This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, 6.0 has been updated
via ed8fa7c4995e35afc7bdb51a27fda1a12b0e0f10 (commit)
via 0d01312c1029d7fec9a9ca49afc5108f6dd8e0b8 (commit)
via b32715e145b8679e7a9a1a5ba4e8ee6acb0b2b01 (commit)
via 9f0e4524f3b25e66519cb273e46e3f2e752d31f7 (commit)
from 2a9a66a9e344e057d9e2e899d0b9420196a5e7ae (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ed8fa7c4995e35afc7bdb51a27fda1a12b0e0f10
Author: Sylvain Beucler <[email protected]>
Date: Thu Apr 2 18:00:15 2015 +0200
scm: introduce new xxx_scmro group; rename scm_xxx to xxx_scmrw
diff --git a/src/common/include/system/pgsql.class.php
b/src/common/include/system/pgsql.class.php
index d517992..6cc8c91 100644
--- a/src/common/include/system/pgsql.class.php
+++ b/src/common/include/system/pgsql.class.php
@@ -29,25 +29,32 @@ class pgsql extends System {
*/
/**
- * Value to add to unix_uid to get unix uid
- *
- * @var constant $UID_ADD
- */
+ * Value to add to unix_uid to get unix uid
+ *
+ * @var constant $UID_ADD
+ */
var $UID_ADD = 20000;
/**
- * Value to add to group_id to get unix gid
- *
- * @var constant $GID_ADD
- */
+ * Value to add to group_id to get unix gid
+ *
+ * @var constant $GID_ADD
+ */
var $GID_ADD = 10000;
/**
- * Value to add to unix gid to get unix gid of 'scm_xxx' group
- *
- * @var constant $SCM_UID_ADD
- */
- var $SCM_UID_ADD = 50000;
+ * Value to add to unix gid to get unix gid of 'xxx_scmro' group
+ *
+ * @var constant $GID_ADD_SCMRO
+ */
+ var $GID_ADD_SCMRO = 100000;
+
+ /**
+ * Value to add to unix gid to get unix gid of 'xxx_scmrw' group
+ *
+ * @var constant $GID_ADD_SCMRW
+ */
+ var $GID_ADD_SCMRW = 50000;
/**
* pgsql() - CONSTRUCTOR
@@ -269,6 +276,7 @@ class pgsql extends System {
$this->setError('Error: Cannot Delete Group GID:
'.db_error());
return false;
}
+
$res4 = db_query_params ('INSERT INTO nss_groups
(group_id, name, gid)
SELECT group_id,
unix_group_name, group_id + $1
@@ -280,17 +288,30 @@ class pgsql extends System {
$this->setError('Error: Cannot Insert Group GID:
'.db_error());
return false;
}
+
$res5 = db_query_params ('INSERT INTO nss_groups
(group_id, name, gid)
- SELECT group_id, $1 ||
unix_group_name, group_id + $2
+ SELECT group_id,
unix_group_name||$1, group_id + $2
FROM groups
WHERE group_id=$3',
- array ('scm_',
- $this->SCM_UID_ADD,
+ array ('_scmro',
+ $this->GID_ADD_SCMRO,
$group_id)) ;
-
if (!$res5) {
- $this->setError('Error: Cannot Insert SCM Group GID:
'.db_error());
+ $this->setError('Error: Cannot Insert SCMRO Group GID:
'.db_error());
+ return false;
+ }
+
+ $res6 = db_query_params ('INSERT INTO nss_groups
+ (group_id, name, gid)
+ SELECT group_id,
unix_group_name||$1, group_id + $2
+ FROM groups
+ WHERE group_id=$3',
+ array ('_scmrw',
+ $this->GID_ADD_SCMRW,
+ $group_id)) ;
+ if (!$res6) {
+ $this->setError('Error: Cannot Insert SCMRW Group GID:
'.db_error());
return false;
}
@@ -352,6 +373,33 @@ class pgsql extends System {
$u = user_get_object($user_id) ;
$p = group_get_object($group_id) ;
+
+ if (forge_check_perm_for_user($u,'scm',$group_id,'read')) {
+ $res = db_query_params ('INSERT INTO nss_usergroups (
+SELECT users.unix_uid AS uid,
+ groups.group_id + $1 AS gid,
+ users.user_id AS user_id,
+ groups.group_id AS group_id,
+ users.user_name AS user_name,
+ groups.unix_group_name||$2 AS unix_group_name
+FROM users,groups
+WHERE users.user_id=$3
+ AND users.status=$4
+ AND users.unix_status=$5
+ AND groups.status=$6
+ AND groups.group_id=$7)',
+ array($this->GIT_ADD_SCMRO,
+ '_scmro',
+ $user_id,
+ 'A', 'A', 'A',
+ $group_id));
+ if (!$res) {
+ db_rollback();
+ $this->setError('Error: Cannot Update Group
Member(s): '.db_error());
+ return false;
+ }
+ }
+
if (forge_check_perm_for_user($u,'scm',$group_id,'write')) {
$res = db_query_params ('INSERT INTO nss_usergroups (
SELECT users.unix_uid AS uid,
@@ -359,15 +407,15 @@ SELECT users.unix_uid AS uid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
- $2 || groups.unix_group_name AS unix_group_name
+ groups.unix_group_name||$2 AS unix_group_name
FROM users,groups
WHERE users.user_id=$3
AND users.status=$4
AND users.unix_status=$5
AND groups.status=$6
AND groups.group_id=$7)',
- array($this->SCM_UID_ADD,
- 'scm_',
+ array($this->GIT_ADD_SCMRW,
+ '_scmrw',
$user_id,
'A', 'A', 'A',
$group_id));
@@ -425,6 +473,82 @@ WHERE users.user_id=$2
}
return true;
}
+
+ function sysRegenUserGroups() {
+ db_begin();
+ $res = db_query_params('TRUNCATE nss_usergroups', array());
+ if (!$res) {
+ $this->setError('Error: cannot truncate nss_usergroups:
'.db_error());
+ return false;
+ }
+
+ $sql = "
+INSERT INTO nss_usergroups
+
+-- Member access
+SELECT users.unix_uid, nss_groups.gid, users.user_id, nss_groups.group_id,
user_name, nss_groups.name::text
+FROM users
+ JOIN pfo_user_role USING (user_id)
+ JOIN pfo_role ON (pfo_user_role.role_id=pfo_role.role_id)
+ LEFT JOIN role_project_refs ON
(pfo_user_role.role_id=role_project_refs.role_id)
+ JOIN nss_groups ON (pfo_role.home_group_id=nss_groups.group_id)
+WHERE users.unix_status='A'AND nss_groups.gid < $1
+
+UNION
+
+-- Read access
+SELECT users.unix_uid, nss_groups.gid, users.user_id, nss_groups.group_id,
user_name, nss_groups.name::text
+FROM users
+ JOIN pfo_user_role USING (user_id)
+ JOIN pfo_role ON (pfo_user_role.role_id=pfo_role.role_id)
+ LEFT JOIN role_project_refs ON
(pfo_user_role.role_id=role_project_refs.role_id)
+ JOIN nss_groups ON (pfo_role.home_group_id=nss_groups.group_id OR
role_project_refs.group_id=nss_groups.group_id)
+ JOIN pfo_role_setting ON (pfo_user_role.role_id=pfo_role_setting.role_id AND
(pfo_role_setting.ref_id=nss_groups.group_id) AND
((section_name='project_admin' AND perm_val=1) OR (section_name='scm' AND
perm_val=1)))
+WHERE users.unix_status='A' AND nss_groups.gid > $2
+
+UNION
+
+-- Write access
+SELECT users.unix_uid, nss_groups.gid, users.user_id, nss_groups.group_id,
user_name, nss_groups.name::text
+FROM users
+ JOIN pfo_user_role USING (user_id)
+ JOIN pfo_role ON (pfo_user_role.role_id=pfo_role.role_id)
+ LEFT JOIN role_project_refs ON
(pfo_user_role.role_id=role_project_refs.role_id)
+ JOIN nss_groups ON (pfo_role.home_group_id=nss_groups.group_id OR
role_project_refs.group_id=nss_groups.group_id)
+ JOIN pfo_role_setting ON (pfo_user_role.role_id=pfo_role_setting.role_id AND
(pfo_role_setting.ref_id=nss_groups.group_id) AND
((section_name='project_admin' AND perm_val=1) OR (section_name='scm' AND
perm_val=2)))
+WHERE users.unix_status='A' AND nss_groups.gid > $1 AND nss_groups.gid < $2
+
+UNION
+
+-- Forge admins
+SELECT users.unix_uid, nss_groups.gid, users.user_id, nss_groups.group_id,
user_name, nss_groups.name::text
+FROM users
+ JOIN pfo_user_role USING (user_id)
+ JOIN pfo_role_setting ON (pfo_user_role.role_id=pfo_role_setting.role_id AND
section_name='forge_admin' AND perm_val=1), nss_groups
+WHERE users.unix_status='A'
+
+-- Not supported, this is not sane
+-- UNION
+--
+-- -- 'Open' privileges for Anonymous and LoggedIn users
+-- SELECT users.unix_uid, nss_groups.gid, users.user_id, nss_groups.group_id,
user_name, nss_groups.name::text||'_scmro'
+-- FROM users
+-- JOIN role_project_refs ON (role_project_refs.role_id IN (1,2))
+-- JOIN nss_groups ON (role_project_refs.group_id=nss_groups.group_id)
+-- JOIN pfo_role_setting ON
(role_project_refs.role_id=pfo_role_setting.role_id AND
(pfo_role_setting.ref_id=nss_groups.group_id) AND
((section_name='project_admin' AND perm_val=1) OR (section_name='scm' AND
perm_val=2)))
+-- WHERE users.unix_status='A' AND nss_groups.gid < $1
+
+GROUP BY users.user_id, nss_groups.gid;
+";
+ $res = db_query_params($sql, array($GID_ADD_SCMRW,
$GID_ADD_SCMRO));
+ if (!$res) {
+ $this->setError('Error: cannot regen nss_usergroups:
'.db_error());
+ return false;
+ }
+ db_commit();
+
+ return true;
+ }
}
// Local Variables:
diff --git a/src/db/20150316-nss.sql b/src/db/20150316-nss.sql
index a28475b..61e91d1 100644
--- a/src/db/20150316-nss.sql
+++ b/src/db/20150316-nss.sql
@@ -19,5 +19,4 @@ DELETE FROM nss_groups WHERE group_id=0;
ALTER TABLE nss_groups DROP "user_id";
ALTER TABLE nss_groups ADD CONSTRAINT "gid_pk" PRIMARY KEY (gid);
--- TODO: GRANT SELECT ON nss_groups TO ${database_user}_nss;
--- or just re-run post-install.d/db/populate.sh
+-- Next: 20150317-nss.sql:: GRANT SELECT ON nss_groups TO ${database_user}_nss;
diff --git a/src/db/20150317-nss.php b/src/db/20150317-nss.php
new file mode 100644
index 0000000..eeb15b3
--- /dev/null
+++ b/src/db/20150317-nss.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Grant privileges on newly recreated nss_groups, using configurable database
user
+ * Copyright (C) 2015 Inria (Sylvain Beucler)
+ * http://fusionforge.org/
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once dirname(__FILE__).'/../common/include/env.inc.php';
+require_once $gfcommon.'include/pre.php';
+
+$res = db_query_params('GRANT SELECT ON nss_groups TO '
+ .forge_get_config('database_user').'_nss', array());
+if (!$res) {
+ $this->setError('Error: cannot truncate nss_usergroups: '.db_error());
+ echo "ERROR\n";
+ exit(1);
+}
+echo "SUCCESS\n";
diff --git a/src/db/20150402-scmro.sql b/src/db/20150402-scmro.sql
new file mode 100644
index 0000000..df01491
--- /dev/null
+++ b/src/db/20150402-scmro.sql
@@ -0,0 +1,13 @@
+-- unix accounts: add a group for SCM read-only access
+-- + rename scm_xxx to xxx_scmrw
+
+UPDATE nss_groups
+ SET name=substr(nss_groups.name, 5)||'_scmrw'
+ WHERE gid > 50000;
+
+INSERT INTO nss_groups
+ SELECT group_id,name||'_scmro',group_id+100000
+ FROM nss_groups
+ WHERE gid < 50000;
+
+-- Next: 20150403-scmro.php: regen nss_usergroups
diff --git a/src/db/20150403-scmro.php b/src/db/20150403-scmro.php
new file mode 100644
index 0000000..8ad350b
--- /dev/null
+++ b/src/db/20150403-scmro.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Add users to new 'xxx_scmro' groups
+ * Copyright (C) 2015 Inria (Sylvain Beucler)
+ * http://fusionforge.org/
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once dirname(__FILE__).'/../common/include/env.inc.php';
+require_once $gfcommon.'include/pre.php';
+require_once $gfcommon.'include/system/pgsql.class.php';
+
+if ($SYS->sysRegenUserGroups()) {
+ echo "SUCCESS\n";
+} else {
+ echo "ERROR\n";
+ exit(1);
+}
diff --git a/src/plugins/scmgit/common/GitPlugin.class.php
b/src/plugins/scmgit/common/GitPlugin.class.php
index ba7beb8..9a375be 100644
--- a/src/plugins/scmgit/common/GitPlugin.class.php
+++ b/src/plugins/scmgit/common/GitPlugin.class.php
@@ -436,8 +436,8 @@ control over it to the project's administrator.");
}
$project_name = $project->getUnixName();
- $unix_group_ro = $project_name;
- $unix_group_rw = 'scm_' . $project_name;
+ $unix_group_ro = $project_name . '_scmro';
+ $unix_group_rw = $project_name . '_scmrw';
$root = forge_get_config('repos_path', 'scmgit') . '/' .
$project_name;
if (!is_dir($root)) {
diff --git a/src/plugins/scmsvn/common/SVNPlugin.class.php
b/src/plugins/scmsvn/common/SVNPlugin.class.php
index 33f00c4..46d7867 100644
--- a/src/plugins/scmsvn/common/SVNPlugin.class.php
+++ b/src/plugins/scmsvn/common/SVNPlugin.class.php
@@ -300,10 +300,10 @@ some control over it to the project's administrator.");
system ("svn mkdir -m'Init' file:///$repo/trunk
file:///$repo/tags file:///$repo/branches >/dev/null") ;
system ("find $repo -type d | xargs -I{} chmod g+s {}")
;
// Allow read/write users to modify the SVN repository
- $rw_unix_group = 'scm_' . $project->getUnixName() ;
+ $rw_unix_group = $project->getUnixName() . '_scmrw';
system("chgrp -R $rw_unix_group $repo");
- // Allow read-only users to enter the directory
- $ro_unix_group = $project->getUnixName();
+ // Allow read-only users to enter the (top-level)
directory
+ $ro_unix_group = $project->getUnixName() . '_scmro';
system("chgrp $ro_unix_group $repo");
// open permissions to allow switching private/public
easily
// see after to restrict the top-level directory
commit 0d01312c1029d7fec9a9ca49afc5108f6dd8e0b8
Author: Sylvain Beucler <[email protected]>
Date: Thu Apr 2 17:55:45 2015 +0200
testsuite: another work-around for systemd
diff --git a/tests/func/db_reload.sh b/tests/func/db_reload.sh
index e0376d6..8718050 100755
--- a/tests/func/db_reload.sh
+++ b/tests/func/db_reload.sh
@@ -43,6 +43,11 @@ stop_database () {
else
echo "FAIL: database still up?"
fi
+
+ # Work-around http://bugs.debian.org/759725
+ if [ -x /bin/systemctl ]; then
+ sleep 1 # bleh
+ fi
}
start_database () {
@@ -136,10 +141,6 @@ if [ "$backup" = 1 ]; then
rm -fr $pgdir.backup
fi
cp -a --reflink=auto $pgdir $pgdir.backup
- # Work-around http://bugs.debian.org/759725
- if [ -x /bin/systemctl ]; then
- sleep 1 # bleh
- fi
start_database
exit 0
fi
commit b32715e145b8679e7a9a1a5ba4e8ee6acb0b2b01
Author: Sylvain Beucler <[email protected]>
Date: Thu Apr 2 17:51:30 2015 +0200
db: get more output on upgrade error
diff --git a/src/post-install.d/db/upgrade.php
b/src/post-install.d/db/upgrade.php
index 75fcb63..cd696c5 100755
--- a/src/post-install.d/db/upgrade.php
+++ b/src/post-install.d/db/upgrade.php
@@ -163,7 +163,7 @@ function run_script($script) {
if ($ext == 'php') {
// run the php script
$result = array();
- $exec = 'php -f '.$db_path.$filename;
+ $exec = 'php -f '.$db_path.$filename.' 2>&1';
exec($exec, $result);
if (count($result)) { // the script produced an output
commit 9f0e4524f3b25e66519cb273e46e3f2e752d31f7
Author: Sylvain Beucler <[email protected]>
Date: Thu Apr 2 17:50:12 2015 +0200
web: enable mod_macro early
diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh
index 1e6f573..b70d1cf 100755
--- a/src/post-install.d/web/web.sh
+++ b/src/post-install.d/web/web.sh
@@ -104,6 +104,7 @@ case "$1" in
# Enable required modules
if [ -x /usr/sbin/a2enmod ]; then
a2enmod version 2>/dev/null || true # opensuse..
+ a2enmod macro
a2enmod php5
a2enmod ssl
a2enmod env
@@ -115,7 +116,6 @@ case "$1" in
a2enmod cgi # ViewVC bootstrap, gitweb, mailman
#a2enmod proxy
#a2enmod proxy_http
- a2enmod macro
a2enmod authz_groupfile
a2enmod dav
fi
-----------------------------------------------------------------------
Summary of changes:
src/common/include/system/pgsql.class.php | 166 +++++++++++++++++---
src/db/20150316-nss.sql | 3 +-
.../extsubproj-init.php => db/20150317-nss.php} | 24 +--
src/db/20150402-scmro.sql | 13 ++
.../extsubproj-init.php => db/20150403-scmro.php} | 23 +--
src/plugins/scmgit/common/GitPlugin.class.php | 4 +-
src/plugins/scmsvn/common/SVNPlugin.class.php | 6 +-
src/post-install.d/db/upgrade.php | 2 +-
src/post-install.d/web/web.sh | 2 +-
tests/func/db_reload.sh | 9 +-
10 files changed, 196 insertions(+), 56 deletions(-)
copy src/{plugins/extsubproj/common/extsubproj-init.php =>
db/20150317-nss.php} (60%)
create mode 100644 src/db/20150402-scmro.sql
copy src/{plugins/extsubproj/common/extsubproj-init.php =>
db/20150403-scmro.php} (67%)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
