]> code.citadel.org Git - citadel.git/blobdiff - citadel/user_ops.c
projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* Access control change: do not treat mailboxes as guessname rooms for Aides.
[citadel.git] / citadel / user_ops.c
diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index b5f6e8f20f32a83fb1bde925cbe6fd7d95059e18..cf7c9982b49d8ba70b495b4e570ed0821448a6c4 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1006,8 +1006,20 @@ void cmd_invt_kick(char *iuser, int op)
        char bbb[SIZ];
        struct visit vbuf;
 
-       if (CtdlAccessCheck(ac_room_aide))
-               return;
+       /*
+        * These commands are only allowed by aides, room aides,
+        * and room namespace owners
+        */
+       if (is_room_aide()
+          || (atol(CC->quickroom.QRname) == CC->usersupp.usernum) ) {
+               /* access granted */
+       }
+       else {
+               /* access denied */
+                cprintf("%d Higher access or room ownership required.\n",
+                        ERROR + HIGHER_ACCESS_REQUIRED);
+                return;
+        }
 
        if (lgetuser(&USscratch, iuser) != 0) {
                cprintf("%d No such user.\n", ERROR);
Citadel server, clients, utilities