}
-/* Don't allow someone to add someone to a list which is the acl of a query
- unless they're on the list acl, even if they're on the query acl! */
+/* Don't allow someone to add someone to a list which is the acl of a
+ * query unless they're on the list acl, even if they're on the amtl
+ * query acl! Also, don't allow someone proxying to add someone to a
+ * capacl.
+ */
int acl_access_check(int list_id, client *cl)
{
EXEC SQL BEGIN DECLARE SECTION;
if (c1 == 0 && c2 == 0)
return 0;
+ if (cl->proxy_id)
+ return 1;
+
EXEC SQL SELECT acl_type, acl_id INTO :acl_type, :acl_id
FROM list WHERE list_id=:lid;
return !find_member(acl_type, acl_id, cl);