Commit 03078f5c authored by Per Cederqvist's avatar Per Cederqvist

Fix text_read_access() so that it uses the privileges of the supplied

connection, and never uses active_connection. (Bug 178).  Fixing this
also required me to remove the ability to specify an faq-text for a
freshly created person on a session where nobody is logged on; this
could be considered a security fix.
parent e36e658c
2003-08-20 Per Cederqvist <ceder@ceder.dyndns.org>
Fix text_read_access() so that it uses the privileges of the
supplied connection, and never uses active_connection. (Bug 178).
Fixing this also required me to remove the ability to specify an
faq-text for a freshly created person on a session where nobody is
logged on; this could be considered a security fix.
* src/server/text.c (person_text_read_access): Removed. Integrate
the functionality inteo text_read_access.
(text_read_access): Use the supplied Connection for all checks.
Don't use active_connection, ENA, ACTPERS or ACT_P. Fail and log
an error message if the Connection is NULL. Use is_supervisor()
instead of is_supervisor_2().
* src/server/manipulate.h (is_supervisor_2): Removed.
(person_text_read_access): Removed.
* src/server/conference.c (is_supervisor_2): Removed.
* src/server/aux-items.c (aux_item_validate_existing_text): Don't
allow access to texts if you are not logged in. This change means
that create-person cannot accept aux-items with the
existing-readable-text validator if nobody is logged in. I think
this is more reasonable than the number of special cases in the
code that were needed to support the old functionality.
* src/server/testsuite/lyskomd.0/40.exp: Don't expect bug 178.
* src/server/testsuite/lyskomd.0/03.exp: Don't expect to be able
to create a person with an faq-text. Add the faq-text using a
modify-conf-info request instead. Test that creation of a new
person with a faq-text item really fails.
Keep track of the connection that is creating an aux-item, so that
ENA_C() and text_read_access() can be used. Get rid of broken
concept "owner", and introduced "subordinate" instead. (Bug 334).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment