'[midgard-dev] cvs: /midgard/php/functions midgard.c'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       midgard-dev
Subject:    [midgard-dev] cvs: /midgard/php/functions midgard.c
From:       hukka <midgard-dev () greywolves ! org>
Date:       1999-10-28 16:55:38
[Download RAW message or body]

hukka		Thu Oct 28 19:55:38 1999 EDT

  Modified files:
    /midgard/php/functions	midgard.c 
  Log:
  Some changes in access control.
  
  
Index: midgard/php/functions/midgard.c
diff -u midgard/php/functions/midgard.c:1.15 midgard/php/functions/midgard.c:1.16
--- midgard/php/functions/midgard.c:1.15	Fri Oct 15 11:57:52 1999
+++ midgard/php/functions/midgard.c	Thu Oct 28 19:55:35 1999
@@ -1,4 +1,4 @@
-/* $Id: midgard.c,v 1.15 1999/10/15 08:57:52 hukka Exp $
+/* $Id: midgard.c,v 1.16 1999/10/28 16:55:35 hukka Exp $
  *
  * midgard.c  Midgard PHP interface
  *
@@ -528,6 +528,11 @@
 					  uid, mgd_groups(rcfg->mgd));
 }
 
+static int isowner()
+{
+	return mgd_exists(rcfg->mgd, "grp", "owner IN $D", mgd_groups(rcfg->mgd));
+}
+
 #define PERSON_SELECT \
   "id,username," NAME_FIELD " AS name," RNAME_FIELD " AS rname,extra," \
   "topic,department,office,info&1 AS admin,info>1 AS public"
@@ -706,11 +711,11 @@
     RETVAL_FALSE;
 	CHECK_MGD;
     if (ARG_COUNT(ht) != 15
-	|| getParameters(ht, 15, &firstname, &lastname, &birthdate, &street,
-			 &postcode, &city, &handphone, &homephone, &workphone,
-			 &homepage, &email, &topic, &department, &office,
-			 &extra) != SUCCESS)
-	WRONG_PARAM_COUNT;
+		|| getParameters(ht, 15, &firstname, &lastname, &birthdate, &street,
+						 &postcode, &city, &handphone, &homephone, &workphone,
+						 &homepage, &email, &topic, &department, &office,
+						 &extra) != SUCCESS)
+		WRONG_PARAM_COUNT;
     convert_to_string(firstname);
     convert_to_string(lastname);
     convert_to_string(birthdate);
@@ -727,26 +732,22 @@
     convert_to_long(office);
     convert_to_string(extra);
 
-    if ((strcmp(firstname->value.str.val, "") == 0
-	 && strcmp(lastname->value.str.val, "") == 0)
-	|| mgd_exists(rcfg->mgd, "person", "firstname=$q AND lastname=$q",
-		      firstname->value.str.val, lastname->value.str.val))
-	return;
-    
+	if (!isowner()) return;
+
     midgard_create(return_value, "person", "firstname,lastname,"
-		   "birthdate,street,postcode,city,handphone,"
-		   "homephone,workphone,homepage,email,"
-		   "topic,department,office,extra,created,creator",
-		   "$q,$q,$t,$q,$q,$q,$q,$q,$q,$q,$q,$d,$d,$d,$q,Now(),$d",
-		   firstname->value.str.val, lastname->value.str.val,
-		   birthdate->value.str.val,
-		   street->value.str.val,    postcode->value.str.val,
-		   city->value.str.val,      handphone->value.str.val,
-		   homephone->value.str.val, workphone->value.str.val,
-		   homepage->value.str.val,  email->value.str.val,
-		   topic->value.lval,        department->value.lval,
-		   office->value.lval,       extra->value.str.val,
-		   mgd_user(rcfg->mgd));
+				   "birthdate,street,postcode,city,handphone,"
+				   "homephone,workphone,homepage,email,"
+				   "topic,department,office,extra,created,creator",
+				   "$q,$q,$t,$q,$q,$q,$q,$q,$q,$q,$q,$d,$d,$d,$q,Now(),$d",
+				   firstname->value.str.val, lastname->value.str.val,
+				   birthdate->value.str.val,
+				   street->value.str.val,    postcode->value.str.val,
+				   city->value.str.val,      handphone->value.str.val,
+				   homephone->value.str.val, workphone->value.str.val,
+				   homepage->value.str.val,  email->value.str.val,
+				   topic->value.lval,        department->value.lval,
+				   office->value.lval,       extra->value.str.val,
+				   mgd_user(rcfg->mgd));
 }
 
 MGD_FUNCTION(update_person)
@@ -783,18 +784,18 @@
     if (!isuserowner(id->value.lval)) return;
 
     midgard_update(return_value, "person", "firstname=$q,lastname=$q,"
-		   "birthdate=$t,street=$q,postcode=$q,city=$q,"
-		   "handphone=$q,homephone=$q,workphone=$q,homepage=$q,"
-		   "email=$q,topic=$d,department=$d,office=$d,extra=$q",
-		   id->value.lval,
-		   firstname->value.str.val, lastname->value.str.val,
-		   birthdate->value.str.val, street->value.str.val,
-		   postcode->value.str.val,  city->value.str.val,
-		   handphone->value.str.val, homephone->value.str.val,
-		   workphone->value.str.val, homepage->value.str.val,
-		   email->value.str.val,     topic->value.lval,
-		   department->value.lval,   office->value.lval,
-		   extra->value.str.val);
+				   "birthdate=$t,street=$q,postcode=$q,city=$q,"
+				   "handphone=$q,homephone=$q,workphone=$q,homepage=$q,"
+				   "email=$q,topic=$d,department=$d,office=$d,extra=$q",
+				   id->value.lval,
+				   firstname->value.str.val, lastname->value.str.val,
+				   birthdate->value.str.val, street->value.str.val,
+				   postcode->value.str.val,  city->value.str.val,
+				   handphone->value.str.val, homephone->value.str.val,
+				   workphone->value.str.val, homepage->value.str.val,
+				   email->value.str.val,     topic->value.lval,
+				   department->value.lval,   office->value.lval,
+				   extra->value.str.val);
 }
 
 MGD_FUNCTION(update_password)
@@ -831,7 +832,10 @@
     convert_to_string(username);
     convert_to_string(password);
 	
-    if (!mgd_isadmin(rcfg->mgd) && !mgd_isuser(rcfg->mgd, uid->value.lval))
+    if (!mgd_isadmin(rcfg->mgd) && !mgd_isuser(rcfg->mgd, uid->value.lval)
+		&& !(isuserowner(uid->value.lval)
+			 && mgd_exists("person", "id=$d AND Left(password,2)='**'",
+						   uid->value.lval)))
 		return;
 	
     midgard_update(return_value, "person",
@@ -872,7 +876,7 @@
 {
     IDINIT;
 	CHECK_MGD;
-    if (!mgd_isadmin(rcfg->mgd)) return;
+    if (!isuserowner(id)) return;
     midgard_delete(return_value, "person", id);
 }
 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic