| 2 |
* |
* |
| 3 |
* $Revision$ |
* $Revision$ |
| 4 |
* $Log$ |
* $Log$ |
| 5 |
|
* Revision 1.82 2005/03/11 07:11:30 tani |
| 6 |
|
* itemid_t配列の長さ(*iidsLen)の初期化処理を追加. |
| 7 |
|
* |
| 8 |
* Revision 1.81 2005/03/11 00:34:57 tani |
* Revision 1.81 2005/03/11 00:34:57 tani |
| 9 |
* アイテムのアクセス権チェックにcertify_state追加. |
* アイテムのアクセス権チェックにcertify_state追加. |
| 10 |
* |
* |
| 3754 |
sql+= " AND ti.item_type_id != " + unsignedIntToString( item::ITID_INDEX ); // |
sql+= " AND ti.item_type_id != " + unsignedIntToString( item::ITID_INDEX ); // |
| 3755 |
sql+= criteria2str( c ); |
sql+= criteria2str( c ); |
| 3756 |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
| 3757 |
|
|
| 3758 |
dst = new itemid_t[ dst_max ]; |
dst = new itemid_t[ dst_max ]; |
| 3759 |
*iids = dst; |
*iids = dst; |
| 3760 |
if( *iids == 0 ) return RES_ERROR; // out of memory |
if( *iids == 0 ) return RES_ERROR; // out of memory |
| 3761 |
|
*iidsLen = 0; |
| 3762 |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
| 3763 |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
| 3764 |
SQLLEN len = 0; |
SQLLEN len = 0; |
| 3769 |
if( dst_max <= i ){ |
if( dst_max <= i ){ |
| 3770 |
itemid_t* old_dst = dst; |
itemid_t* old_dst = dst; |
| 3771 |
dst = new itemid_t[ dst_max * 2 ]; |
dst = new itemid_t[ dst_max * 2 ]; |
| 3772 |
if( *iids == 0 ){ |
if( dst == 0 ){ |
| 3773 |
delete[] old_dst; |
delete[] old_dst; |
| 3774 |
return RES_ERROR; // out of memory |
return RES_ERROR; // out of memory |
| 3775 |
} |
} |
| 3776 |
memcpy( dst, old_dst, dst_max ); |
memcpy( dst, old_dst, dst_max * sizeof( itemid_t ) ); |
| 3777 |
dst_max *= 2; |
dst_max *= 2; |
| 3778 |
*iids = dst; |
*iids = dst; |
| 3779 |
delete[] old_dst; |
delete[] old_dst; |
| 4155 |
sql += " OR is_admin=1 AND tgulink.uid=" + unsignedIntToString( sess_uid ); |
sql += " OR is_admin=1 AND tgulink.uid=" + unsignedIntToString( sess_uid ); |
| 4156 |
sql += ")"; |
sql += ")"; |
| 4157 |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
| 4158 |
|
*iidsLen = 0; |
| 4159 |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
| 4160 |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
| 4161 |
itemid_t iid = 0; |
itemid_t iid = 0; |
| 4270 |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
| 4271 |
dst = new itemid_t[ dst_max ]; |
dst = new itemid_t[ dst_max ]; |
| 4272 |
*iids = dst; |
*iids = dst; |
| 4273 |
|
*iidsLen = 0; |
| 4274 |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
| 4275 |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
| 4276 |
itemid_t iid = 0; |
itemid_t iid = 0; |
| 4280 |
if( dst_max <= i ){ |
if( dst_max <= i ){ |
| 4281 |
itemid_t* old_dst = dst; |
itemid_t* old_dst = dst; |
| 4282 |
dst = new itemid_t[ dst_max * 2 ]; |
dst = new itemid_t[ dst_max * 2 ]; |
| 4283 |
if( *iids == 0 ){ |
if( dst == 0 ){ |
| 4284 |
delete[] old_dst; |
delete[] old_dst; |
| 4285 |
return RES_ERROR; // out of memory |
return RES_ERROR; // out of memory |
| 4286 |
} |
} |
| 4287 |
memcpy( dst, old_dst, dst_max ); |
memcpy( dst, old_dst, dst_max * sizeof( itemid_t ) ); |
| 4288 |
dst_max *= 2; |
dst_max *= 2; |
| 4289 |
*iids = dst; |
*iids = dst; |
| 4290 |
delete[] old_dst; |
delete[] old_dst; |
| 4376 |
return RES_ERROR; |
return RES_ERROR; |
| 4377 |
} |
} |
| 4378 |
|
|
| 4379 |
|
*iidsLen = 0; |
| 4380 |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
| 4381 |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
| 4382 |
itemid_t iid; |
itemid_t iid; |
| 4450 |
return RES_ERROR; |
return RES_ERROR; |
| 4451 |
} |
} |
| 4452 |
|
|
| 4453 |
|
*iidsLen = 0; |
| 4454 |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
| 4455 |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
| 4456 |
itemid_t iid; |
itemid_t iid; |
| 4746 |
* |
* |
| 4747 |
* @refer itemop_t |
* @refer itemop_t |
| 4748 |
* @param sid セッションID |
* @param sid セッションID |
|
* @param iids チェック対象となるアイテムのID |
|
|
* @param iidsLen iids配列の要素数 |
|
|
* @param op アクセスの種類 |
|
|
* @param iids_out アクセス可能なアイテムのID |
|
|
* @param iidsLen_out iids_out配列の要素数 |
|
|
* @return RES_OK 成功 |
|
|
* |
|
|
*/ |
|
|
#if 0 |
|
|
result_t getItemPermissions( sessionid_t sid, itemid_t* iids, int iidsLen, itemop_t op, itemid_t* iids_out, int* iidsLen_out ) |
|
|
{ |
|
|
string sql1; // sql for retrieve count |
|
|
string sql2; // sql for retrieve item id |
|
|
string sql; |
|
|
itemid_t itemid; |
|
|
userid_t uid; |
|
|
string where; |
|
|
itemid_t* dst = 0; |
|
|
int count; //num of items permitted |
|
|
|
|
|
if( sessionID2UID( sid, &uid ) != RES_OK ) return RES_ERROR; |
|
|
|
|
|
if( op == item::OP_READ ){ |
|
|
where = string( unsignedIntToString( iids[ 0 ] ) ); |
|
|
for( int i = 1; i < iidsLen; i++ ){ |
|
|
where = string( unsignedIntToString( iids[ i ] ) ) + ", " + where; |
|
|
} |
|
|
|
|
|
sql1 = "SELECT count(DISTINCT tlink.item_id) ; |
|
|
sql2 = "SELECT DISTINCT tlink.item_id ; |
|
|
sql= " FROM " + dbprefix + "_xnpaccount_index_item_link AS tlink"; |
|
|
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_index AS tx ON tlink.index_id = tx.index_id"; |
|
|
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_item_basic AS ti ON tlink.item_id = ti.item_id"; |
|
|
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_groups_users_link as tgulink ON tx.gid=tgulink.gid"; |
|
|
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_session AS tsess ON tsess.uid=" + unsignedIntToString( uid ); |
|
|
sql+= " AND tsess.sid=" + unsignedIntToString( sid ); |
|
|
sql+= " WHERE ( " + string( public_item_target_user_all( ) ? "1" : "0" ); |
|
|
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ) + " AND tsess.uid IS NULL"; |
|
|
sql+= " OR " + string( !public_item_target_user_all( ) ? "1" : "0" ); |
|
|
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ) + " AND tsess.uid IS NOT NULL"; |
|
|
sql+= " OR tgulink.uid=" + unsignedIntToString( uid ); |
|
|
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
|
|
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
|
|
sql+= " OR " + string( isModerator( sid, uid ) ? "1" : "0" ); |
|
|
sql+= " OR tx.uid IS NULL "; |
|
|
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ); |
|
|
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
|
|
sql+= ") AND tlink.item_id WHERE IN (" + where + ")"; |
|
|
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
|
|
if( queryGetUnsignedInt( "getItemPermission", sql1 + sql, (unsigned int*)&count ) == RES_OK ){ |
|
|
dst = *iids_out = new itemid_t[ count ]; |
|
|
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
|
|
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)( sql2 + sql ).c_str(), ( sql2 + sql ).length() ) ) == SQL_SUCCESS ){ |
|
|
itemid_t iid; |
|
|
SQLLEN len = 0; |
|
|
SQLBindCol( hstmt, 1, SQL_C_ULONG, &iid, 0, &len ); |
|
|
*iidsLen_out = 0; |
|
|
for( int i = 0; ( sqlcode = SQLFetch( hstmt ) ) == SQL_SUCCESS && i < count ; i++ ){ |
|
|
dst[ i ] = iid; |
|
|
(*iidsLen_out)++; |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
}else if( op == item::OP_MODIFY || op == item::OP_DELETE ){ |
|
|
//TODO 条件追加:todo自分のアイテムでも承認待ち状態なら編集・削除できない |
|
|
sql = "SELECT item_id FROM " + dbprefix + "_xnpaccount_item_basic"; |
|
|
sql += " WHERE uid=" + unsignedIntToString( uid ); |
|
|
sql += " AND item_id=" + unsignedIntToString( iid ); |
|
|
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
|
|
if( queryGetUnsignedInt( "getItemPermission", sql, (unsigned int*)&itemid ) == RES_OK ){ |
|
|
return itemid == iid; |
|
|
} |
|
|
} |
|
|
return RES_ERROR; |
|
|
} |
|
|
#endif |
|
|
|
|
|
/** |
|
|
* |
|
|
* アイテムへのアクセス権限をチェックする |
|
|
* |
|
|
* @refer itemop_t |
|
|
* @param sid セッションID |
|
| 4749 |
* @param iid チェック対象となるアイテムのID |
* @param iid チェック対象となるアイテムのID |
| 4750 |
* @param op アクセスの種類 |
* @param op アクセスの種類 |
| 4751 |
* @return true 権限あり |
* @return true 権限あり |
| 7010 |
}else{ |
}else{ |
| 7011 |
return RES_ERROR; |
return RES_ERROR; |
| 7012 |
} |
} |
| 7013 |
|
|
| 7014 |
|
*iidsLen = 0; |
| 7015 |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) { |
| 7016 |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){ |
| 7017 |
itemid_t iid = 0; |
itemid_t iid = 0; |
Parent Directory
Revision Log
Revision Graph
Patch