| 22 |
* |
* |
| 23 |
* $Revision$ |
* $Revision$ |
| 24 |
* $Log$ |
* $Log$ |
| 25 |
|
* Revision 1.87 2005/03/15 12:09:39 tani |
| 26 |
|
* deleteItem 削除権限チェックを強化. |
| 27 |
|
* グループインデックスに属するアイテムへのアクセス権チェックを強化. |
| 28 |
|
* |
| 29 |
* Revision 1.86 2005/03/15 04:49:40 tani |
* Revision 1.86 2005/03/15 04:49:40 tani |
| 30 |
* ライセンス文を追加. |
* ライセンス文を追加. |
| 31 |
* |
* |
| 3617 |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
| 3618 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
| 3619 |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
| 3620 |
|
if( uid != session_t::SID_GUEST ) sql+= " AND tgulink.uid=" + unsignedIntToString( uid ); |
| 3621 |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
| 3622 |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
| 3623 |
sql+= " OR tx.uid IS NULL "; |
sql+= " OR tx.uid IS NULL "; |
| 3724 |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
| 3725 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
| 3726 |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
| 3727 |
|
if( uid != session_t::SID_GUEST ) sql+= " AND tgulink.uid=" + unsignedIntToString( uid ); |
| 3728 |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
| 3729 |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
| 3730 |
sql+= " OR tx.uid IS NULL "; |
sql+= " OR tx.uid IS NULL "; |
| 3789 |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
| 3790 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
| 3791 |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
| 3792 |
|
if( uid != session_t::SID_GUEST ) sql+= " AND tgulink.uid=" + unsignedIntToString( uid ); |
| 3793 |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
| 3794 |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
| 3795 |
sql+= " OR tx.uid IS NULL "; |
sql+= " OR tx.uid IS NULL "; |
| 3849 |
/** |
/** |
| 3850 |
* |
* |
| 3851 |
* アイテム(Basic Information)を更新する. |
* アイテム(Basic Information)を更新する. |
| 3852 |
* Platformユーザ以上の権限が必要. |
* 更新にはアイテム作成者かモデレータ権限が必要. |
| 3853 |
* itemのitem_idを正しくセットすること. |
* itemのitem_idを正しくセットすること. |
| 3854 |
* |
* |
| 3855 |
* @param sid セッションID |
* @param sid セッションID |
| 4052 |
item_uid = pitem -> getContributorUID(); |
item_uid = pitem -> getContributorUID(); |
| 4053 |
freeItem( pitem ); |
freeItem( pitem ); |
| 4054 |
|
|
| 4055 |
|
userid_t sess_uid; |
| 4056 |
|
if( sessionID2UID( sid, &sess_uid ) == RES_OK ){ |
| 4057 |
|
if( sess_uid != item_uid && !isModeratorBySession( sid ) ) |
| 4058 |
|
return RES_NO_WRITE_ACCESS_RIGHT;//no permissions to delete this item |
| 4059 |
|
}else{ |
| 4060 |
|
return RES_ERROR; |
| 4061 |
|
} |
| 4062 |
|
|
| 4063 |
/* |
/* |
| 4064 |
1. delete item from index keywords |
1. delete item from index keywords |
| 4065 |
2. delete item from binders |
2. delete item from binders |
| 4398 |
if( ( ret = sessionID2UID( sid, &uid ) ) != RES_OK ) return ret; |
if( ( ret = sessionID2UID( sid, &uid ) ) != RES_OK ) return ret; |
| 4399 |
sql = "SELECT DISTINCT tlink.item_id AS item_id FROM " + dbprefix + "_xnpaccount_index_item_link AS tlink"; |
sql = "SELECT DISTINCT tlink.item_id AS item_id FROM " + dbprefix + "_xnpaccount_index_item_link AS tlink"; |
| 4400 |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_index AS tx ON tlink.index_id = tx.index_id"; |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_index AS tx ON tlink.index_id = tx.index_id"; |
|
// sql+= " AND certify_state=" + unsignedIntToString( index::CERTIFIED ); |
|
| 4401 |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_item_basic AS ti ON tlink.item_id = ti.item_id"; |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_item_basic AS ti ON tlink.item_id = ti.item_id"; |
| 4402 |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_groups_users_link as tgulink ON tx.gid=tgulink.gid"; |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_groups_users_link as tgulink ON tx.gid=tgulink.gid"; |
| 4403 |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_session AS tsess ON tsess.uid=" + unsignedIntToString( uid ); |
sql+= " LEFT JOIN " + dbprefix + "_xnpaccount_session AS tsess ON tsess.uid=" + unsignedIntToString( uid ); |
| 4407 |
sql+= " AND certify_state=" + unsignedIntToString( index::CERTIFIED ); |
sql+= " AND certify_state=" + unsignedIntToString( index::CERTIFIED ); |
| 4408 |
sql+= " OR " + string( !public_item_target_user_all( ) ? "1" : "0" ); |
sql+= " OR " + string( !public_item_target_user_all( ) ? "1" : "0" ); |
| 4409 |
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ) + " AND tsess.uid IS NOT NULL"; |
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ) + " AND tsess.uid IS NOT NULL"; |
| 4410 |
sql+= " AND certify_state=" + unsignedIntToString( index::CERTIFIED ); |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
| 4411 |
|
sql+= " OR ti.uid=" + unsignedIntToString( uid ) + ")"; |
| 4412 |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
| 4413 |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
| 4414 |
sql+= " OR " + string( isModerator( sid, uid ) ? "1" : "0" ); |
sql+= " OR " + string( isModerator( sid, uid ) ? "1" : "0" ); |
| 4415 |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_GROUP_ONLY ); //<< |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_GROUP_ONLY ); //<< |
| 4416 |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); //<< |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); //<< |
| 4417 |
|
sql+= " OR ti.uid=" + unsignedIntToString( uid ); |
| 4418 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
| 4419 |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
| 4420 |
|
if( uid != session_t::SID_GUEST ) sql+= " AND tgulink.uid=" + unsignedIntToString( uid ); |
| 4421 |
sql+= " OR tx.uid IS NULL "; |
sql+= " OR tx.uid IS NULL "; |
| 4422 |
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ); |
sql+= " AND tx.open_level=" + unsignedIntToString( index::OL_PUBLIC ); |
| 4423 |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); //<< |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); //<< |
| 4424 |
|
sql+= " OR ti.uid=" + unsignedIntToString( uid ); |
| 4425 |
sql+= string( isModerator( sid, uid ) ? " OR 1 )" : " OR 0 )" ); //モデレータならOR 1,それ以外は OR 0 |
sql+= string( isModerator( sid, uid ) ? " OR 1 )" : " OR 0 )" ); //モデレータならOR 1,それ以外は OR 0 |
| 4426 |
sql+= ") AND ti.item_type_id!=" + unsignedIntToString( item::ITID_INDEX ); |
sql+= ") AND ti.item_type_id!=" + unsignedIntToString( item::ITID_INDEX ); |
| 4427 |
sql += " AND tx.index_id=" + unsignedIntToString( xid ); |
sql+= " AND tx.index_id=" + unsignedIntToString( xid ); |
| 4428 |
sql += criteria2str( cri ); |
sql += criteria2str( cri ); |
| 4429 |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
syslog_printf( "\nsql at %d=%s", __LINE__, sql.c_str() ); |
| 4430 |
if( countResultRows( sql.c_str(), &count ) == RES_OK ){ |
if( countResultRows( sql.c_str(), &count ) == RES_OK ){ |
| 4833 |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
sql+= " AND ( certify_state=" + unsignedIntToString( index::CERTIFIED ); |
| 4834 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
sql+= string( isModerator( sid, uid ) ? " OR 1" : " OR 0" ); //モデレータならOR 1,それ以外は OR 0 |
| 4835 |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
sql+= " OR tgulink.is_admin=1 )"; //グループ管理者か? |
| 4836 |
|
if( uid != session_t::SID_GUEST ) sql+= " AND tgulink.uid=" + unsignedIntToString( uid ); |
| 4837 |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
sql+= " OR tx.open_level=" + unsignedIntToString( index::OL_PRIVATE ); |
| 4838 |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
sql+= " AND tx.uid=" + unsignedIntToString( uid ); |
| 4839 |
sql+= " OR " + string( isModerator( sid, uid ) ? "1" : "0" ); |
sql+= " OR " + string( isModerator( sid, uid ) ? "1" : "0" ); |
Parent Directory
Revision Log
Revision Graph
Patch