]> code.citadel.org Git - citadel.git/blobdiff - citadel/msgbase.c
projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* Implement proper access control for deleting messages from IMAP
[citadel.git] / citadel / msgbase.c
diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index 7cadf16f8230875e4d72a972ed33e32bc23b99da..1386611178a7a34ae9b87019fd0b471fd9ffb461 100644 (file)
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -2314,6 +2314,23 @@ int CtdlDeleteMessages(char *room_name,          /* which room */
 
 
 
+/*
+ * Check whether the current user has permission to delete messages from
+ * the current room (returns 1 for yes, 0 for no)
+ */
+int CtdlDoIHavePermissionToDeleteMessagesFromThisRoom(void) {
+       getuser(&CC->usersupp, CC->curr_user);
+       if ((CC->usersupp.axlevel < 6)
+           && (CC->usersupp.usernum != CC->quickroom.QRroomaide)
+           && ((CC->quickroom.QRflags & QR_MAILBOX) == 0)
+           && (!(CC->internal_pgm))) {
+               return(0);
+       }
+       return(1);
+}
+
+
+
 /*
  * Delete message from current room
  */
@@ -2322,11 +2339,7 @@ void cmd_dele(char *delstr)
        long delnum;
        int num_deleted;
 
-       getuser(&CC->usersupp, CC->curr_user);
-       if ((CC->usersupp.axlevel < 6)
-           && (CC->usersupp.usernum != CC->quickroom.QRroomaide)
-           && ((CC->quickroom.QRflags & QR_MAILBOX) == 0)
-           && (!(CC->internal_pgm))) {
+       if (CtdlDoIHavePermissionToDeleteMessagesFromThisRoom() == 0) {
                cprintf("%d Higher access required.\n",
                        ERROR + HIGHER_ACCESS_REQUIRED);
                return;
Citadel server, clients, utilities