Changeset 883 for trunk/common/security.php

Timestamp:

01/19/08 12:33:02 (4 years ago)

Author:

bogdanpasoi@…

Message:

Open source - first draft.

File:

• trunk/common/security.php (modified) (5 diffs)

trunk/common/security.php

@@ -127 +127 @@
         case 'grader-delete':
         case 'grader-rename':
-        case 'grader-download':
         case 'simple-edit':
             return 'simple-edit';
@@ -144 +143 @@
         // Special actions fall through
         // FIXME: As few as possible.
+        case 'grader-download':
         case 'task-submit':
         case 'round-submit':
@@ -397 +397 @@
             return ($task['hidden'] == false && $is_running);
 
+        case 'grader-download':
+            if ($task['open_tests']) {
+                $can_view = $task['hidden'] == false;
+            } else {
+                $can_view = false;
+            }
+            return $can_view || $is_owner || $is_admin;
+
         default:
             log_error('Invalid task action: '.$action);
@@ -502 +510 @@
     $is_task_owner = ($job['task_owner_id'] == $user['id'] && $usersec == 'helper');
     $can_view_job = ($job['task_hidden'] == false) || $is_task_owner || $is_admin;
+    $can_view_source = ($job['task_open_source'] == true) || $is_task_owner || $is_owner || $is_admin;
 
     // Log query response.
@@ -521 +530 @@
 
         case 'job-download': //FIXME: this should be job-view-source, job-download is too confusing
-            return $can_view_job && ($is_admin || $is_owner);
+            return $can_view_job && $can_view_source;
 
         default: