changeset 577:67ecd5901590

Inhibit non-group admin from cloning group
author HIROSE Yuuji <yuuji@gentei.org>
date Fri, 14 Jun 2019 09:27:11 +0900
parents c81511a6b7e0
children c064c7d357dc
files s4-funcs.sh
diffstat 1 files changed, 10 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/s4-funcs.sh	Fri Jun 14 09:01:51 2019 +0900
+++ b/s4-funcs.sh	Fri Jun 14 09:27:11 2019 +0900
@@ -417,6 +417,12 @@
   err isgrpowner: $sql
   test -n "`query $sql`"
 )
+isgrpownerbygid() (
+  # $1=user, $2=group-rowid
+  sql="select user from grp_adm where gname=(select gname from grp where rowid=$2) and user='$1';"
+  err isgrpownerbygid: $sql
+  test -n "`query $sql`"
+)
 getgroupadminmails() {
   # $1=group
   for i in $(getgroupadmins $1); do
@@ -1551,6 +1557,10 @@
     echo "無効なグループIDです($1)" | html p
     return
   fi
+  if ! isgrpownerbygid "$user" "$rid"; then
+     echo "グループ管理者のみがクローン可能です" | html p
+     return
+  fi
   i=0
   while true; do
     copy="-copy$i"

yatex.org