accessMeth_t umGetAccessMethodForURL(char_t *url) { accessMeth_t amRet; char_t *urlHavingLimit, *group; urlHavingLimit = umGetAccessLimit(url); if (urlHavingLimit) { group = umGetAccessLimitGroup(urlHavingLimit); if (group && *group) { amRet = umGetGroupAccessMethod(group); } else { amRet = umGetAccessLimitMethod(urlHavingLimit); } bfree(B_L, urlHavingLimit); } else { amRet = AM_FULL; } return amRet; }
bool_t umUserCanAccessURL(char_t *user, char_t *url) { accessMeth_t amURL; char_t *group, *usergroup, *urlHavingLimit; short priv; a_assert(user && *user); a_assert(url && *url); /* * Make sure user exists */ if (!umUserExists(user)) { return FALSE; } /* * Make sure user is enabled */ if (!umGetUserEnabled(user)) { return FALSE; } /* * Make sure user has sufficient privileges (any will do) */ usergroup = umGetUserGroup(user); priv = umGetGroupPrivilege(usergroup); if (priv == 0) { return FALSE; } /* * Make sure user's group is enabled */ if (!umGetGroupEnabled(usergroup)) { return FALSE; } /* * The access method of the user group must not be AM_NONE */ if (umGetGroupAccessMethod(usergroup) == AM_NONE) { return FALSE; } /* * Check to see if there is an Access Limit for this URL */ urlHavingLimit = umGetAccessLimit(url); if (urlHavingLimit) { amURL = umGetAccessLimitMethod(urlHavingLimit); group = umGetAccessLimitGroup(urlHavingLimit); bfree(B_L, urlHavingLimit); } else { /* * If there isn't an access limit for the URL, user has full access */ return TRUE; } /* * If the access method for the URL is AM_NONE then * the file "doesn't exist". */ if (amURL == AM_NONE) { return FALSE; } /* * If Access Limit has a group specified, then the user must be a * member of that group */ if (group && *group) { if (usergroup && (gstrcmp(group, usergroup) != 0)) { return FALSE; } } /* * Otherwise, user can access the URL */ return TRUE; }
bool_t umUserCanAccessURL(char_t *user, char_t *url) { accessMeth_t amURL; char_t *group, *usergroup, *urlHavingLimit; short priv; a_assert(user && *user); a_assert(url && *url); /* * Make sure user exists */ if (!umUserExists(user)) { return FALSE; } /* * Make sure user is enabled */ if (!umGetUserEnabled(user)) { return FALSE; } /* * Make sure user has sufficient privileges (any will do) */ usergroup = umGetUserGroup(user); priv = umGetGroupPrivilege(usergroup); if (priv == 0) { return FALSE; } /* * Make sure user's group is enabled */ if (!umGetGroupEnabled(usergroup)) { return FALSE; } /* * The access method of the user group must not be AM_NONE */ if (umGetGroupAccessMethod(usergroup) == AM_NONE) { return FALSE; } /* * Check to see if there is an Access Limit for this URL */ urlHavingLimit = umGetAccessLimit(url); if (urlHavingLimit) { amURL = umGetAccessLimitMethod(urlHavingLimit); group = umGetAccessLimitGroup(urlHavingLimit); bfree(B_L, urlHavingLimit); } else { /* * If there isn't an access limit for the URL, user has full access */ return TRUE; } /* * If the access method for the URL is AM_NONE then * the file "doesn't exist". */ if (amURL == AM_NONE) { return FALSE; } /* * If Access Limit has a group specified, then the user must be a * member of that group */ if (group && *group) { #ifdef qHierarchicalAccess /* * If we are compiling with the hierarchical access extensions, we * instead call the user-provided function that checks to see whether * the current user's access level is greater than or equal to the * access level required for this URL. */ return dmfCanAccess(usergroup, group); #else if (usergroup && (gstrcmp(group, usergroup) != 0)) { return FALSE; } #endif } /* * Otherwise, user can access the URL */ return TRUE; }