let user_tbl = (ref [] : user list ref)
-(* session table: session id, (user id, matita status, matita history *)
-type session = session_id * (string * MatitaEngine.status * MatitaEngine.status list)
+(* low users can't commit or update *)
+let luser_tbl = (ref [] : user list ref)
+
+(* session table: session id, (user id, matita status, matita history, commit privileges *)
+type session = session_id * (string * MatitaEngine.status * MatitaEngine.status list * bool)
let session_tbl = (ref [] : session list ref)
exception UsernameCollision of string
exception InvalidPassword
-let lookup_user uid = List.assoc uid !user_tbl
+(* returns user entry and privileges *)
+let lookup_user uid =
+ try List.assoc uid !user_tbl, true
+ with Not_found -> List.assoc uid !luser_tbl, false
+
+let user_of_session sid = let res,_,_,_ = List.assoc sid !session_tbl in res
-let user_of_session sid = let res,_,_ = List.assoc sid !session_tbl in res
+(* disable for debugging *)
+let prerr_endline _ = ()
+(* used for commits, so lusers are excluded *)
let get_users () = List.map fst !user_tbl
let create_session uid =
let status = new MatitaEngine.status (Some uid) "cic:/matita" in
let history = [status] in
- let salt,pw,sid = List.assoc uid !user_tbl in
- let clean_utbl = List.remove_assoc uid !user_tbl in
+ let (salt,pw,sid),cp = lookup_user uid in
let new_session = Uuidm.create `V4 in
- user_tbl := (uid,(salt,pw,Some new_session))::clean_utbl;
+ (if cp then
+ let clean_utbl = List.remove_assoc uid !user_tbl in
+ user_tbl := (uid,(salt,pw,Some new_session))::clean_utbl
+ else
+ let clean_lutbl = List.remove_assoc uid !luser_tbl in
+ luser_tbl := (uid,(salt,pw,Some new_session))::clean_lutbl);
let clean_stbl = match sid with
| Some sid' ->
List.remove_assoc sid' !session_tbl
| _ -> !session_tbl
in
- session_tbl := (new_session,(uid,status,history))::clean_stbl;
+ session_tbl := (new_session,(uid,status,history,cp))::clean_stbl;
new_session
;;
let get_session_owner sid =
- let uid,_,_ = List.assoc sid !session_tbl
+ let uid,_,_,_ = List.assoc sid !session_tbl
in uid
let get_status sid =
- let _,st,_ = List.assoc sid !session_tbl
+ let _,st,_,_ = List.assoc sid !session_tbl
in st
let get_history sid =
- let _,_,hist = List.assoc sid !session_tbl
+ let _,_,hist,_ = List.assoc sid !session_tbl
in hist
+let get_commit_priv sid =
+ let _,_,_,cp = List.assoc sid !session_tbl
+ in cp
+
+let probe_commit_priv sid =
+ let _,_,_,cp = List.assoc sid !session_tbl in
+ if not cp then failwith "no commit privileges"
+
let set_status sid st =
- let uid, oldst, hist = List.assoc sid !session_tbl in
- session_tbl := (sid,(uid,st,hist))::(List.remove_assoc sid !session_tbl)
+ let uid, oldst, hist, cp = List.assoc sid !session_tbl in
+ session_tbl := (sid,(uid,st,hist,cp))::(List.remove_assoc sid !session_tbl)
let set_history sid hist =
- let uid, st, oldhist = List.assoc sid !session_tbl in
- session_tbl := (sid,(uid,st,hist))::(List.remove_assoc sid !session_tbl)
+ let uid, st, oldhist, cp = List.assoc sid !session_tbl in
+ session_tbl := (sid,(uid,st,hist,cp))::(List.remove_assoc sid !session_tbl)
let logout_user sid =
- let uid,st,hist = List.assoc sid !session_tbl in
- let salt,pw,_ = List.assoc uid !user_tbl in
- user_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !user_tbl;
+ let uid,st,hist,cp = List.assoc sid !session_tbl in
+ (if cp then
+ let salt,pw,_ = List.assoc uid !user_tbl in
+ user_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !user_tbl
+ else
+ let salt,pw,_ = List.assoc uid !luser_tbl in
+ luser_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !luser_tbl);
session_tbl := List.remove_assoc sid !session_tbl
;;
let remove_user uid =
- user_tbl := List.remove_assoc uid !user_tbl
+ user_tbl := List.remove_assoc uid !user_tbl;
+ luser_tbl := List.remove_assoc uid !luser_tbl
;;
(* serialization and deserialization of the user table *)
let serialize () =
let clean_utbl = List.map (fun (uid,(salt,pw,_)) -> uid,(salt,pw,None)) !user_tbl in
+ let clean_lutbl = List.map (fun (uid,(salt,pw,_)) -> uid,(salt,pw,None)) !luser_tbl in
let utbl_ch = open_out (config_path () ^ "/usertable.dump") in
Marshal.to_channel utbl_ch clean_utbl [];
close_out utbl_ch;
+ let lutbl_ch = open_out (config_path () ^ "/lusertable.dump") in
+ Marshal.to_channel lutbl_ch clean_lutbl [];
+ close_out lutbl_ch
;;
let deserialize () =
with
| Sys_error _ ->
user_tbl := []; serialize());
+ (try
+ let lutbl_ch = open_in (config_path () ^ "/lusertable.dump") in
+ luser_tbl := Marshal.from_channel lutbl_ch;
+ close_in lutbl_ch;
+ with
+ | Sys_error _ ->
+ luser_tbl := []; serialize());
(* old_sessions are now invalid *)
session_tbl := [];
;;
write_ft uid (ft'@ft)
;;
-let add_user uid pw =
+let add_user uid pw cp =
try
let _ = lookup_user uid in
raise (UsernameCollision uid)
let sha256 = Cryptokit.Hash.sha256 () in
sha256#add_string (salt ^ pw);
let crypto_pw = sha256#result in
- user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl;
+ (if cp then
+ user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl
+ else
+ luser_tbl := (uid,(salt,crypto_pw,None))::!luser_tbl);
write_ft uid ft;
serialize ()
;;
-let add_user_no_checkout uid pw =
+let add_user_no_checkout uid pw cp =
try
let _ = lookup_user uid in
raise (UsernameCollision uid)
sha256#add_string (salt ^ pw);
let crypto_pw = sha256#result in
sha256#wipe;
- user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl;
+ (if cp then
+ user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl
+ else
+ luser_tbl := (uid,(salt,crypto_pw,None))::!luser_tbl);
serialize ()
;;
let check_pw uid pw =
try
- let salt,crypto_pw,_ = lookup_user uid in
+ let (salt,crypto_pw,_),_ = lookup_user uid in
let sha256 = Cryptokit.Hash.sha256 () in
sha256#add_string (salt ^ pw);
let computed_pw = sha256#result in
let reset () =
user_tbl := [];
+ luser_tbl := [];
session_tbl := [];
MatitaFilesystem.reset_lib ();
serialize ();
projects / helm.git / blobdiff