Commit a39fe654 authored by Per Cederqvist's avatar Per Cederqvist
Browse files

(aux_item_validate): Return Success, not Bool. All callers updated.

(aux_item_add_perm): Removed the arguments item_creator,
	object_creator and owner_check.  Added the arguments
	creating_conn and subordinate.  All callers updated.
	Simplified the code.  Use is_supervisor() instead of
	is_strictly_supervisor() where appropriate.  Use the supplied
	connection instead of checking that ACTPERS is the
	item_creator.  Adjusted for the new contents of
	Aux_item_validation_data.
(aux_inherit_items): Removed arguments target_creator, creating and
	object_type.  Added argument subordinate.  Changed type of
	arguments object_no and object, since we know that they are a
	Text_no and Text_stat, respectively.
(filter_aux_item_list): Assert that the viewer_conn argument is
	non-NULL.
(check_delete_aux_item_list): Renamed the "owner" argument
	"subordinate".
(text_stat_check_add_aux_item_list): Removed the item_creator and
	creating arguments.  Added the creating_conn argument, and
	assert it is non-NULL.
(conf_stat_check_add_aux_item_list): Replaced the "creator" argument
	with "creating_conn".  Argument assertions added.
(system_check_add_aux_item_list): Ditto.
(aux_item_validate_existing_text): Changed return type from Bool to
	Success.  Use person_text_read_access() only when necessary,
	and add a comment explaining why it might happen.
parent bba80486
/*
* $Id: aux-items.c,v 1.56 2003/08/17 11:09:36 ceder Exp $
* $Id: aux-items.c,v 1.57 2003/08/20 08:25:38 ceder Exp $
* Copyright (C) 1994-2002 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -85,7 +85,7 @@ static void aux_item_trigger_link_item(Aux_item_trigger_data *data);
/* Forward declarations of validators */
static Bool aux_item_validate_existing_text(Aux_item_validation_data *data);
static Success aux_item_validate_existing_text(Aux_item_validation_data *data);
/* Other forward declarations */
static const Aux_item *
......@@ -910,7 +910,8 @@ prepare_aux_item(Aux_item *item,
static Bool aux_item_validate(Aux_item_validation_data validation_data)
static Success
aux_item_validate(Aux_item_validation_data validation_data)
{
unsigned long i;
const Aux_item_definition *def;
......@@ -923,14 +924,14 @@ static Bool aux_item_validate(Aux_item_validation_data validation_data)
case AUX_VALIDATE_FUNCTION:
/*
* Call the validation function
* If it returns false, then abort validation
* If it returns true, then continue with the
* If it returns FAILURE, then abort validation
* If it returns OK, then continue with the
* next validator
*/
if ((*def->validators[i].v.fn.function)(&validation_data) == FALSE)
if ((*def->validators[i].v.fn.function)(&validation_data) != OK)
{
return FALSE;
return FAILURE;
}
break;
......@@ -960,7 +961,7 @@ static Bool aux_item_validate(Aux_item_validation_data validation_data)
def->validators[i].v.re.regexp = NULL;
def->validators[i].type = AUX_VALIDATE_REJECT;
kom_errno = KOM_ILL_AUX;
return FALSE;
return FAILURE;
}
/*
......@@ -977,12 +978,12 @@ static Bool aux_item_validate(Aux_item_validation_data validation_data)
case -1:
/* No match */
kom_errno = KOM_ILL_AUX;
return FALSE;
return FAILURE;
case -2:
/* Internal error may (be temporary) */
kom_log("Internal error in regex matching aux-item data.\n");
kom_errno = KOM_ILL_AUX;
return FALSE;
return FAILURE;
break;
default:
/* Matched */
......@@ -999,7 +1000,7 @@ static Bool aux_item_validate(Aux_item_validation_data validation_data)
*/
kom_errno = KOM_ILL_AUX;
return FALSE;
return FAILURE;
break;
default:
......@@ -1012,8 +1013,7 @@ static Bool aux_item_validate(Aux_item_validation_data validation_data)
* If we got all the way to here we passed all the validators
*/
return TRUE;
return OK;
}
......@@ -1024,38 +1024,39 @@ static Bool aux_item_validate(Aux_item_validation_data validation_data)
*
* ITEM is the item that you want to add.
* DEF is the item's definition or NULL.
* ITEM_CREATOR is the person who wants to create the item.
* OBJECT_CREATOR is the person who created the object to which
* the item might be added. For texts it is the author, for
* persons it is the person and for conferences it is the
* conference supervisor.
* OWNER_CHECK is TRUE when this function is supposed to check author
* and supervisor-related flags. The only case when this is to
* be FALSE is when checking author or supervisor makes not sense,
* such as when creating a completely new conference.
* ADD_TO_LIST is the item list to add to, or NULL.
* CREATING_CONN is the connection that is causing this item to be
* added. It is NULL if the item is created due to inheritance.
* SUBORDINATE. If author-only or supervisor-only, the person logged
* in on CREATING_CONN must be a supervisor of the SUBORDINATE to
* be allowed to create the item. For a text, the SUBORDINATE
* should be set to the author of the text. For a conference or
* person, this is the conference or person itself.
* ADD_TO_LIST is the item list the item should be added to, or NULL.
* START_LOOKING_AT is the first index in add_to_list to start
* looking at for possible duplicates.
* CREATING is true if we are checking while creating an object.
* CREATING is true if we are checking while creating the object that
* the item will be added to.
* OBJECT_TYPE is the type of the object the item is added to.
*/
static Bool
aux_item_add_perm(const Aux_item *item,
const Aux_item_definition *def,
Pers_no item_creator,
Pers_no object_creator,
Bool owner_check,
Connection *creating_conn,
Pers_no subordinate,
Aux_item_list *add_to_list,
unsigned long start_looking_at,
Bool creating,
enum object_type object_type
)
enum object_type object_type)
{
short can_add_when = 0;
kom_errno = KOM_NO_ERROR;
/* Either there is a connection responsible for the creation, or
we are inheriting. If we are inheriting, creating must be true. */
assert(creating_conn != NULL || creating);
if (def == NULL)
def = find_aux_item_definition(item);
......@@ -1090,39 +1091,33 @@ aux_item_add_perm(const Aux_item *item,
}
}
if (def->system_only && owner_check)
if (def->system_only)
{
kom_errno = KOM_AUX_PERM;
return FALSE;
}
/* FIXME (bug 334): is_strictly_supervisor() or is_supervisor()? */
/* FIXME (bug 334): the is_strictly_supervisor() call checks if
item_creator is supervisor of object_creator. The intention is
to check if item_creator is supervisor of conference X, where
X's supervisor is object_creator. */
if (def->author_only
&& owner_check
&& object_creator != item_creator
&& !is_strictly_supervisor(object_creator, item_creator, NULL)
&& !(item_creator == ACTPERS && ENA(wheel, 8))) /* NOT OK! */
if ((def->author_only || def->supervisor_only)
&& !creating
&& creating_conn != NULL
&& !ENA_C(creating_conn, wheel, 8))
{
kom_errno = KOM_AUX_PERM;
return FALSE;
}
if (def->author_only
&& !is_supervisor(subordinate, creating_conn))
{
kom_errno = KOM_AUX_PERM;
return FALSE;
}
/* FIXME (bug 334): is_strictly_supervisor() or is_supervisor()? */
/* FIXME (bug 334): the is_strictly_supervisor() call checks if
item_creator is supervisor of object_creator. The intention is
to check if item_creator is supervisor of conference X, where
X's supervisor is object_creator. */
if (def->supervisor_only
&& owner_check
&& !is_strictly_supervisor(object_creator, item_creator, NULL)
&& !(item_creator == ACTPERS && ENA(wheel,8))) /* NOT OK! */
{
kom_errno = KOM_AUX_PERM;
return FALSE;
/* FIXME (bug 313): is_strictly_supervisor() or is_supervisor()? */
if (def->supervisor_only
&& !is_strictly_supervisor(subordinate,
creating_conn->pers_no,
creating_conn->person))
{
kom_errno = KOM_AUX_PERM;
return FALSE;
}
}
/* Even the administrator can't override this */
......@@ -1142,15 +1137,20 @@ aux_item_add_perm(const Aux_item *item,
validation_data.item = item;
validation_data.def = def;
validation_data.item_creator = item_creator;
validation_data.object_creator = object_creator;
validation_data.owner_check = owner_check;
validation_data.creating_conn = creating_conn;
validation_data.creating = creating;
validation_data.subordinate = subordinate;
#if 0
/* Since no validator currently uses these fields, they
have been temporarily removed from the
Aux_item_validation_data type. */
validation_data.add_to_list = add_to_list;
validation_data.start_looking_at = start_looking_at;
validation_data.creating = creating;
validation_data.object_type = object_type;
#endif
if (aux_item_validate(validation_data) != TRUE)
if (aux_item_validate(validation_data) != OK)
{
kom_errno = KOM_ILL_AUX;
return FALSE;
......@@ -1215,20 +1215,18 @@ aux_item_check_unique(const Aux_item *item,
/*
* aux_inherit_items
*
* Inherit aux items from PARENT to TARGET. COUNTER is a pointer
* to the aux_no counter in the object being inherited to and CREATOR
* is the author or equivalent of the target object.
* Inherit aux items from PARENT to TARGET. COUNTER is a pointer to
* the aux_no counter in the object being inherited to and SUBORDINATE
* is the author of the target object. The object is a text.
*/
void
aux_inherit_items(Aux_item_list *target,
const Aux_item_list *parent,
unsigned long *counter,
Pers_no target_creator,
Bool creating,
enum object_type object_type,
unsigned long object_no,
void *object)
Conf_no subordinate,
Text_no object_no,
Text_stat *object)
{
int i;
Aux_item item;
......@@ -1249,13 +1247,12 @@ aux_inherit_items(Aux_item_list *target,
if (def == NULL
|| !aux_item_add_perm(&parent->items[i],
def,
parent->items[i].creator,
target_creator,
TRUE,
NULL,
subordinate,
target,
0,
creating,
object_type))
TRUE,
TEXT_OBJECT_TYPE))
continue;
copy_aux_item(&item, &parent->items[i]);
......@@ -1272,7 +1269,7 @@ aux_inherit_items(Aux_item_list *target,
target->length += 1;
aux_item_call_add_triggers(def,
object_type,
TEXT_OBJECT_TYPE,
target->length - 1,
object_no,
object,
......@@ -1296,6 +1293,8 @@ filter_aux_item_list(const Aux_item_list *original,
Aux_item *orig_aux;
unsigned long from, to;
assert(viewer_conn != NULL);
result->items = tmp_alloc(original->length * sizeof (Aux_item));
result->length = 0;
to = 0;
......@@ -1334,7 +1333,7 @@ filter_aux_item_list(const Aux_item_list *original,
Success
check_delete_aux_item_list(const Number_list *items_to_delete,
const Aux_item_list *list_to_delete_from,
const Conf_no owner)
const Conf_no subordinate)
{
long i;
const Aux_item *item;
......@@ -1388,7 +1387,7 @@ check_delete_aux_item_list(const Number_list *items_to_delete,
if (!ENA(wheel, 8)
&& !is_supervisor(item->creator, active_connection)
&& (!def->owner_delete
|| !is_supervisor(owner, active_connection)))
|| !is_supervisor(subordinate, active_connection)))
{
kom_errno = KOM_AUX_PERM;
err_stat = i;
......@@ -1705,7 +1704,7 @@ find_aux_item(const Aux_item_list *list, unsigned long aux_no)
* The following functions are defined for each type
*
* X_check_add_aux_item_list(X *obj, Aux_item_list *list,
* Pers_no item_creator)
* Connection *creating_conn)
*
* Return OK if CREATOR is allowed to add ITEM or LIST to OBJ.
* DEF is a pointer to the definition of ITEM or NULL. You must call
......@@ -1728,13 +1727,14 @@ find_aux_item(const Aux_item_list *list, unsigned long aux_no)
Success
text_stat_check_add_aux_item_list(Text_stat *text_s,
Aux_item_list *list,
Pers_no item_creator,
Bool creating)
Connection *creating_conn)
{
Aux_item *item;
unsigned long i;
const Aux_item_definition *def;
assert(creating_conn != NULL);
if (list == NULL)
return OK;
......@@ -1754,12 +1754,11 @@ text_stat_check_add_aux_item_list(Text_stat *text_s,
if (!aux_item_add_perm(item,
def,
item_creator,
text_s?text_s->author:item_creator,
TRUE,
creating_conn,
text_s?text_s->author:creating_conn->pers_no,
text_s?&text_s->aux_item_list:NULL,
0,
creating,
text_s == NULL,
TEXT_OBJECT_TYPE)
|| !aux_item_check_unique(item, def, list, i + 1)
|| !def->texts)
......@@ -1795,13 +1794,17 @@ Success
conf_stat_check_add_aux_item_list(Conference *conf,
Conf_no conf_no,
Aux_item_list *list,
Pers_no creator,
Connection *creating_conn,
Bool creating)
{
unsigned long i;
Aux_item *item;
const Aux_item_definition *def;
assert(conf != NULL);
assert(conf_no != 0);
assert(creating_conn != NULL);
if (list == NULL)
return OK;
......@@ -1820,9 +1823,8 @@ conf_stat_check_add_aux_item_list(Conference *conf,
if (!aux_item_add_perm(item,
def,
creator,
creating_conn,
conf_no,
TRUE,
&conf->aux_item_list,
0,
creating,
......@@ -1859,12 +1861,14 @@ conf_stat_add_aux_item_list(Conference *conf,
Success system_check_add_aux_item_list(Info *info,
Aux_item_list *list,
Pers_no creator)
Connection *creating_conn)
{
unsigned long i;
Aux_item *item;
const Aux_item_definition *def;
assert(creating_conn != NULL);
if (list == NULL)
return OK;
......@@ -1881,11 +1885,15 @@ Success system_check_add_aux_item_list(Info *info,
return FAILURE;
}
/* Pass creating_conn->pers_no as the subordinate, so that the
owner checks will be short-circuited. When we arrive here,
we already know that the user has enough privileges to
create aux-items on the system. See modify_system_info(),
especially the call to ENA(). */
if (!aux_item_add_perm(item, /* item */
def, /* definition */
creator, /* item_creator */
creator, /* object_creator */
TRUE, /* owner_check */
creating_conn, /* creating_conn */
creating_conn->pers_no, /* subordinate */
&info->aux_item_list, /* add_to_list */
0, /* start_looking_at */
FALSE, /* creating */
......@@ -2138,7 +2146,7 @@ aux_item_trigger_link_item(Aux_item_trigger_data *data)
*/
static Bool
static Success
aux_item_validate_existing_text(Aux_item_validation_data *v_data)
{
Text_stat *text_stat;
......@@ -2146,7 +2154,21 @@ aux_item_validate_existing_text(Aux_item_validation_data *v_data)
String_size ill_char;
text_no = s_strtol(v_data->item->data, &ill_char);
GET_T_STAT(text_stat, text_no, FALSE);
return person_text_read_access(text_no, text_stat,
v_data->item_creator, NULL);
GET_T_STAT(text_stat, text_no, FAILURE);
if (text_read_access(v_data->creating_conn, text_no, text_stat))
return OK;
if (v_data->creating
&& (v_data->creating_conn == NULL
|| v_data->creating_conn->pers_no != v_data->subordinate)
&& person_text_read_access(text_no, text_stat,
v_data->subordinate, NULL))
{
/* This can happen e.g. if we are creating a new person and
adding a faq-text to him at the same time. */
return OK;
}
return FAILURE;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment