477    493       if( p_rid && d_rid ){
   478    494         if( p_rid!=d_rid ) p_rid = d_rid;
................................................................................
   634    650           zDate = db_text(0, "SELECT max(timestamp) FROM timeline");
   635    651           timeline_submenu(&url, "Newer", "a", zDate, "b");
   636    652           free(zDate);
   637    653         }else if( tagid==0 ){
   638    654           if( zType[0]!='a' ){
   639    655             timeline_submenu(&url, "All Types", "y", "all", 0);
   640    656           }
   641         -        if( zType[0]!='w' ){
          657  +        if( zType[0]!='w' && g.okRdWiki ){
   642    658             timeline_submenu(&url, "Wiki Only", "y", "w", 0);
   643    659           }
   644         -        if( zType[0]!='c' ){
          660  +        if( zType[0]!='c' && g.okRead ){
   645    661             timeline_submenu(&url, "Checkins Only", "y", "ci", 0);
   646    662           }
   647         -        if( zType[0]!='t' ){
          663  +        if( zType[0]!='t' && g.okRdTkt ){
   648    664             timeline_submenu(&url, "Tickets Only", "y", "t", 0);
   649    665           }
   650    666         }
   651    667         if( nEntry>20 ){
   652    668           timeline_submenu(&url, "20 Events", "n", "20", 0);
   653    669         }
   654    670         if( nEntry<200 ){