/*
** Copyright (c) 2007 D. Richard Hipp
**
** This program is free software; you can redistribute it and/or
** modify it under the terms of the Simplified BSD License (also
** known as the "2-Clause License" or "FreeBSD License".)
**
** This program is distributed in the hope that it will be useful,
** but without any warranty; without even the implied warranty of
** merchantability or fitness for a particular purpose.
**
** Author contact information:
** drh@hwaci.com
** http://www.hwaci.com/drh/
**
*******************************************************************************
**
** Implementation of the Setup page
*/
#include "config.h"
#include
}
/*
** WEBPAGE: setup
**
** Main menu for the administrative pages. Requires Admin privileges.
*/
void setup_page(void){
login_check_credentials();
if( !g.perm.Setup ){
login_needed(0);
}
style_header("Server Administration");
/* Make sure the header contains
if( zLink && zLink[0] ){
@ %h(zTitle)
}else{
@ %h(zTitle)
}
@ %h(zDesc)
WARNING: Device "/dev/null" is not available @ for reading and writing.
} if( access("/dev/urandom", R_OK) ){ @WARNING: Device "/dev/urandom" is not available @ for reading. This means that the pseudo-random number generator used @ by SQLite will be poorly seeded.
} #endif @Category @ | Capabilities (key) @ | Info | Last Change | |||||
---|---|---|---|---|---|---|---|---|
%h(zLogin) @ | %h(zCap) if( fossil_strcmp(zLogin,"anonymous")==0 ){ @ | All logged-in users }else if( fossil_strcmp(zLogin,"developer")==0 ){ @ | Users with 'v' capability }else if( fossil_strcmp(zLogin,"nobody")==0 ){ @ | All users without login }else if( fossil_strcmp(zLogin,"reader")==0 ){ @ | Users with 'u' capability }else{ @ | } if( zDate && zDate[0] ){ @ | %h(zDate) }else{ @ | } @ |
Login Name | Caps | Info | Date | Expire | Last Login |
---|---|---|---|---|---|
\ @ %h(zLogin) @ | %h(zCap) @ | %h(zInfo) @ | %h(zDate?zDate:"") @ | %h(zExp?zExp:"") @ | %s(zAge?zAge:"") @ |
a | @Admin: Create and delete users |
---|---|
b | @Attach: Add attachments to wiki or tickets |
c | @Append-Tkt: Append to tickets |
d | @Delete: Delete wiki and tickets |
e | @View-PII: \ @ View sensitive data such as email addresses |
f | @New-Wiki: Create new wiki pages |
g | @Clone: Clone the repository |
h | @Hyperlinks: Show hyperlinks to detailed @ repository history |
i | @Check-In: Commit new versions in the repository |
j | @Read-Wiki: View wiki pages |
k | @Write-Wiki: Edit wiki pages |
l | @Mod-Wiki: Moderator for wiki pages |
m | @Append-Wiki: Append to wiki pages |
n | @New-Tkt: Create new tickets |
o | @Check-Out: Check out versions |
p | @Password: Change your own password |
q | @Mod-Tkt: Moderator for tickets |
r | @Read-Tkt: View tickets |
s | @Setup/Super-user: Setup and configure this website |
t | @Tkt-Report: Create new bug summary reports |
u | @Reader: Inherit privileges of @ user reader |
v | @Developer: Inherit privileges of @ user developer |
w | @Write-Tkt: Edit tickets |
x | @Private: Push and/or pull private branches |
y | @Write-Unver: Push unversioned files |
z | @Zip download: Download a ZIP archive or tarball |
2 | @Forum-Read: Read forum posts by others |
3 | @Forum-Append: Add new forum posts |
4 | @Forum-Trusted: Add pre-approved forum posts |
5 | @Forum-Moderator: Approve or disapprove forum posts |
6 | @Forum-Supervisor: \ @ Forum administrator @ |
7 | @Email-Alerts: Sign up for email nofications |
A | @Announce: Send announcements |
@ Every user, logged in or not, inherits the privileges of @ nobody. @
@ Any human can login as anonymous since the @ password is clearly displayed on the login page for them to type. The @ purpose of requiring anonymous to log in is to prevent access by spiders. @ Every logged-in user inherits the combined privileges of @ anonymous and @ nobody. @
@ Users with privilege u inherit the combined @ privileges of reader, @ anonymous, and @ nobody. @
@ Users with privilege v inherit the combined @ privileges of developer, @ anonymous, and @ nobody. @
The permission flags are as follows:
setup_usercap_table(); @@ User %h(zLogin) has Setup privileges and you only have Admin privileges @ so you are not permitted to make changes to %h(zLogin). @
@ The Setup user can make arbitrary @ configuration changes. An Admin user @ can add other users and change user privileges @ and reset user passwords. Both automatically get all other privileges @ listed below. Use these two settings with discretion. @
@ The "N" subscript suffix @ indicates the privileges of nobody that @ are available to all users regardless of whether or not they are logged in. @
@ The "A" @ subscript suffix @ indicates the privileges of anonymous that @ are inherited by all logged-in users. @
@ The "D" @ subscript suffix indicates the privileges of @ developer that @ are inherited by all users with the @ Developer privilege. @
@ The "R" subscript suffix @ indicates the privileges of reader that @ are inherited by all users with the Reader @ privilege. @
@ The Delete privilege give the user the @ ability to erase wiki, tickets, and attachments that have been added @ by anonymous users. This capability is intended for deletion of spam. @ The delete capability is only in effect for 24 hours after the item @ is first posted. The Setup user can @ delete anything at any time. @
@ The Hyperlinks privilege allows a user @ to see most hyperlinks. This is recommended ON for most logged-in users @ but OFF for user "nobody" to avoid problems with spiders trying to walk @ every diff and annotation of every historical check-in and file. @
@ The Zip privilege allows a user to @ see the "download as ZIP" @ hyperlink and permits access to the /zip page. This allows @ users to download ZIP archives without granting other rights like @ Read or @ Hyperlink. The "z" privilege is recommended @ for user nobody so that automatic package @ downloaders can obtain the sources without going through the login @ procedure. @
@ The Check-in privilege allows remote @ users to "push". The Check-out privilege @ allows remote users to "pull". The Clone @ privilege allows remote users to "clone". @
@ The Read Wiki, @ New Wiki, @ Append Wiki, and @ Write Wiki privileges control access to wiki pages. The @ Read Ticket, @ New Ticket, @ Append Ticket, and @ Write Ticket privileges control access @ to trouble tickets. @ The Ticket Report privilege allows @ the user to create or edit ticket report formats. @
@ Users with the Password privilege @ are allowed to change their own password. Recommended ON for most @ users but OFF for special users developer, @ anonymous, @ and nobody. @
@ The View-PII privilege allows the display @ of personally-identifiable information information such as the @ email address of users and contact @ information on tickets. Recommended OFF for @ anonymous and for @ nobody but ON for @ developer. @
@ The Attachment privilege is needed in @ order to add attachments to tickets or wiki. Write privilege on the @ ticket or wiki is also required. @
@ Login is prohibited if the password is an empty string. @
@ No login is required for user nobody. The @ capabilities of the nobody user are @ inherited by all users, regardless of whether or not they are logged in. @ To disable universal access to the repository, make sure that the @ nobody user has no capabilities @ enabled. The password for nobody is ignored. @
@ Login is required for user anonymous but the @ password is displayed on the login screen beside the password entry box @ so anybody who can read should be able to login as anonymous. @ On the other hand, spiders and web-crawlers will typically not @ be able to login. Set the capabilities of the @ anonymous @ user to things that you want any human to be able to do, but not any @ spider. Every other logged-in user inherits the privileges of @ anonymous. @
@ The developer user is intended as a template @ for trusted users with check-in privileges. When adding new trusted users, @ simply select the developer privilege to @ cause the new user to inherit all privileges of the @ developer @ user. Similarly, the reader user is a @ template for users who are allowed more access than @ anonymous, @ but less than a developer. @
%s(zErrMsg)
} zGroup = login_group_name(); if( zGroup==0 ){ @This repository (in the file named "%h(zSelfRepo)") @ is not currently part of any login-group. @ To join a login group, fill out the form below.
@ @ }else{ Stmt q; int n = 0; @This repository (in the file "%h(zSelfRepo)") @ is currently part of the "%h(zGroup)" login group. @ Other repositories in that group are:
@Project Name | @ | Repository File | ||
---|---|---|---|---|
%d(n). | @ | %h(zTitle) | %h(zRepo) |