Commit 482a8369 authored by Per Cederqvist's avatar Per Cederqvist

(send_async_sub_recipient): Use filter_secret_info() so that the exact

	same visibility is used by async-sub-recipient and get-text-stat.
(filter_secret_info): Don't allow the author of a text to see
	bcc-recpt which are secret to him.  Simplify the code slightly.
(send_async_add_recipient): Use filter_secret_info() so that the
	exact same visibility is used by async-add-recipient and
	get-text-stat.
parent 88de4b97
/*
* $Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $
* $Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $
* Copyright (C) 1991-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -34,7 +34,7 @@
#endif
static const char *
rcsid = "$Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $";
rcsid = "$Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -83,6 +83,11 @@ do_create_text(const String message,
Bool anonymous,
Text_stat **ret_stat);
static void
filter_secret_info(Text_stat *result,
const Text_stat *original,
const Connection *viewer_conn,
Bool output_bcc);
/*
* Static functions
......@@ -592,43 +597,23 @@ send_async_sub_recipient(Text_no text_no,
{
Connection *cptr;
Session_no i = 0;
Membership *mship;
if (type != bcc_recpt)
{
while ((i = traverse_connections(i)) != 0)
{
cptr = get_conn_by_number(i);
/*
* Send messate if connection is logged on, the user is a member
* in a recipient and the subtracted recipient is visible to the
* user
*/
if (cptr->person != NULL
&& is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_sub_recipient(cptr, text_no, conf_no, type);
}
}
}
else
while ((i = traverse_connections(i)) != 0)
{
while ((i = traverse_connections(i)) != 0)
{
cptr = get_conn_by_number(i);
if (cptr->person != NULL)
cptr = get_conn_by_number(i);
if (cptr->person != NULL
&& is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE)
{
Text_stat copy;
filter_secret_info(&copy, text_s, cptr, TRUE);
if (find_recipient(conf_no, &copy) != -1
&& is_member_in_recpt(cptr->person, &copy, TRUE) == TRUE)
{
mship = locate_membership(conf_no, cptr->person);
if (mship != NULL
&& !mship->type.passive
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_sub_recipient(cptr, text_no, conf_no, type);
}
}
}
}
async_sub_recipient(cptr, text_no, conf_no, type);
}
}
}
}
/*
......@@ -1256,11 +1241,12 @@ filter_secret_info(Text_stat *result,
case bcc_recpt:
/*
* We will send this if ...
* The viewer is the recipient or
* The recipient is an open conference
* The viewer sent the BCC
* The viewer is the author
* We will send this if any of the following is true:
* - The viewer is the recipient.
* - The recipient is an open conference.
* - The viewer sent the BCC.
* - The viewer is supervisor of the author, and allowed
* to know that the recipient exists.
*/
if (viewer_p != NULL
......@@ -1271,21 +1257,15 @@ filter_secret_info(Text_stat *result,
|| recp_sent_by(
orig, original->misc_items + original->no_of_misc,
viewer, viewer_p)
|| is_supervisor(original->author, viewer, viewer_p)))
|| (is_supervisor(original->author, viewer, viewer_p)
&& (access_perm(orig->datum.bcc_recipient,
viewer_conn, read_protected)
>= read_protected))))
{
*copy++ = *orig++;
++result->no_of_misc;
if (!output_bcc)
{
*copy = *orig;
copy->type = cc_recpt;
copy++;
orig++;
++result->no_of_misc;
}
else
{
*copy++ = *orig++;
++result->no_of_misc;
}
copy[-1].type = cc_recpt;
}
else
{
......@@ -2819,38 +2799,23 @@ send_async_add_recipient(Text_no text_no,
Info_type type)
{
Connection *cptr;
Membership *mship;
Session_no i = 0;
if (type != bcc_recpt)
{
while ((i = traverse_connections(i)) != 0)
{
cptr = get_conn_by_number(i);
if (cptr->person != NULL
&& is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_new_recipient(cptr, text_no, conf_no, type);
}
}
}
else
while ((i = traverse_connections(i)) != 0)
{
while ((i = traverse_connections(i)) != 0)
{
cptr = get_conn_by_number(i);
if (cptr->person != NULL)
cptr = get_conn_by_number(i);
if (cptr->person != NULL
&& is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE)
{
Text_stat copy;
filter_secret_info(&copy, text_s, cptr, TRUE);
if (find_recipient(conf_no, &copy) != -1
&& is_member_in_recpt(cptr->person, &copy, TRUE) == TRUE)
{
mship = locate_membership(conf_no, cptr->person);
if (mship != NULL
&& !mship->type.passive
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_new_recipient(cptr, text_no, conf_no, type);
}
}
}
async_new_recipient(cptr, text_no, conf_no, type);
}
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment