Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
once http://drupal.org/node/83339 and http://drupal.org/node/84706 are committed and installed on druapl.org, we're going to want to prevent users from being able to delete cvs tags or branches that have release nodes pointing to them. once a tag has a release, you should never remove that tag, or you won't be able to reproduce the release (if necessary) and you'd lose essential historical information.
Comment | File | Size | Author |
---|---|---|---|
#5 | xcvs-taginfo-prevent-changing-release-tags.patch.txt | 7.61 KB | dww |
Comments
Comment #1
toddy CreditAttribution: toddy commentedHi,
I don't know exactly how CVS handles this internally, maybe it's already covered by the prevention of deleting tags. Anyway, you may want to prevent users from moving a tag as well, i. e. don't let it point to a different version after it has been associated with a release node.
Regards,
Tobias
Comment #2
dwwyes, the only way to "move" a tag in CVS is to delete it and add it again to the new set of file revisions you care about. so, preventing the delete operation effectively prevents moving tags, too.
i think this kind of idiot-proofness in the xcvs-* access control scripts is a top priority before the whole release system can go live (therefore, i'm assigning to myself and bumping to critical).
Comment #3
dwwactually, there is a move operation for cvs tag (-F), so i'll just make sure we catch that case, too...
Comment #4
dwwsee also http://drupal.org/node/92653
Comment #5
dwwto accomplish this feature, i changed
xcvs_db_connect()
to just store the active db connection in a static var, andxcvs_db_check_write_access()
to not callmysql_close()
(see http://us2.php.net/manual/en/function.mysql-close.php: "Using mysql_close() isn't usually necessary, as non-persistent open links are automatically closed at the end of the script's execution."). so, this way we can leave a single DB connection open, regardless of whatever queries we need to run...while i was at it, i converted to
mysql_real_escape_string()
(sincemysql_escape_string()
is deprecated according to http://us2.php.net/manual/en/function.mysql-escape-string.php), and i added a few more paranoia checks in the SQL queries (casting variables to (int), that sort of thing)...otherwise, this is a pretty simple feature/patch...
Comment #6
dwwin IRC, natrak said this was RTBC, so i committed everything to the DRUPAL-4-7--2 branch. i didn't commit to HEAD since all the new release system hasn't been merged into there, yet, and this particular feature depends entirely on the releases-as-nodes stuff.
Comment #7
(not verified) CreditAttribution: commented