mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-08 00:25:19 +02:00
Code Issues Releases Wiki Activity

[ticket/9657] Correctly determine the users permissions when deleting posts

Browse Source 
PHPBB3-9657
This commit is contained in:
Joas Schilling 2013-03-12 12:39:00 +01:00
parent 759086e654
commit 74f4fd724e
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
phpBB/posting.php
View File

@ -296,7 +296,7 @@ switch ($mode)
break; break;
case 'delete': case 'delete':
if ($user->data['is_registered'] && $auth->acl_gets('f_delete', 'm_delete', $forum_id)) if ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id))))
{ {
$is_authed = true; $is_authed = true;
} }
@ -307,6 +307,11 @@ switch ($mode)
{ {
$is_authed = true; $is_authed = true;
} }
else
{
// Display the same error message for softdelete we use for delete
$mode = 'delete';
}
break; break;
} }
@ -1647,13 +1652,15 @@ function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $is_sof
{ {
global $user, $template, $request; global $user, $template, $request;
$display_reason = $auth->acl_get('m_softdelete', $forum_id) || ($auth->acl_gets('m_delete', 'f_delete', $forum_id) && $auth->acl_gets('m_softdelete', 'f_softdelete', $forum_id)); $can_delete = $auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id));
$can_softdelete = $auth->acl_get('m_softdelete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_softdelete', $forum_id));
$display_reason = $auth->acl_get('m_softdelete', $forum_id) || ($can_delete && $can_softdelete);
$template->assign_vars(array( $template->assign_vars(array(
'S_SOFTDELETED' => $post_data['post_visibility'] == ITEM_DELETED, 'S_SOFTDELETED' => $post_data['post_visibility'] == ITEM_DELETED,
'S_CHECKED_PERMANENT' => $request->is_set_post('delete_permanent') ? ' checked="checked"' : '', 'S_CHECKED_PERMANENT' => $request->is_set_post('delete_permanent') ? ' checked="checked"' : '',
'S_ALLOWED_DELETE' => $auth->acl_gets('m_delete', 'f_delete', $forum_id), 'S_ALLOWED_DELETE' => $can_delete,
'S_ALLOWED_SOFTDELETE' => $auth->acl_gets('m_softdelete', 'f_softdelete', $forum_id), 'S_ALLOWED_SOFTDELETE' => $can_softdelete,
'S_DELETE_REASON' => $display_reason, 'S_DELETE_REASON' => $display_reason,
)); ));
@ -1663,7 +1670,7 @@ function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $is_sof
$l_confirm .= '_PERMANENTLY'; $l_confirm .= '_PERMANENTLY';
$s_hidden_fields['delete_permanent'] = '1'; $s_hidden_fields['delete_permanent'] = '1';
} }
else if (!$auth->acl_get('m_softdelete', $forum_id) && !$auth->acl_get('f_softdelete', $forum_id)) else if (!$can_softdelete)
{ {
$s_hidden_fields['delete_permanent'] = '1'; $s_hidden_fields['delete_permanent'] = '1';
} }