s4
changeset 695:5cf0ba49aeab
Attached file of admin in quiz-mode blog can be accessible by normal users
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Thu, 21 May 2020 12:00:28 +0900 |
parents | c45ab714d68e |
children | 4ebe5184a3e3 |
files | s4-blog.sh s4-funcs.sh |
diffstat | 2 files changed, 73 insertions(+), 29 deletions(-) [+] |
line diff
1.1 --- a/s4-blog.sh Tue May 19 11:49:11 2020 +0900 1.2 +++ b/s4-blog.sh Thu May 21 12:00:28 2020 +0900 1.3 @@ -176,8 +176,39 @@ 1.4 *) notifyto="" ;; 1.5 esac 1.6 case $blog_mode in 1.7 - *quiz*|*close*|*euquete*) f_exclusive=1 ;; 1.8 - *) f_exclusive='' ;; 1.9 + *quiz*|*close*) 1.10 + f_exclusive=1 1.11 + if $isgroup; then 1.12 + qgrp=`sqlquote "$blogowner"` 1.13 + if $isgrpadmin; then 1.14 + F_UNREADABLE="''" 1.15 + else 1.16 + if [ x"$blog_mode" = x"quiz" ]; then 1.17 + F_UNREADABLE="CASE 1.18 + WHEN author IN (SELECT user FROM grp_adm WHERE gname=$qgrp) 1.19 + THEN '' 1.20 + WHEN author = '$user' 1.21 + THEN '' 1.22 + ELSE 'Unreadable' 1.23 + END" 1.24 + else 1.25 + F_UNREADABLE='Unreadable' 1.26 + fi 1.27 + fi 1.28 + else # User blog 1.29 + if [ x"$blog_mode" = x"quiz" ]; then 1.30 + F_UNREADABLE="CASE 1.31 + WHEN author = '$blogowner' 1.32 + THEN '' ELSE 'Unreadable' 1.33 + END" 1.34 + else 1.35 + F_UNREADABLE='Unradable' 1.36 + fi 1.37 + fi 1.38 + ;; 1.39 + *) f_exclusive='' 1.40 + F_UNREADABLE="''" 1.41 + ;; 1.42 esac 1.43 1.44 # err "SELECT id from $tbl where rowid=$rowid" 1.45 @@ -324,12 +355,9 @@ 1.46 END reki, 1.47 CASE WHEN s.TIME > '$atime' THEN 'new' ELSE '' END newer, 1.48 hex(s.TEXT), 1.49 - CASE -- File Accessibility to attached file 1.50 - WHEN '$f_exclusive' = '' THEN '' 1.51 - WHEN '$isgrpadmin' = 'true' THEN '' 1.52 - WHEN '$user' = author THEN '' 1.53 - ELSE 'Unreadable' 1.54 - END cannotread, 1.55 + 1.56 + $F_UNREADABLE cannotread, 1.57 + 1.58 (SELECT group_concat(rowid||':'||length(bin)||':'||hex(val), ' ') 1.59 FROM article_m 1.60 WHERE id=a.id AND key='image') imxgids
2.1 --- a/s4-funcs.sh Tue May 19 11:49:11 2020 +0900 2.2 +++ b/s4-funcs.sh Thu May 21 12:00:28 2020 +0900 2.3 @@ -483,33 +483,49 @@ 2.4 # fi 2.5 # esac 2.6 # ↑ 要はこういう処理を↓で一気にやっている 2.7 - sql="with getblog as (\ 2.8 - select key,val from blog_s where id=(\ 2.9 - select blogid from article where id in\ 2.10 - (select id from $2 where rowid=$3))),\ 2.11 - getowner as (select val from getblog where key='owner'),\ 2.12 - getmode as (select val from getblog where key='mode')\ 2.13 - select case\ 2.14 - when (select author from article where\ 2.15 - id=(select id from $2 where rowid=$3))='$1' \ 2.16 - then 'author'\ 2.17 - when (select val from getmode) in ('report-open', 'normal')\ 2.18 - then 'open'\ 2.19 - when (select val from getmode) is null \ 2.20 + sql="with getblog as ( 2.21 + select key,val from blog_s where id=( 2.22 + select blogid from article where id in 2.23 + (select id from $2 where rowid=$3))), 2.24 + getowner as (select val from getblog where key='owner'), 2.25 + getauthor as (select author from article where id=(select id from $2 where rowid=$3)), 2.26 + isgrp as (SELECT val from getowner WHERE val IN (select gname from grp)), 2.27 + isgrpadm as (select user from grp_adm where 2.28 + gname=(select val from getowner) and 2.29 + user='$1'), 2.30 + getmode as (select val from getblog where key='mode') 2.31 + select case 2.32 + when (select author from article where 2.33 + id=(select id from $2 where rowid=$3))='$1' 2.34 + then 'author' 2.35 + when (select val from getmode) in ('report-open', 'normal') 2.36 then 'open' 2.37 - when (select val from getowner) in (select gname from grp)\ 2.38 - then (select user from grp_adm where \ 2.39 - gname=(select val from getowner) and \ 2.40 - user='$1')\ 2.41 - when (select author from article where\ 2.42 + when (select val from getmode) in ('quiz', 'enquete') 2.43 + then CASE 2.44 + WHEN (SELECT val FROM isgrp) IS NULL 2.45 + THEN 2.46 + CASE WHEN (SELECT val from getowner) 2.47 + IN ('$user', (SELECT author FROM getauthor)) 2.48 + THEN 'owner-or-user-article-is-readable' 2.49 + ELSE '' 2.50 + END 2.51 + WHEN (select user from isgrpadm) IS NOT NULL 2.52 + THEN 'i-am-admin' 2.53 + ELSE (SELECT author from getauthor WHERE author IN (SELECT user FROM grp_adm WHERE gname=(SELECT val FROM getowner))) 2.54 + END 2.55 + when (select val from getmode) is null 2.56 + then 'open' 2.57 + when (select val from getowner) in (select gname from grp) 2.58 + then (SELECT user FROM isgrpadm) 2.59 + when (select author from article where 2.60 id=(select id from $2 where rowid=$3))='$1' 2.61 then 'user+author' 2.62 else '' end;" 2.63 ## err isfilereadable: sql="`echo $sql`" 2.64 # caseのネストで内側のcaseがスカラーtrueを返しても外側はtrue扱いにならない 2.65 - result=`query "$sql"` 2.66 - [ -n "$result" ] && return 0 2.67 - return 2 2.68 + # result=`query "$sql"` 2.69 + # err FileAccessibility=$result 2.70 + [ -n "`query $sql`" ] || return 2 2.71 } 2.72 linkhome() { 2.73 # $1=UserOrGroup