summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2014-10-11Merge branch 'maint'Lukas Fleischer1-1/+1
2014-10-10Add support for architecture-specific sourcesLukas Fleischer1-6/+34
As a follow-up to 4d7da95 (Add support for architecture-specific fields, 2014-08-10), handle architecture-specific source fields as well. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-10Use proper email address in send_resetkey()Lukas Fleischer1-1/+1
Fixes FS#41860. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-03Merge branch 'maint'Lukas Fleischer1-2/+2
2014-10-03Include proper timestamp in auto-accept emailsLukas Fleischer1-1/+1
Fixes a regression introduced in c70b340 (Close requests before accepting, 2014-07-29). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-10-03Fix permission check in pkgreq_close()Lukas Fleischer1-1/+1
Make sure that requests can be auto-accepted if filed by a regular user. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-11Merge branch 'maint'Lukas Fleischer5-4/+10
2014-08-10Add support for architecture-specific fieldsLukas Fleischer1-15/+57
This adds support for architecture-specific dependencies and relations. Support for this has recently been added to makepkg, see commit 2b556d8 (PKGBUILD: handle arch specific attributes, 2014-07-25) in the pacman repository for details. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-08Add permission checks to the request featureLukas Fleischer2-0/+6
* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-08Fix the return value of save_salt()Lukas Fleischer1-1/+1
Return true if and only if the SQL query was executed successfully. Logins with an unsalted password no longer fail now. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-06Fix notification handling on submission and adoptionLukas Fleischer1-1/+1
Automatically add users to the notification list when adopting a package. This used to work bug was broken by 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41426. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-06Add PCRE_DOLLAR_ENDONLY to preg_match()Lukas Fleischer2-2/+2
When using preg_match() to check for a match that starts at the beginning of the string and ends at the last character of the string, we do not want to allow an additional newline character to sneak in. Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY modifier prevents users from registering with user names that end with a newline character. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-02Release 3.4.3v3.4.3Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-08-02Count users in "Trusted User & Developer" group as TUBalló György2-3/+3
This reflects the changes in 3610f3c. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Release 3.4.2v3.4.2Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Close requests before acceptingLukas Fleischer2-11/+29
When auto-accepting a request, we need to close the package request before performing the actual action (disown/deletion/merge). Otherwise, the former maintainer is not included in the Cc list of the acceptance/rejection notification email. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Remove duplicate recipients from CcLukas Fleischer1-0/+2
When a user files a request for a package maintained by himself, he is currently included in the Cc list twice. Use array_unique() to omit repeated entries. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Allow users to delete their own commentsLukas Fleischer1-13/+5
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Fixes FS#41379. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Release 3.4.1v3.4.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-29Suppress PHP notice in process_account_form()Lukas Fleischer1-3/+6
Add a check to remove a notice which is displayed after registration since commit 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-28Release 3.4.0v3.4.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Do not allow regular users to edit all accountsLukas Fleischer1-1/+1
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Clean up user references in user_delete()Lukas Fleischer1-0/+35
Explicitly clean up all references before deleting a user. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-25Make deleted comments visible to Trusted UsersLukas Fleischer3-7/+18
This allows Trusted Users to check whether a user posted a politically incorrect comment, even if he already deleted it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Add typeahead suggest to the merge request formLukas Fleischer1-2/+26
Add the typeahead implementation we already use for the package search to the merge target text field. Instead of suggesting packages, suggest package base names. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Prevent merging a package base with itselfLukas Fleischer1-0/+4
Instead of deleting the package, show an error message if a user tries to merge a package base with itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Verify that the target of merge operations existsLukas Fleischer1-0/+4
Make sure that the target of a merge operation is either empty or an existing package base name. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Drop support for source packages without .AURINFOLukas Fleischer1-139/+0
Disallow uploading source tarballs that do not contain .AURINFO. Also, drop the PKGBUILD parser which is no longer needed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-17Automatically accept orphan requests for old packagesLukas Fleischer2-12/+42
If an orphan request is filed for a package that has been flagged out-of-date for at least 180 days, it is disowned automatically. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Fix pkgbase_votes_from_name()Lukas Fleischer1-8/+9
In 676595f (Prefix package functions with pkg_/pkgbase_, 2014-04-05), votes_for_pkgname() was renamed to pkgbase_votes_from_name() without changing the semantics. Slightly adapt the implementation and interpret the argument as a package base name instead of a package name. Also fix the call site. Reported-by: Felix Yan <felixonmars@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Mention the target of merge requests in emailsLukas Fleischer1-5/+15
When sending the initial notification email for a merge request, include the name of the package base that is the target of the requested merge operation. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Use Cc instead of Bcc in request notificationsLukas Fleischer1-6/+6
Add the request creator and the current package maintainer to Cc instead of Bcc when sending notification emails for package requests. This allows users to forward any discussion to both of them by using the "Group Reply" function of their MUA. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Bcc notification emails to the request creatorLukas Fleischer1-14/+27
Add both the request creator and the current package maintainer to the Bcc list of notification emails for package requests. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-16Remove unused function pkg_details_by_name()Lukas Fleischer1-24/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Add a new user group "Trusted User & Developer"Lukas Fleischer2-5/+13
This group has full permissions on everything. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Disallow privileged users to use invalid user namesLukas Fleischer1-22/+1
Prevent Trusted Users and developers from accidentally using a name that contains invalid characters. Also, remove user_is_privileged() which is no longer needed after this change. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer6-121/+134
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-05Release 3.3.0v3.3.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Display number of pending requests in actions boxLukas Fleischer2-2/+8
For packages with pending package requests, display the number of requests above the "File Request" link. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Handle plurals in translationsLukas Fleischer1-0/+7
Use ngettext() to handle plurals properly. Also, split pagination captions into two strings. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Sanitize merge base name in pkgreq_file()Lukas Fleischer1-0/+4
Move the check introduced in 06b7099 (Validate package base name when filing requests, 2014-07-02) from pkgbase.php to pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Remember whether a request has been acceptedLukas Fleischer1-4/+12
Store whether a package request is accepted or rejected and display the reason of each closed request in the request list. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Include reason for closing a request in the subjectLukas Fleischer1-2/+2
Change the subject of notification emails sent when closing a request to be either "Request Accepted" or "Request Rejected". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Allow for adding a comment when closing a requestLukas Fleischer2-5/+11
This allows Trusted Users to optionally add a comment when closing a request. The comment is included in the notification email that is sent to the requests mailing list. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-04Allow for selecting a reason when closing a requestLukas Fleischer2-6/+25
When closing a package request, Trusted Users can now pick a reason ("Accepted" or "Rejected"). This allows for marking a request as accepted, even if the corresponding package base has already been deleted. Also, the notification email now always explicitly states whether a request has been accepted or closed in the message body. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-02Fix pagination in the package request listLukas Fleischer1-2/+17
This was not implemented properly in commit 8260111 (Add a package request list, 2014-06-24). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Set Message-ID when sending package request emailsLukas Fleischer1-2/+1
When sending the first notification email that belongs to a certain package request, set the Message-ID instead of the In-Reply-To and References headers. This is not only more RFC compliant but also fixes thread views in several clients, such as Pipermail. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Remove Reply-To header from package request emailsLukas Fleischer1-4/+2
These notification emails are sent to a public mailing list for discussion. Make sure that people can reply. Reported-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Release 3.2.0v3.2.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-01Be explicit about accepted requests in emailsLukas Fleischer2-4/+7
When sending notification emails after closing a request, be explicit about whether the request has been accepted or not. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>