Commit 482a8369 authored by Per Cederqvist's avatar Per Cederqvist
Browse files

(send_async_sub_recipient): Use filter_secret_info() so that the exact

	same visibility is used by async-sub-recipient and get-text-stat.
(filter_secret_info): Don't allow the author of a text to see
	bcc-recpt which are secret to him.  Simplify the code slightly.
(send_async_add_recipient): Use filter_secret_info() so that the
	exact same visibility is used by async-add-recipient and
	get-text-stat.
parent 88de4b97
/* /*
* $Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $ * $Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $
* Copyright (C) 1991-1999 Lysator Academic Computer Association. * Copyright (C) 1991-1999 Lysator Academic Computer Association.
* *
* This file is part of the LysKOM server. * This file is part of the LysKOM server.
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
#endif #endif
static const char * static const char *
rcsid = "$Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $"; rcsid = "$Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $";
#include "rcs.h" #include "rcs.h"
USE(rcsid); USE(rcsid);
...@@ -83,6 +83,11 @@ do_create_text(const String message, ...@@ -83,6 +83,11 @@ do_create_text(const String message,
Bool anonymous, Bool anonymous,
Text_stat **ret_stat); Text_stat **ret_stat);
static void
filter_secret_info(Text_stat *result,
const Text_stat *original,
const Connection *viewer_conn,
Bool output_bcc);
/* /*
* Static functions * Static functions
...@@ -592,43 +597,23 @@ send_async_sub_recipient(Text_no text_no, ...@@ -592,43 +597,23 @@ send_async_sub_recipient(Text_no text_no,
{ {
Connection *cptr; Connection *cptr;
Session_no i = 0; Session_no i = 0;
Membership *mship;
if (type != bcc_recpt) while ((i = traverse_connections(i)) != 0)
{
while ((i = traverse_connections(i)) != 0)
{
cptr = get_conn_by_number(i);
/*
* Send messate if connection is logged on, the user is a member
* in a recipient and the subtracted recipient is visible to the
* user
*/
if (cptr->person != NULL
&& is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_sub_recipient(cptr, text_no, conf_no, type);
}
}
}
else
{ {
while ((i = traverse_connections(i)) != 0) cptr = get_conn_by_number(i);
{ if (cptr->person != NULL
cptr = get_conn_by_number(i); && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE)
if (cptr->person != NULL) {
Text_stat copy;
filter_secret_info(&copy, text_s, cptr, TRUE);
if (find_recipient(conf_no, &copy) != -1
&& is_member_in_recpt(cptr->person, &copy, TRUE) == TRUE)
{ {
mship = locate_membership(conf_no, cptr->person); async_sub_recipient(cptr, text_no, conf_no, type);
if (mship != NULL }
&& !mship->type.passive }
&& access_perm(conf_no, cptr, read_protected) > none) }
{
async_sub_recipient(cptr, text_no, conf_no, type);
}
}
}
}
} }
/* /*
...@@ -1256,11 +1241,12 @@ filter_secret_info(Text_stat *result, ...@@ -1256,11 +1241,12 @@ filter_secret_info(Text_stat *result,
case bcc_recpt: case bcc_recpt:
/* /*
* We will send this if ... * We will send this if any of the following is true:
* The viewer is the recipient or * - The viewer is the recipient.
* The recipient is an open conference * - The recipient is an open conference.
* The viewer sent the BCC * - The viewer sent the BCC.
* The viewer is the author * - The viewer is supervisor of the author, and allowed
* to know that the recipient exists.
*/ */
if (viewer_p != NULL if (viewer_p != NULL
...@@ -1271,21 +1257,15 @@ filter_secret_info(Text_stat *result, ...@@ -1271,21 +1257,15 @@ filter_secret_info(Text_stat *result,
|| recp_sent_by( || recp_sent_by(
orig, original->misc_items + original->no_of_misc, orig, original->misc_items + original->no_of_misc,
viewer, viewer_p) viewer, viewer_p)
|| is_supervisor(original->author, viewer, viewer_p))) || (is_supervisor(original->author, viewer, viewer_p)
&& (access_perm(orig->datum.bcc_recipient,
viewer_conn, read_protected)
>= read_protected))))
{ {
*copy++ = *orig++;
++result->no_of_misc;
if (!output_bcc) if (!output_bcc)
{ copy[-1].type = cc_recpt;
*copy = *orig;
copy->type = cc_recpt;
copy++;
orig++;
++result->no_of_misc;
}
else
{
*copy++ = *orig++;
++result->no_of_misc;
}
} }
else else
{ {
...@@ -2819,38 +2799,23 @@ send_async_add_recipient(Text_no text_no, ...@@ -2819,38 +2799,23 @@ send_async_add_recipient(Text_no text_no,
Info_type type) Info_type type)
{ {
Connection *cptr; Connection *cptr;
Membership *mship;
Session_no i = 0; Session_no i = 0;
if (type != bcc_recpt) while ((i = traverse_connections(i)) != 0)
{
while ((i = traverse_connections(i)) != 0)
{
cptr = get_conn_by_number(i);
if (cptr->person != NULL
&& is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_new_recipient(cptr, text_no, conf_no, type);
}
}
}
else
{ {
while ((i = traverse_connections(i)) != 0) cptr = get_conn_by_number(i);
{ if (cptr->person != NULL
cptr = get_conn_by_number(i); && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE)
if (cptr->person != NULL) {
Text_stat copy;
filter_secret_info(&copy, text_s, cptr, TRUE);
if (find_recipient(conf_no, &copy) != -1
&& is_member_in_recpt(cptr->person, &copy, TRUE) == TRUE)
{ {
mship = locate_membership(conf_no, cptr->person); async_new_recipient(cptr, text_no, conf_no, type);
if (mship != NULL }
&& !mship->type.passive }
&& access_perm(conf_no, cptr, read_protected) > none)
{
async_new_recipient(cptr, text_no, conf_no, type);
}
}
}
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment