summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2014-08-08Add permission checks to the request featureLukas Fleischer2-0/+6
* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-08Fix the return value of save_salt()Lukas Fleischer1-1/+1
Return true if and only if the SQL query was executed successfully. Logins with an unsalted password no longer fail now. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-06Fix notification handling on submission and adoptionLukas Fleischer1-1/+1
Automatically add users to the notification list when adopting a package. This used to work bug was broken by 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41426. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-06Add PCRE_DOLLAR_ENDONLY to preg_match()Lukas Fleischer2-2/+2
When using preg_match() to check for a match that starts at the beginning of the string and ends at the last character of the string, we do not want to allow an additional newline character to sneak in. Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY modifier prevents users from registering with user names that end with a newline character. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-02Release 3.4.3Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-02Count users in "Trusted User & Developer" group as TUBalló György2-3/+3
This reflects the changes in 3610f3c. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Release 3.4.2Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Close requests before acceptingLukas Fleischer2-11/+29
When auto-accepting a request, we need to close the package request before performing the actual action (disown/deletion/merge). Otherwise, the former maintainer is not included in the Cc list of the acceptance/rejection notification email. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Remove duplicate recipients from CcLukas Fleischer1-0/+2
When a user files a request for a package maintained by himself, he is currently included in the Cc list twice. Use array_unique() to omit repeated entries. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Allow users to delete their own commentsLukas Fleischer1-13/+5
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41379. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Release 3.4.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Suppress PHP notice in process_account_form()Lukas Fleischer1-3/+6
Add a check to remove a notice which is displayed after registration since commit 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-28Release 3.4.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Do not allow regular users to edit all accountsLukas Fleischer1-1/+1
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Clean up user references in user_delete()Lukas Fleischer1-0/+35
Explicitly clean up all references before deleting a user. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Make deleted comments visible to Trusted UsersLukas Fleischer3-7/+18
This allows Trusted Users to check whether a user posted a politically incorrect comment, even if he already deleted it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Add typeahead suggest to the merge request formLukas Fleischer1-2/+26
Add the typeahead implementation we already use for the package search to the merge target text field. Instead of suggesting packages, suggest package base names. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Prevent merging a package base with itselfLukas Fleischer1-0/+4
Instead of deleting the package, show an error message if a user tries to merge a package base with itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Verify that the target of merge operations existsLukas Fleischer1-0/+4
Make sure that the target of a merge operation is either empty or an existing package base name. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Drop support for source packages without .AURINFOLukas Fleischer1-139/+0
Disallow uploading source tarballs that do not contain .AURINFO. Also, drop the PKGBUILD parser which is no longer needed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-17Automatically accept orphan requests for old packagesLukas Fleischer2-12/+42
If an orphan request is filed for a package that has been flagged out-of-date for at least 180 days, it is disowned automatically. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Fix pkgbase_votes_from_name()Lukas Fleischer1-8/+9
In 676595f (Prefix package functions with pkg_/pkgbase_, 2014-04-05), votes_for_pkgname() was renamed to pkgbase_votes_from_name() without changing the semantics. Slightly adapt the implementation and interpret the argument as a package base name instead of a package name. Also fix the call site. Reported-by: Felix Yan <felixonmars@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Mention the target of merge requests in emailsLukas Fleischer1-5/+15
When sending the initial notification email for a merge request, include the name of the package base that is the target of the requested merge operation. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Use Cc instead of Bcc in request notificationsLukas Fleischer1-6/+6
Add the request creator and the current package maintainer to Cc instead of Bcc when sending notification emails for package requests. This allows users to forward any discussion to both of them by using the "Group Reply" function of their MUA. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Bcc notification emails to the request creatorLukas Fleischer1-14/+27
Add both the request creator and the current package maintainer to the Bcc list of notification emails for package requests. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Remove unused function pkg_details_by_name()Lukas Fleischer1-24/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Add a new user group "Trusted User & Developer"Lukas Fleischer2-5/+13
This group has full permissions on everything. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Disallow privileged users to use invalid user namesLukas Fleischer1-22/+1
Prevent Trusted Users and developers from accidentally using a name that contains invalid characters. Also, remove user_is_privileged() which is no longer needed after this change. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer6-121/+134
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-05Release 3.3.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Display number of pending requests in actions boxLukas Fleischer2-2/+8
For packages with pending package requests, display the number of requests above the "File Request" link. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Handle plurals in translationsLukas Fleischer1-0/+7
Use ngettext() to handle plurals properly. Also, split pagination captions into two strings. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Sanitize merge base name in pkgreq_file()Lukas Fleischer1-0/+4
Move the check introduced in 06b7099 (Validate package base name when filing requests, 2014-07-02) from pkgbase.php to pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Remember whether a request has been acceptedLukas Fleischer1-4/+12
Store whether a package request is accepted or rejected and display the reason of each closed request in the request list. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Include reason for closing a request in the subjectLukas Fleischer1-2/+2
Change the subject of notification emails sent when closing a request to be either "Request Accepted" or "Request Rejected". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Allow for adding a comment when closing a requestLukas Fleischer2-5/+11
This allows Trusted Users to optionally add a comment when closing a request. The comment is included in the notification email that is sent to the requests mailing list. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Allow for selecting a reason when closing a requestLukas Fleischer2-6/+25
When closing a package request, Trusted Users can now pick a reason ("Accepted" or "Rejected"). This allows for marking a request as accepted, even if the corresponding package base has already been deleted. Also, the notification email now always explicitly states whether a request has been accepted or closed in the message body. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-02Fix pagination in the package request listLukas Fleischer1-2/+17
This was not implemented properly in commit 8260111 (Add a package request list, 2014-06-24). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Set Message-ID when sending package request emailsLukas Fleischer1-2/+1
When sending the first notification email that belongs to a certain package request, set the Message-ID instead of the In-Reply-To and References headers. This is not only more RFC compliant but also fixes thread views in several clients, such as Pipermail. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Remove Reply-To header from package request emailsLukas Fleischer1-4/+2
These notification emails are sent to a public mailing list for discussion. Make sure that people can reply. Reported-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Release 3.2.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Be explicit about accepted requests in emailsLukas Fleischer2-4/+7
When sending notification emails after closing a request, be explicit about whether the request has been accepted or not. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Fix documentation of pkgreq_*() return typesLukas Fleischer1-2/+2
Reported-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Simplify code to bound integer valuesLukas Fleischer2-12/+17
Suggested-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-30Fix broken indentation in pkgbase_delete_comment()Lukas Fleischer1-5/+5
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-30Rename package request functions to pkgreq_*()Lukas Fleischer2-5/+5
Since these functions now reside in a separate module, use the module name as function name prefix. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-30Split out package request functionsLukas Fleischer2-185/+189
Move package request functions to a separate unit pkgreqfuncs.inc.php. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-30Merge branch 'maint'Lukas Fleischer1-1/+2
2014-06-25Default to aur-requests for request notificationsLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-25Prefix request notification mails with IDLukas Fleischer1-4/+7
Add a "[PRQ#n]" prefix to each package request notification mail. PRQ is an abbreviation for "Package Request" and n is replaced with the corresponding package request ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>