ChangeSet ID: 22444 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2006/01/22 20:10:32
Modified files: . : appsubmit.php distributionView.php testResults.php admin : adminAppQueue.php adminTestResults.php include : testResults.php user.php
Log message: Chris Morgan cmorgan@alum.wpi.edu Pass a version object into user::hasAppVersionModifyPermission() instead of the integer that is the index of the version in the database.
Patch: http://cvs.winehq.org/patch.py?id=22444
Old revision New revision Changes Path 1.37 1.38 +1 -1 appdb/appsubmit.php 1.6 1.7 +1 -1 appdb/distributionView.php 1.2 1.3 +2 -1 appdb/testResults.php 1.49 1.50 +2 -3 appdb/admin/adminAppQueue.php 1.2 1.3 +2 -1 appdb/admin/adminTestResults.php 1.7 1.8 +14 -6 appdb/include/testResults.php 1.63 1.64 +3 -3 appdb/include/user.php
Index: appdb/appsubmit.php diff -u -p appdb/appsubmit.php:1.37 appdb/appsubmit.php:1.38 --- appdb/appsubmit.php:1.37 23 Jan 2006 2:10:32 -0000 +++ appdb/appsubmit.php 23 Jan 2006 2:10:32 -0000 @@ -95,7 +95,7 @@ if ($_REQUEST['sub']) $oVersion = new Version($_REQUEST['versionId']);
// make sure the user has permission to view this version - if(!$_SESSION['current']->hasAppVersionModifyPermission($oVersion->versionId) && + if(!$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && (($oVersion->queued=="false")?true:false) && !$_SESSION['current']->isVersionSubmitter($oVersion->versionId)) { Index: appdb/distributionView.php diff -u -p appdb/distributionView.php:1.6 appdb/distributionView.php:1.7 --- appdb/distributionView.php:1.6 23 Jan 2006 2:10:32 -0000 +++ appdb/distributionView.php 23 Jan 2006 2:10:32 -0000 @@ -140,7 +140,7 @@ else echo '<td>'.$oTest->sInstalls.' </td>',"\n"; echo '<td>'.$oTest->sRuns.' </td>',"\n"; echo '<td>'.$oTest->sTestedRating.' </td>',"\n"; - if ($_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId)) + if ($_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { echo '<td><a href="'.BASE.'admin/adminTestResults.php?sub=view&iTestingId='.$oTest->iTestingId.'">',"\n"; echo 'Edit</a></td>',"\n"; Index: appdb/testResults.php diff -u -p appdb/testResults.php:1.2 appdb/testResults.php:1.3 --- appdb/testResults.php:1.2 23 Jan 2006 2:10:32 -0000 +++ appdb/testResults.php 23 Jan 2006 2:10:32 -0000 @@ -69,8 +69,9 @@ if ($_REQUEST['sub']) if(is_numeric($_REQUEST['iTestingId'])) { // make sure the user has permission to view this testing result + $oVersion = new Version($oTest->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId)&& + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)&& !(($_SESSION['current']->iUserId == $oTest->iSubmitterId) && !($oTest->sQueued == 'false'))) { errorpage("Insufficient privileges."); Index: appdb/admin/adminAppQueue.php diff -u -p appdb/admin/adminAppQueue.php:1.49 appdb/admin/adminAppQueue.php:1.50 --- appdb/admin/adminAppQueue.php:1.49 23 Jan 2006 2:10:32 -0000 +++ appdb/admin/adminAppQueue.php 23 Jan 2006 2:10:32 -0000 @@ -104,13 +104,12 @@ if ($_REQUEST['sub']) else if($_REQUEST['apptype'] == 'version') { /* make sure the user has permission to view this version */ - if(!$_SESSION['current']->hasAppVersionModifyPermission($_REQUEST['versionId'])) + $oVersion = new Version($_REQUEST['versionId']); + if(!$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { errorpage("Insufficient privileges."); exit; } - - $oVersion = new Version($_REQUEST['versionId']); } else { //error no Id! Index: appdb/admin/adminTestResults.php diff -u -p appdb/admin/adminTestResults.php:1.2 appdb/admin/adminTestResults.php:1.3 --- appdb/admin/adminTestResults.php:1.2 23 Jan 2006 2:10:32 -0000 +++ appdb/admin/adminTestResults.php 23 Jan 2006 2:10:32 -0000 @@ -16,7 +16,8 @@ require_once(BASE."include/distributions if ($_REQUEST['sub']) { $oTest = new testData($_REQUEST['iTestingId']); - if (!($_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId))) + $oVersion = new Version($oTest->iVersionId); + if(!($_SESSION['current']->hasAppVersionModifyPermission($oVersion))) { errorpage("Insufficient privileges."); exit; Index: appdb/include/testResults.php diff -u -p appdb/include/testResults.php:1.7 appdb/include/testResults.php:1.8 --- appdb/include/testResults.php:1.7 23 Jan 2006 2:10:32 -0000 +++ appdb/include/testResults.php 23 Jan 2006 2:10:32 -0000 @@ -62,8 +62,9 @@ class testData{ function create() { // Security, if we are not an administrator or an maintainer the test result must be queued. + $oVersion = new Version($oTest->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($oTest->iVersionId)) + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) $this->sQueued = 'true'; else $this->sQueued = 'false'; @@ -99,8 +100,9 @@ class testData{ function update($bSilent=false) { // is the current user allowed to update this testing result? + $oVersion = new Version($this->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId) && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && !(($_SESSION['current']->iUserId == $this->iSubmitterId) && !($this->sQueued == 'false'))) { return; @@ -132,8 +134,9 @@ class testData{ function delete($bSilent=false) { // is the current user allowed to delete this testing result? + $oVersion = new Version($this->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId) && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && !(($_SESSION['current']->iUserId == $this->iSubmitterId) && !($this->sQueued == 'false'))) { return; @@ -158,7 +161,9 @@ class testData{ function unQueue() { // is the current user allowed to delete this testing data? - if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId)) + $oVersion = new Version($this->iVersionId); + if(!$_SESSION['current']->hasPriv("admin") && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { return; } @@ -180,7 +185,9 @@ class testData{ function Reject() { // is the current user allowed to delete this testing data? - if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId)) + $oVersion = new Version($this->iVersionId); + if(!$_SESSION['current']->hasPriv("admin") && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion)) { return; } @@ -202,8 +209,9 @@ class testData{ function ReQueue() { // is the current user allowed to requeue this data + $oVersion = new Version($this->iVersionId); if(!$_SESSION['current']->hasPriv("admin") && - !$_SESSION['current']->hasAppVersionModifyPermission($this->iVersionId) && + !$_SESSION['current']->hasAppVersionModifyPermission($oVersion) && !$_SESSION['current']->iUserId == $this->iSubmitterId) { return; Index: appdb/include/user.php diff -u -p appdb/include/user.php:1.63 appdb/include/user.php:1.64 --- appdb/include/user.php:1.63 23 Jan 2006 2:10:32 -0000 +++ appdb/include/user.php 23 Jan 2006 2:10:32 -0000 @@ -931,7 +931,7 @@ class User { if($this->hasPriv("admin")) return true;
- if($this->hasAppVersionModifyPermission($oVersion->iVersionId)) + if($this->hasAppVersionModifyPermission($oVersion)) return true;
return false; @@ -945,7 +945,7 @@ class User { if($this->hasPriv("admin")) return true;
- if($this->hasAppVersionModifyPermission($oVersion->iVersionId)) + if($this->hasAppVersionModifyPermission($oVersion)) return true;
return false; @@ -959,7 +959,7 @@ class User { if($this->hasPriv("admin")) return true;
- if($this->hasAppVersionModifyPermission($oVersion->iVersionId)) + if($this->hasAppVersionModifyPermission($oVersion)) return true;
if(($this->iUserId == $oVersion->iSubmitterId) &&