Allow members of hidden lists to get_list_info. They still aren't able

[moira.git] / server / qaccess.pc

diff --git a/server/qaccess.pc b/server/qaccess.pc
index 1c745c3c2385f6c079bc3bf3545987d895938165..dd473bc189aed1e1b6925036672fe45ba6b20d96 100644 (file)
--- a/server/qaccess.pc
+++ b/server/qaccess.pc
@@ -274,15 +274,15 @@ int access_visible_list(struct query *q, char *argv[], client *cl)
 int access_vis_list_by_name(struct query *q, char *argv[], client *cl)
 {
   EXEC SQL BEGIN DECLARE SECTION;
-  int acl_id, memacl_id, flags, rowcount;
+  int acl_id, memacl_id, flags, rowcount, list_id;
   char acl_type[LIST_ACL_TYPE_SIZE], memacl_type[LIST_ACL_TYPE_SIZE];
   char *listname;
   EXEC SQL END DECLARE SECTION;
   int status;
 
   listname = argv[0];
-  EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type 
-    INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type
+  EXEC SQL SELECT hidden, acl_id, acl_type, memacl_id, memacl_type, list_id 
+    INTO :flags, :acl_id, :acl_type, :memacl_id, :memacl_type, :list_id
     FROM list 
     WHERE name = :listname;
 
@@ -294,14 +294,17 @@ int access_vis_list_by_name(struct query *q, char *argv[], client *cl)
   if (!flags)
     return MR_SUCCESS;
 
-  /* check for client in access control list */
+  /* If the user is a member of the acl, memacl, or the list itself,
+   * accept them.
+   */
   status = find_member(acl_type, acl_id, cl);
   if (!status)
-    {
-      status = find_member(memacl_type, memacl_id, cl);
-      if (!status)
-       return MR_PERM;
-    }
+    status = find_member(memacl_type, memacl_id, cl);
+  if (!status)
+    status = find_member("LIST", list_id, cl);
+  if (!status)
+    return MR_PERM;
+
   return MR_SUCCESS;
 }
 
@@ -669,9 +672,10 @@ int access_zephyr(struct query *q, char *argv[], client *cl)
 int access_container(struct query *q, char *argv[], client *cl)
 {
   EXEC SQL BEGIN DECLARE SECTION;
-  int cnt_id, acl_id, memacl_id;
+  int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
   char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
   char name[CONTAINERS_NAME_SIZE], *newname;
+  char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
   EXEC SQL END DECLARE SECTION;
   int status;
 
@@ -679,10 +683,13 @@ int access_container(struct query *q, char *argv[], client *cl)
   
   /* if amcn or dmcn, container id is the second argument */
   if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0)
+  {
+       mach_id = *(int *)argv[0];
        cnt_id = *(int *)argv[1];
+  }
 
-  EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name
-    INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name
+  EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
+    INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
     FROM containers
     WHERE cnt_id = :cnt_id;
 
@@ -713,6 +720,19 @@ int access_container(struct query *q, char *argv[], client *cl)
   if (find_member(memacl_type, memacl_id, cl))
     return MR_SUCCESS;
 
+  /* if the container is public or the query is delete, grant access if client
+   * is on owner list */
+  if (flag || q->type == DELETE)
+    {
+         EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
+           :machine_owner_id
+           FROM machine
+           WHERE mach_id = :mach_id;
+
+         if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
+               find_member(machine_owner_type, machine_owner_id, cl))
+           return MR_SUCCESS;
+    }
   /* Otherwise fail. */
   return MR_PERM;
 }