[aur-dev] [PATCH 1/6] Allow regular users to file package requests
Move the permission check so that regular users can file requests, whereas the request list is only available to Trusted Users and developers. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/html/pkgreq.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php index 2b46b02..d7a4354 100644 --- a/web/html/pkgreq.php +++ b/web/html/pkgreq.php @@ -10,12 +10,12 @@ check_sid(); html_header(__("File Request")); -if (!check_user_privileges()) { - header('Location: /'); - exit(); -} - if (!isset($base_id)) { + if (!check_user_privileges()) { + header('Location: /'); + exit(); + } + $results = pkgbase_request_list(); $total = count($results); -- 2.0.0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/html/pkgreq.php | 57 +------------------------------------------- web/template/pkgreq_form.php | 52 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 56 deletions(-) create mode 100644 web/template/pkgreq_form.php diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php index d7a4354..5d708fc 100644 --- a/web/html/pkgreq.php +++ b/web/html/pkgreq.php @@ -70,62 +70,7 @@ if (!isset($base_id)) { $SID = $_COOKIE['AURSID']; include('pkgreq_results.php'); } else { -?> - -<div class="box"> - <h2><?= __('File Request: %s', htmlspecialchars($pkgbase_name)) ?></h2> - <p> - <?= __('Use this form to file a request against package base %s%s%s which includes the following packages:', - '<strong>', htmlspecialchars($pkgbase_name), '</strong>'); ?> - </p> - <ul> - <?php foreach(pkgbase_get_pkgnames($base_id) as $pkgname): ?> - <li><?= htmlspecialchars($pkgname) ?></li> - <?php endforeach; ?> - </ul> - <form action="<?= get_uri('/pkgbase/'); ?>" method="post"> - <fieldset> - <input type="hidden" name="IDs[<?= $base_id ?>]" value="1" /> - <input type="hidden" name="ID" value="<?= $base_id ?>" /> - <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> - <p> - <label for="id_type"><?= __("Request type") ?>:</label> - <select name="type" id="id_type" onchange="showHideMergeSection()"> - <option value="deletion"><?= __('Deletion') ?></option> - <option value="merge"><?= __('Merge') ?></option> - <option value="orphan"><?= __('Orphan') ?></option> - </select> - </p> - <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script> - <script type="text/javascript"> - function showHideMergeSection() { - if ($('#id_type').val() == 'merge') { - $('#merge_section').show(); - } else { - $('#merge_section').hide(); - } - } - - $(document).ready(function() { - showHideMergeSection(); - }); - </script> - <p id="merge_section"> - <label for="id_merge_into"><?= __("Merge into") ?>:</label> - <input type="text" name="merge_into" id="id_merge_into" /> - </p> - <p> - <label for="id_comments"><?= __("Comments") ?>:</label> - <textarea name="comments" id="id_comments" rows="5" cols="50"></textarea> - </p> - <p> - <input type="submit" class="button" name="do_FileRequest" value="<?= __("File Request") ?>" /> - </p> - </fieldset> - </form> -</div> - -<?php + include('pkgreq_form.php'); } html_footer(AUR_VERSION); diff --git a/web/template/pkgreq_form.php b/web/template/pkgreq_form.php new file mode 100644 index 0000000..cc45f29 --- /dev/null +++ b/web/template/pkgreq_form.php @@ -0,0 +1,52 @@ +<div class="box"> + <h2><?= __('File Request: %s', htmlspecialchars($pkgbase_name)) ?></h2> + <p> + <?= __('Use this form to file a request against package base %s%s%s which includes the following packages:', + '<strong>', htmlspecialchars($pkgbase_name), '</strong>'); ?> + </p> + <ul> + <?php foreach(pkgbase_get_pkgnames($base_id) as $pkgname): ?> + <li><?= htmlspecialchars($pkgname) ?></li> + <?php endforeach; ?> + </ul> + <form action="<?= get_uri('/pkgbase/'); ?>" method="post"> + <fieldset> + <input type="hidden" name="IDs[<?= $base_id ?>]" value="1" /> + <input type="hidden" name="ID" value="<?= $base_id ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <p> + <label for="id_type"><?= __("Request type") ?>:</label> + <select name="type" id="id_type" onchange="showHideMergeSection()"> + <option value="deletion"><?= __('Deletion') ?></option> + <option value="merge"><?= __('Merge') ?></option> + <option value="orphan"><?= __('Orphan') ?></option> + </select> + </p> + <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script> + <script type="text/javascript"> + function showHideMergeSection() { + if ($('#id_type').val() == 'merge') { + $('#merge_section').show(); + } else { + $('#merge_section').hide(); + } + } + + $(document).ready(function() { + showHideMergeSection(); + }); + </script> + <p id="merge_section"> + <label for="id_merge_into"><?= __("Merge into") ?>:</label> + <input type="text" name="merge_into" id="id_merge_into" /> + </p> + <p> + <label for="id_comments"><?= __("Comments") ?>:</label> + <textarea name="comments" id="id_comments" rows="5" cols="50"></textarea> + </p> + <p> + <input type="submit" class="button" name="do_FileRequest" value="<?= __("File Request") ?>" /> + </p> + </fieldset> + </form> +</div> -- 2.0.0
This allows for grouping mails that belong to the same request. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/pkgbasefuncs.inc.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 68dd656..bab8f4c 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -1038,6 +1038,7 @@ function pkgbase_file_request($ids, $type, $merge_into, $comments) { $q.= $dbh->quote($merge_into) . ", " . $uid . ", "; $q.= $dbh->quote($comments) . ", UNIX_TIMESTAMP())"; $dbh->exec($q); + $request_id = $dbh->lastInsertId(); /* * Send e-mail notifications. @@ -1077,8 +1078,11 @@ function pkgbase_file_request($ids, $type, $merge_into, $comments) { if (!empty($bcc)) { $headers .= "Bcc: $bcc\r\n"; } + $thread_id = "<pkg-request-" . $request_id . "@aur.archlinux.org>"; $headers .= "Reply-to: noreply@aur.archlinux.org\r\n" . "From: notify@aur.archlinux.org\r\n" . + "In-Reply-To: $thread_id\r\n" . + "References: $thread_id\r\n" . "X-Mailer: AUR"; @mail($AUR_REQUEST_ML, "AUR " . ucfirst($type) . " Request for " . $row['Name'], $body, $headers); -- 2.0.0
The mail is sent to the request mailing list and to the current package maintainer. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/pkgbasefuncs.inc.php | 45 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index bab8f4c..339cd7e 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -1093,11 +1093,16 @@ function pkgbase_file_request($ids, $type, $merge_into, $comments) { /** * Close a deletion/orphan request * + * @global string $AUR_LOCATION The AUR's URL used for notification e-mails + * @global string $AUR_REQUEST_ML The request notification mailing list * @param int $id The package request to close * * @return void */ function pkgbase_close_request($id) { + global $AUR_LOCATION; + global $AUR_REQUEST_ML; + $dbh = DB::connect(); if (!check_user_privileges()) { @@ -1107,5 +1112,45 @@ function pkgbase_close_request($id) { $q = "UPDATE PackageRequests SET Status = 1 WHERE ID = " . intval($id); $dbh->exec($q); + /* + * Send e-mail notifications. + * TODO: Move notification logic to separate function where it belongs. + */ + $q = "SELECT Users.Email "; + $q.= "FROM Users INNER JOIN PackageBases "; + $q.= "ON PackageBases.MaintainerUID = Users.ID "; + $q.= "INNER JOIN PackageRequests "; + $q.= "ON PackageRequests.PackageBaseID = PackageBases.ID "; + $q.= "WHERE PackageRequests.ID = " . intval($id); + $result = $dbh->query($q); + if ($row = $result->fetch(PDO::FETCH_ASSOC)) { + $bcc = $row['Email']; + } else { + unset($bcc); + } + + /* + * TODO: Add native language emails for users, based on their + * preferences. Simply making these strings translatable won't + * work, users would be getting emails in the language that the + * user who posted the comment was in. + */ + $username = username_from_sid($_COOKIE['AURSID']); + $body = $username . " [1] closed request #" . intval($id) . ".\n\n" . + "[1] " . $AUR_LOCATION . get_user_uri($username) . "\n"; + $body = wordwrap($body, 70); + $headers = "MIME-Version: 1.0\r\n" . + "Content-type: text/plain; charset=UTF-8\r\n"; + if (!empty($bcc)) { + $headers .= "Bcc: $bcc\r\n"; + } + $thread_id = "<pkg-request-" . $id . "@aur.archlinux.org>"; + $headers .= "Reply-to: noreply@aur.archlinux.org\r\n" . + "From: notify@aur.archlinux.org\r\n" . + "In-Reply-To: $thread_id\r\n" . + "References: $thread_id\r\n" . + "X-Mailer: AUR"; + @mail($AUR_REQUEST_ML, "AUR Request Closed", $body, $headers); + return array(true, __("Request closed successfully.")); } -- 2.0.0
Add a "[PRQ#n]" prefix to each package request notification mail. PRQ is an abbreviation for "Package Request" and n is replaced with the corresponding package request ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/pkgbasefuncs.inc.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 339cd7e..9f3439d 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -1084,8 +1084,9 @@ function pkgbase_file_request($ids, $type, $merge_into, $comments) { "In-Reply-To: $thread_id\r\n" . "References: $thread_id\r\n" . "X-Mailer: AUR"; - @mail($AUR_REQUEST_ML, "AUR " . ucfirst($type) . " Request for " . - $row['Name'], $body, $headers); + @mail($AUR_REQUEST_ML, "[PRQ#" . $request_id . "] " . ucfirst($type) . + " Request for " . $row['Name'], $body, + $headers); return array(true, __("Added request successfully.")); } @@ -1104,6 +1105,7 @@ function pkgbase_close_request($id) { global $AUR_REQUEST_ML; $dbh = DB::connect(); + $id = intval($id); if (!check_user_privileges()) { return array(false, __("Only TUs and developers can close requests.")); @@ -1121,7 +1123,7 @@ function pkgbase_close_request($id) { $q.= "ON PackageBases.MaintainerUID = Users.ID "; $q.= "INNER JOIN PackageRequests "; $q.= "ON PackageRequests.PackageBaseID = PackageBases.ID "; - $q.= "WHERE PackageRequests.ID = " . intval($id); + $q.= "WHERE PackageRequests.ID = " . $id; $result = $dbh->query($q); if ($row = $result->fetch(PDO::FETCH_ASSOC)) { $bcc = $row['Email']; @@ -1150,7 +1152,8 @@ function pkgbase_close_request($id) { "In-Reply-To: $thread_id\r\n" . "References: $thread_id\r\n" . "X-Mailer: AUR"; - @mail($AUR_REQUEST_ML, "AUR Request Closed", $body, $headers); + @mail($AUR_REQUEST_ML, "[PRQ#" . $id . "] Request Closed", $body, + $headers); return array(true, __("Request closed successfully.")); } -- 2.0.0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/config.inc.php.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto index a9137f1..cb71fa5 100644 --- a/web/lib/config.inc.php.proto +++ b/web/lib/config.inc.php.proto @@ -61,7 +61,7 @@ $USE_VIRTUAL_URLS = true; $MAX_RPC_RESULTS = 5000; # Mailing list to send package request notifications to. -$AUR_REQUEST_ML = "aur-general@archlinux.org"; +$AUR_REQUEST_ML = "aur-requests@archlinux.org"; # Time to wait until a package request is due. $REQUEST_IDLE_TIME = 60 * 60 * 24 * 14; -- 2.0.0
participants (1)
-
Lukas Fleischer