From 4a29f1a2662413699306109ab2901283292748eb Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sat, 20 Jul 2024 13:07:16 +0200
Subject: [PATCH] GH-114: Lock down bug tracker to developers only

All further conversation about bugs is supposed to happen on Github.
We still allow developers to edit the bug tracker, so they can clean
up.

We start by disallowing users to add patches.
---
 www/bug.php       | 4 +++-
 www/patch-add.php | 7 +++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/www/bug.php b/www/bug.php
index 7e784c33..fe196481 100644
--- a/www/bug.php
+++ b/www/bug.php
@@ -1109,7 +1109,9 @@
 <br>
 OUTPUT;
     }
-    echo "<p><a href='patch-add.php?bug_id={$bug_id}'>Add a Patch</a></p>";
+    if ($logged_in) {
+        echo "<p><a href='patch-add.php?bug_id={$bug_id}'>Add a Patch</a></p>";
+    }
 
     $pullRequestRepository = $container->get(PullRequestRepository::class);
     $pulls = $pullRequestRepository->findAllByBugId($bug_id);
diff --git a/www/patch-add.php b/www/patch-add.php
index 9429ced1..12e31add 100644
--- a/www/patch-add.php
+++ b/www/patch-add.php
@@ -16,6 +16,13 @@
 // Authenticate
 bugs_authenticate($user, $pw, $logged_in, $user_flags);
 
+if (!$logged_in) {
+    response_header('Developers only');
+    display_bug_error('Only developers are allowed to add patches');
+    response_footer();
+    exit;
+}
+
 $canpatch = true;
 
 /// Input vars