From 422cfd825089332848b3571d128a6ca3675e675c Mon Sep 17 00:00:00 2001
From: Florian Forster <octo@verplant.org>
Date: Sun, 11 Jun 2006 21:22:31 +0200
Subject: [PATCH] Fix the view non-users get when verifying their entries.

Make really really sure that they don't see the groups they're in nor can
change that. Also, display a short message when the entry has been saved, since
it'll be straight back to the edit dialogue for them.. Thanks to Katja for
pointing this out :)
---
 licom.cgi | 53 +++++++++++++++++++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 20 deletions(-)

diff --git a/licom.cgi b/licom.cgi
index ffc4a36..68e3581 100755
--- a/licom.cgi
+++ b/licom.cgi
@@ -729,36 +729,49 @@ sub action_update
 		}
 	}
 
-	my %changed_groups = map { $_ => 1 } (param ('group'));
-	my @current_groups = LiCoM::Group->load_by_member ($cn);
-
-	for (@current_groups)
+	# only `authorized' users may see and change groups
+	if ($UserID)
 	{
-		my $group_obj = $_;
-		my $group_name = $group_obj->name ();
+		my %changed_groups = map { $_ => 1 } (param ('group'));
+		my @current_groups = LiCoM::Group->load_by_member ($cn);
 
-		if (!defined ($changed_groups{$group_name}))
+		for (@current_groups)
 		{
-			$group_obj->del_members ($cn);
+			my $group_obj = $_;
+			my $group_name = $group_obj->name ();
+
+			if (!defined ($changed_groups{$group_name}))
+			{
+				$group_obj->del_members ($cn);
+			}
+			else
+			{
+				delete ($changed_groups{$group_name});
+			}
 		}
-		else
+		for (keys %changed_groups)
 		{
-			delete ($changed_groups{$group_name});
+			my $group_name = $_;
+			my $group_obj = LiCoM::Group->load ($group_name) or die;
+
+			$group_obj->add_members ($cn);
 		}
-	}
-	for (keys %changed_groups)
-	{
-		my $group_name = $_;
-		my $group_obj = LiCoM::Group->load ($group_name) or die;
 
-		$group_obj->add_members ($cn);
+		if (param ('newgroup'))
+		{
+			# FIXME add error handling
+			my $group_name = param ('newgroup');
+			LiCoM::Group->create ($group_name, '', $cn);
+		}
 	}
 
-	if (param ('newgroup'))
+	if (!$UserID)
 	{
-		# FIXME add error handling
-		my $group_name = param ('newgroup');
-		LiCoM::Group->create ($group_name, '', $cn);
+		print <<HTML;
+		<h3>Your changes have been saved.</h3>
+		<p>Thank you very much for taking the time to keep this record up to date.</p>
+
+HTML
 	}
 
 	if ($button eq 'apply' or !$UserID)
-- 
2.11.0