Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Only allow users with appropriate privileges to see private and phantom artifacts in the /bloblist report. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
7b6b567155e4ec3b1c8b888abf2a8bd9 |
| User & Date: | drh 2020-04-12 23:25:55.833 |
Context
|
2020-04-12
| ||
| 23:29 | The admin can see private artifacts in /bloblist even if they do not have the Private ('x') permission. check-in: 648bc30531 user: drh tags: trunk | |
| 23:25 | Only allow users with appropriate privileges to see private and phantom artifacts in the /bloblist report. check-in: 7b6b567155 user: drh tags: trunk | |
| 23:10 | On the /bloblist webpage, enhance the "published" display and add the ability to display phantom artifacts. (A phantom is an artifact whose content is unknown.) check-in: ea83cdad1d user: drh tags: trunk | |
Changes
Changes to src/name.c.
| ︙ | ︙ | |||
1133 1134 1135 1136 1137 1138 1139 |
);
while( db_step(&q)==SQLITE_ROW ){
if( zLabel ){
fossil_print("%s\n", zLabel);
zLabel = 0;
}
fossil_print(" %.16s %s", db_column_text(&q,0), db_column_text(&q,1));
| | | 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 |
);
while( db_step(&q)==SQLITE_ROW ){
if( zLabel ){
fossil_print("%s\n", zLabel);
zLabel = 0;
}
fossil_print(" %.16s %s", db_column_text(&q,0), db_column_text(&q,1));
if( db_column_int(&q,2) ) fossil_print(" (private)");
fossil_print("\n");
cnt++;
}
db_finalize(&q);
if( zWhere!=0 ) db_multi_exec("DELETE FROM description;");
return cnt;
}
|
| ︙ | ︙ | |||
1170 1171 1172 1173 1174 1175 1176 | /* ** WEBPAGE: bloblist ** ** Return a page showing all artifacts in the repository. Query parameters: ** ** n=N Show N artifacts ** s=S Start with artifact number S | | | > > > > > > > > > > > > > < < < < < < | | | | 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 |
/*
** WEBPAGE: bloblist
**
** Return a page showing all artifacts in the repository. Query parameters:
**
** n=N Show N artifacts
** s=S Start with artifact number S
** priv Show only unpublished or private artifacts
** phan Show only phantom artifacts
** hclr Color code hash types (SHA1 vs SHA3)
*/
void bloblist_page(void){
Stmt q;
int s = atoi(PD("s","0"));
int n = atoi(PD("n","5000"));
int mx = db_int(0, "SELECT max(rid) FROM blob");
int privOnly = PB("priv");
int phantomOnly = PB("phan");
int hashClr = PB("hclr");
char *zRange;
char *zSha1Bg;
char *zSha3Bg;
login_check_credentials();
if( !g.perm.Read ){ login_needed(g.anon.Read); return; }
style_header("List Of Artifacts");
style_submenu_element("250 Largest", "bigbloblist");
if( g.perm.Admin ){
style_submenu_element("Artifact Log", "rcvfromlist");
if( !phantomOnly ){
style_submenu_element("Phantoms", "bloblist?phan");
}
}else{
privOnly = 0;
phantomOnly = 0;
}
if( g.perm.Private ){
if( !privOnly ){
style_submenu_element("Private", "bloblist?priv");
}
}else{
privOnly = 0;
}
if( g.perm.Write ){
style_submenu_element("Artifact Stats", "artifact_stats");
}
if( !privOnly && !phantomOnly && mx>n && P("s")==0 ){
int i;
@ <p>Select a range of artifacts to view:</p>
@ <ul>
for(i=1; i<=mx; i+=n){
@ <li> %z(href("%R/bloblist?s=%d&n=%d",i,n))
@ %d(i)..%d(i+n-1<mx?i+n-1:mx)</a>
}
@ </ul>
style_footer();
return;
}
if( phantomOnly || privOnly || mx>n ){
style_submenu_element("Index", "bloblist");
}
if( privOnly ){
zRange = mprintf("IN private");
}else if( phantomOnly ){
zRange = mprintf("IN (SELECT rid FROM blob WHERE size<0)");
}else{
zRange = mprintf("BETWEEN %d AND %d", s, s+n-1);
}
describe_artifacts(zRange);
|
| ︙ | ︙ | |||
1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 |
@ <table cellpadding="0" cellspacing="0">
while( db_step(&q)==SQLITE_ROW ){
int rid = db_column_int(&q,0);
const char *zUuid = db_column_text(&q, 1);
const char *zDesc = db_column_text(&q, 2);
int isPriv = db_column_int(&q,3);
int isPhantom = db_column_int(&q,4);
if( hashClr ){
const char *zClr = db_column_bytes(&q,1)>40 ? zSha3Bg : zSha1Bg;
@ <tr style='background-color:%s(zClr);'><td align="right">%d(rid)</td>
}else{
@ <tr><td align="right">%d(rid)</td>
}
@ <td> %z(href("%R/info/%!S",zUuid))%S(zUuid)</a> </td>
@ <td align="left">%h(zDesc)</td>
if( isPriv || isPhantom ){
if( isPriv==0 ){
@ <td> (phantom)</td>
}else if( isPhantom==0 ){
| > > > > > > > > | | | 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 |
@ <table cellpadding="0" cellspacing="0">
while( db_step(&q)==SQLITE_ROW ){
int rid = db_column_int(&q,0);
const char *zUuid = db_column_text(&q, 1);
const char *zDesc = db_column_text(&q, 2);
int isPriv = db_column_int(&q,3);
int isPhantom = db_column_int(&q,4);
if( isPhantom && !g.perm.Admin ){
/* Do not show phantom artifacts to non-admin users */
continue;
}
if( isPriv && !g.perm.Private ){
/* Don't show private artifacts to users without Private (x) permission */
continue;
}
if( hashClr ){
const char *zClr = db_column_bytes(&q,1)>40 ? zSha3Bg : zSha1Bg;
@ <tr style='background-color:%s(zClr);'><td align="right">%d(rid)</td>
}else{
@ <tr><td align="right">%d(rid)</td>
}
@ <td> %z(href("%R/info/%!S",zUuid))%S(zUuid)</a> </td>
@ <td align="left">%h(zDesc)</td>
if( isPriv || isPhantom ){
if( isPriv==0 ){
@ <td> (phantom)</td>
}else if( isPhantom==0 ){
@ <td> (private)</td>
}else{
@ <td> (private,phantom)</td>
}
}
@ </tr>
}
@ </table>
db_finalize(&q);
style_footer();
|
| ︙ | ︙ |