Fossil: Check-in [eb24a021d6]

Overview

SHA1 Hash: eb24a021d641a6a0b67cb7907dbbbddf90bb6f6f

Date: 2008-07-26 17:08:33

User: eric

Comment: Make all users inherit the capabilities of "nobody" as well as (optionally) of "anonymous".

Timelines: ancestors | descendants | both | trunk

Other Links: files | ZIP archive | manifest

SHA1 Hash:	eb24a021d641a6a0b67cb7907dbbbddf90bb6f6f
Date:	2008-07-26 17:08:33
User:	eric
Comment:	Make all users inherit the capabilities of "nobody" as well as (optionally) of "anonymous".
Timelines:	ancestors \| descendants \| both \| trunk
Other Links:	files \| ZIP archive \| manifest

Tags And Properties

branch=trunk inherited from [a28c83647d]
sym-trunk inherited from [a28c83647d]

Changes

[hide diffs]

Modified src/db.c from [dc73ec459b] to [2755f169fc].

@@ -1199,10 +1199,13 @@
 **    editor           Text editor command used for check-in comments.
 **
 **    gdiff-command    External command to run when performing a graphical
 **                     diff. If undefined, text diff will be used.
 **
+**    inherit-anon     If enabled, any web user inherits capabilities from
+**                     anonymous as well as nobody.
+**
 **    localauth        If enabled, require that HTTP connections from
 **                     127.0.0.1 be authenticated by password.  If
 **                     false, all HTTP requests from localhost have
 **                     unrestricted access to the repository.
 **
@@ -1227,10 +1230,11 @@
   static const char *azName[] = {
     "autosync",
     "diff-command",
     "editor",
     "gdiff-command",
+    "inherit-anon",
     "localauth",
     "clearsign",
     "pgp-command",
     "proxy",
     "web-browser",

Modified src/login.c from [0aeb275746] to [c686a3eaf4].

@@ -238,10 +238,12 @@
 void login_check_credentials(void){
   int uid = 0;
   const char *zCookie;
   const char *zRemoteAddr;
   const char *zCap = 0;
+  const char *zNcap;
+  const char *zAcap;
 
   /* Only run this check once.  */
   if( g.userUid!=0 ) return;
 
 
@@ -296,10 +298,18 @@
     }
   }
   g.userUid = uid;
   if( g.zLogin && strcmp(g.zLogin,"nobody")==0 ){
     g.zLogin = 0;
+  }
+  if( uid>0 ){
+    zNcap = db_text("", "SELECT cap FROM user WHERE login = 'nobody'");
+    login_set_capabilities(zNcap);
+    if( db_get_int("inherit-anon",0) ){
+      zAcap = db_text("", "SELECT cap FROM user WHERE login = 'anonymous'");
+      login_set_capabilities(zAcap);
+    }
   }
   login_set_capabilities(zCap);
 }
 
 /*

Modified src/setup.c from [b37cc86b52] to [7115d9c001].

@@ -552,10 +552,16 @@
   @ web access coming from 127.0.0.1.  When disabled, web access
   @ from 127.0.0.1 is allows without any login - the user id is selected
   @ from the ~/.fossil database. Password login is always required
   @ for incoming web connections on internet addresses other than
   @ 127.0.0.1.</p></li>
+
+  @ <hr>
+  onoff_attribute("Inherit capabilities from anonymous user",
+     "inherit-anon", "inherit-anon", 0);
+  @ <p>When enabled, all web users inherit capabilities from
+  @ "anonymous", as well as from "nobody".</p></li>
 
   @ <hr>
   entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766");
   @ <p>The number of hours for which a login is valid.  This must be a
   @ positive number.  The default is 8760 hours which is approximately equal