Overview
| SHA1 Hash: | 5ebcedc33eea137f80f15bfc3e8375f9029ab6a0 |
|---|---|
| Date: | 2007-07-31 16:34:09 |
| User: | dan |
| Comment: | Require read permission (permission to read tickets and configuration histories) to view the global timeline. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/login.c from [a6b6c1f3f9] to [25b58d166f].
@@ -204,11 +204,11 @@
}
/* Check the login cookie to see if it matches a known valid user.
*/
if( uid==0 ){
- if( (zCookie = P(login_cookie_name()))!=0 ){
+ if( (zCookie = P(login_cookie_name()))!=0 && strlen(zCookie)>0 ){
uid = db_int(0,
"SELECT uid FROM user"
" WHERE uid=%d"
" AND cookie=%Q"
" AND ipaddr=%Q"
@@ -215,22 +215,24 @@
" AND cexpire>julianday('now')",
atoi(zCookie), zCookie, zRemoteAddr
);
}else{
uid = db_int(0, "SELECT uid FROM user WHERE login='anonymous'");
+ g.isAnon = 1;
+ g.zLogin = "";
}
}
if( uid==0 ){
- g.isAnon = 1;
- g.zLogin = "";
- zCap = db_get("nologin-cap","onrj");
+ zCap = db_get("nologin-cap","");
}else if( zCap==0 ){
Stmt s;
db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid);
db_step(&s);
- g.zLogin = db_column_malloc(&s, 0);
+ if( !g.isAnon ){
+ g.zLogin = db_column_malloc(&s, 0);
+ }
zCap = db_column_malloc(&s, 1);
g.isAnon = 0;
db_finalize(&s);
}
g.userUid = uid;
Modified src/setup.c from [91d49b89a0] to [096ac8c6bc].
@@ -112,11 +112,11 @@
@ <td align="center">%s(db_column_text(&s,2))</td>
@ <td align="left">%s(db_column_text(&s,3))</td>
@ </tr>
}
@ </table></td></tr></table>
- @ <p>
+ @ <p style="clear:both">
@ <b>Notes:</b>
@ <ol>
@ <li><p>The permission flags are as follows:</p>
@ <table>
@ <tr><td>a</td><td width="10"></td>
Modified src/style.c from [7b2fdcfed5] to [ad3eb27655].
@@ -84,11 +84,13 @@
}else{
@ <small>logged in as %h(g.zLogin)</small>
}
@ </td><td valign="top" align="right">
@ <a href="%s(g.zBaseURL)/index">Home</a>
- @ | <a href="%s(g.zBaseURL)/timeline">Timeline</a>
+ if( g.okRdTkt ){
+ @ | <a href="%s(g.zBaseURL)/timeline">Timeline</a>
+ }
if( g.okRdWiki ){
@ | <a href="%s(g.zBaseURL)/wiki">Wiki</a>
}
#if 0
@ | <font color="#888888">Search</font>
Modified src/timeline.c from [b52c0c0c75] to [f18e21591c].
@@ -52,10 +52,16 @@
** WEBPAGE: timeline
*/
void page_timeline(void){
Stmt q;
char zPrevDate[20];
+
+ /* To view the timeline, must have permission to read project data.
+ */
+ login_check_credentials();
+ if( !g.okRdTkt ){ login_needed(); return; }
+
style_header("Timeline");
zPrevDate[0] = 0;
db_prepare(&q,
"SELECT uuid, datetime(event.mtime,'localtime'), comment, user"
" FROM event, blob"