Changeset 1324 in ExiteCMS for modules/ExiteCMS/tracsvn/php-files/modules/tracsvn/admin.php

Timestamp:

02/28/08 15:19:38 (4 years ago)

Author:

hverton

Message:

Added security to the SVN module\ncompleted the Trac-to-CMS user mapping

File:

• modules/ExiteCMS/tracsvn/php-files/modules/tracsvn/admin.php (modified) (6 diffs)

modules/ExiteCMS/tracsvn/php-files/modules/tracsvn/admin.php

@@ -25 +25 @@
 
 if (isset($_POST['savesettings'])) {
+
     // extract and validate the input
     $database = stripinput($_POST['database']);
@@ -31 +32 @@
     $auth = stripinput($_POST['auth']);
     $extensions = stripinput($_POST['extensions']);
+    $view_svn = isNum($_POST['view_svn']) ? $_POST['view_svn'] : 102;
+    $view_diff = isNum($_POST['view_diff']) ? $_POST['view_diff'] : 102;
+    $view_file = isNum($_POST['view_file']) ? $_POST['view_file'] : 102;
+    
     $variables['message'] = "";
-    
+
     // check if the database exists and is a Trac database
     if (empty($database) || !dbtable_exists("revision", $database)) {
@@ -65 +70 @@
         }
     }
+
     // if no errors are found, update
     if ($variables['message'] == "") {
@@ -72 +78 @@
         $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".$auth."' WHERE cfg_name = 'tracsvn_svnauth'");
         $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".$extensions."' WHERE cfg_name = 'tracsvn_extensions'");
+        $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".$view_svn."' WHERE cfg_name = 'tracsvn_view_svn'");
+        $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".$view_diff."' WHERE cfg_name = 'tracsvn_view_diff'");
+        $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".$view_file."' WHERE cfg_name = 'tracsvn_view_file'");
         redirect(FUSION_SELF.$aidlink);
     }
+
+} elseif (isset($_POST['savealias'])) {
+
+    // process the selection
+    foreach($_POST['username'] as $idx => $user_id) {
+        if ($user_id) {
+            if ($_POST['orgmap'][$idx]) {
+                // update of a previous mapping
+                $result = dbquery("UPDATE ".$db_prefix."tracsvn_alias SET tracsvn_userid = '".$user_id."' WHERE tracsvn_username = '".stripinput($_POST['tracuser'][$idx])."'");
+            } else {
+                // new mapping
+                $result = dbquery("INSERT INTO ".$db_prefix."tracsvn_alias (tracsvn_userid, tracsvn_username) VALUES ('".$user_id."', '".stripinput($_POST['tracuser'][$idx])."')");
+            }
+        } else {
+            // no mapping for this trac user
+            $result = dbquery("DELETE FROM ".$db_prefix."tracsvn_alias WHERE tracsvn_username = '".stripinput($_POST['tracuser'][$idx])."'");
+        }
+    }
+    redirect(FUSION_SELF.$aidlink);
+
 } else {
+
+    // populate the fields for the settings panel
     $database = $settings['tracsvn_database'];
     $url = $settings['tracsvn_url'];
@@ -80 +111 @@
     $auth = $settings['tracsvn_svnauth'];
     $extensions = $settings['tracsvn_extensions'];
+    $view_svn = $settings['tracsvn_view_svn'];
+    $view_diff = $settings['tracsvn_view_diff'];
+    $view_file = $settings['tracsvn_view_file'];
+
+    // get the list of user groups
+    $groups = getusergroups();
+    $variables['usergroups'] = array();
+    foreach ($groups as $group) {
+        $variables['usergroups'][] = $group;
+    }
+
+    // get the information for the alias panel
+    $tracusers = array();
+
+    // if we have a valid Trac database configured...
+    if (!empty($database) && dbtable_exists("revision", $database)) {
+        // get the trac user accounts from the ticket table
+        $result = dbquery("SELECT DISTINCT owner, reporter FROM ".$settings['tracsvn_database'].".ticket");
+        while ($data = dbarray($result)) {
+            // add it to the users array, if not already present
+            if (!in_array($data['owner'], $tracusers)) {
+                $tracusers[] = $data['owner'];
+            }
+            if (!in_array($data['reporter'], $tracusers)) {
+                $tracusers[] = $data['reporter'];
+            }
+        }
+
+        // get the trac user accounts from the revisions table
+        $result = dbquery("SELECT DISTINCT author FROM ".$settings['tracsvn_database'].".revision");
+        while ($data = dbarray($result)) {
+            // add it to the users array, if not already present
+            if (!in_array($data['author'], $tracusers)) {
+                $tracusers[] = $data['author'];
+            }
+        }
+
+        // sort the users
+        sort($tracusers);
+    }
+
+    // get the alias mapping for this users
+    $variables['aliases'] = array();
+    foreach($tracusers as $tracuser) {
+        $result = dbquery("SELECT t.*, u.user_name FROM ".$db_prefix."tracsvn_alias t, ".$db_prefix."users u WHERE t.tracsvn_userid = u.user_id AND tracsvn_username = '$tracuser'");
+        if (dbrows($result)) {
+            $data = dbarray($result);
+            $variables['aliases'][] = array('tracuser' => $tracuser, 'user_id' => $data['tracsvn_userid'], 'user_name' => $data['user_name']);
+        } else {
+            $variables['aliases'][] = array('tracuser' => $tracuser, 'user_id' => 0, 'user_name' => "");
+        }
+    }
+
+    // get the list of all users for the dropdown
+    $variables['members'] = array();
+    $result = dbquery("SELECT user_id, user_name FROM ".$db_prefix."users WHERE user_status = '0' ORDER BY user_name");
+    while ($data = dbarray($result)) {
+        $variables['members'][] = $data;
+    }
 }
-
+//_debug($variables, true);
 // store the variables
 $variables['database'] = $database;
@@ -88 +178 @@
 $variables['auth'] = $auth;
 $variables['extensions'] = $extensions;
+$variables['view_svn'] = $view_svn;
+$variables['view_diff'] = $view_diff;
+$variables['view_file'] = $view_file;
 
 // define the body panel variables