This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, 6.0 has been updated
via 7bc3fbe9eb8ae5f9748038eba39b9f7d99abab02 (commit)
via 35b144596a56ee636acc28138e082873d8af65ae (commit)
via 80471d190a56423ebe104677d430fd58396eabfc (commit)
via 0e189cb1818534b828d6760104e929999be53795 (commit)
from 021a67e0d25b7199e5cb1d1b5dc146b0a0a70807 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7bc3fbe9eb8ae5f9748038eba39b9f7d99abab02
Author: Franck Villaume <[email protected]>
Date: Sun Apr 12 19:26:33 2015 +0200
fix [#765] 20140819-frs-migrate-rbac.sql: violates constraint
pfo_role_setting_unique
diff --git a/src/CHANGES b/src/CHANGES
index f501c74..7976bae 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -14,6 +14,7 @@ Fusionforge-6.0 (unreleased):
* [#705] FRS: Provide new role settings (TrivialDev)
* [#713] FRS: Add delete packages, releases or files mass action (TrivialDev)
* [#737] FRS: Provide link to download any release as ZIP file (TrivialDev)
+* [#765] FRS: fix RBAC migration script (TrivialDev)
* [#656] General: drop tipsy plugin, use standard jQuery UI tooltip already
provided (TrivialDev)
* [#663] General: FusionForge Theme & jQuery UI theme sync (TrivialDev)
* [#664] General: Update the jQuery & jQuery UI frameworks (TrivialDev)
diff --git a/src/db/20140819-frs-migrate-rbac.sql
b/src/db/20140819-frs-migrate-rbac.sql
index 07d2dd9..3a70af8 100644
--- a/src/db/20140819-frs-migrate-rbac.sql
+++ b/src/db/20140819-frs-migrate-rbac.sql
@@ -6,28 +6,36 @@ DECLARE t RECORD;
DECLARE u RECORD;
BEGIN
- FOR r IN select pfo_role_setting.role_id as roleid,
pfo_role_setting.ref_id as refid, pfo_role_setting.perm_val as permval from
pfo_role_setting where pfo_role_setting.section_name = ''frs'' LOOP
+ create table temptable_frsrole (
+ roleid integer NOT NULL,
+ refid integer NOT NULL,
+ permval integer NOT NULL
+ );
+ insert into temptable_frsrole (roleid, refid, permval) select
pfo_role_setting.role_id, pfo_role_setting.ref_id, pfo_role_setting.perm_val
from pfo_role_setting where pfo_role_setting.section_name = ''frs'';
+ delete from pfo_role_setting where section_name = ''frs'';
+ FOR r IN select * from temptable_frsrole LOOP
CASE r.permval
WHEN 0 THEN
- update pfo_role_setting set perm_val = 0,
section_name = ''new_frs'' where section_name = ''frs'' and role_id = r.roleid
and ref_id = r.refid;
+ insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''new_frs'', r.refid, 0);
insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''frs_admin'', r.refid, 0);
FOR s IN select frs_package.package_id as
packid from frs_package where frs_package.group_id = r.refid LOOP
insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''frs'', s.packid, 0);
END LOOP;
WHEN 1, 2 THEN
- update pfo_role_setting set perm_val = 1,
section_name = ''new_frs'' where section_name = ''frs'' and role_id = r.roleid
and ref_id = r.refid;
+ insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''new_frs'', r.refid, 1);
insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''frs_admin'', r.refid, 1);
FOR t IN select frs_package.package_id as
packid from frs_package where frs_package.group_id = r.refid LOOP
insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''frs'', t.packid, 1);
END LOOP;
WHEN 3 THEN
- update pfo_role_setting set perm_val = 2,
section_name = ''new_frs'' where section_name = ''frs'' and role_id = r.roleid
and ref_id = r.refid;
+ insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''new_frs'', r.refid, 2);
insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''frs_admin'', r.refid, 2);
FOR u IN select frs_package.package_id as
packid from frs_package where frs_package.group_id = r.refid LOOP
insert into pfo_role_setting (role_id,
section_name, ref_id, perm_val) values (r.roleid, ''frs'', u.packid, 4);
END LOOP;
END CASE;
END LOOP;
+ drop table temptable_frsrole;
return 1;
END;
' LANGUAGE plpgsql;
commit 35b144596a56ee636acc28138e082873d8af65ae
Author: Sylvain Beucler <[email protected]>
Date: Mon Apr 13 15:06:25 2015 +0200
itk: migration script for filesystem permissions
diff --git a/src/db/20150404-scmperms.php b/src/db/20150404-scmperms.php
new file mode 100644
index 0000000..7dfbd52
--- /dev/null
+++ b/src/db/20150404-scmperms.php
@@ -0,0 +1,82 @@
+<?php
+/**
+ * Apply permissions to unify ssh and web access
+ * Copyright (C) 2015 Inria (Sylvain Beucler)
+ * http://fusionforge.org/
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once dirname(__FILE__).'/../common/include/env.inc.php';
+require_once $gfcommon.'include/pre.php';
+require_once $gfcommon.'include/system/pgsql.class.php';
+
+$verbose = (count($argv) > 1 and $argv[1] == '--verbose');
+
+// Get the name of each group + the gid
+// (avoids querying nss for all groups, which sometimes fails due to
+// transient sql/network error or deleted projects)
+$res = db_query_params("SELECT name, group_id, gid, perm_val AS anon FROM
nss_groups
+ LEFT JOIN pfo_role_setting ON (nss_groups.group_id = pfo_role_setting.ref_id
+ AND pfo_role_setting.role_id=$1 AND
pfo_role_setting.section_name=$2)
+ WHERE gid < $3
+ ORDER BY name", array(1, 'scm', 20000));
+
+// Store everything in RAM to avoid a 3h-long SQL connection
+while ($row = db_fetch_array($res))
+ $groups[] = $row;
+
+$svnroot = forge_get_config('repos_path', 'scmsvn');
+$gitroot = forge_get_config('repos_path', 'scmgit');
+foreach ($groups as $group) {
+ $gname = $group['name'];
+ $gid_ro = $group['group_id'] + $SYS->GID_ADD_SCMRO;
+ $gid_rw = $group['group_id'] + $SYS->GID_ADD_SCMRW;
+ if ($verbose) print "$gname\n";
+
+ $repo = "$svnroot/$gname";
+ if (is_dir($repo)) {
+ chmod($repo, $group['anon'] ? 02775 : 02770);
+ system("chown -Rh root:{$gid_rw} $repo");
+ system("chown -h root:{$gid_ro} $repo");
+ system("find $repo -type d -print0 | xargs -r -0 chmod 2775");
+ system("chmod -R g+rwX,o+rX-w $repo/*");
+ }
+ $repo = '/nonexistent'; // for safety
+
+ $projroot = "$gitroot/$gname";
+ if (is_dir("$projroot")) {
+ chmod($projroot, $group['anon'] ? 02755 : 02750);
+
+ if (is_dir("$projroot/users")) {
+ chmod("$projroot/users", 00755);
+ foreach (glob("$projroot/users/*") as $userrepo) {
+ if (is_dir($userrepo)) {
+ $matches =
preg_match(":/users/([^/]+)/:", $userrepo);
+ $user = $matches[1];
+ system("chown -hR $user:root
$userrepo");
+ system("chmod -R g+rX-sw,o+rX-w
$userrepo");
+ }
+ }
+ }
+
+ system("chown -h root:{$gid_ro} $projroot");
+ system("chown -Rh root:{$gid_rw} $projroot/*.git");
+ system("find $projroot/*.git -type d -print0 | xargs -r -0 chmod
2775");
+ system("chmod -R g+rwX,o+rX-w $projroot/*.git");
+ }
+}
commit 80471d190a56423ebe104677d430fd58396eabfc
Author: Sylvain Beucler <[email protected]>
Date: Mon Apr 13 15:05:50 2015 +0200
scmsvn: repo creation optimization
diff --git a/src/plugins/scmsvn/common/SVNPlugin.class.php
b/src/plugins/scmsvn/common/SVNPlugin.class.php
index 9dd5cfe..dbb962c 100644
--- a/src/plugins/scmsvn/common/SVNPlugin.class.php
+++ b/src/plugins/scmsvn/common/SVNPlugin.class.php
@@ -294,7 +294,7 @@ some control over it to the project's administrator.");
}
system ("sed -i '/enable-rep-sharing = false/s/^. //'
$repo/db/fsfs.conf") ;
system ("svn mkdir -m'Init' file:///$repo/trunk
file:///$repo/tags file:///$repo/branches >/dev/null") ;
- system ("find $repo -type d | xargs -I{} chmod g+s {}")
;
+ system ("find $repo -type d -print0 | xargs -r -0 chmod
g+s") ;
// Allow read/write users to modify the SVN repository
$rw_unix_group = $project->getUnixName() . '_scmrw';
system("chgrp -R $rw_unix_group $repo");
commit 0e189cb1818534b828d6760104e929999be53795
Author: Sylvain Beucler <[email protected]>
Date: Mon Apr 13 15:05:32 2015 +0200
shell: fix nss_usergroups regeneration
diff --git a/src/common/include/system/pgsql.class.php
b/src/common/include/system/pgsql.class.php
index 5315c52..245eedb 100644
--- a/src/common/include/system/pgsql.class.php
+++ b/src/common/include/system/pgsql.class.php
@@ -540,7 +540,7 @@ WHERE users.unix_status='A'
GROUP BY users.user_id, nss_groups.gid;
";
- $res = db_query_params($sql, array($GID_ADD_SCMRW,
$GID_ADD_SCMRO));
+ $res = db_query_params($sql, array($this->GID_ADD_SCMRW,
$this->GID_ADD_SCMRO));
if (!$res) {
$this->setError('Error: cannot regen nss_usergroups:
'.db_error());
return false;
diff --git a/src/db/20150403-scmro.php b/src/db/20150403-scmro.php
index 8ad350b..90db5ef 100644
--- a/src/db/20150403-scmro.php
+++ b/src/db/20150403-scmro.php
@@ -24,6 +24,7 @@
require_once dirname(__FILE__).'/../common/include/env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'include/system/pgsql.class.php';
+require_once $gfcommon.'include/cron_utils.php';
if ($SYS->sysRegenUserGroups()) {
echo "SUCCESS\n";
@@ -31,3 +32,4 @@ if ($SYS->sysRegenUserGroups()) {
echo "ERROR\n";
exit(1);
}
+cron_reload_nscd();
-----------------------------------------------------------------------
Summary of changes:
src/CHANGES | 1 +
src/common/include/system/pgsql.class.php | 2 +-
src/db/20140819-frs-migrate-rbac.sql | 16 +++--
src/db/20150403-scmro.php | 2 +
src/db/20150404-scmperms.php | 82 +++++++++++++++++++++++++
src/plugins/scmsvn/common/SVNPlugin.class.php | 2 +-
6 files changed, 99 insertions(+), 6 deletions(-)
create mode 100644 src/db/20150404-scmperms.php
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
