[Fusionforge-general] User an Project with the same unix_name

Christian BAYLE bayle at debian.org
Thu Jun 11 22:22:33 CEST 2009


Hi,

As I said this restriction is linked to system restriction
system restriction should be in system code
You may have install where the restriction don't apply and other with
some specific restriction
Why not just add the check in sysCheckUser and sysCheckGroup functions,
or add sysValidateUser sysValidateGroup if necessary.
you can even choose to implement differently depending on the class you
choose
LDAP, UNIX, pgsql, whatever


Cheers

Christian


AlJeux a écrit :
> This is not exactly related to your patch but there is also a case which
> has to be considered:
> 
> When the forge is linked with an LDAP directory (for users), you can not
> refuse a user to login the forge.
> 
> So, all code adding restriction is quite problematic, that's why I would
> prefer to keep this kind of code under the condition of the $sys_use_shell.
> 
> Alain.
> 
> Julien HEYMAN a écrit :
>> Christian BAYLE a écrit :
>>> Hello,
>>>
>>> When you create a user, you have to test if a project exists
>>> when you create a project you have to test if a user exists
>>>
>>> Every time it should probably be a call to the System class that check
>>> if it's possible depending on the context, like if $sys_use_shell=false
>>> always return OK, which can be a problem if you decide to change this
>>> var, one extra solution could be to use a prefix in group name like
>>> prj_<group_name>
>>> Anyway I consider that system stuffs should be handled by system class,
>>> this has for example a big advantage if the uid/gid provider is
>>> external, like a ldap, or if you have problems like a max number of
>>> group per user on some nfs filer.
>>>
>>> Christian
>>>
>>> AlJeux a écrit :
>>>  
>>>> Julien HEYMAN a écrit :
>>>>   
>>>>> Julien HEYMAN a écrit :
>>>>>     
>>>>>> Actually, if you have a project with unix_name "toto" and if you
>>>>>> create an user with unix_name "toto", fusionforge delete your unix
>>>>>> goup "toto" (project) and create a new unix group called "toto" for
>>>>>> your user...  and the "toto" members lost their unix group.
>>>>>>
>>>>>> So, to fixed it, I think to test in create function in User class, if
>>>>>> the name is not used by a project, and reciprocally.
>>>>>>
>>>>>> Ok?
>>>>>>
>>>>>>         
>>>>> Maybe test in common/include/account.php with an getent group  in
>>>>> account_namevalid and getent passwd in account_groupnamevalid ?
>>>>>       
>>>> Maybe test using getent() only if $sys_use_shell is true.
>>>>
>>>> Alain.
>>>>
>>>>
>>>> _______________________________________________
>>>> Fusionforge-general mailing list
>>>> Fusionforge-general at lists.fusionforge.org
>>>> http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
>>>>
>>>>
>>>>
>>>>     
>>>
>>>
>>> _______________________________________________
>>> Fusionforge-general mailing list
>>> Fusionforge-general at lists.fusionforge.org
>>> http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
>>>
>>>
>>>
>>>   
>> But, if you create the project "toto", and if administrator don't
>> approve yet, and if you create the user "toto"... what's happen ?
>>
>> If shell not used, you haven't the problem. But if you have... or if
>> you activate  shell after ?
>>
>> I think we test in createUser if it exists the group with the same
>> name, and reciprocally.
>>
>> I attach the patch  for 4.8 :
>>
>>
>>  From 4388c00eeb5fc8118f5d4b9b8168139b674151d5 Mon Sep 17 00:00:00 2001
>> From: Julien Heyman <julien.heyman at atosorigin.com>
>> Date: Thu, 11 Jun 2009 18:10:19 +0200
>> Subject: [PATCH] Check if user/group name is not used by user/group
>>
>> ---
>> gforge/common/include/Group.class.php |    4 ++++
>> gforge/common/include/User.class.php  |    5 +++++
>> 2 files changed, 9 insertions(+), 0 deletions(-)
>>
>> diff --git a/gforge/common/include/Group.class.php
>> b/gforge/common/include/Group.class.php
>> index fd8e368..9976a5f 100644
>> --- a/gforge/common/include/Group.class.php
>> +++ b/gforge/common/include/Group.class.php
>> @@ -294,6 +294,10 @@ class Group extends Error {
>>                               array ($unix_name))) > 0) {
>>             $this->setError(_('Unix name already taken'));
>>             return false;
>> +        } else if (db_numrows(db_query_params('SELECT user_id FROM
>> users WHERE user_name LIKE $1',
>> +                           array ($unix_name))) > 0) {
>> +            $this->setError(_('Unix name already taken'));
>> +            return false;
>>         } else if (strlen($purpose)<10) {
>>             $this->setError(_('Please describe your Registration
>> Purpose in a more comprehensive manner'));
>>             return false;
>> diff --git a/gforge/common/include/User.class.php
>> b/gforge/common/include/User.class.php
>> index a19ce4e..c5b5e60 100644
>> --- a/gforge/common/include/User.class.php
>> +++ b/gforge/common/include/User.class.php
>> @@ -266,6 +266,11 @@ class GFUser extends Error {
>>             $this->setError(_('That username already exists.'));
>>             return false;
>>         }
>> +        if (db_numrows(db_query_params('SELECT group_id FROM groups
>> WHERE unix_group_name=$1',
>> +                              array ($unix_name))) > 0) {
>> +            $this->setError(_('Unix name already taken'));
>> +            return false;
>> +        }
>>         if ($GLOBALS['sys_require_unique_email']) {
>>             if (db_numrows(db_query_params('SELECT user_id FROM users
>> WHERE email ILIKE $1 OR email_new ILIKE $1',
>>                                array ($email))) > 0) {
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Fusionforge-general mailing list
>> Fusionforge-general at lists.fusionforge.org
>> http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
> 
> 
> _______________________________________________
> Fusionforge-general mailing list
> Fusionforge-general at lists.fusionforge.org
> http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
> 
> 





More information about the Fusionforge-general mailing list