File: acl.php

package info (click to toggle)
gforge-plugin-scmcvs 4.5.14-5etch1
  • links: PTS
  • area: main
  • in suites: etch
  • size: 1,084 kB
  • ctags: 312
  • sloc: perl: 7,236; python: 371; php: 204; sh: 153; makefile: 60; sql: 4
file content (75 lines) | stat: -rw-r--r-- 2,104 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
<?php
/**
 * Implement CVS ACLs based on GForge roles
 *
 * Copyright 2004 GForge, LLC
 *
 * @version   $Id: acl.php,v 1.1.2.4 2005/12/15 00:16:11 tperdue Exp $
 *
 * This file is part of GForge.
 *
 * GForge is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GForge is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GForge; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  US
 */

require_once('common/include/escapingUtils.php');
require_once('squal_pre.php');

if (!$sys_use_scm) {
	exit_disabled();
}

$env_group = getStringFromPost('group');
$env_user = getStringFromPost('user');
# Group must contain 3 - 15 alphanumeric chars or -
preg_match("/^([[:alnum:]-]{3,15})$/", $env_group, $matches);
# User rules
# 1. Must only contain alphanumeric chars
# 2. Must be 3 - 15 chars
preg_match("/[[:alnum:]_]{3,15}/", $env_user, $matches2);

if (count($matches) == 0) {
	exit_error('','Invalid CVS repository');
} else {
	if (count($matches2) == 0) {
		exit_error('','Invalid username');
	}

	$userName = $matches2[count($matches2)-1];
	$User =& user_get_object_by_name($userName);
	if (!$User || !is_object($User)) {
		exit_error('','User not found');
	}
	session_set_new($User->getID());

	$projectName = $matches[count($matches)-1];
	$Group =& group_get_object_by_name($projectName);
	if (!$Group || !is_object($Group) || $Group->isError()) {
		exit_no_group();
	}

	$perm =& permission_get_object($Group, $User);
	if (!$perm || !is_object($perm) || !$perm->isCVSWriter()) {
		exit_permission_denied();
	}
}

exit(0);

// Local Variables:
// mode: php
// c-file-style: "bsd"
// End:

?>