Allow users who are status 8 to be deleted, too.

[moira.git] / server / qaccess.pc

diff --git a/server/qaccess.pc b/server/qaccess.pc
index 9adb3591841dea1ceb3c81c05a1f87f32b14cebb..801a4d9f75f96427739ecf863db9dea236ffd1c1 100644 (file)
--- a/server/qaccess.pc
+++ b/server/qaccess.pc
@@ -309,7 +309,8 @@ int access_vis_list_by_name(struct query *q, char *argv[], client *cl)
 /* access_member - allow user to access member of type "USER" and name matches
  * username, or to access member of type "KERBEROS" and the principal matches
  * the user, or to access member of type "LIST" and list is one that user is
- * on the acl of, or the list is visible.
+ * on the acl of, or the list is visible.  Allow anyone to look up list
+ * memberships of MACHINEs.
  */
 
 int access_member(struct query *q, char *argv[], client *cl)
@@ -329,6 +330,9 @@ int access_member(struct query *q, char *argv[], client *cl)
        return MR_SUCCESS;
     }
 
+  if (!strcmp(argv[0], "MACHINE") || !strcmp(argv[0], "RMACHINE"))
+    return MR_SUCCESS;  
+
   return MR_PERM;
 }
 
@@ -491,7 +495,8 @@ int access_host(struct query *q, char *argv[], client *cl)
       /* Non query owner must provide valid billing information. */
       if (q->version >= 8)
        {
-         if (subnet_status == SNET_STATUS_BILLABLE)
+         if ((subnet_status == SNET_STATUS_BILLABLE) &&
+             (atoi(argv[10]) != 3))
            {
              account_number = argv[8];
              EXEC SQL SELECT account_number FROM accountnumbers 
@@ -664,9 +669,10 @@ int access_zephyr(struct query *q, char *argv[], client *cl)
 int access_container(struct query *q, char *argv[], client *cl)
 {
   EXEC SQL BEGIN DECLARE SECTION;
-  int cnt_id, acl_id, memacl_id;
+  int cnt_id, acl_id, memacl_id, mach_id, machine_owner_id, flag;
   char acl_type[CONTAINERS_ACL_TYPE_SIZE], memacl_type[CONTAINERS_ACL_TYPE_SIZE];
   char name[CONTAINERS_NAME_SIZE], *newname;
+  char machine_owner_type[MACHINE_OWNER_TYPE_SIZE];
   EXEC SQL END DECLARE SECTION;
   int status;
 
@@ -674,10 +680,13 @@ int access_container(struct query *q, char *argv[], client *cl)
   
   /* if amcn or dmcn, container id is the second argument */
   if (strcmp(q->shortname, "amcn") == 0 || strcmp(q->shortname, "dmcn") == 0)
+  {
+       mach_id = *(int *)argv[0];
        cnt_id = *(int *)argv[1];
+  }
 
-  EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name
-    INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name
+  EXEC SQL SELECT acl_id, acl_type, memacl_id, memacl_type, name, publicflg
+    INTO :acl_id, :acl_type, :memacl_id, :memacl_type, :name, :flag
     FROM containers
     WHERE cnt_id = :cnt_id;
 
@@ -708,6 +717,19 @@ int access_container(struct query *q, char *argv[], client *cl)
   if (find_member(memacl_type, memacl_id, cl))
     return MR_SUCCESS;
 
+  /* if the container is public or the query is delete, grant access if client
+   * is on owner list */
+  if (flag || q->type == DELETE)
+    {
+         EXEC SQL SELECT owner_type, owner_id INTO :machine_owner_type,
+           :machine_owner_id
+           FROM machine
+           WHERE mach_id = :mach_id;
+
+         if (sqlca.sqlerrd[2] == 1 && strcmp("NONE", machine_owner_type) &&
+               find_member(machine_owner_type, machine_owner_id, cl))
+           return MR_SUCCESS;
+    }
   /* Otherwise fail. */
   return MR_PERM;
 }