[prev in list] [next in list] [prev in thread] [next in thread]
List: midgard-dev
Subject: [midgard-dev] cvs: /midgard/php/functions midgard.c
From: hukka <midgard-dev () greywolves ! org>
Date: 1999-10-28 16:55:38
[Download RAW message or body]
hukka Thu Oct 28 19:55:38 1999 EDT
Modified files:
/midgard/php/functions midgard.c
Log:
Some changes in access control.
Index: midgard/php/functions/midgard.c
diff -u midgard/php/functions/midgard.c:1.15 midgard/php/functions/midgard.c:1.16
--- midgard/php/functions/midgard.c:1.15 Fri Oct 15 11:57:52 1999
+++ midgard/php/functions/midgard.c Thu Oct 28 19:55:35 1999
@@ -1,4 +1,4 @@
-/* $Id: midgard.c,v 1.15 1999/10/15 08:57:52 hukka Exp $
+/* $Id: midgard.c,v 1.16 1999/10/28 16:55:35 hukka Exp $
*
* midgard.c Midgard PHP interface
*
@@ -528,6 +528,11 @@
uid, mgd_groups(rcfg->mgd));
}
+static int isowner()
+{
+ return mgd_exists(rcfg->mgd, "grp", "owner IN $D", mgd_groups(rcfg->mgd));
+}
+
#define PERSON_SELECT \
"id,username," NAME_FIELD " AS name," RNAME_FIELD " AS rname,extra," \
"topic,department,office,info&1 AS admin,info>1 AS public"
@@ -706,11 +711,11 @@
RETVAL_FALSE;
CHECK_MGD;
if (ARG_COUNT(ht) != 15
- || getParameters(ht, 15, &firstname, &lastname, &birthdate, &street,
- &postcode, &city, &handphone, &homephone, &workphone,
- &homepage, &email, &topic, &department, &office,
- &extra) != SUCCESS)
- WRONG_PARAM_COUNT;
+ || getParameters(ht, 15, &firstname, &lastname, &birthdate, &street,
+ &postcode, &city, &handphone, &homephone, &workphone,
+ &homepage, &email, &topic, &department, &office,
+ &extra) != SUCCESS)
+ WRONG_PARAM_COUNT;
convert_to_string(firstname);
convert_to_string(lastname);
convert_to_string(birthdate);
@@ -727,26 +732,22 @@
convert_to_long(office);
convert_to_string(extra);
- if ((strcmp(firstname->value.str.val, "") == 0
- && strcmp(lastname->value.str.val, "") == 0)
- || mgd_exists(rcfg->mgd, "person", "firstname=$q AND lastname=$q",
- firstname->value.str.val, lastname->value.str.val))
- return;
-
+ if (!isowner()) return;
+
midgard_create(return_value, "person", "firstname,lastname,"
- "birthdate,street,postcode,city,handphone,"
- "homephone,workphone,homepage,email,"
- "topic,department,office,extra,created,creator",
- "$q,$q,$t,$q,$q,$q,$q,$q,$q,$q,$q,$d,$d,$d,$q,Now(),$d",
- firstname->value.str.val, lastname->value.str.val,
- birthdate->value.str.val,
- street->value.str.val, postcode->value.str.val,
- city->value.str.val, handphone->value.str.val,
- homephone->value.str.val, workphone->value.str.val,
- homepage->value.str.val, email->value.str.val,
- topic->value.lval, department->value.lval,
- office->value.lval, extra->value.str.val,
- mgd_user(rcfg->mgd));
+ "birthdate,street,postcode,city,handphone,"
+ "homephone,workphone,homepage,email,"
+ "topic,department,office,extra,created,creator",
+ "$q,$q,$t,$q,$q,$q,$q,$q,$q,$q,$q,$d,$d,$d,$q,Now(),$d",
+ firstname->value.str.val, lastname->value.str.val,
+ birthdate->value.str.val,
+ street->value.str.val, postcode->value.str.val,
+ city->value.str.val, handphone->value.str.val,
+ homephone->value.str.val, workphone->value.str.val,
+ homepage->value.str.val, email->value.str.val,
+ topic->value.lval, department->value.lval,
+ office->value.lval, extra->value.str.val,
+ mgd_user(rcfg->mgd));
}
MGD_FUNCTION(update_person)
@@ -783,18 +784,18 @@
if (!isuserowner(id->value.lval)) return;
midgard_update(return_value, "person", "firstname=$q,lastname=$q,"
- "birthdate=$t,street=$q,postcode=$q,city=$q,"
- "handphone=$q,homephone=$q,workphone=$q,homepage=$q,"
- "email=$q,topic=$d,department=$d,office=$d,extra=$q",
- id->value.lval,
- firstname->value.str.val, lastname->value.str.val,
- birthdate->value.str.val, street->value.str.val,
- postcode->value.str.val, city->value.str.val,
- handphone->value.str.val, homephone->value.str.val,
- workphone->value.str.val, homepage->value.str.val,
- email->value.str.val, topic->value.lval,
- department->value.lval, office->value.lval,
- extra->value.str.val);
+ "birthdate=$t,street=$q,postcode=$q,city=$q,"
+ "handphone=$q,homephone=$q,workphone=$q,homepage=$q,"
+ "email=$q,topic=$d,department=$d,office=$d,extra=$q",
+ id->value.lval,
+ firstname->value.str.val, lastname->value.str.val,
+ birthdate->value.str.val, street->value.str.val,
+ postcode->value.str.val, city->value.str.val,
+ handphone->value.str.val, homephone->value.str.val,
+ workphone->value.str.val, homepage->value.str.val,
+ email->value.str.val, topic->value.lval,
+ department->value.lval, office->value.lval,
+ extra->value.str.val);
}
MGD_FUNCTION(update_password)
@@ -831,7 +832,10 @@
convert_to_string(username);
convert_to_string(password);
- if (!mgd_isadmin(rcfg->mgd) && !mgd_isuser(rcfg->mgd, uid->value.lval))
+ if (!mgd_isadmin(rcfg->mgd) && !mgd_isuser(rcfg->mgd, uid->value.lval)
+ && !(isuserowner(uid->value.lval)
+ && mgd_exists("person", "id=$d AND Left(password,2)='**'",
+ uid->value.lval)))
return;
midgard_update(return_value, "person",
@@ -872,7 +876,7 @@
{
IDINIT;
CHECK_MGD;
- if (!mgd_isadmin(rcfg->mgd)) return;
+ if (!isuserowner(id)) return;
midgard_delete(return_value, "person", id);
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic