Mercurial > public > src > phphgadmin

changeset 60:cb20deeded8e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Begin API plugins - none/basic/readonly authentication model in place.
author joshjcarrier
date Sun, 13 Jun 2010 12:38:42 -0700
parents 219de43562aa
children 692c276a5553
files admin/api/api_auth.php admin/api/auth/auth_basic.php admin/api/auth/auth_none.php admin/api/auth/auth_readonly.php admin/application/config/autoload.php admin/application/config/phphgadmin.php admin/application/controllers/hgrepo.php admin/application/controllers/login.php admin/application/helpers/hg_template_helper.php admin/application/helpers/phphgadmin_api_helper.php admin/application/libraries/phphg_Controller.php admin/application/libraries/phphgadmin.php admin/application/views/login.php admin/themes/paper/index.php admin/themes/paper/sidebar.php
diffstat 15 files changed, 134 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/admin/api/api_auth.php	Sun Jun 13 12:38:42 2010 -0700
@@ -0,0 +1,11 @@
+<?php 
+interface API_auth
+{
+	function auth_is_user_authenticated();
+	function auth_user_id();
+	
+	function auth_user_can_view($r_name);
+	function auth_user_can_create($r_name);
+	function auth_user_can_delete($r_name);
+	function auth_user_can_update($r_name);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/admin/api/auth/auth_basic.php	Sun Jun 13 12:38:42 2010 -0700
@@ -0,0 +1,32 @@
+<?php 
+
+class auth_basic implements API_auth
+{
+	function auth_is_user_authenticated()
+	{
+		$authenticated = FALSE;
+		
+//		if($_SERVER['SERVER_NAME'] == 'localhost')
+//		{$authenticated = TRUE; /* AUTH DISABLED */}
+		
+		if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'])
+		{
+			$authenticated = TRUE;
+		}
+		return $authenticated;
+	}
+	
+	function auth_user_id()
+	{
+		if(isset($_SERVER['PHP_AUTH_USER']))
+		{
+			return $_SERVER['PHP_AUTH_USER'];
+		}
+		return '';
+	}
+	
+	function auth_user_can_view($r_name){return $this->auth_is_user_authenticated();}
+	function auth_user_can_create($r_name){return $this->auth_is_user_authenticated();}
+	function auth_user_can_delete($r_name){return $this->auth_is_user_authenticated();}
+	function auth_user_can_update($r_name){return $this->auth_is_user_authenticated();}
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/admin/api/auth/auth_none.php	Sun Jun 13 12:38:42 2010 -0700
@@ -0,0 +1,12 @@
+<?php 
+
+class auth_none implements API_auth
+{
+	function auth_is_user_authenticated(){return true;}
+	function auth_user_id(){return '';}
+	
+	function auth_user_can_view($r_name){return true;}
+	function auth_user_can_create($r_name){return true;}
+	function auth_user_can_delete($r_name){return true;}
+	function auth_user_can_update($r_name){return true;}
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/admin/api/auth/auth_readonly.php	Sun Jun 13 12:38:42 2010 -0700
@@ -0,0 +1,13 @@
+<?php 
+
+class auth_readonly implements API_auth
+{
+	function auth_is_user_authenticated(){return true;}
+	
+	function auth_user_id(){return '';}
+	
+	function auth_user_can_view($r_name){return true;}
+	function auth_user_can_create($r_name){return false;}
+	function auth_user_can_delete($r_name){return false;}
+	function auth_user_can_update($r_name){return false;}
+}
\ No newline at end of file
--- a/admin/application/config/autoload.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/config/autoload.php	Sun Jun 13 12:38:42 2010 -0700
@@ -51,7 +51,7 @@
 |	$autoload['helper'] = array('url', 'file');
 */
 
-$autoload['helper'] = array('language', 'form', 'url', 'hg_template');
+$autoload['helper'] = array('language', 'form', 'url', 'hg_template', 'phphgadmin_api_helper');
 
 
 /*
--- a/admin/application/config/phphgadmin.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/config/phphgadmin.php	Sun Jun 13 12:38:42 2010 -0700
@@ -82,6 +82,13 @@
 $config['global_allow_repo_view'] = true;
 $config['global_allow_repo_delete'] = true;
 
+/*
+ * Authentication mechanism
+ * Valid mechanisms: none, basic, readonly
+ * If blank, 'readonly' will be selected.
+ */
+$config['auth_mode'] = 'none';
+
 /***********************
  * Not recommended to change once deployed beyond this point
  *****************************/
--- a/admin/application/controllers/hgrepo.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/controllers/hgrepo.php	Sun Jun 13 12:38:42 2010 -0700
@@ -76,6 +76,9 @@
 					case HGPHP_OK:
 						$this->load->vars(array('user_msg'=>lang('hgphp_msg_hgrc_save_success')));
 						break;
+					case HGPHP_ERR_PERM_USR:
+						$this->load->vars(array('user_err'=>lang('hgphp_msg_hgwebconf_create_err_permuser')));
+						break;
 					case OFL_ERR_LOCKING:
 						$this->load->vars(array('user_err'=>lang('hgphp_msg_hgrc_save_err_locking') . '<a href="'.site_url('/hgrepo/manage/'.$repositoryName).'" class="ui-state-default ui-corner-all dialog_link"><span class="ui-icon"></span>'.lang('hgphp_action_reload').'</a>'));
 						break;	
@@ -106,6 +109,9 @@
 				case OFL_ERR_NOTEXISTS_OR_PERM: 
 					$this->load->vars(array('user_err'=>lang('hgphp_msg_hgrc_read_err')));
 					break;
+				case HGPHP_ERR_PERM_USR:
+					$this->load->vars(array('user_err'=>lang('hgphp_msg_hgwebconf_create_err_permuser')));
+					break;
 				default:
 					$this->load->vars(array('user_err'=>lang('hgphp_msg_unknown_err') . $hgrc));
 					break;
--- a/admin/application/controllers/login.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/controllers/login.php	Sun Jun 13 12:38:42 2010 -0700
@@ -8,10 +8,11 @@
 	}
 	
 	function index()
-	{
-		$this->template->title('Login', 'Mercurial Repository Manager');
+	{	
+		$this->load->vars(array('title'=>HGPHP_NAME));
+		$this->load->vars(array('pagetype'=>'login'));
 		
-		$this->template->build('login');	
+		$this->render_view();
 	}
 	
 }
--- a/admin/application/helpers/hg_template_helper.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/helpers/hg_template_helper.php	Sun Jun 13 12:38:42 2010 -0700
@@ -42,6 +42,12 @@
 	get_theme_resource('footer.php');
 }
 
+function is_user_authenticated()
+{
+	$ci =& get_instance();
+	return $ci->auth->auth_is_user_authenticated();
+}
+
 function is_directory()
 {
 	return get_phphginfo('pagetype') === 'directory';
@@ -86,10 +92,14 @@
 {
 	$ci =& get_instance();
 	$profiles = $ci->config->item('profile');
-	$profile_arr = array();
-	foreach($profiles as $p_name => $profile)
+	$profiles_arr = array();
+	
+	if($ci->auth->auth_is_user_authenticated())
 	{
-		$profiles_arr[$p_name] = $p_name;
+		foreach($profiles as $p_name => $profile)
+		{
+			$profiles_arr[$p_name] = $p_name;
+		}
 	}
 	return $profiles_arr;
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/admin/application/helpers/phphgadmin_api_helper.php	Sun Jun 13 12:38:42 2010 -0700
@@ -0,0 +1,3 @@
+<?php 
+
+include('api/api_auth.php');
--- a/admin/application/libraries/phphg_Controller.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/libraries/phphg_Controller.php	Sun Jun 13 12:38:42 2010 -0700
@@ -5,6 +5,11 @@
 	function phphg_Controller() {
 		parent :: Controller();
 		
+		// api load
+		$auth_mode = $this->config->item('auth_mode');
+		if(empty($auth_mode)){$auth_mode = 'readonly';}
+		$this->load_api($auth_mode, 'auth');
+		
 		// profile load
 		$prefs_profile = $this->session->userdata('prefs_profile');
 		if(!empty($prefs_profile))
@@ -24,6 +29,16 @@
 		$this->load->vars(array('title'=>HGPHP_NAME, 'theme_name'=>$this->theme_name,'stylesheet_url'=>base_url().'themes/paper/style.css', 'profile'=>$prefs_profile));
 	}
 	
+	function load_api($api_name, $api_type)
+	{
+		$this->load->library('../../api/'.$api_type.'/'.$api_type.'_'.$api_name, null, $api_type);
+	}
+	
+	function run_hooks($hook_name)
+	{
+		
+	}
+	
 	function render_view()
 	{
 		$this->load->view('../../themes/'.$this->theme_name.'/index');
@@ -42,11 +57,9 @@
 	function Private_Controller() {
 		parent :: phphg_Controller();
 		
-		if($_SERVER['SERVER_NAME'] == 'localhost')
-		{return; /* AUTH DISABLED */}
+		$authenticated = $this->auth->auth_is_user_authenticated();
 		
-		if(isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_PW'] 
-			&& !$this->mantis_auth->trustExternal($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
+		if(!$authenticated)
 		{
 			$CI = &get_instance();
 			$CI->load->helper('url');
--- a/admin/application/libraries/phphgadmin.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/application/libraries/phphgadmin.php	Sun Jun 13 12:38:42 2010 -0700
@@ -49,6 +49,11 @@
 	
 	function lsdir()
 	{
+		if(!$this->_ci->auth->auth_is_user_authenticated())
+		{
+			return HGPHP_ERR_PERM_USR;
+		}
+		
 		$webdir = $this->get_profile();
 		
 		if(isset($this->_cache['lsdir']))
@@ -112,13 +117,13 @@
 	 */
 	function stat_repository($r_id)
 	{
-		$profile = $this->get_profile();
-		
 		if(!$this->can_view($r_id))
 		{
 			return HGPHP_ERR_PERM_USR;
 		}
 		
+		$profile = $this->get_profile();
+		
 		if(isset($this->_cache['stat'][$r_id]))
 		{
 			return $this->_cache['lsdir'];
@@ -244,7 +249,7 @@
 	 */
 	function can_create($r_name)
 	{
-		return $this->can_view($r_name) && $this->_ci->config->item('global_allow_repo_create');
+		return $this->_ci->config->item('global_allow_repo_create') && $this->_ci->auth->auth_user_can_create($r_name);
 	}
 	
 	/**
@@ -256,7 +261,7 @@
 	 */
 	function can_update($r_name)
 	{
-		return $this->can_view($r_name) && $this->_ci->config->item('global_allow_repo_update');
+		return $this->_ci->config->item('global_allow_repo_update') && $this->_ci->auth->auth_user_can_update($r_name);
 	}
 	
 	/**
@@ -267,7 +272,7 @@
 	 */
 	function can_view($r_name)
 	{
-		return $this->_ci->config->item('global_allow_repo_view');
+		return $this->_ci->config->item('global_allow_repo_view') && $this->_ci->auth->auth_user_can_view($r_name);
 	}
 	
 	/**
@@ -279,7 +284,7 @@
 	 */
 	function can_delete($r_name)
 	{
-		return $this->can_view($r_name) && $this->_ci->config->item('global_allow_repo_delete');
+		return $this->_ci->config->item('global_allow_repo_delete') && $this->_ci->auth->auth_user_can_delete($r_name);
 	}
 	
 
--- a/admin/application/views/login.php	Sun Jun 13 10:43:09 2010 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-Access denied. Administrative access only.
\ No newline at end of file
--- a/admin/themes/paper/index.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/themes/paper/index.php	Sun Jun 13 12:38:42 2010 -0700
@@ -35,7 +35,8 @@
 <?php endif; ?>
   <tr>
     <td> 
-<?php if(is_directory()): include('repo_directory.php'); ?>
+<?php if(!is_user_authenticated()): echo 'Acess denied.'; ?>
+<?php elseif(is_directory()): include('repo_directory.php'); ?>
 <?php elseif(is_repo_config()): include('repository.php'); ?>
 <?php elseif(is_repo_browser()): include('repo_browse.php'); ?>
 <?php else: echo 'Content unsupported by theme.'; endif;?>
--- a/admin/themes/paper/sidebar.php	Sun Jun 13 10:43:09 2010 -0700
+++ b/admin/themes/paper/sidebar.php	Sun Jun 13 12:38:42 2010 -0700
@@ -6,7 +6,9 @@
 <ul> 
 <li class="active"><a href="<?php echo base_url(); ?>"><?php echo lang('hgphp_title_adminhome'); ?></a></li> 
 <form action="/admin/prefs/profile" method="post">
+<?php if(is_user_authenticated()): ?>
 <?php echo form_dropdown('prefs_profile', user_profiles(), current_profile(), 'onchange="javascript:this.form.submit();"'); ?>
+<?php endif; ?>
 </form>
 <li><a href="<?php echo hgserve_url(); ?>"><?php echo lang('hgphp_title_listingshome'); ?></a></li> 
 </ul>