2 files changed, 23 insertions, 3 deletions
diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c
index cbeac042..87ed4403 100644
--- a/mbbsd/bbs.c
+++ b/mbbsd/bbs.c
@@ -1427,9 +1427,13 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct)
 	return DONOTHING;
 #endif
 
-    // user check
-    if (!HasUserPerm(PERM_BASIC) ||	// includeing guests
-	!CheckPostPerm() )   
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
 	return DONOTHING;
 
     if (strcmp(fhdr->owner, cuser.userid) != EQUSTR)
@@ -2940,6 +2944,15 @@ del_post(int ent, fileheader_t * fhdr, char *direct)
 	!strcmp(cuser.userid, STR_GUEST))
 	return DONOTHING;
 
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
+	return DONOTHING;
+
     if (fhdr->filename[0]=='L') fhdr->filename[0]='M';
 
 #ifdef SAFE_ARTICLE_DELETE
diff --git a/mbbsd/cache.c b/mbbsd/cache.c
index cac2135c..42bef4fc 100644
--- a/mbbsd/cache.c
+++ b/mbbsd/cache.c
@@ -197,6 +197,13 @@ postperm_msg(const char *bname)
     if (bp->brdattr & BRD_GUESTPOST)
         return NULL;
 
+    // XXX should we enable this?
+#if 0
+    // always allow post for BM
+    if (is_BM_cache(i))
+	return NULL;
+#endif
+
     if (!HasUserPerm(PERM_POST))
 	return "無發文權限";