Overview
| SHA1 Hash: | 13b7ac16e4e5aee70bbcb3958c9047f846e15974 |
|---|---|
| Date: | 2007-08-09 10:43:39 |
| User: | drh |
| Comment: | Require history permission in order to clone. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/clone.c from [3302dbc338] to [31346c860f].
@@ -53,11 +53,11 @@
db_set("last-sync-url", g.argv[2]);
}
db_multi_exec(
"INSERT INTO config(name,value) VALUES('server-code', hex(randomblob(20)));"
);
- if( g.urlIsFile ){
+ if( g.urlIsFile ){
Stmt q;
db_multi_exec("ATTACH DATABASE %Q AS orig", g.urlName);
db_begin_transaction();
db_prepare(&q,
"SELECT name FROM orig.sqlite_master"
Modified src/setup.c from [b21a277cb9] to [f186580b82].
@@ -368,10 +368,16 @@ @ <li><p> @ An <b>Admin</b> user can add other users, create new ticket report @ formats, and change system defaults. But only the <b>Setup</b> user @ is able to change the repository to @ which this program is linked. + @ </p></li> + @ + @ <li><p> + @ The <b>History</b> privilege allows a user to see a timeline + @ with hyperlinks to version information, to download ZIP archives + @ of individual versions, and to clone the repository. @ </p></li> @ @ <li><p> @ No login is required for user "<b>nobody</b>". The capabilities @ of this user are available to anyone without supplying a username or
Modified src/xfer.c from [04b08e89d9] to [eec14d5874].
@@ -457,13 +457,13 @@
**
** The client knows nothing. Tell all.
*/
if( blob_eq(&aToken[0], "clone") ){
login_check_credentials();
- if( !g.okRead ){
+ if( !g.okRead || !g.okHistory ){
cgi_reset_content();
- @ error not\sauthorized\sto\sread
+ @ error not\sauthorized\sto\sclone
nErr++;
break;
}
isPull = 1;
@ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))