[aur-dev] [PATCH] Fake pkgbase actions for unconfirmed users

Lukas Fleischer lfleischer at archlinux.org
Fri Jun 26 17:58:06 UTC 2015 

On Fri, 26 Jun 2015 at 18:06:36, Gordian Edenhofer wrote:
> Displaying flag, notify, vote, adopt and file requet buttons for
> users which did not authenticate themselves and letting those fake
> buttons link to the login page.
> ---
>  web/template/pkgbase_actions.php | 47 ++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 47 insertions(+)
> 
> diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php
> index a659c88..cd55464 100644
> --- a/web/template/pkgbase_actions.php
> +++ b/web/template/pkgbase_actions.php
> @@ -45,6 +45,53 @@
>                         <?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?>
>                         <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li>
>                         <?php endif; ?>
> +
> +                       <?php else: ?>
> +                       <?php if ($row["OutOfDateTS"] === NULL): ?>
> +                       <li>
> +                               <?php if (config_get_bool('options', 'disable_http_login') && empty($_SERVER['HTTPS'])): ?>
> +                               <?= html_action_link(get_uri('/login/', true), __('Flag package out-of-date')) ?>
> +                               <?php else: ?>
> +                               <?= html_action_link(get_uri('/login/'), __('Flag package out-of-date')) ?>
> +                               <?php endif; ?>
> [...]

Thanks for submitting a reworked version!

I still think this is way too much duplicate code, though. First of all,
you are repeating the same if-else statement over and over again which
is an indication that there should be a wrapper function. But then
again, I don't think we need two differentiate those cases at all.
Redirecting to the HTTP page when the user chooses to use HTTP is fine.
The official setup even uses HTTPs unconditionally, so this doesn't
affect us at all. Maybe it is time to drop the disable_http_login
setting...

I also still think that it is possible to implement this without
duplicating all the links. Is there a reason we cannot simply remove the
$uid check from the pkgbase_actions template and make the
html_action_link() helper generate either proper or fake links, based on
whether you are logged in?

Regards,
Lukas

More information about the aur-dev mailing list