static int ann_can_access(char *title,const char *board,struct userec *user){ const struct boardheader *bp; char BM[BM_LEN]; if(strstr(title,"(BM: BMS)")){ if(board[0]&&getbid(board,&bp)){ memcpy(BM,bp->BM,(BM_LEN*sizeof(char))); return (!chk_currBM(BM,user)?0:2); } return 0; } else if(strstr(title,"(BM: SYSOPS)")) return (!HAS_PERM(user,PERM_SYSOP)?0:3); else return 1; }
/* 返回值意义: -1 没有权限 0 有看的权限 1 有管理的权限 */ int ann_traverse_check(char *path, struct userec *user) { char *ptr; char *ptr2; size_t i = 0; char filename[256]; char buf[256], *fnameptr; char pathbuf[256]; char currpath[256]; char title[STRLEN]; FILE *fp; char board[STRLEN]; bool has_perm_boards = false, sysop_only = false; char *bmstr; int bms_level = 0; /* path parameter can not have leading '/' character */ if (path[0] == '/') return -1; board[0] = '\0'; if ((ptr = strstr(path, "groups/")) != NULL) ann_get_board(ptr, board, sizeof(board)); bzero(pathbuf, sizeof(pathbuf)); if (board[0] == '\0') { ptr = path; } else { const struct boardheader *bh; bh = getbcache(board); if (check_read_perm(user, bh) == 0) return -1; ann_get_path(board, filename, sizeof(filename)); snprintf(pathbuf, sizeof(pathbuf), "0Announce%s", filename); ptr = path + strlen(pathbuf); i = strlen(pathbuf); /* 如果是本版版主 则获得版主权限 TODO */ if (chk_currBM(bh->BM, user)) has_perm_boards = true; } /* 如果是站务 则获得版主权限 */ if (HAS_PERM(user, PERM_OBOARDS) || HAS_PERM(user, PERM_ANNOUNCE) || HAS_PERM(user, PERM_SYSOP)) has_perm_boards = true; /* 开始逐级判断权限 */ while (*ptr != '\0') { if (*ptr == '/') { snprintf(filename, sizeof(filename), "%s/.Names", pathbuf); } else { if (i < sizeof(pathbuf)) pathbuf[i] = *ptr; ptr++; i++; continue; } if ((fp = fopen(filename, "r")) == NULL) return -1; while (fgets(buf, sizeof(buf), fp) != NULL) { if ((ptr2 = strrchr(buf, '\n')) != NULL) *ptr2 = '\0'; if (strncmp(buf, "Name=", 5) == 0) { strncpy(title, buf + 5, sizeof(title) - 1); title[sizeof(title) - 1] = '\0'; continue; } if (strncmp(buf, "Path=~/", 7) == 0) fnameptr = buf + 7; else if (strncmp(buf, "Path=", 5) == 0) fnameptr = buf + 5; else continue; snprintf(currpath, sizeof(currpath), "%s/%s", pathbuf, fnameptr); if (strncmp(currpath, path, strlen(currpath)) != 0) continue; if (path[strlen(currpath)] != '/' && path[strlen(currpath)]!='\0' ) continue; /* 如果有指定BM 则按BM名单获得版主权限 */ bmstr = strstr(title, "(BM:"); if (bmstr != NULL) if (chk_currBM(bmstr + 4, user)) has_perm_boards = true; /* 如果指定BMS 则目录的版主权限级别升高 */ if (strstr(title, "(BM: BMS)")) bms_level++; /* 如果指定SYSOPS 则目录为仅站务可见 */ if (strstr(title, "(BM: SYSOPS)")) sysop_only = true; #ifdef ANN_CTRLK /* 如果Ctrl+K权限验证不通过 则禁止 */ if(!canread(has_perm_boards ? PERM_BOARDS : 0, pathbuf, fnameptr, title)) { fclose(fp); return -1; } #endif /* 如果在一级BMS目录下且用户不具备版主权限 则禁止 */ if ((bms_level >=1) && !HAS_PERM(user, PERM_BOARDS)) { fclose(fp); return -1; } /* 如果在二级BMS目录下且用户不具备本版版主权限 则禁止 */ if ((bms_level >=2) && !has_perm_boards) { fclose(fp); return -1; } /* 如果在SYSOPS目录下且用户不是站务 则禁止 */ if (sysop_only && !HAS_PERM(user, PERM_SYSOP)) { fclose(fp); return -1; } break; } if (feof(fp)) { fclose(fp); return -1; } fclose(fp); if (i < sizeof(pathbuf)) pathbuf[i] = *ptr; ptr++; i++; } return has_perm_boards ? 1 : 0; }
int m_template() { int i; POINT *pts; struct _select_def grouplist_conf; if (!chk_currBM(currBM, getCurrentUser())) { return DONOTHING; } if (tmpl_init(1) < 0) return FULLUPDATE; if (template_num == 0) { char ans[3]; clear(); getdata(t_lines - 1, 0, "本版现在没有模板,需要现在增加吗(Y/N)? [N]: ", ans, sizeof(ans), DOECHO, NULL, true); if (ans[0] != 'Y' && ans[0] != 'y') { tmpl_free(); return FULLUPDATE; } if (tmpl_add() < 0) { tmpl_free(); return FULLUPDATE; } } pts = (POINT *) malloc(sizeof(POINT) * BBS_PAGESIZE); for (i = 0; i < BBS_PAGESIZE; i++) { pts[i].x = 2; pts[i].y = i + 3; } bzero(&grouplist_conf, sizeof(struct _select_def)); grouplist_conf.item_count = template_num; grouplist_conf.item_per_page = BBS_PAGESIZE; /* * 加上 LF_VSCROLL 才能用 LEFT 键退出 */ grouplist_conf.flag = LF_VSCROLL | LF_BELL | LF_LOOP | LF_MULTIPAGE; grouplist_conf.prompt = "◆"; grouplist_conf.item_pos = pts; grouplist_conf.title_pos.x = 0; grouplist_conf.title_pos.y = 0; grouplist_conf.pos = 1; /* initialize cursor on the first mailgroup */ grouplist_conf.page_pos = 1; /* initialize page to the first one */ grouplist_conf.show_data = tmpl_show; grouplist_conf.pre_key_command = tmpl_prekey; grouplist_conf.key_command = tmpl_key; grouplist_conf.show_title = tmpl_refresh; grouplist_conf.get_data = tmpl_getdata; grouplist_conf.on_select = tmpl_select; list_select_loop(&grouplist_conf); free(pts); tmpl_free(); return FULLUPDATE; }