Restrict new/edit/delete on CommitFests to administrators.

The list of administrators is controlled by the new user_privilege table.

diff --git a/etc/table.sql b/etc/table.sql
index 44ae05faa49319f2d3759f06bd19733debcabf82..c60a298c863ef3e88dcfd16572781d2b435ca629 100644 (file)
--- a/etc/table.sql
+++ b/etc/table.sql
@@ -1,3 +1,9 @@
+CREATE TABLE user_privilege (
+       userid                                  varchar not null,
+       is_administrator                boolean not null,
+       PRIMARY KEY (userid)
+);
+
 CREATE TABLE session (
        id                                              varchar not null,
        userid                                  varchar not null,

diff --git a/perl-lib/PgCommitFest/CommitFest.pm b/perl-lib/PgCommitFest/CommitFest.pm
index f16819d81274daedb8dbb14bbe270f0cc5369c33..b1b3d8ddc76671654fc6087a43ffcb4370a6b6b4 100644 (file)
--- a/perl-lib/PgCommitFest/CommitFest.pm
+++ b/perl-lib/PgCommitFest/CommitFest.pm
@@ -4,7 +4,7 @@ use warnings;
 
 sub delete {
        my ($r) = @_;
-       $r->authenticate('require_login' => 1);
+       $r->authenticate('require_login' => 1, 'require_administrator' => 1);
        $r->set_title('Delete CommitFest');
        my $d;
        eval {
@@ -28,7 +28,7 @@ EOM
 
 sub form {
        my ($r) = @_;
-       $r->authenticate('require_login' => 1);
+       $r->authenticate('require_login' => 1, 'require_administrator' => 1);
 
        # Decide whether this is a new commitfest or an edit of an existing
        # commitfest, and if editing reload data from database.
@@ -74,8 +74,11 @@ EOM
 
 sub search {
        my ($r) = @_;
+       my $aa = $r->authenticate();
        $r->set_title('CommitFest Index');
-       $r->add_link('/action/commitfest_form', 'New CommitFest');
+       if (defined $aa && $aa->{'is_administrator'}) {
+               $r->add_link('/action/commitfest_form', 'New CommitFest');
+       }
        my $list = $r->db->select(<<EOM);
 SELECT id, name, commitfest_status FROM commitfest_view ORDER BY name DESC
 EOM
@@ -84,6 +87,7 @@ EOM
 
 sub view {
        my ($r) = @_;
+       my $aa = $r->authenticate();
        my $id = $r->cgi_id();
        my $d = $r->db->select_one(<<EOM, $id) if defined $id;
 SELECT id, name, commitfest_status FROM commitfest_view WHERE id = ?
@@ -126,9 +130,12 @@ EOM
        $r->add_link('/action/patch_form?commitfest=' . $id, 'New Patch');
        $r->add_link('/action/commitfest_topic_search?id=' . $id,
                'CommitFest Topics');
-       $r->add_link('/action/commitfest_form?id=' . $id, 'Edit CommitFest');
-       $r->add_link('/action/commitfest_delete?id=' . $id, 'Delete CommitFest',
-               'Are you sure you want to delete this CommitFest?');
+       if (defined $aa && $aa->{'is_administrator'}) {
+               $r->add_link('/action/commitfest_form?id=' . $id, 'Edit CommitFest');
+               $r->add_link('/action/commitfest_delete?id=' . $id,
+                       'Delete CommitFest',
+                       'Are you sure you want to delete this CommitFest?');
+       }
        $r->render_template('commitfest_view', { 'd' => $d, 'patch_grouping' => [
                {
                        'name' => 'Pending Patches',

diff --git a/perl-lib/PgCommitFest/Request.pm b/perl-lib/PgCommitFest/Request.pm
index 78911c7b676159f3e190a21c3b452cf691cec735..3a89c416ee8e688411bf229e2a985eda28b34bcf 100644 (file)
--- a/perl-lib/PgCommitFest/Request.pm
+++ b/perl-lib/PgCommitFest/Request.pm
@@ -58,7 +58,9 @@ sub authenticate {
        if (!defined $self->{'authenticate'} && defined $self->cookie('session')) {
                $self->{'authenticate'} =
                        $self->db->select_one(<<EOM, $self->cookie('session'));
-SELECT s.* FROM session s WHERE s.id = ?
+SELECT s.*, p.is_administrator FROM session s
+       LEFT JOIN user_privilege p ON s.userid = p.userid
+WHERE s.id = ?
 EOM
        }
        if (!defined $self->{'authenticate'} && $option{'require_login'}) {
@@ -69,6 +71,12 @@ EOM
                }
                $self->redirect('/action/login');
        }
+       if (defined $self->{'authenticate'} && $option{'require_administrator'}
+               && ! $self->{'authenticate'}{'is_administrator'}) {
+               $self->error_exit(<<EOM);
+This function is available only to administators.
+EOM
+       }
        return $self->{'authenticate'};
 }