/*
** WEBPAGE: tktedit
** WEBPAGE: debug_tktedit
**
** Edit a ticket. The ticket is identified by the name CGI parameter.
** /tktedit is the official page. The /debug_tktedit page does the same
** thing except that it does not save the ticket change record when you
** press submit - it instead prints the ticket change record at the top
** of the page. The /debug_tktedit page is intended to be used when
** debugging ticket configurations.
*/
void tktedit_page(void){
const char *zScript;
int nName;
const char *zName;
int nRec;
login_check_credentials();
if( !g.perm.ApndTkt && !g.perm.WrTkt ){ login_needed(); return; }
zName = P("name");
if( P("cancel") ){
cgi_redirectf("tktview?name=%T", zName);
}
style_header("Edit Ticket");
if( zName==0 || (nName = strlen(zName))<4 || nName>UUID_SIZE
|| !validate16(zName,nName) ){
cgi_printf("<span class=\"tktError\">Not a valid ticket id: \\\"%h\\\"</span>\n",(zName));
style_footer();
return;
}
nRec = db_int(0, "SELECT count(*) FROM ticket WHERE tkt_uuid GLOB '%q*'",
zName);
if( nRec==0 ){
cgi_printf("<span class=\"tktError\">No such ticket: \\\"%h\\\"</span>\n",(zName));
style_footer();
return;
}
if( nRec>1 ){
cgi_printf("<span class=\"tktError\">%d tickets begin with:\n"
"\\\"%h\\\"</span>\n",(nRec),(zName));
style_footer();
return;
}
if( g.thTrace ) Th_Trace("BEGIN_TKTEDIT<br />\n", -1);
ticket_init();
getAllTicketFields();
initializeVariablesFromCGI();
initializeVariablesFromDb();
if( g.zPath[0]=='d' ) showAllFields();
form_begin(0, "%R/%s", g.zPath);
cgi_printf("<input type=\"hidden\" name=\"name\" value=\"%s\" />\n",(zName));
login_insert_csrf_secret();
zScript = ticket_editpage_code();
Th_Store("login", g.zLogin ? g.zLogin : "******");
Th_Store("date", db_text(0, "SELECT datetime('now')"));
Th_CreateCommand(g.interp, "append_field", appendRemarkCmd, 0, 0);
Th_CreateCommand(g.interp, "submit_ticket", submitTicketCmd, (void*)&zName,0);
if( g.thTrace ) Th_Trace("BEGIN_TKTEDIT_SCRIPT<br />\n", -1);
if( Th_Render(zScript)==TH_RETURN && !g.thTrace && zName ){
cgi_redirect(mprintf("%s/tktview/%s", g.zTop, zName));
return;
}
captcha_generate(0);
cgi_printf("</form>\n");
if( g.thTrace ) Th_Trace("BEGIN_TKTEDIT<br />\n", -1);
style_footer();
}
/*
** WEBPAGE: tktview
** URL: tktview?name=UUID
**
** View a ticket.
*/
void tktview_page(void){
const char *zScript;
char *zFullName;
const char *zUuid = PD("name","");
login_check_credentials();
if( !g.perm.RdTkt ){ login_needed(); return; }
if( g.perm.WrTkt || g.perm.ApndTkt ){
style_submenu_element("Edit", "Edit The Ticket", "%s/tktedit?name=%T",
g.zTop, PD("name",""));
}
if( g.perm.Hyperlink ){
style_submenu_element("History", "History Of This Ticket",
"%s/tkthistory/%T", g.zTop, zUuid);
style_submenu_element("Timeline", "Timeline Of This Ticket",
"%s/tkttimeline/%T", g.zTop, zUuid);
style_submenu_element("Check-ins", "Check-ins Of This Ticket",
"%s/tkttimeline/%T?y=ci", g.zTop, zUuid);
}
if( g.perm.NewTkt ){
style_submenu_element("New Ticket", "Create a new ticket",
"%s/tktnew", g.zTop);
}
if( g.perm.ApndTkt && g.perm.Attach ){
style_submenu_element("Attach", "Add An Attachment",
"%s/attachadd?tkt=%T&from=%s/tktview/%t",
g.zTop, zUuid, g.zTop, zUuid);
}
if( P("plaintext") ){
style_submenu_element("Formatted", "Formatted", "%R/tktview/%S", zUuid);
}else{
style_submenu_element("Plaintext", "Plaintext",
"%R/tktview/%S?plaintext", zUuid);
}
style_header("View Ticket");
if( g.thTrace ) Th_Trace("BEGIN_TKTVIEW<br />\n", -1);
ticket_init();
initializeVariablesFromCGI();
getAllTicketFields();
initializeVariablesFromDb();
zScript = ticket_viewpage_code();
if( P("showfields")!=0 ) showAllFields();
if( g.thTrace ) Th_Trace("BEGIN_TKTVIEW_SCRIPT<br />\n", -1);
Th_Render(zScript);
if( g.thTrace ) Th_Trace("END_TKTVIEW<br />\n", -1);
zFullName = db_text(0,
"SELECT tkt_uuid FROM ticket"
" WHERE tkt_uuid GLOB '%q*'", zUuid);
if( zFullName ){
attachment_list(zFullName, "<hr /><h2>Attachments:</h2><ul>");
}
style_footer();
}
/*
** TH command: append_field FIELD STRING
**
** FIELD is the name of a database column to which we might want
** to append text. STRING is the text to be appended to that
** column. The append does not actually occur until the
** submit_ticket command is run.
*/
static int appendRemarkCmd(
Th_Interp *interp,
void *p,
int argc,
const char **argv,
int *argl
){
int idx;
if( argc!=3 ){
return Th_WrongNumArgs(interp, "append_field FIELD STRING");
}
if( g.thTrace ){
Th_Trace("append_field %#h {%#h}<br />\n",
argl[1], argv[1], argl[2], argv[2]);
}
for(idx=0; idx<nField; idx++){
if( memcmp(aField[idx].zName, argv[1], argl[1])==0
&& aField[idx].zName[argl[1]]==0 ){
break;
}
}
if( idx>=nField ){
Th_ErrorMessage(g.interp, "no such TICKET column: ", argv[1], argl[1]);
return TH_ERROR;
}
aField[idx].zAppend = mprintf("%.*s", argl[2], argv[2]);
return TH_OK;
}
/*
** Store a string value in a variable in the interpreter.
*/
void Th_Store(const char *zName, const char *zValue){
Th_FossilInit();
if( zValue ){
if( g.thTrace ){
Th_Trace("set %h {%h}<br />\n", zName, zValue);
}
Th_SetVar(g.interp, zName, -1, zValue, strlen(zValue));
}
}
/*
** Draw the header.
*/
void style_header(const char *zTitleFormat, ...){
va_list ap;
char *zTitle;
const char *zHeader = db_get("header", (char*)zDefaultHeader);
login_check_credentials();
va_start(ap, zTitleFormat);
zTitle = vmprintf(zTitleFormat, ap);
va_end(ap);
cgi_destination(CGI_HEADER);
cgi_printf("%s","<!DOCTYPE html>");
if( g.thTrace ) Th_Trace("BEGIN_HEADER<br />\n", -1);
/* Generate the header up through the main menu */
Th_Store("project_name", db_get("project-name","Unnamed Fossil Project"));
Th_Store("title", zTitle);
Th_Store("baseurl", g.zBaseURL);
Th_Store("home", g.zTop);
Th_Store("index_page", db_get("index-page","/home"));
Th_Store("current_page", g.zPath);
Th_Store("release_version", RELEASE_VERSION);
Th_Store("manifest_version", MANIFEST_VERSION);
Th_Store("manifest_date", MANIFEST_DATE);
Th_Store("compiler_name", COMPILER_NAME);
if( g.zLogin ){
Th_Store("login", g.zLogin);
}
if( g.thTrace ) Th_Trace("BEGIN_HEADER_SCRIPT<br />\n", -1);
Th_Render(zHeader);
if( g.thTrace ) Th_Trace("END_HEADER<br />\n", -1);
Th_Unstore("title"); /* Avoid collisions with ticket field names */
cgi_destination(CGI_BODY);
g.cgiOutput = 1;
headerHasBeenGenerated = 1;
sideboxUsed = 0;
}
/*
** WEBPAGE: tktnew
** WEBPAGE: debug_tktnew
**
** Enter a new ticket. The tktnew_template script in the ticket
** configuration is used. The /tktnew page is the official ticket
** entry page. The /debug_tktnew page is used for debugging the
** tktnew_template in the ticket configuration. /debug_tktnew works
** just like /tktnew except that it does not really save the new ticket
** when you press submit - it just prints the ticket artifact at the
** top of the screen.
*/
void tktnew_page(void){
const char *zScript;
char *zNewUuid = 0;
login_check_credentials();
if( !g.perm.NewTkt ){ login_needed(); return; }
if( P("cancel") ){
cgi_redirect("home");
}
style_header("New Ticket");
if( g.thTrace ) Th_Trace("BEGIN_TKTNEW<br />\n", -1);
ticket_init();
initializeVariablesFromCGI();
getAllTicketFields();
initializeVariablesFromDb();
if( g.zPath[0]=='d' ) showAllFields();
form_begin(0, "%R/%s", g.zPath);
login_insert_csrf_secret();
if( P("date_override") && g.perm.Setup ){
cgi_printf("<input type=\"hidden\" name=\"date_override\" value=\"%h\">\n",(P("date_override")));
}
zScript = ticket_newpage_code();
Th_Store("login", g.zLogin ? g.zLogin : "******");
Th_Store("date", db_text(0, "SELECT datetime('now')"));
Th_CreateCommand(g.interp, "submit_ticket", submitTicketCmd,
(void*)&zNewUuid, 0);
if( g.thTrace ) Th_Trace("BEGIN_TKTNEW_SCRIPT<br />\n", -1);
if( Th_Render(zScript)==TH_RETURN && !g.thTrace && zNewUuid ){
cgi_redirect(mprintf("%s/tktview/%s", g.zTop, zNewUuid));
return;
}
captcha_generate(0);
cgi_printf("</form>\n");
if( g.thTrace ) Th_Trace("END_TKTVIEW<br />\n", -1);
style_footer();
}
/*
** TH command: hascap STRING
**
** Return true if the user has all of the capabilities listed in STRING.
*/
static int hascapCmd(
Th_Interp *interp,
void *p,
int argc,
const char **argv,
int *argl
){
int rc;
if( argc!=2 ){
return Th_WrongNumArgs(interp, "hascap STRING");
}
rc = login_has_capability((char*)argv[1],argl[1]);
if( g.thTrace ){
Th_Trace("[hascap %#h] => %d<br />\n", argl[1], argv[1], rc);
}
Th_SetResultInt(interp, rc);
return TH_OK;
}
/*
** TH command: anycap STRING
**
** Return true if the user has any one of the capabilities listed in STRING.
*/
static int anycapCmd(
Th_Interp *interp,
void *p,
int argc,
const char **argv,
int *argl
){
int rc = 0;
int i;
if( argc!=2 ){
return Th_WrongNumArgs(interp, "anycap STRING");
}
for(i=0; rc==0 && i<argl[1]; i++){
rc = login_has_capability((char*)&argv[1][i],1);
}
if( g.thTrace ){
Th_Trace("[hascap %#h] => %d<br />\n", argl[1], argv[1], rc);
}
Th_SetResultInt(interp, rc);
return TH_OK;
}
/*
** WEBPAGE: tktview
** URL: tktview?name=UUID
**
** View a ticket.
*/
void tktview_page(void){
const char *zScript;
char *zFullName;
const char *zUuid = PD("name","");
login_check_credentials();
if( !g.perm.RdTkt ){ login_needed(); return; }
if( g.perm.WrTkt || g.perm.ApndTkt ){
style_submenu_element("Edit", "Edit The Ticket", "%s/tktedit?name=%T",
g.zTop, PD("name",""));
}
if( g.perm.History ){
style_submenu_element("History", "History Of This Ticket",
"%s/tkthistory/%T", g.zTop, zUuid);
style_submenu_element("Timeline", "Timeline Of This Ticket",
"%s/tkttimeline/%T", g.zTop, zUuid);
style_submenu_element("Check-ins", "Check-ins Of This Ticket",
"%s/tkttimeline/%T?y=ci", g.zTop, zUuid);
}
if( g.perm.NewTkt ){
style_submenu_element("New Ticket", "Create a new ticket",
"%s/tktnew", g.zTop);
}
if( g.perm.ApndTkt && g.perm.Attach ){
style_submenu_element("Attach", "Add An Attachment",
"%s/attachadd?tkt=%T&from=%s/tktview/%t",
g.zTop, zUuid, g.zTop, zUuid);
}
style_header("View Ticket");
if( g.thTrace ) Th_Trace("BEGIN_TKTVIEW<br />\n", -1);
ticket_init();
initializeVariablesFromDb();
zScript = ticket_viewpage_code();
if( g.thTrace ) Th_Trace("BEGIN_TKTVIEW_SCRIPT<br />\n", -1);
Th_Render(zScript);
if( g.thTrace ) Th_Trace("END_TKTVIEW<br />\n", -1);
zFullName = db_text(0,
"SELECT tkt_uuid FROM ticket"
" WHERE tkt_uuid GLOB '%q*'", zUuid);
if( zFullName ){
int cnt = 0;
Stmt q;
db_prepare(&q,
"SELECT datetime(mtime,'localtime'), filename, user"
" FROM attachment"
" WHERE isLatest AND src!='' AND target=%Q"
" ORDER BY mtime DESC",
zFullName);
while( db_step(&q)==SQLITE_ROW ){
const char *zDate = db_column_text(&q, 0);
const char *zFile = db_column_text(&q, 1);
const char *zUser = db_column_text(&q, 2);
if( cnt==0 ){
@ <hr /><h2>Attachments:</h2>
@ <ul>
}
cnt++;
@ <li>
if( g.perm.Read && g.perm.History ){
@ <a href="%s(g.zTop)/attachview?tkt=%s(zFullName)&file=%t(zFile)">
@ %h(zFile)</a>
}else{
@ %h(zFile)
}
@ added by %h(zUser) on
hyperlink_to_date(zDate, ".");
if( g.perm.WrTkt && g.perm.Attach ){
@ [<a href="%s(g.zTop)/attachdelete?tkt=%s(zFullName)&file=%t(zFile)&from=%s(g.zTop)/tktview%%3fname=%s(zFullName)">delete</a>]
}
/*
** Subscript command: submit_ticket
**
** Construct and submit a new ticket artifact. The fields of the artifact
** are the names of the columns in the TICKET table. The content is
** taken from TH variables. If the content is unchanged, the field is
** omitted from the artifact. Fields whose names begin with "private_"
** are concealed using the db_conceal() function.
*/
static int submitTicketCmd(
Th_Interp *interp,
void *pUuid,
int argc,
const char **argv,
int *argl
){
char *zDate;
const char *zUuid;
int i;
int nJ = 0;
Blob tktchng, cksum;
login_verify_csrf_secret();
if( !captcha_is_correct() ){
cgi_printf("<p class=\"generalError\">Error: Incorrect security code.</p>\n");
return TH_OK;
}
zUuid = (const char *)pUuid;
blob_zero(&tktchng);
zDate = date_in_standard_format("now");
blob_appendf(&tktchng, "D %s\n", zDate);
free(zDate);
for(i=0; i<nField; i++){
if( aField[i].zAppend ){
blob_appendf(&tktchng, "J +%s %z\n", aField[i].zName,
fossilize(aField[i].zAppend, -1));
++nJ;
}
}
for(i=0; i<nField; i++){
const char *zValue;
int nValue;
if( aField[i].zAppend ) continue;
zValue = Th_Fetch(aField[i].zName, &nValue);
if( zValue ){
while( nValue>0 && fossil_isspace(zValue[nValue-1]) ){ nValue--; }
if( ((aField[i].mUsed & USEDBY_TICKETCHNG)!=0 && nValue>0)
|| memcmp(zValue, aField[i].zValue, nValue)!=0
|| strlen(aField[i].zValue)!=nValue
){
if( memcmp(aField[i].zName, "private_", 8)==0 ){
zValue = db_conceal(zValue, nValue);
blob_appendf(&tktchng, "J %s %s\n", aField[i].zName, zValue);
}else{
blob_appendf(&tktchng, "J %s %#F\n", aField[i].zName, nValue, zValue);
}
nJ++;
}
}
}
if( *(char**)pUuid ){
zUuid = db_text(0,
"SELECT tkt_uuid FROM ticket WHERE tkt_uuid GLOB '%q*'", P("name")
);
}else{
zUuid = db_text(0, "SELECT lower(hex(randomblob(20)))");
}
*(const char**)pUuid = zUuid;
blob_appendf(&tktchng, "K %s\n", zUuid);
blob_appendf(&tktchng, "U %F\n", g.zLogin ? g.zLogin : "");
md5sum_blob(&tktchng, &cksum);
blob_appendf(&tktchng, "Z %b\n", &cksum);
if( nJ==0 ){
blob_reset(&tktchng);
return TH_OK;
}
if( g.zPath[0]=='d' ){
/* If called from /debug_tktnew or /debug_tktedit... */
cgi_printf("<font color=\"blue\">\n"
"<p>Ticket artifact that would have been submitted:</p>\n"
"<blockquote><pre>%h</pre></blockquote>\n"
"<hr /></font>\n",(blob_str(&tktchng)));
return TH_OK;
}else{
if( g.thTrace ){
Th_Trace("submit_ticket {\n<blockquote><pre>\n%h\n</pre></blockquote>\n"
"}<br />\n",
blob_str(&tktchng));
}
ticket_put(&tktchng, zUuid,
(g.perm.ModTkt==0 && db_get_boolean("modreq-tkt",0)==1));
}
return ticket_change();
}