s4
changeset 774:8a7d5326055d
Only report-open can be handled by blog author
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Thu, 11 Jun 2020 10:18:36 +0900 |
parents | dc5c2a03cb7a |
children | 2c5a8c5dd1ee |
files | s4-blog.sh |
diffstat | 1 files changed, 18 insertions(+), 4 deletions(-) [+] |
line diff
1.1 --- a/s4-blog.sh Tue Jun 09 12:27:09 2020 +0900 1.2 +++ b/s4-blog.sh Thu Jun 11 10:18:36 2020 +0900 1.3 @@ -228,7 +228,12 @@ 1.4 case $blog_mode in 1.5 *report*|*quiz*|*enquete*) 1.6 href2="<a href=\"?lshandout+$rowid\" accesskey=\"l\" title=\"Shortcut: L${nl}List Handouts\"> 提出状況 </a>" 1.7 - href3="(<a href=\"?gethandout+$rowid\" accesskey=\"f\" title=\"Shortcut: F${nl}File Retrieval\">ファイル取得</a>)" 1.8 + case "$isgrpadmin$blog_mode" in 1.9 + false*closed*|false*quiz|false*enquete*) ;; 1.10 + *) 1.11 + href3="(<a href=\"?gethandout+$rowid\" accesskey=\"f\" title=\"Shortcut: F${nl}File Retrieval\">ファイル取得</a>)" 1.12 + ;; 1.13 + esac 1.14 ;; 1.15 esac 1.16 fi 1.17 @@ -736,16 +741,24 @@ 1.18 echo "メンバー以外は利用できません。" | html p; return 1.19 fi 1.20 # Here, this blog is writable by $user 1.21 + mode=`getvalbyid blog mode $1` 1.22 owner=`getvalbyid blog owner $1` 1.23 + blogauthor=`getvalbyid blog author $1` 1.24 + isopenblogauthor=false 1.25 if [ x"$user" = x"$owner" ]; then 1.26 : OK 1.27 elif isgrpowner "$user" "$owner"; then 1.28 : OK 1.29 + elif [ x"$blogauthor" = x"$user" ]; then 1.30 + # Non-admin Author of blog cannot do gethandout() in report-closed mode 1.31 + # for avoidance the risk of fake report-closed blog. 1.32 + case "$mode" in # Only report-open can be handled by blog author 1.33 + *open*) isopenblogauthor=true ;; 1.34 + esac 1.35 else 1.36 contenttype; echo 1.37 - echo "板の所有者以外は利用できません。" | html p; return 1.38 + echo "グループ管理者のみ取得できます。" | html p; return 1.39 fi 1.40 - mode=`getvalbyid blog mode $1` 1.41 copy2csv=false 1.42 blogid=`getvalbyid blog id $1` 1.43 isgroup "$owner" && isgroup=true || isgroup=false 1.44 @@ -813,7 +826,8 @@ 1.45 WHERE blogid=(SELECT id FROM blog WHERE rowid=$rid); 1.46 EOF 1.47 cat $midfile | while IFS='|' read rowid artid author text; do 1.48 - isfilereadable $user article_s $rowid || continue 1.49 + $isgrpowner || $isopenblogauthor \ 1.50 + || isfilereadable $user article_s $rowid || continue 1.51 dir=`printf $bd/%d/%06d "$rid" "$rowid"` 1.52 mkdir -p $dir 1.53 echo "$author" > $dir/Author