Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Changes In Branch eradicate-d-cap Excluding Merge-Ins
This is equivalent to a diff from 3941824d85 to 8059b9cac1
|
2020-03-13
| ||
| 20:38 | Remove the 'd' capability, which has never been used. ... (check-in: 1274054036 user: drh tags: trunk) | |
|
2020-03-12
| ||
| 18:17 | Repurposed the check for "d" cap in the Security Audit page to warn that it should be removed from use. It checks the anonymous, developer, and reader users for it only, not any one-off uses. It also doesn't check Setup or Admin, but presumably whatever we reuse "d" for in the future will be granted to them by default. ... (Closed-Leaf check-in: 8059b9cac1 user: wyoung tags: eradicate-d-cap) | |
| 18:03 | Added comments and documentation for the removal of d cap. ... (check-in: 7454cce841 user: wyoung tags: eradicate-d-cap) | |
| 17:02 | Removed the favicon byte array added in support of the /favicon.ico URL handler. It's unused since [81b3ce3a1350eaa9], when that page began serving a GIF and now gets the same data from the aLogo byte array. ... (check-in: 1b63f6894f user: wyoung tags: trunk) | |
| 16:56 | An extension of [3941824d] to remove all mention of 'd' capability from the code, not just ifdef or comment it out. Also removes it from the docs and from the default capability set for Developer, dei -> ei. ... (check-in: 55a7643938 user: wyoung tags: eradicate-d-cap) | |
| 10:50 | Omit the 'd' capability (the ability to delete wiki and tickets). This capability does not do anything. Apparently, it is a hold-over from the old CVSTrac code. ... (check-in: 3941824d85 user: drh tags: trunk) | |
| 00:57 | Fix a long-standing error in a printf() specification on the /artifact_stats page that only caused problems when compiling on 32-bit windows using mingw32. ... (check-in: afb4f74808 user: drh tags: trunk) | |
Changes to src/capabilities.c.
| ︙ | ︙ | |||
240 241 242 243 244 245 246 |
} aCap[] = {
{ 'a', CAPCLASS_SUPER, 0,
"Admin", "Create and delete users" },
{ 'b', CAPCLASS_WIKI|CAPCLASS_TKT, 0,
"Attach", "Add attchments to wiki or tickets" },
{ 'c', CAPCLASS_TKT, 0,
"Append-Tkt", "Append to existing tickets" },
| | | | < > | 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 |
} aCap[] = {
{ 'a', CAPCLASS_SUPER, 0,
"Admin", "Create and delete users" },
{ 'b', CAPCLASS_WIKI|CAPCLASS_TKT, 0,
"Attach", "Add attchments to wiki or tickets" },
{ 'c', CAPCLASS_TKT, 0,
"Append-Tkt", "Append to existing tickets" },
/*
** d unused since fork from CVSTrac;
** see https://fossil-scm.org/forum/forumpost/43c78f4bef
*/
{ 'e', CAPCLASS_DATA, 0,
"View-PII", "View sensitive info such as email addresses" },
{ 'f', CAPCLASS_WIKI, 0,
"New-Wiki", "Create new wiki pages" },
{ 'g', CAPCLASS_DATA, 0,
"Clone", "Clone the repository" },
{ 'h', CAPCLASS_OTHER, 0,
|
| ︙ | ︙ |
Changes to src/db.c.
| ︙ | ︙ | |||
2072 2073 2074 2075 2076 2077 2078 |
if( !setupUserOnly ){
db_multi_exec(
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
" VALUES('anonymous',hex(randomblob(8)),'hmnc','Anon');"
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
" VALUES('nobody','','gjorz','Nobody');"
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
| | | 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 |
if( !setupUserOnly ){
db_multi_exec(
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
" VALUES('anonymous',hex(randomblob(8)),'hmnc','Anon');"
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
" VALUES('nobody','','gjorz','Nobody');"
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
" VALUES('developer','','ei','Dev');"
"INSERT OR IGNORE INTO user(login,pw,cap,info)"
" VALUES('reader','','kptw','Reader');"
);
}
}
/*
|
| ︙ | ︙ |
Changes to src/json.c.
| ︙ | ︙ | |||
1896 1897 1898 1899 1900 1901 1902 | db_finalize(&q); cson_object_set( obj, "permissionFlags", sub ); obj = cson_value_get_object(sub); #define ADD(X,K) cson_object_set(obj, K, cson_value_new_bool(g.perm.X)) ADD(Setup,"setup"); ADD(Admin,"admin"); | < | 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 | db_finalize(&q); cson_object_set( obj, "permissionFlags", sub ); obj = cson_value_get_object(sub); #define ADD(X,K) cson_object_set(obj, K, cson_value_new_bool(g.perm.X)) ADD(Setup,"setup"); ADD(Admin,"admin"); ADD(Password,"password"); ADD(Query,"query"); /* don't think this one is actually used */ ADD(Write,"checkin"); ADD(Read,"checkout"); ADD(Hyperlink,"history"); ADD(Clone,"clone"); ADD(RdWiki,"readWiki"); |
| ︙ | ︙ |
Changes to src/login.c.
| ︙ | ︙ | |||
1225 1226 1227 1228 1229 1230 1231 |
switch( zCap[i] ){
case 's': p->Setup = 1; /* Fall thru into Admin */
case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip =
p->RdWiki = p->WrWiki = p->NewWiki =
p->ApndWiki = p->Hyperlink = p->Clone =
p->NewTkt = p->Password = p->RdAddr =
p->TktFmt = p->Attach = p->ApndTkt =
| | < | 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 |
switch( zCap[i] ){
case 's': p->Setup = 1; /* Fall thru into Admin */
case 'a': p->Admin = p->RdTkt = p->WrTkt = p->Zip =
p->RdWiki = p->WrWiki = p->NewWiki =
p->ApndWiki = p->Hyperlink = p->Clone =
p->NewTkt = p->Password = p->RdAddr =
p->TktFmt = p->Attach = p->ApndTkt =
p->ModWiki = p->ModTkt =
p->RdForum = p->WrForum = p->ModForum =
p->WrTForum = p->AdminForum =
p->EmailAlert = p->Announce = p->Debug = 1;
/* Fall thru into Read/Write */
case 'i': p->Read = p->Write = 1; break;
case 'o': p->Read = 1; break;
case 'z': p->Zip = 1; break;
case 'h': p->Hyperlink = 1; break;
case 'g': p->Clone = 1; break;
case 'p': p->Password = 1; break;
case 'j': p->RdWiki = 1; break;
case 'k': p->WrWiki = p->RdWiki = p->ApndWiki =1; break;
case 'm': p->ApndWiki = 1; break;
|
| ︙ | ︙ | |||
1318 1319 1320 1321 1322 1323 1324 |
FossilUserPerms *p = (flgs & LOGIN_ANON) ? &g.anon : &g.perm;
if( nCap<0 ) nCap = strlen(zCap);
for(i=0; i<nCap && rc && zCap[i]; i++){
switch( zCap[i] ){
case 'a': rc = p->Admin; break;
case 'b': rc = p->Attach; break;
case 'c': rc = p->ApndTkt; break;
| | | 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 |
FossilUserPerms *p = (flgs & LOGIN_ANON) ? &g.anon : &g.perm;
if( nCap<0 ) nCap = strlen(zCap);
for(i=0; i<nCap && rc && zCap[i]; i++){
switch( zCap[i] ){
case 'a': rc = p->Admin; break;
case 'b': rc = p->Attach; break;
case 'c': rc = p->ApndTkt; break;
/* d unused: see comment in capabilities.c */
case 'e': rc = p->RdAddr; break;
case 'f': rc = p->NewWiki; break;
case 'g': rc = p->Clone; break;
case 'h': rc = p->Hyperlink; break;
case 'i': rc = p->Write; break;
case 'j': rc = p->RdWiki; break;
case 'k': rc = p->WrWiki; break;
|
| ︙ | ︙ |
Changes to src/main.c.
| ︙ | ︙ | |||
76 77 78 79 80 81 82 |
/*
** Holds flags for fossil user permissions.
*/
struct FossilUserPerms {
char Setup; /* s: use Setup screens on web interface */
char Admin; /* a: administrative permission */
| < | 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
/*
** Holds flags for fossil user permissions.
*/
struct FossilUserPerms {
char Setup; /* s: use Setup screens on web interface */
char Admin; /* a: administrative permission */
char Password; /* p: change password */
char Query; /* q: create new reports */
char Write; /* i: xfer inbound. check-in */
char Read; /* o: xfer outbound. check-out */
char Hyperlink; /* h: enable the display of hyperlinks */
char Clone; /* g: clone */
char RdWiki; /* j: view wiki via web */
|
| ︙ | ︙ |
Changes to src/security_audit.c.
| ︙ | ︙ | |||
92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
**
** This page requires administrator access. It is usually
** accessed using the Admin/Security-Audit menu option
** from any of the default skins.
*/
void secaudit0_page(void){
const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */
const char *zPubPages; /* GLOB pattern for public pages */
const char *zSelfCap; /* Capabilities of self-registered users */
int hasSelfReg = 0; /* True if able to self-register */
char *z;
int n;
CapabilityString *pCap;
char **azCSP; /* Parsed content security policy */
| > > | 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
**
** This page requires administrator access. It is usually
** accessed using the Admin/Security-Audit menu option
** from any of the default skins.
*/
void secaudit0_page(void){
const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */
const char *zDevCap; /* Capabilities of user group "developer" */
const char *zReadCap; /* Capabilities of user group "reader" */
const char *zPubPages; /* GLOB pattern for public pages */
const char *zSelfCap; /* Capabilities of self-registered users */
int hasSelfReg = 0; /* True if able to self-register */
char *z;
int n;
CapabilityString *pCap;
char **azCSP; /* Parsed content security policy */
|
| ︙ | ︙ | |||
114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
/* Step 1: Determine if the repository is public or private. "Public"
** means that any anonymous user on the internet can access all content.
** "Private" repos require (non-anonymous) login to access all content,
** though some content may be accessible anonymously.
*/
zAnonCap = db_text("", "SELECT fullcap(NULL)");
zPubPages = db_get("public-pages",0);
hasSelfReg = db_get_boolean("self-register",0);
pCap = capability_add(0, db_get("default-perms",0));
capability_expand(pCap);
zSelfCap = capability_string(pCap);
capability_free(pCap);
if( hasAnyCap(zAnonCap,"as") ){
| > > | 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
/* Step 1: Determine if the repository is public or private. "Public"
** means that any anonymous user on the internet can access all content.
** "Private" repos require (non-anonymous) login to access all content,
** though some content may be accessible anonymously.
*/
zAnonCap = db_text("", "SELECT fullcap(NULL)");
zDevCap = db_text("", "SELECT fullcap('v')");
zReadCap = db_text("", "SELECT fullcap('u')");
zPubPages = db_get("public-pages",0);
hasSelfReg = db_get_boolean("self-register",0);
pCap = capability_add(0, db_get("default-perms",0));
capability_expand(pCap);
zSelfCap = capability_string(pCap);
capability_free(pCap);
if( hasAnyCap(zAnonCap,"as") ){
|
| ︙ | ︙ | |||
276 277 278 279 280 281 282 |
@ forum posts. This defeats the whole purpose of moderation.
@ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum"
@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
@ from users "anonymous" and "nobody"
@ on the <a href="setup_ulist">User Configuration</a> page.
}
| < | < | > > | > | < | > | 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 |
@ forum posts. This defeats the whole purpose of moderation.
@ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum"
@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
@ from users "anonymous" and "nobody"
@ on the <a href="setup_ulist">User Configuration</a> page.
}
/* Obsolete: */
if( hasAnyCap(zAnonCap, "d") ||
hasAnyCap(zDevCap, "d") ||
hasAnyCap(zReadCap, "d") ){
@ <li><p><b>WARNING:</b>
@ One or more users has the <a
@ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">obsolete</a>
@ "d" capability. You should remove it using the
@ <a href="setup_ulist">User Configuration</a> page in case we
@ ever reuse the letter for another purpose.
}
/* If anonymous users are allowed to create new Wiki, then
** wiki moderation should be activated to pervent spam.
*/
if( hasAnyCap(zAnonCap, "fk") ){
if( db_get_boolean("modreq-wiki",0)==0 ){
|
| ︙ | ︙ |
Changes to www/caps/index.md.
| ︙ | ︙ | |||
63 64 65 66 67 68 69 | category. Fossil shows how these capabilities apply hierarchically in the user editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]` tags next to each capability check box. If a user gets a capability from one of the user categories already assigned to it, there is no value in redundantly assigning that same cap to the user explicitly. For example, | | | | 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | category. Fossil shows how these capabilities apply hierarchically in the user editing screen (Admin → Users → name) with the `[N]` `[A]` `[D]` `[R]` tags next to each capability check box. If a user gets a capability from one of the user categories already assigned to it, there is no value in redundantly assigning that same cap to the user explicitly. For example, with the default **ei** cap set for the “developer” category, the cap set **ve** is redundant because **v** grants **ei**, which includes **e**. We suggest that you lean heavily on these fixed user categories when setting up new users. Ideally, your users will group neatly into one of the predefined categories, but if not, you might be able to shoehorn them into our fixed scheme. For example, the administrator of a wiki-only Fossil repo for non-developers could treat the “developer” |
| ︙ | ︙ | |||
149 150 151 152 153 154 155 | **[k][k][p][p][t][t][w][w]** caps to those granted by “nobody” and “anonymous”. This category is not well-named, because the default caps are all about modifying repository content: edit existing wiki pages, change one’s own password, create new ticket report formats, and modify existing tickets. This category would be better named “participant”. Those in the “developer” category get the “nobody” and “anonymous” cap | | | | 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 | **[k][k][p][p][t][t][w][w]** caps to those granted by “nobody” and “anonymous”. This category is not well-named, because the default caps are all about modifying repository content: edit existing wiki pages, change one’s own password, create new ticket report formats, and modify existing tickets. This category would be better named “participant”. Those in the “developer” category get the “nobody” and “anonymous” cap sets plus **[e][e][i][i]**: view sensitive user material and check in changes. [bot]: ../antibot.wiki ## <a name="pvt"></a>Consequences of Taking a Repository Private When you click Admin → Security-Audit → “Take it private,” one of the |
| ︙ | ︙ |
Changes to www/caps/ref.html.
| ︙ | ︙ | |||
71 72 73 74 75 76 77 |
<td>
Append comments to existing tickets. Mnemonic: <b>c</b>omment.
</td>
</tr>
<tr id="d">
<th>d</th>
| | | > > > > > > > > | | 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
<td>
Append comments to existing tickets. Mnemonic: <b>c</b>omment.
</td>
</tr>
<tr id="d">
<th>d</th>
<th>n/a</th>
<td>
Legacy capability letter from Fossil's forebear <a
href="http://cvstrac.org/">CVSTrac</a>, which has no useful
meaning in Fossil due to its durable blockchain nature. This
letter was assigned by default to Developer in repos created with
Fossil 2.10 or earlier, but it has no effect in current or past
versions of Fossil; we recommend that you remove it in case we
ever reuse this letter for another purpose. See <a
href="https://fossil-scm.org/forum/forumpost/43c78f4bef">this
post</a> for details.
</td>
</tr>
<tr id="e">
<th>e</th>
<th>RdAddr</th>
<td>
View <a
href="https://en.wikipedia.org/wiki/Personal_data">personal
|
| ︙ | ︙ |