$Log$
+ Revision 614.79 2004/03/15 16:47:04 error
+ * msgbase.c: cmd_move(): Fix the security logic for non-aides trying to
+ move or copy messages. The logic should do the following:
+ * Allow move/copy for Aides
+ * Allow regular users to:
+ * Move a message between two personal rooms
+ * Copy a message from a Personal room to a room the user is subscribed to
+ * Copy a message from a room the user is subscribed to, to a personal room
+ * Prohibit other moves/copies
+
Revision 614.78 2004/03/15 16:39:27 error
* Multiple files: Set permissions on existing Citadel directories to prevent
access to the database by local unix users to prevent direct database reads.
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
-
struct ctdlroom qtemp;
int err;
int is_copy = 0;
+ int ra;
num = extract_long(args, 0);
extract(targ, args, 1);
}
getuser(&CC->user, CC->curr_user);
+ ra = CtdlRoomAccess(&qtemp, &CC->user);
/* Aides can move/copy */
if ((CC->user.axlevel < 6)
/* Roomaides can move/copy */
&& (CC->user.usernum != CC->room.QRroomaide)
- /* Permit move/copy to/from personal rooms */
+ /* Permit move/copy from personal rooms */
&& (!((CC->room.QRflags & QR_MAILBOX)
&& (qtemp.QRflags & QR_MAILBOX)))
/* Permit only copy from public to personal room */
- && (!(is_copy && !(CC->room.QRflags & QR_MAILBOX)
- && (qtemp.QRflags & QR_MAILBOX)))) {
+ && (!(is_copy && (CC->room.QRflags & QR_MAILBOX)
+ || (qtemp.QRflags & QR_MAILBOX)))
+ /* User must have access to target room */
+ && !((ra & UA_KNOWN))) {
cprintf("%d Higher access required.\n",
ERROR + HIGHER_ACCESS_REQUIRED);
return;