once http://drupal.org/node/83339 and http://drupal.org/node/84706 are committed and installed on druapl.org, we're going to want to prevent users from being able to delete cvs tags or branches that have release nodes pointing to them. once a tag has a release, you should never remove that tag, or you won't be able to reproduce the release (if necessary) and you'd lose essential historical information.

Members fund testing for the Drupal project. Drupal Association Learn more


toddy’s picture


I don't know exactly how CVS handles this internally, maybe it's already covered by the prevention of deleting tags. Anyway, you may want to prevent users from moving a tag as well, i. e. don't let it point to a different version after it has been associated with a release node.


dww’s picture

Assigned: Unassigned » dww
Priority: Normal » Critical

yes, the only way to "move" a tag in CVS is to delete it and add it again to the new set of file revisions you care about. so, preventing the delete operation effectively prevents moving tags, too.

i think this kind of idiot-proofness in the xcvs-* access control scripts is a top priority before the whole release system can go live (therefore, i'm assigning to myself and bumping to critical).

dww’s picture

actually, there is a move operation for cvs tag (-F), so i'll just make sure we catch that case, too...

dww’s picture

dww’s picture

Status: Active » Needs review
7.61 KB

to accomplish this feature, i changed xcvs_db_connect() to just store the active db connection in a static var, and xcvs_db_check_write_access() to not call mysql_close() (see http://us2.php.net/manual/en/function.mysql-close.php: "Using mysql_close() isn't usually necessary, as non-persistent open links are automatically closed at the end of the script's execution."). so, this way we can leave a single DB connection open, regardless of whatever queries we need to run...

while i was at it, i converted to mysql_real_escape_string() (since mysql_escape_string() is deprecated according to http://us2.php.net/manual/en/function.mysql-escape-string.php), and i added a few more paranoia checks in the SQL queries (casting variables to (int), that sort of thing)...

otherwise, this is a pretty simple feature/patch...

dww’s picture

Status: Needs review » Fixed

in IRC, natrak said this was RTBC, so i committed everything to the DRUPAL-4-7--2 branch. i didn't commit to HEAD since all the new release system hasn't been merged into there, yet, and this particular feature depends entirely on the releases-as-nodes stuff.

Anonymous’s picture

Status: Fixed » Closed (fixed)