Mercurial > public > src > phphgadmin

diff admin/application/libraries/hgphp.php @ 23:6f38dd98ff78

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
View and update permission checks (all permissions default to true atm)
author joshjcarrier
date Sat, 15 May 2010 15:47:59 -0700
parents 51f6d4415b09
children 26ff1899349f
line wrap: on
line diff
--- a/admin/application/libraries/hgphp.php	Sat May 15 15:30:50 2010 -0700
+++ b/admin/application/libraries/hgphp.php	Sat May 15 15:47:59 2010 -0700
@@ -123,12 +123,6 @@
 				$create_status = $this->create_repository_dir($r_name, $hg_lock_hgrc);
 			}
 		}
-		// TODO repair missing directory?
-		else if($lsdir[$r_name]['status'] == HGPHP_REPO_STATUS_MISSING)
-		{
-			$create_status = -100;
-			//$this->template->inject_partial('user_msg', 'Repository "'. $r_name .'" RESTORE.');
-		}
 		else
 		{
 			// repository already exists
@@ -147,6 +141,11 @@
 	 */
 	function update_repository($r_name, $hgrc_data, &$ofl_lock_hgrc)
 	{
+		if(!$this->can_update($r_name))
+		{
+			return HGPHP_ERR_PERM_USR;
+		}
+		
 		return $this->_ci->hgconf2ini->setHGRC($r_name, $hgrc_data, $ofl_lock_hgrc);
 	}
 	
@@ -191,8 +190,8 @@
 				// existing filesystem is not missing, thus needs to be deleted
 				if($lsdir[$r_name]['status'] != HGPHP_REPO_STATUS_MISSING)
 				{
-					// FIXME ofl lock?
-					$del_status = $this->_ci->hgconf2ini->unlinkHGRC($r_name, $ofl_lock);
+					// unregister hgrc from transaction manager to keep index small
+					$del_status = $this->_ci->hgconf2ini->unlinkHGRC($r_name);
 					
 					if($del_status == HGPHP_OK)
 					{
@@ -217,31 +216,60 @@
 	 */
 	function stat_repository($r_name, &$ofl_lock_hgrc)
 	{
-		// FIXME permission check 
+		if(!$this->can_view($r_name))
+		{
+			return HGPHP_ERR_PERM_USR;
+		}
+		
 		return $this->_ci->hgconf2ini->getHGRC($r_name, $ofl_lock_hgrc);
 	}
 	 
 
 	/**
 	 * can_create
-	 * Checks if user has permissions to create this repository
+	 * Checks if user has permissions to create this repository.
+	 * Requires view permission.
 	 * @param r_name name of repository wanting to be created
 	 * @return true if allowed
 	 */
 	function can_create($r_name)
 	{
-		return $this->_hgwebconf_allow_repo_create;
+		return can_view($r_name) && $this->_hgwebconf_allow_repo_create;
+	}
+	
+	/**
+	 * can_update
+	 * Checks if user has permissions to update this repository
+	 * Requires view permission.
+	 * @param r_name name of repository wanting to be updated
+	 * @return true if allowed
+	 */
+	function can_update($r_name)
+	{
+		return can_view($r_name) && $this->_hgwebconf_allow_repo_update;
+	}
+	
+	/**
+	 * can_create
+	 * Checks if user has permissions to view this repository
+	 * @param r_name name of repository wanting to be created
+	 * @return true if allowed
+	 */
+	function can_view($r_name)
+	{
+		return $this->_hgwebconf_allow_repo_view;
 	}
 	
 	/**
 	 * can_delete
 	 * Checks if user has permissions to delete this repository
+	 * Requires view permission.
 	 * @param r_name name of repository wanting to be deleted
 	 * @return true if allowed
 	 */
 	function can_delete($r_name)
 	{
-		return $this->_hgwebconf_allow_repo_delete;
+		return can_view($r_name) && $this->_hgwebconf_allow_repo_delete;
 	}
 	 
 	/**