mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
Rework permission handling
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer
parent
9e6b861b6f
commit
03c6304e19
24 changed files with 187 additions and 237 deletions
|
|
@ -18,18 +18,14 @@ echo " <h2>".__("Accounts")."</h2>\n";
|
|||
$action = in_request("Action");
|
||||
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
# visitor is logged in
|
||||
#
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
|
||||
if ($action == "SearchAccounts") {
|
||||
|
||||
# security check
|
||||
#
|
||||
if ($atype == "Trusted User" || $atype == "Developer") {
|
||||
if (has_credential(CRED_ACCOUNT_SEARCH)) {
|
||||
# the user has entered search criteria, find any matching accounts
|
||||
#
|
||||
search_results_page($atype, in_request("O"), in_request("SB"),
|
||||
search_results_page(in_request("O"), in_request("SB"),
|
||||
in_request("U"), in_request("T"), in_request("S"),
|
||||
in_request("E"), in_request("R"), in_request("I"),
|
||||
in_request("K"));
|
||||
|
|
@ -48,8 +44,8 @@ if (isset($_COOKIE["AURSID"])) {
|
|||
print __("Could not retrieve information for the specified user.");
|
||||
} else {
|
||||
/* Verify user has permission to edit the account */
|
||||
if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) {
|
||||
display_account_form($atype, "UpdateAccount", $row["Username"],
|
||||
if (can_edit_account($row)) {
|
||||
display_account_form("UpdateAccount", $row["Username"],
|
||||
$row["AccountTypeID"], $row["Suspended"], $row["Email"],
|
||||
"", "", $row["RealName"], $row["LangPreference"],
|
||||
$row["IRCNick"], $row["PGPKey"],
|
||||
|
|
@ -70,22 +66,20 @@ if (isset($_COOKIE["AURSID"])) {
|
|||
}
|
||||
|
||||
} elseif ($action == "UpdateAccount") {
|
||||
$uid = uid_from_sid($_COOKIE['AURSID']);
|
||||
|
||||
/* Details for account being updated */
|
||||
$acctinfo = account_details(in_request('ID'), in_request('U'));
|
||||
|
||||
/* Verify user permissions and that the request is a valid POST */
|
||||
if (can_edit_account($atype, $acctinfo, $uid) && check_token()) {
|
||||
if (can_edit_account($acctinfo) && check_token()) {
|
||||
/* Update the details for the existing account */
|
||||
process_account_form($atype, "edit", "UpdateAccount",
|
||||
process_account_form("edit", "UpdateAccount",
|
||||
in_request("U"), in_request("T"), in_request("S"),
|
||||
in_request("E"), in_request("P"), in_request("C"),
|
||||
in_request("R"), in_request("L"), in_request("I"),
|
||||
in_request("K"), in_request("J"), in_request("ID"));
|
||||
}
|
||||
} else {
|
||||
if ($atype == "Trusted User" || $atype == "Developer") {
|
||||
if (has_credential(CRED_ACCOUNT_SEARCH)) {
|
||||
# display the search page if they're a TU/dev
|
||||
#
|
||||
print __("Use this form to search existing accounts.")."<br />\n";
|
||||
|
|
|
|||
|
|
@ -11,13 +11,10 @@ $title = __("Add Proposal");
|
|||
html_header($title);
|
||||
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
$uid = uid_from_sid($_COOKIE["AURSID"]);
|
||||
} else {
|
||||
$atype = "";
|
||||
$uid = uid_from_sid($_COOKIE["AURSID"]);
|
||||
}
|
||||
|
||||
if ($atype == "Trusted User" || $atype == "Developer") {
|
||||
if (has_credential(CRED_TU_ADD_VOTE)) {
|
||||
|
||||
if (!empty($_POST['addVote']) && !check_token()) {
|
||||
$error = __("Invalid token for user action.");
|
||||
|
|
|
|||
|
|
@ -35,13 +35,6 @@ if (isset($pkgname)) {
|
|||
$title = __("Packages");
|
||||
}
|
||||
|
||||
# Retrieve account type
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
} else {
|
||||
$atype = "";
|
||||
}
|
||||
|
||||
$details = array();
|
||||
if (isset($pkgname)) {
|
||||
$details = pkg_get_details($pkgid);
|
||||
|
|
|
|||
|
|
@ -32,13 +32,6 @@ if (!isset($base_id) || !isset($pkgbase_name)) {
|
|||
/* Set the title to package base name. */
|
||||
$title = $pkgbase_name;
|
||||
|
||||
/* Retrieve account type. */
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
} else {
|
||||
$atype = "";
|
||||
}
|
||||
|
||||
/* Grab the list of package base IDs to be operated on. */
|
||||
$ids = array();
|
||||
if (isset($_POST['IDs'])) {
|
||||
|
|
@ -55,29 +48,29 @@ $ret = false;
|
|||
$output = "";
|
||||
if (check_token()) {
|
||||
if (current_action("do_Flag")) {
|
||||
list($ret, $output) = pkgbase_flag($atype, $ids);
|
||||
list($ret, $output) = pkgbase_flag($ids);
|
||||
} elseif (current_action("do_UnFlag")) {
|
||||
list($ret, $output) = pkgbase_unflag($atype, $ids);
|
||||
list($ret, $output) = pkgbase_unflag($ids);
|
||||
} elseif (current_action("do_Adopt")) {
|
||||
list($ret, $output) = pkgbase_adopt($atype, $ids, true, NULL);
|
||||
list($ret, $output) = pkgbase_adopt($ids, true, NULL);
|
||||
} elseif (current_action("do_Disown")) {
|
||||
$via = isset($_POST['via']) ? $_POST['via'] : NULL;
|
||||
list($ret, $output) = pkgbase_adopt($atype, $ids, false, $via);
|
||||
list($ret, $output) = pkgbase_adopt($ids, false, $via);
|
||||
} elseif (current_action("do_Vote")) {
|
||||
list($ret, $output) = pkgbase_vote($atype, $ids, true);
|
||||
list($ret, $output) = pkgbase_vote($ids, true);
|
||||
} elseif (current_action("do_UnVote")) {
|
||||
list($ret, $output) = pkgbase_vote($atype, $ids, false);
|
||||
list($ret, $output) = pkgbase_vote($ids, false);
|
||||
} elseif (current_action("do_Delete")) {
|
||||
if (isset($_POST['confirm_Delete'])) {
|
||||
$via = isset($_POST['via']) ? $_POST['via'] : NULL;
|
||||
if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) {
|
||||
list($ret, $output) = pkgbase_delete($atype, $ids, NULL, $via);
|
||||
list($ret, $output) = pkgbase_delete($ids, NULL, $via);
|
||||
unset($_GET['ID']);
|
||||
}
|
||||
else {
|
||||
$merge_base_id = pkgbase_from_name($_POST['merge_Into']);
|
||||
if ($merge_base_id) {
|
||||
list($ret, $output) = pkgbase_delete($atype, $ids, $merge_base_id, $via);
|
||||
list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via);
|
||||
unset($_GET['ID']);
|
||||
} else {
|
||||
$output = __("Cannot find package to merge votes and comments into.");
|
||||
|
|
@ -90,13 +83,13 @@ if (check_token()) {
|
|||
$ret = false;
|
||||
}
|
||||
} elseif (current_action("do_Notify")) {
|
||||
list($ret, $output) = pkgbase_notify($atype, $ids);
|
||||
list($ret, $output) = pkgbase_notify($ids);
|
||||
} elseif (current_action("do_UnNotify")) {
|
||||
list($ret, $output) = pkgbase_notify($atype, $ids, false);
|
||||
list($ret, $output) = pkgbase_notify($ids, false);
|
||||
} elseif (current_action("do_DeleteComment")) {
|
||||
list($ret, $output) = pkgbase_delete_comment($atype);
|
||||
list($ret, $output) = pkgbase_delete_comment();
|
||||
} elseif (current_action("do_ChangeCategory")) {
|
||||
list($ret, $output) = pkgbase_change_category($base_id, $atype);
|
||||
list($ret, $output) = pkgbase_change_category($base_id);
|
||||
} elseif (current_action("do_FileRequest")) {
|
||||
list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']);
|
||||
} elseif (current_action("do_CloseRequest")) {
|
||||
|
|
|
|||
|
|
@ -10,13 +10,7 @@ check_sid();
|
|||
|
||||
html_header(__("Package Deletion"));
|
||||
|
||||
$atype = "";
|
||||
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
}
|
||||
|
||||
if ($atype == "Trusted User" || $atype == "Developer"): ?>
|
||||
if (has_credential(CRED_PKGBASE_DELETE)): ?>
|
||||
<div class="box">
|
||||
<h2><?= __('Delete Package: %s', htmlspecialchars($pkgbase_name)) ?></h2>
|
||||
<p>
|
||||
|
|
|
|||
|
|
@ -10,13 +10,7 @@ check_sid();
|
|||
|
||||
html_header(__("Package Merging"));
|
||||
|
||||
$atype = "";
|
||||
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
}
|
||||
|
||||
if ($atype == "Trusted User" || $atype == "Developer"): ?>
|
||||
if (has_credential(CRED_PKGBASE_DELETE)): ?>
|
||||
<div class="box">
|
||||
<h2><?= __('Merge Package: %s', htmlspecialchars($pkgbase_name)) ?></h2>
|
||||
<p>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ if (isset($base_id)) {
|
|||
$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
|
||||
include('pkgreq_close_form.php');
|
||||
} else {
|
||||
if (!check_user_privileges()) {
|
||||
if (!has_credential(CRED_PKGREQ_LIST)) {
|
||||
header('Location: /');
|
||||
exit();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,12 +14,7 @@ html_header($title);
|
|||
$pp = 10;
|
||||
$prev_Len = 75;
|
||||
|
||||
$atype = "";
|
||||
if (isset($_COOKIE["AURSID"])) {
|
||||
$atype = account_from_sid($_COOKIE["AURSID"]);
|
||||
}
|
||||
|
||||
if ($atype == "Trusted User" || $atype == "Developer") {
|
||||
if (has_credential(CRED_TU_LIST_VOTES)) {
|
||||
|
||||
if (isset($_GET['id'])) {
|
||||
if (is_numeric($_GET['id'])) {
|
||||
|
|
@ -39,7 +34,7 @@ if ($atype == "Trusted User" || $atype == "Developer") {
|
|||
if ($isrunning == 0) {
|
||||
$canvote = 0;
|
||||
$errorvote = __("Voting is closed for this proposal.");
|
||||
} else if ($atype == "Developer") {
|
||||
} else if (!has_credential(CRED_TU_VOTE)) {
|
||||
$canvote = 0;
|
||||
$errorvote = __("Only Trusted Users are allowed to vote.");
|
||||
} else if ($row['User'] == username_from_sid($_COOKIE["AURSID"])) {
|
||||
|
|
|
|||
|
|
@ -6,11 +6,10 @@ include_once('pkgfuncs.inc.php');
|
|||
$SID = $_COOKIE['AURSID'];
|
||||
$pkgname = htmlspecialchars($_GET['N']);
|
||||
$votes = pkgbase_votes_from_name($pkgname);
|
||||
$atype = account_from_sid($SID);
|
||||
|
||||
html_header(__("Voters"));
|
||||
|
||||
if ($atype == 'Trusted User' || $atype== 'Developer'):
|
||||
if (has_credential(CRED_PKGBASE_LIST_VOTERS)):
|
||||
?>
|
||||
|
||||
<div class="box">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue