Mercurial > hgrepos > hgweb.cgi > s4
comparison s4-funcs.sh @ 695:5cf0ba49aeab
Attached file of admin in quiz-mode blog can be accessible by normal users
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Thu, 21 May 2020 12:00:28 +0900 |
| parents | c45ab714d68e |
| children | 4461d596150d |
comparison
equal
deleted
inserted
replaced
| 694:c45ab714d68e | 695:5cf0ba49aeab |
|---|---|
| 481 # elif isuser $owner; then | 481 # elif isuser $owner; then |
| 482 # [ x"$1" = x"$owner" ] && return 0 || return 1 | 482 # [ x"$1" = x"$owner" ] && return 0 || return 1 |
| 483 # fi | 483 # fi |
| 484 # esac | 484 # esac |
| 485 # ↑ 要はこういう処理を↓で一気にやっている | 485 # ↑ 要はこういう処理を↓で一気にやっている |
| 486 sql="with getblog as (\ | 486 sql="with getblog as ( |
| 487 select key,val from blog_s where id=(\ | 487 select key,val from blog_s where id=( |
| 488 select blogid from article where id in\ | 488 select blogid from article where id in |
| 489 (select id from $2 where rowid=$3))),\ | 489 (select id from $2 where rowid=$3))), |
| 490 getowner as (select val from getblog where key='owner'),\ | 490 getowner as (select val from getblog where key='owner'), |
| 491 getmode as (select val from getblog where key='mode')\ | 491 getauthor as (select author from article where id=(select id from $2 where rowid=$3)), |
| 492 select case\ | 492 isgrp as (SELECT val from getowner WHERE val IN (select gname from grp)), |
| 493 when (select author from article where\ | 493 isgrpadm as (select user from grp_adm where |
| 494 id=(select id from $2 where rowid=$3))='$1' \ | 494 gname=(select val from getowner) and |
| 495 then 'author'\ | 495 user='$1'), |
| 496 when (select val from getmode) in ('report-open', 'normal')\ | 496 getmode as (select val from getblog where key='mode') |
| 497 then 'open'\ | 497 select case |
| 498 when (select val from getmode) is null \ | 498 when (select author from article where |
| 499 id=(select id from $2 where rowid=$3))='$1' | |
| 500 then 'author' | |
| 501 when (select val from getmode) in ('report-open', 'normal') | |
| 499 then 'open' | 502 then 'open' |
| 500 when (select val from getowner) in (select gname from grp)\ | 503 when (select val from getmode) in ('quiz', 'enquete') |
| 501 then (select user from grp_adm where \ | 504 then CASE |
| 502 gname=(select val from getowner) and \ | 505 WHEN (SELECT val FROM isgrp) IS NULL |
| 503 user='$1')\ | 506 THEN |
| 504 when (select author from article where\ | 507 CASE WHEN (SELECT val from getowner) |
| 508 IN ('$user', (SELECT author FROM getauthor)) | |
| 509 THEN 'owner-or-user-article-is-readable' | |
| 510 ELSE '' | |
| 511 END | |
| 512 WHEN (select user from isgrpadm) IS NOT NULL | |
| 513 THEN 'i-am-admin' | |
| 514 ELSE (SELECT author from getauthor WHERE author IN (SELECT user FROM grp_adm WHERE gname=(SELECT val FROM getowner))) | |
| 515 END | |
| 516 when (select val from getmode) is null | |
| 517 then 'open' | |
| 518 when (select val from getowner) in (select gname from grp) | |
| 519 then (SELECT user FROM isgrpadm) | |
| 520 when (select author from article where | |
| 505 id=(select id from $2 where rowid=$3))='$1' | 521 id=(select id from $2 where rowid=$3))='$1' |
| 506 then 'user+author' | 522 then 'user+author' |
| 507 else '' end;" | 523 else '' end;" |
| 508 ## err isfilereadable: sql="`echo $sql`" | 524 ## err isfilereadable: sql="`echo $sql`" |
| 509 # caseのネストで内側のcaseがスカラーtrueを返しても外側はtrue扱いにならない | 525 # caseのネストで内側のcaseがスカラーtrueを返しても外側はtrue扱いにならない |
| 510 result=`query "$sql"` | 526 # result=`query "$sql"` |
| 511 [ -n "$result" ] && return 0 | 527 # err FileAccessibility=$result |
| 512 return 2 | 528 [ -n "`query $sql`" ] || return 2 |
| 513 } | 529 } |
| 514 linkhome() { | 530 linkhome() { |
| 515 # $1=UserOrGroup | 531 # $1=UserOrGroup |
| 516 echo -n '<a href="?' | 532 echo -n '<a href="?' |
| 517 if isuser $1; then | 533 if isuser $1; then |
