From cbbfaa80cfd8f582357f9228df6ac6f712734ae8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Wed, 11 May 2022 18:19:44 +0200
Subject: [PATCH] use acls in edit processing

---
 page_edit.sh | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/page_edit.sh b/page_edit.sh
index b5beeaf..ca70c67 100755
--- a/page_edit.sh
+++ b/page_edit.sh
@@ -26,9 +26,8 @@ if [ "$edit_page" = "$PATH_INFO" ]; then
   # END EDIT SCRIPT, continue in index.cgi
 
 elif [ "$edit_action" = update ]; then
-  mkdir -p -- "${edit_file%/#page.md}"
-
-  if S_LOCK "$edit_file"; then
+  if mkdir -p -- "${edit_file%/#page.md}" \
+       && S_LOCK "$edit_file"; then
     POST pagetext >"$edit_file"
     S_RELEASE "$edit_file"
     REDIRECT "${_BASE}${PATH_INFO%\[edit\]}"
@@ -41,13 +40,16 @@ elif [ "$edit_action" = cancel ]; then
   S_RELEASE "$edit_file"
   REDIRECT "${_BASE}${PATH_INFO%\[edit\]}"
 
-elif mkdir -p -- "${edit_file%/#page.md}" && S_LOCK "$edit_file"; then
-  # Display editor page
-  SESSION_COOKIE
+elif ! acl_write "$edit_page"; then
+  theme_403
+
+elif mkdir -p -- "${edit_file%/#page.md}" \
+     && S_LOCK "$edit_file"; then
   theme_editor "$edit_page"
 
 else
-  export ERRMSG="ERR_NOLOCK"
-  theme_page "$edit_page"
+  printf 'Refresh: %i; url=%s\r\n' 4 ../
+  export ERROR_MSG="Unable to lock page for editing"
+  theme_409
 
 fi
-- 
2.39.2