modified to use acl engine

[busy] / write / introedit.cgi

diff --git a/write/introedit.cgi b/write/introedit.cgi
index 5e53faee9c50999ae0636fd5fcfc9c62949f3a93..b02437193e28f860229c780db343e1df6fd44a8b 100755 (executable)
--- a/write/introedit.cgi
+++ b/write/introedit.cgi
@@ -15,9 +15,16 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with Busy.  If not, see <http://www.gnu.org/licenses/>.
 
+[ "$HTTPS" = "on" ] && proto=https || proto=http
+. ../auth/acl.sh
+
 info="$(egrep -o '(^|&)i=([0-9]{10}_[0-9]{3}|intro|news)(&|$)' <<<"${QUERY_STRING}" |sed 's:&::g;s:i=::')"
-[ "$info" = "news" ] && info="$(date +%s)_$(apg -M N -a 1 -n 1 -m 3 -x 3)"
-[ "$info" != "intro" ] && info="${info}.news"
+[ "$info" = "news" ] && $ACL_ADDNEWS && info="$(date +%s)_$(apg -M N -a 1 -n 1 -m 3 -x 3)"
+[ "$info" != "intro" ] && $ACL_EDITNEWS && info="${info}.news"
+[ "$info" = "intro" ] && ($ACL_EDITINTRO || info='')
+
+[ -n "$info" ] || echo "Location: ${proto}://${HTTP_HOST}/?p=Error&i=noaccess\n\n"
+[ -n "$info" ] || exit 0
 
 if [ -n "${CONTENT_LENGTH}" -a "${CONTENT_LENGTH}" -gt 0 ]; then
 (head -c "${CONTENT_LENGTH}"; echo)|sed 's/&/\n/g' |while read line; do
@@ -32,4 +39,4 @@ fi
 
 [ -z "$cancel" ] && grep -qx "${REMOTE_USER}" ../auth/admin.user && echo -e "${text}" >"../Home/$info"
 
-echo -n "Location: http://${HTTP_HOST}/?p=Home\n\n"
+echo -n "Location: ${proto}://${HTTP_HOST}/?p=Home\n\n"