Mercurial > hgrepos > hgweb.cgi > s4

changeset 695:5cf0ba49aeab

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Attached file of admin in quiz-mode blog can be accessible by normal users
author HIROSE Yuuji <yuuji@gentei.org>
date Thu, 21 May 2020 12:00:28 +0900
parents c45ab714d68e
children 4ebe5184a3e3
files s4-blog.sh s4-funcs.sh
diffstat 2 files changed, 73 insertions(+), 29 deletions(-) [+]
line wrap: on
line diff
--- a/s4-blog.sh	Tue May 19 11:49:11 2020 +0900
+++ b/s4-blog.sh	Thu May 21 12:00:28 2020 +0900
@@ -176,8 +176,39 @@
     *)		notifyto="" ;;
   esac
   case $blog_mode in
-    *quiz*|*close*|*euquete*)	f_exclusive=1 ;;
-    *)				f_exclusive='' ;;
+    *quiz*|*close*)
+      f_exclusive=1
+      if $isgroup; then
+	qgrp=`sqlquote "$blogowner"`
+	if $isgrpadmin; then
+	  F_UNREADABLE="''"
+	else
+	  if [ x"$blog_mode" = x"quiz" ]; then
+	    F_UNREADABLE="CASE
+		WHEN author IN (SELECT user FROM grp_adm WHERE gname=$qgrp)
+		THEN ''
+		WHEN author = '$user'
+		THEN ''
+		ELSE 'Unreadable'
+		END"
+	  else
+	    F_UNREADABLE='Unreadable'
+	  fi
+	fi
+      else		# User blog
+	if [ x"$blog_mode" = x"quiz" ]; then
+	  F_UNREADABLE="CASE
+		WHEN author = '$blogowner'
+		THEN '' ELSE 'Unreadable'
+		END"
+	else
+	  F_UNREADABLE='Unradable'
+	fi
+      fi
+      ;;
+    *)	f_exclusive=''
+	F_UNREADABLE="''"
+	;;
   esac
 
   # err "SELECT id from $tbl where rowid=$rowid"
@@ -324,12 +355,9 @@
 	     END reki,
         CASE WHEN s.TIME > '$atime' THEN 'new' ELSE '' END newer,
 	hex(s.TEXT),
-	CASE -- File Accessibility to attached file
-	WHEN '$f_exclusive' = ''    THEN ''
-	WHEN '$isgrpadmin' = 'true' THEN ''
-	WHEN '$user' = author       THEN ''
-	ELSE				 'Unreadable'
-	END cannotread,
+
+	$F_UNREADABLE cannotread,
+
 	(SELECT group_concat(rowid||':'||length(bin)||':'||hex(val), ' ')
 	 FROM article_m
 	 WHERE id=a.id AND key='image') imxgids
--- a/s4-funcs.sh	Tue May 19 11:49:11 2020 +0900
+++ b/s4-funcs.sh	Thu May 21 12:00:28 2020 +0900
@@ -483,33 +483,49 @@
   #      fi
   # esac
   # ↑ 要はこういう処理を↓で一気にやっている
-  sql="with getblog as (\
-	select key,val from blog_s where id=(\
-	select blogid from article where id in\
-        	(select id from $2 where rowid=$3))),\
-      getowner as (select val from getblog where key='owner'),\
-      getmode  as (select val from getblog where key='mode')\
-    select case\
-	when (select author from article where\
-		id=(select id from $2 where rowid=$3))='$1' \
-	then 'author'\
-	when (select val from getmode) in ('report-open', 'normal')\
-	then 'open'\
-	when (select val from getmode) is null \
+  sql="with getblog as (
+	select key,val from blog_s where id=(
+	select blogid from article where id in
+        	(select id from $2 where rowid=$3))),
+      getowner as (select val from getblog where key='owner'),
+     getauthor as (select author from article where id=(select id from $2 where rowid=$3)),
+     isgrp as (SELECT val from getowner WHERE val IN (select gname from grp)),
+     isgrpadm as (select user from grp_adm where
+		gname=(select val from getowner) and
+		user='$1'),
+      getmode  as (select val from getblog where key='mode')
+    select case
+	when (select author from article where
+		id=(select id from $2 where rowid=$3))='$1'
+	then 'author'
+	when (select val from getmode) in ('report-open', 'normal')
 	then 'open'
-	when (select val from getowner) in (select gname from grp)\
-	then (select user from grp_adm where \
-		gname=(select val from getowner) and \
-		user='$1')\
-	when (select author from article where\
+	when (select val from getmode) in ('quiz', 'enquete')
+	then CASE
+	     WHEN (SELECT val FROM isgrp) IS NULL
+	     THEN
+		CASE WHEN (SELECT val from getowner)
+		     	   IN ('$user', (SELECT author FROM getauthor))
+		     THEN 'owner-or-user-article-is-readable'
+		     ELSE ''
+		END
+	     WHEN (select user from isgrpadm) IS NOT NULL
+	     THEN 'i-am-admin'
+	     ELSE (SELECT author from getauthor WHERE author IN (SELECT user FROM grp_adm WHERE gname=(SELECT val FROM getowner)))
+	     END
+	when (select val from getmode) is null
+	then 'open'
+	when (select val from getowner) in (select gname from grp)
+	then (SELECT user FROM isgrpadm)
+	when (select author from article where
 		id=(select id from $2 where rowid=$3))='$1'
 	then 'user+author'
 	else '' end;"
   ## err isfilereadable: sql="`echo $sql`"
   # caseのネストで内側のcaseがスカラーtrueを返しても外側はtrue扱いにならない
-  result=`query "$sql"`
-  [ -n "$result" ] && return 0
-  return 2
+  # result=`query "$sql"`
+  # err FileAccessibility=$result
+  [ -n "`query $sql`" ] || return 2
 }
 linkhome() {
   # $1=UserOrGroup

yatex.org