merge from branch

createAccessFiles.php

@@ -51,6 +51,7 @@
 
 if( $rightAllowed == "none" ) {
 
+	db_log( $SESSID_USERNAME, "tried to use createAccessFiles without permission", $dbh );
 	db_disconnect( $dbh );
 	header( "Location: nopermission.php" );
 	exit;

deleteAccessRight.php

@@ -54,6 +54,7 @@
 
 	} else {
 
+		db_log( $SESSID_USERNAME, "tried to use deleteAccessRight without permission", $dbh );
 		db_disconnect( $dbh );
 		header( "Location: nopermission.php" );
 		exit;

deleteGroup.php

@@ -52,6 +52,7 @@
 
 	$tGroupsAllowed							= db_check_group_acl( $_SESSION['svn_sessid']['username'], $dbh );
 	if(count($tGroupsAllowed) == 0 ) {
+		db_log( $SESSID_USERNAME, "tried to use deleteGroup without permission", $dbh );
 		db_disconnect( $dbh );
 		header( "Location: nopermission.php" );
 		exit;
@@ -75,7 +76,8 @@
 	$schema									= db_determine_schema();
 
 	if( ($rightAllowed != "delete") and ($tId != "" ) and (! array_key_exists( $tId, $tGroupsAllowed ) ) ) {
-
+
+		db_log( $SESSID_USERNAME, "tried to use deleteGroup without permission", $dbh );
 		db_disconnect( $dbh );
 		header( "Location: nopermission.php" );
 		exit;

deleteGroupAccessRight.php

@@ -59,6 +59,7 @@
 
 if( $rightAllowed != "delete" ) {
 
+	db_log( $SESSID_USERNAME, "tried to use deleteGroupAccessRight without permission", $dbh );
 	db_disconnect( $dbh );
 	header( "Location: nopermission.php" );
 	exit;

deleteProject.php

@@ -52,6 +52,7 @@
 
 if( $rightAllowed != "delete" ) {
 
+	db_log( $SESSID_USERNAME, "tried to use deleteProject without permission", $dbh );
 	db_disconnect( $dbh );
 	header( "Location: nopermission.php" );
 	exit;

deleteRepo.php

@@ -49,6 +49,7 @@
 
 if( $rightAllowed != "delete" ) {
 
+	db_log( $SESSID_USERNAME, "tried to use deleteProject without permission", $dbh );
 	db_disconnect( $dbh );
 	header( "Location: nopermission.php" );
 	exit;

deleteUser.php

@@ -51,6 +51,7 @@
 
 if( $rightAllowed != "delete" ) {
 
+	db_log( $SESSID_USERNAME, "tried to use deleteUser without permission", $dbh );
 	db_disconnect( $dbh );
 	header( "Location: nopermission.php" );
 	exit;

general.php

@@ -38,6 +38,133 @@
 require_once ("$installBase/include/functions.inc.php");
 include_once ("$installBase/include/output.inc.php");
 
+function getGroupsForUser( $tUserId, $dbh ) {
+
+	global $CONF;
+
+	$schema				= db_determine_schema();
+	$tGroups			= array();
+	$query				= "SELECT * ".
+						  "  FROM ".$schema."svngroups, ".$schema."svn_users_groups ".
+						  " WHERE (svn_users_groups.user_id = '$tUserId') ".
+						  "   AND (svn_users_groups.group_id = svngroups.id) ".
+						  "   AND (svngroups.deleted = '00000000000000') ".
+						  "   AND (svn_users_groups.deleted = '00000000000000')";
+	$result				= db_query( $query, $dbh );
+
+	while( $row = db_assoc( $result['result'] ) ) {
+
+		$tGroups[]		= $row;
+
+	}
+
+	return( $tGroups );
+}
+
+function getProjectResponsibleForUser( $tUserId, $dbh ) {
+
+	global $CONF;
+
+	$schema				= db_determine_schema();
+	$tProjects			= array();
+	$query				= "SELECT svnmodule, reponame ".
+						  "  FROM ".$schema."svnprojects, ".$schema."svn_projects_responsible, ".$schema."svnrepos ".
+						  " WHERE (svn_projects_responsible.user_id = '$tUserId') ".
+						  "   AND (svn_projects_responsible.deleted = '00000000000000') ".
+						  "   AND (svn_projects_responsible.project_id = svnprojects.id) ".
+						  "   AND (svnprojects.deleted = '00000000000000') ".
+						  "   AND (svnprojects.repo_id = svnrepos.id) ".
+						  "   AND (svnrepos.deleted = '00000000000000') ".
+						  "ORDER BY svnmodule ASC";
+	$result				= db_query( $query, $dbh );
+
+	while( $row = db_assoc( $result['result'] ) ) {
+
+		$tProjects[]	= $row;
+
+	}
+
+	return( $tProjects );
+}
+
+function getAccessRightsForUser( $tUserId, $tGroups, $dbh ) {
+
+	global $CONF;
+
+	if( isset( $CONF['repoPathSortOrder']) ) {
+		$pathSort		= $CONF['repoPathSortOrder'];
+  	} else {
+		$pathSort		= "ASC";
+	}
+
+	$schema				= db_determine_schema();
+	$tAccessRights		= array();
+	$curdate			= strftime( "%Y%m%d" );
+	$query				= "  SELECT svnmodule, modulepath, reponame, path, user_id, group_id, access_right, repo_id " .
+						  "    FROM ".$schema."svn_access_rights, ".$schema."svnprojects, ".$schema."svnrepos " .
+						  "   WHERE (svn_access_rights.deleted = '00000000000000') " .
+						  "     AND (svn_access_rights.valid_from <= '$curdate') " .
+						  "     AND (svn_access_rights.valid_until >= '$curdate') " .
+						  "     AND (svn_access_rights.project_id = svnprojects.id) ";
+	if( count( $tGroups ) > 0 ) {
+		$query			.="     AND ((svn_access_rights.user_id = $tUserId) ";
+		foreach( $tGroups as $entry ) {
+			$query		.="    OR (svn_access_rights.group_id = ".$entry['group_id'].") ";
+		}
+		$query			.="       ) ";
+	} else {
+		$query			.="     AND (svn_access_rights.user_id = $tUserId) ";
+	}
+	$query				.="     AND (svnprojects.repo_id = svnrepos.id) " .
+						  "ORDER BY svnrepos.reponame ASC, svnprojects.svnmodule ASC, svn_access_rights.path $pathSort";
+
+	$result				= db_query( $query, $dbh );
+
+	while( $row = db_assoc( $result['result'] ) ) {
+
+		if( ($row['user_id'] != 0) and ($row['group_id'] != 0) ) {
+			$row['access_by']	= _("user id + group id");
+		} elseif( $row['group_id'] != 0 ) {
+			$row['access_by']	= _("group id");
+		} elseif( $row['user_id'] != 0 ) {
+			$row['access_by']	= _("user id");
+		} else {
+			$row['access_by']	= " ";
+		}
+		$tAccessRights[]= $row;
+	}
+
+	return( $tAccessRights );
+} 
+
+function getUserData( $tUserId, $dbh ) {
+
+	global $CONF;
+
+	$schema				= db_determine_schema();
+	$query				= "SELECT * ".
+						  "  FROM ".$schema."svnusers ".
+						  " WHERE (id = $tUserId)";
+	$result				= db_query( $query, $dbh );
+	$row				= db_assoc( $result['result'] );
+
+	return( $row );
+}
+
+function getGroupData( $tGroupId, $dbh ) {
+
+	global $CONF;
+
+	$schema				= db_determine_schema();
+	$query				= "SELECT * ".
+						  "  FROM ".$schema."svngroups ".
+						  " WHERE (id = $tGroupId)";
+	$result				= db_query( $query, $dbh );
+	$row				= db_assoc( $result['result'] );
+
+	return( $row );
+}
+
 initialize_i18n();
 
 $SESSID_USERNAME 							= check_session ();
@@ -69,6 +196,12 @@
 		$tLocked			= $row['locked'] == 0 ? _("no" ) : _( "yes" );
 		$tSecurityQuestion	= $row['securityquestion'];
 		$tAnswer			= $row['securityanswer'];
+		$tPasswordExpires	= $row['passwordexpires'] == 1 ? _("Yes") : _("No");
+
+		$tUserId							= db_getIdByUserid( $SESSID_USERNAME, $dbh );
+		$tGroups							= getGroupsForUser( $tUserId, $dbh );
+		$tAccessRights						= getAccessRightsForUser( $tUserId, $tGroups, $dbh );
+		$tProjects							= getProjectResponsibleForUser( $tUserId, $dbh );
 
 		$_SESSION['svn_sessid']['userid']		= $row['id'];
 

include/db-functions-adodb.inc.php

@@ -260,7 +260,7 @@ function db_query ($query, $link, $limit=-1, $offset=-1) {
 
 	} catch( exception $e ) {
 
-		error_log( "ERROR: ",print_r($e, true));
+		#error_log( "ERROR: ".print_r($e, true));
 
 		$_SESSION['svn_sessid']['dberror']		= $e->msg;
       	$_SESSION['svn_sessid']['dbquery']		= $query;
@@ -834,10 +834,37 @@ function db_getGroupById ($id, $link) {
 
 
 
+//
+// db_getRightName
+// Action: get name for a right
+// Call: db_getRightName(string id, resource link)
+//
+function db_getRightName( $id, $link ) {
+
+	global $CONF;
+
+	$schema						= db_determine_schema();
+
+	$query						= "SELECT right_name ".
+								  "  FROM rights ".
+								  " WHERE (id = $id) ".
+								  "   AND (deleted = '00000000000000')";
+	$result						= db_query( $query, $link );
+	if( $result['rows'] == 1 ) {
+		$row					= db_assoc( $result['result'] );
+		return( $row['right_name'] );
+	} else {
+		return( "undefined" );
+	}
+
+}
+
+
+
 //
 // db_getRightData
 // Action: get data for access right
-// Call: db_getRightdata(string is, resource link)
+// Call: db_getRightData(string id, resource link)
 //
 function db_getRightData( $id, $link ) {
 
@@ -886,6 +913,60 @@ function db_getRightData( $id, $link ) {
 
 
 
+//
+// db_check_global_admin
+// Action: check if an user is an global admin
+// Call: db_check_global_admin( string username, resource link )
+//
+function db_check_global_admin( $username, $link ) {
+
+	global $CONF;
+
+	$schema							= db_determine_schema();
+	$ret							= false;
+	$query							= "SELECT superadmin ".
+									  "  FROM ".$schema."svnusers ".
+									  " WHERE (deleted = '00000000000000') ".
+									  "   AND (userid = '$username')";
+	$result							= db_query( $query, $link );
+	if( $result['rows'] > 0 ) {
+		$row    					= db_assoc( $result['result'] );
+		$ret 						= strtolower($row['superadmin']) == 1 ? true : false;
+		return( $ret );
+	} else {
+		return false;
+	}
+}
+
+
+
+//
+// db_check_global_admin_by_id
+// Action: check if an user is an global admin
+// Call: db_check_global_admin_by_id( string id, resource link )
+//
+function db_check_global_admin_by_id( $id, $link ) {
+
+	global $CONF;
+
+	$schema							= db_determine_schema();
+	$ret							= false;
+	$query							= "SELECT superadmin ".
+									  "  FROM ".$schema."svnusers ".
+									  " WHERE (deleted = '00000000000000') ".
+									  "   AND (id = $id)";
+	$result							= db_query( $query, $link );
+	if( $result['rows'] > 0 ) {
+		$row    					= db_assoc( $result['result'] );
+		$ret						= strtolower($row['superadmin']) == 1 ? true : false;
+		return( $ret );
+	} else {
+		return false;
+	}
+}
+
+
+
 //
 // db_check_acl
 // Action: check if user has permission to do something

install/help_texts.sql

@@ -35,4 +35,5 @@ INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`,
 INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`, `helptext_en`) VALUES(38, 'workongroup', 'Add or edit group', 'Gruppe hinzufügen oder ändern', 'Eine gruppe muss einen eindeutigen Namen, eine Beschreibung und mindestens ein Mitglied haben. wenn die gruppe keine Mitglieder mehr hat, muss sie gelöscht werden.', 'A group must have an unique name, a description and at least one member. If the group will have no more members, you have to delete the group.');
 INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`, `helptext_en`) VALUES(39, 'workongroupaccessright', 'workongroupaccessright', 'workongroupaccessright', 'Wählen Sie den Benutzer und das Recht, das dem Benutzer gewährt werden soll aus.\r\nDas Löschen recht schließt das Recht editieren und lesen ein. Das Editieren Recht erlaubt das lesen und ändern der Gruppe. Das Leserecht erlaubt dem Benutzer nur, die Gruppe anzusehen.', 'Select the user ans the right you want to grant to the user.\r\nThe delete right includes edit and read permission, edit includes the permission to read and edit the group. Read permissions only allows the user to see the group.');
 INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`, `helptext_en`) VALUES(40, 'workonproject', 'Project administration', 'Projekte administrieren', 'Ein Subversion Projekt braucht einen eindeutigen Namen. Daneben muss der Modulpfad innerhalb des Repositories angegeben und das Repository ausgewählt werden.Jedes Projket muss mindestens einen verantwortlichen Benutzer haben.', 'A subversion project needs an unique name. The path within the subversion repository must be entered and the repostirory must be selected too. Each project must have at least on responsible user.');
-INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`, `helptext_en`) VALUES(41, 'workonrepo', 'Add or edit repository', 'Rebository hinzufügen oder ändern', 'Ein Repository benötigt einen eindeutigen Namen und einen Pfad. Der Pfad kann mit file:// beginnen, wenn der SVN Access Manager auf derselben Maschine läuft auf der auch die Repositories liegen. In dem Fall werden weder Benutzername noch Passwort für den Repository Zugriff benötigt.\r\nEin Repository kann direkt aus dem SVN Access Manager angelegt werden. Das funktioniert nur, wenn die Repositories auf demselben Server liegen auf dem auch der SVN Access Manager läuft. Wenn selinux verwendet wird, müssen es die selinux Regeln dem Webserver gestatten, Repositories anzulegen.\r\nBenutzen Sie ''/'' als Pfad Trennzeichen auf Windows Systemen. Sie müssen einen Repository Pfad z. B. wie folgt schreiben: file:///c:/svn/testrepo', 'A repository needs an unique name and a path. The path can start with file:// if SVN Access Manager is running on the same host as the repositories are located on. In this case no username and password are needed for the repository access. Otherwiese you will need the credentials to access the repository.\r\nA reposirory can be created directly from SVN Access Manager. This only works if SVN Access Manager is running on the same host as the repositories are located on and in case of selinux usage the selinux rules permit the webserver to create the repository.\r\nUse ''/'' as path separator on Windows systems. You must write down a repository path e. g. like this: file:///c:/svn/testrepo');
+INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`, `helptext_en`) VALUES(41, 'workonrepo', 'Add or edit repository', 'Rebository hinzufügen oder ändern', 'Ein Repository benötigt einen eindeutigen Namen und einen Pfad. Der Pfad kann mit file:// beginnen, wenn der SVN Access Manager auf derselben Maschine läuft auf der auch die Repositories liegen. In dem Fall werden weder Benutzername noch Passwort für den Repository Zugriff benötigt.\r\nEin Repository kann direkt aus dem SVN Access Manager angelegt werden. Das funktioniert nur, wenn die Repositories auf demselben Server liegen auf dem auch der SVN Access Manager läuft. Wenn selinux verwendet wird, müssen es die selinux Regeln dem Webserver gestatten, Repositories anzulegen.\r\nBenutzen Sie ''/'' als Pfad Trennzeichen auf Windows Systemen. Sie müssen einen Repository Pfad z. B. wie folgt schreiben: file:///c:/svn/testrepo', 'A repository needs an unique name and a path. The path can start with file:// if SVN Access Manager is running on the same host as the repositories are located on. In this case no username and password are needed for the repository access. Otherwiese you will need the credentials to access the repository.\r\nA reposirory can be created directly from SVN Access Manager. This only works if SVN Access Manager is running on the same host as the repositories are located on and in case of selinux usage the selinux rules permit the webserver to create the repository.\r\nUse ''/'' as path separator on Windows systems. You must write down a repository path e. g. like this: file:///c:/svn/testrepo');
+INSERT INTO `help` (`id`, `topic`, `headline_en`, `headline_de`, `helptext_de`, `helptext_en`) VALUES(42, 'bulkaddldapusers', 'Bulk add LDAP users', 'Hinzufügen vieler LDAP Benutzer', 'Alle ausgewählten Benutzer werden in die Benutzertabelle der Datenbank eingetragen. Name, Vorname, Emailadresse, und Benutzerkennung werden aus dem LDAP Ÿbernommen. Das globale Repository Zugriffsrecht wird gemäß der Auswahl gesetzt. Alle Benutzer erhalten dasselbe Recht!', 'All selected users will be added to the users table of the database. Name, givenname, email address and userid are taken from LDAP. The global repository access right is set accordingly to your selection. All users will get the same right! ');