diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2013-03-12 12:39:00 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2013-03-12 12:39:00 +0100 |
| commit | 74f4fd724e64eba4092b48cd114b2a1ee9e399b3 (patch) | |
| tree | d9660290a751591953e4092009ce359c1740ad6d | |
| parent | 759086e654bb0ee09bf20a60992b88d255f44c76 (diff) | |
| download | forums-74f4fd724e64eba4092b48cd114b2a1ee9e399b3.tar forums-74f4fd724e64eba4092b48cd114b2a1ee9e399b3.tar.gz forums-74f4fd724e64eba4092b48cd114b2a1ee9e399b3.tar.bz2 forums-74f4fd724e64eba4092b48cd114b2a1ee9e399b3.tar.xz forums-74f4fd724e64eba4092b48cd114b2a1ee9e399b3.zip | |
[ticket/9657] Correctly determine the users permissions when deleting posts
PHPBB3-9657
| -rw-r--r-- | phpBB/posting.php | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 51cdc04abb..dbc569d844 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -296,7 +296,7 @@ switch ($mode) break; case 'delete': - if ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id)) + if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)))) { $is_authed = true; } @@ -307,6 +307,11 @@ switch ($mode) { $is_authed = true; } + else + { + // Display the same error message for softdelete we use for delete + $mode = 'delete'; + } break; } @@ -1647,13 +1652,15 @@ function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $is_sof { global $user, $template, $request; - $display_reason = $auth->acl_get('m_softdelete', $forum_id) || ($auth->acl_gets('m_delete', 'f_delete', $forum_id) && $auth->acl_gets('m_softdelete', 'f_softdelete', $forum_id)); + $can_delete = $auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id)); + $can_softdelete = $auth->acl_get('m_softdelete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_softdelete', $forum_id)); + $display_reason = $auth->acl_get('m_softdelete', $forum_id) || ($can_delete && $can_softdelete); $template->assign_vars(array( 'S_SOFTDELETED' => $post_data['post_visibility'] == ITEM_DELETED, 'S_CHECKED_PERMANENT' => $request->is_set_post('delete_permanent') ? ' checked="checked"' : '', - 'S_ALLOWED_DELETE' => $auth->acl_gets('m_delete', 'f_delete', $forum_id), - 'S_ALLOWED_SOFTDELETE' => $auth->acl_gets('m_softdelete', 'f_softdelete', $forum_id), + 'S_ALLOWED_DELETE' => $can_delete, + 'S_ALLOWED_SOFTDELETE' => $can_softdelete, 'S_DELETE_REASON' => $display_reason, )); @@ -1663,7 +1670,7 @@ function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $is_sof $l_confirm .= '_PERMANENTLY'; $s_hidden_fields['delete_permanent'] = '1'; } - else if (!$auth->acl_get('m_softdelete', $forum_id) && !$auth->acl_get('f_softdelete', $forum_id)) + else if (!$can_softdelete) { $s_hidden_fields['delete_permanent'] = '1'; } |