Mercurial > hgrepos > hgweb.cgi > s4
changeset 774:8a7d5326055d
Only report-open can be handled by blog author
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Thu, 11 Jun 2020 10:18:36 +0900 |
parents | dc5c2a03cb7a |
children | 2c5a8c5dd1ee |
files | s4-blog.sh |
diffstat | 1 files changed, 18 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-blog.sh Tue Jun 09 12:27:09 2020 +0900 +++ b/s4-blog.sh Thu Jun 11 10:18:36 2020 +0900 @@ -228,7 +228,12 @@ case $blog_mode in *report*|*quiz*|*enquete*) href2="<a href=\"?lshandout+$rowid\" accesskey=\"l\" title=\"Shortcut: L${nl}List Handouts\"> 提出状況 </a>" - href3="(<a href=\"?gethandout+$rowid\" accesskey=\"f\" title=\"Shortcut: F${nl}File Retrieval\">ファイル取得</a>)" + case "$isgrpadmin$blog_mode" in + false*closed*|false*quiz|false*enquete*) ;; + *) + href3="(<a href=\"?gethandout+$rowid\" accesskey=\"f\" title=\"Shortcut: F${nl}File Retrieval\">ファイル取得</a>)" + ;; + esac ;; esac fi @@ -736,16 +741,24 @@ echo "メンバー以外は利用できません。" | html p; return fi # Here, this blog is writable by $user + mode=`getvalbyid blog mode $1` owner=`getvalbyid blog owner $1` + blogauthor=`getvalbyid blog author $1` + isopenblogauthor=false if [ x"$user" = x"$owner" ]; then : OK elif isgrpowner "$user" "$owner"; then : OK + elif [ x"$blogauthor" = x"$user" ]; then + # Non-admin Author of blog cannot do gethandout() in report-closed mode + # for avoidance the risk of fake report-closed blog. + case "$mode" in # Only report-open can be handled by blog author + *open*) isopenblogauthor=true ;; + esac else contenttype; echo - echo "板の所有者以外は利用できません。" | html p; return + echo "グループ管理者のみ取得できます。" | html p; return fi - mode=`getvalbyid blog mode $1` copy2csv=false blogid=`getvalbyid blog id $1` isgroup "$owner" && isgroup=true || isgroup=false @@ -813,7 +826,8 @@ WHERE blogid=(SELECT id FROM blog WHERE rowid=$rid); EOF cat $midfile | while IFS='|' read rowid artid author text; do - isfilereadable $user article_s $rowid || continue + $isgrpowner || $isopenblogauthor \ + || isfilereadable $user article_s $rowid || continue dir=`printf $bd/%d/%06d "$rid" "$rowid"` mkdir -p $dir echo "$author" > $dir/Author