antville/antville
antville/antville
1
1
Fork 0
Code Issues 48 Pull requests 17 Projects Releases 9 Wiki Activity Actions 2

changed security-functions

Browse source
This commit is contained in:
Robert Gaggl 2001-06-28 18:09:37 +00:00
parent 05c35c1d5f
commit b85a4d393a
21 changed files with 195 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

4
code/Comment/delete.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions("delete");
if (!this.isDeleteAllowed())
res.redirect(this.story.href());
if (req.data.submit == "delete")
if (this.parent)

4
code/Comment/edit.hac
View file

@ -1,5 +1,5 @@
// check if user has right to edit this comment
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(this.story.href());
res.skin = "main";
res.title = "Antville - " + this.weblog.title;

3
code/Comment/reply.hac
View file

@ -1,3 +1,6 @@
if (!this.isReplyAllowed())
res.redirect(user.cache.referer ? this.weblog.members.href("login") : this.story.href());
if (this.weblog.hasDiscussions()) {
res.skin = "main";
res.title = "Antville - " + this.weblog.title;

54
code/Comment/securityFunctions.js
View file

@ -1,20 +1,44 @@
/**
* function checks if user has permissions to edit/delete a posting
* check if user is allowed to delete a comment
*/
function checkPermissions(action) {
if (action == "delete") {
if (this.weblog.owner != user) {
res.message = "This is not your weblog, so you can't delete any postings!";
res.redirect(this.story.href());
}
return true;
} else {
if (this.author != user) {
res.message = "Sorry, you're not allowed to edit a posting of somebody else!";
res.redirect(this.story.href());
} else if (!this.weblog.hasDiscussions())
res.redirect(this.story.href());
return true;
function isDeleteAllowed() {
if (this.weblog.owner != user) {
res.message = "This is not your weblog, so you can't delete any postings!";
return false;
}
return true;
}
/**
* check if user is allowed to edit a comment
*/
function isEditAllowed() {
if (this.author != user) {
res.message = "Sorry, you're not allowed to edit a posting of somebody else!";
return false;
} else if (!this.weblog.hasDiscussions()) {
res.message = "Sorry, discussions were disabled for this weblog!";
return false;
}
return true;
}
/**
* check if user is allowed to reply to a comment
*/
function isReplyAllowed() {
if (!this.weblog.hasDiscussions()) {
res.message = "Sorry, discussions were disabled for this weblog!";
return false;
} else if (!user.uid) {
user.cache.referer = this.href("reply");
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
}
return true;
}

4
code/Image/delete.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(user.cache.referer ? this.weblog.members.href("login") : this.weblog.images.href());
if (req.data.submit == "delete")
this.__parent__.deleteImage(this);

4
code/Image/edit.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(user.cache.referer ? this.weblog.members.href("login") : this.weblog.images.href());
if (req.data.submit == "cancel")
res.redirect(this.weblog.images.href());

19
code/Image/securityFunction.js
View file

@ -1,10 +1,17 @@
/**
* check if user is allowed to edit this story
* check if user is allowed to edit this image
*/
function checkPermissions() {
if (this.creator != user || user.isBlocked()) {
res.message = "Sorry, you're not allowed to edit this image!";
res.redirect(this.weblog.href());
function isEditAllowed() {
if (!user.uid) {
user.cache.referer = this.href("edit");
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.creator != user) {
res.message = "Sorry, this image belongs to someone else!";
return false;
}
}
return true;
}

4
code/ImageMgr/create.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isAddAllowed())
res.redirect(user.cache.referer ? this.__parent__.members.href("login") : this.__parent__.href());
if (req.data.submit == "cancel")
res.redirect(this.href());

4
code/ImageMgr/main.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(user.cache.referer ? this.__parent__.members.href("login") : this.__parent__.href());
res.skin = "main";
res.title = "Antville - " + this.__parent__.title;

33
code/ImageMgr/securityFunctions.js
View file

@ -1,14 +1,35 @@
/**
* function checks if user is allowed to add/edit images of this weblog
* check if user is allowed to edit images
*/
function checkPermissions() {
function isEditAllowed() {
if (!user.uid) {
res.message = "Please login before!";
user.cache.referer = this.href();
res.redirect(this.__parent__.members.href("login"));
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.__parent__.owner != user) {
res.message = "Sorry, you're not allowed to edit images";
res.redirect(this.href());
res.message = "Sorry, you're not allowed to edit images!";
return false;
}
return true;
}
/**
* check if user is allowed to add images
*/
function isAddAllowed() {
if (!user.uid) {
user.cache.referer = this.href("create");
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.__parent__.owner != user) {
res.message = "Sorry, you're not allowed to add images!";
return false;
}
return true;
}

4
code/MemberMgr/edit.hac
View file

@ -1,5 +1,5 @@
// check if user has right to edit this comment
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(user.cache.referer ? this.href("login") : this.__parent__.href());
res.skin = "main";

11
code/MemberMgr/securityFunctions.js
View file

@ -1,11 +1,14 @@
/**
* function checks if user is allowed to edit her/his profile
* check if user is allowed to edit this image
*/
function checkPermissions() {
function isEditAllowed() {
if (!user.uid) {
res.message = "Please login before editing your profile!";
user.cache.referer = this.href("edit");
res.redirect(this.href("login"));
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
}
return true;
}

4
code/Site/create.hac
View file

@ -1,5 +1,5 @@
// check if user is allowed to edit this story
this.checkPermissions();
if (!this.isAddAllowed())
res.redirect(user.cache.referer ? this.members.href("login") : this.href());
if (req.data.submit == "cancel")
res.redirect(this.href());

4
code/Site/edit.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(user.cache.referer ? this.members.href("login") : this.href());
if (req.data.submit == "cancel")
res.redirect(this.href());

37
code/Site/securityFunctions.js
View file

@ -1,14 +1,35 @@
/**
* function checks if user is allowed to add a story to this weblog
* check if user is allowed to edit the preferences of this weblog
*/
function checkPermissions() {
function isEditAllowed() {
if (!user.uid) {
res.message = "Please login before editing a new story!";
user.cache.referer = this.href("create");
res.redirect(this.members.href("login"));
user.cache.referer = this.href("edit");
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.owner != user) {
res.message = "Sorry, you're not allowed to add a story!";
res.redirect(this.href());
}
res.message ="You're not allowed to edit a foreign weblog!";
return false;
}
return true;
}
/**
* check if user is allowed to add a story to this weblog
*/
function isAddAllowed() {
if (!user.uid) {
user.cache.referer = this.href("edit");
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.owner != user) {
res.message ="You're not allowed to add a story to a foreign weblog!";
return false;
}
return true;
}

4
code/SkinMgr/main.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(user.cache.referer ? this.__parent__.members.href("login") : this.__parent__.href());
if (req.data.submit == "cancel")
res.redirect(this.href());

17
code/SkinMgr/securityFunctions.js
View file

@ -1,14 +1,17 @@
/**
* function checks if user is allowed to edit skins of this weblog
* check if user is allowed to edit this image
*/
function checkPermissions() {
function isEditAllowed() {
if (!user.uid) {
res.message = "Please login before!";
user.cache.referer = this.href();
res.redirect(this.__parent__.members.href("login"));
user.cache.referer = this.href("edit");
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.__parent__.owner != user) {
res.message = "Sorry, you're not allowed to edit skins";
res.redirect(this.href());
res.message = "Sorry, your're not allowed to edit skins!";
return false;
}
return true;
}

4
code/Story/delete.hac
View file

@ -1,5 +1,5 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isDeleteAllowed())
res.redirect(this.weblog.href());
if (req.data.submit == "delete")
this.weblog.deleteStory(this);

8
code/Story/edit.hac
View file

@ -1,10 +1,10 @@
// check if user is logged in and is the owner of this weblog
this.checkPermissions();
if (!this.isEditAllowed())
res.redirect(this.weblog.href());
if (req.data.submit == "cancel")
res.redirect(this.weblog.href());
this.evalStory();
else if (req.data.submit == "save")
this.evalStory();
res.skin = "main";
res.title = "Antville - " + this.weblog.title;

4
code/Story/main.hac
View file

@ -2,7 +2,9 @@ this.filter();
res.skin = "main";
if (req.data.text && this.weblog.hasDiscussions())
if (req.data.text && !this.isPostAllowed())
res.redirect(this.href());
else if (req.data.text)
this.addComment();
res.title = "Antville - " + this.weblog.title;

42
code/Story/securityFunction.js
View file

@ -1,10 +1,44 @@
/**
* check if user is allowed to post a comment to this story
*/
function isPostAllowed() {
if (!this.weblog.hasDiscussions()) {
res.message = "Sorry, discussions were disabled for this weblog!";
return false;
} else if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
}
return true;
}
/**
* check if user is allowed to delete this story
*/
function isDeleteAllowed() {
if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.author != user) {
res.message = "You cannot delete the story of somebody else!";
return false;
}
return true;
}
/**
* check if user is allowed to edit this story
*/
function checkPermissions() {
if (this.author != user || user.isBlocked()) {
res.message = "Sorry, you're not allowed to edit this story!";
res.redirect(this.weblog.href());
function isEditAllowed() {
if (user.isBlocked()) {
res.message = "Sorry, your account was disabled!";
return false;
} else if (this.author != user) {
res.message = "You cannot edit the story of somebody else!";
return false;
}
return true;
}