Commit 95770468 authored by Per Cederqvist's avatar Per Cederqvist
Browse files

(create_text_check_misc): Check that the author can read the text he

	is commenting.
(add_comment): Check that the adder can read the text he is adding
	a comment link to.
(sub_comment): The user does not have to be able to read either of
	the texts to remove the comment link.  On the other hand, it
	doesn't help if he is supervisor of the author of the parent.
(sub_footnote): The user does not have to be able to read either
	of the texts to remove the footnote link.  He must be supervisor
	of the author of the footnote, but not necessarily the author.
parent bb3c195f
/*
* $Id: text.c,v 0.39 1996/07/26 00:45:10 ceder Exp $
* $Id: text.c,v 0.40 1996/07/27 15:30:40 ceder Exp $
* Copyright (C) 1991, 1992, 1993, 1994, 1995 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -28,7 +28,7 @@
* All atomic calls that deals with texts.
*/
static char *rcsid = "$Id: text.c,v 0.39 1996/07/26 00:45:10 ceder Exp $";
static char *rcsid = "$Id: text.c,v 0.40 1996/07/27 15:30:40 ceder Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -1596,7 +1596,7 @@ create_text_check_misc (u_short * no_of_misc,
break;
case comm_to:
/* Check that the text exists. */
/* Check that the text exists and is readable. */
GET_T_STAT( parent, misc[ i ].datum.comment_to, FAILURE);
......@@ -1609,6 +1609,12 @@ create_text_check_misc (u_short * no_of_misc,
kom_errno = KOM_ILL_MISC;
return FAILURE;
}
if (!text_read_access(misc[i].datum.comment_to, parent))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
}
break;
......@@ -2394,7 +2400,8 @@ add_comment(Text_no comment,
if ( check_comm(parent_s) != OK )
return FAILURE;
if ( !text_read_access(comment, child_s) )
if ( !text_read_access(comment, child_s)
|| !text_read_access(comment_to, parent_s))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
......@@ -2423,8 +2430,8 @@ add_comment(Text_no comment,
* Delete a comment-link between two texts.
*
* This can be done by:
* a) a supervisor of any of the authors.
* b) the sender of the comment.
* a) a supervisor of the author of the comment.
* b) a supervisor of the creator of the comment link.
*/
extern Success
sub_comment( Text_no comment, /* 'comment' is no longer a comment */
......@@ -2439,18 +2446,6 @@ sub_comment( Text_no comment, /* 'comment' is no longer a comment */
GET_T_STAT(text_s, comment, FAILURE);
GET_T_STAT(parent_s, parent, FAILURE);
if ( !text_read_access(comment, text_s ) && !ENA(admin, 4))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
}
if ( !text_read_access(parent, parent_s ) && !ENA(admin, 4))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
}
if ( !is_comment_to( comment, parent_s ) )
{
kom_errno = KOM_NOT_COMMENT;
......@@ -2459,7 +2454,6 @@ sub_comment( Text_no comment, /* 'comment' is no longer a comment */
if ( !is_supervisor (text_s->author, NULL, ACTPERS, ACT_P)
&& !is_supervisor (parent_s->author, NULL, ACTPERS, ACT_P)
&& !is_comm_sender (text_s, parent) )
{
kom_errno = KOM_PERM;
......@@ -2543,26 +2537,13 @@ sub_footnote( Text_no footnote, /* 'footnote' is no longer a */
GET_T_STAT(text_s, footnote, FAILURE);
GET_T_STAT(parent_s, parent, FAILURE);
if ( !text_read_access(footnote, text_s ) && !ENA(admin, 4))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
}
if ( !text_read_access(parent, parent_s ) && !ENA(admin, 4))
{
kom_errno = KOM_NO_SUCH_TEXT;
return FAILURE;
}
if ( !is_footnote_to( footnote, parent_s ) )
{
kom_errno = KOM_NOT_FOOTNOTE;
return FAILURE;
}
if ( text_s->author != ACTPERS && parent_s->author != ACTPERS )
if (!is_supervisor (text_s->author, NULL, ACTPERS, ACT_P))
{
kom_errno = KOM_PERM;
return FAILURE;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment