[Refdb-cvs] CVS: refdb/src noteshandler.c,1.18.2.10,1.18.2.11

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/refdb/refdb/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29868

Modified Files:
      Tag: Release_0_9_5_stable
	noteshandler.c 
Log Message:
allow only owner to update note

Index: noteshandler.c
===================================================================
RCS file: /cvsroot/refdb/refdb/src/noteshandler.c,v
retrieving revision 1.18.2.10
retrieving revision 1.18.2.11
diff -u -U2 -r1.18.2.10 -r1.18.2.11

--- noteshandler.c	21 Sep 2005 23:32:24 -0000	1.18.2.10
+++ noteshandler.c	23 Sep 2005 23:49:44 -0000	1.18.2.11
@@ -204,4 +204,5 @@
       }
 
+      /* todo: check whether current user is owner of the existing note */
       /* see whether id or key already exist in the database */
       if (key && *key) {
@@ -210,5 +211,5 @@
 	(ptr_andata->real_key)[255] = '\0';
 	preprocess_citekey(ptr_andata->real_key);
-	sprintf(sql_command, "SELECT note_id FROM t_note WHERE note_key=\'%s\'", ptr_andata->real_key);
+	sprintf(sql_command, "SELECT t_note.note_id, t_user.user_name FROM t_note, t_user WHERE t_note.note_user_id=t_user.user_id AND t_note.note_key=\'%s\'", ptr_andata->real_key);
       }
       else if (id && *id) {
@@ -218,5 +219,5 @@
 	  return ;
 	}
-	sprintf(sql_command, "SELECT note_id FROM t_note WHERE note_id=%s", id);
+	sprintf(sql_command, "SELECT t_note.note_id, t_user.user_name FROM t_note, t_user WHERE t_note.note_user_id=t_user.user_id AND t_note.note_id=%s", id);
       }
 
@@ -236,8 +237,23 @@
 	   - addnote: entry with same ID/key exists-> error
 	   - updatenote: entry with same ID/key doesn't exist-> add
-	   - updatenote: entry with same ID/key exists-> update */
+	   - updatenote: entry with same ID/key exists-> update if same user */
     
 	if (dbi_result_next_row(dbires)) { /* requested ID exists */
 	  if (ptr_andata->replace_note) {
+	    const char* existing_user = my_dbi_result_get_string(dbires, "user_name");
+	    if (strcmp(existing_user, user)) {
+	      sprintf(sql_command, "only owner can overwrite existing note %s", ptr_andata->real_key);
+	      LOG_PRINT(LOG_INFO, sql_command);
+	      (ptr_andata->n_skip)++;
+	      sprintf(sql_command, "422:"ULLSPEC":%s\n", (unsigned long long)(ptr_andata->set_count + nongeek_offset), ptr_andata->real_key);
+	      if ((new_msgpool = mstrcat(ptr_andata->msgpool, sql_command, &(ptr_andata->msgpool_len), 0)) == NULL) {
+		(ptr_andata->nmem_error)++;
+		return;
+	      }
+	      else {
+		ptr_andata->msgpool = new_msgpool;
+	      }
+	      return;
+	    }
 	    ptr_andata->create_new = 0;
 	    ptr_andata->n_note_id = my_dbi_result_get_idval(dbires, "note_id");



