From 15664dc5a6771cfcc0ff0975f747e865594b4063 Mon Sep 17 00:00:00 2001
From: Lucas Bartholemy <lucas@bartholemy.com>
Date: Wed, 22 Oct 2014 12:28:07 +0200
Subject: [PATCH] Admin or space admin can delete arbitrary content (#276 #282)

---
 protected/models/Content.php                  | 11 +++-
 .../modules_core/comment/models/Comment.php   | 20 +++++++
 .../comment/widgets/views/showComment.php     | 57 +++++++++++--------
 3 files changed, 61 insertions(+), 27 deletions(-)

diff --git a/protected/models/Content.php b/protected/models/Content.php
index b563f6a005..1066e4ccab 100644
--- a/protected/models/Content.php
+++ b/protected/models/Content.php
@@ -285,14 +285,19 @@ class Content extends CActiveRecord
     public function canDelete($userId = "")
     {
 
-        if (HSetting::Get('canAdminAlwaysDeleteContent', 'security') == 1 && Yii::app()->user->isAdmin())
-            return true;
-
         if ($userId == "")
             $userId = Yii::app()->user->id;
 
         if ($this->created_by == $userId)
             return true;
+        
+        if (Yii::app()->user->isAdmin()) {
+            return true;
+        }
+
+        if ($this->container instanceof Space && $this->container->isAdmin($userId)) {
+            return true;
+        }
 
         return false;
     }
diff --git a/protected/modules_core/comment/models/Comment.php b/protected/modules_core/comment/models/Comment.php
index 83e7ab70a6..9f05cd8ae2 100644
--- a/protected/modules_core/comment/models/Comment.php
+++ b/protected/modules_core/comment/models/Comment.php
@@ -172,4 +172,24 @@ class Comment extends HActiveRecordContentAddon
         return Yii::t('CommentModule.models_comment', 'Comment') . " \"" . Helpers::truncateText($this->message, 40) . "\"";
     }
 
+    public function canDelete($userId = "")
+    {
+
+        if ($userId == "")
+            $userId = Yii::app()->user->id;
+
+        if ($this->created_by == $userId)
+            return true;
+
+        if (Yii::app()->user->isAdmin()) {
+            return true;
+        }
+
+        if ($this->content->container instanceof Space && $this->content->container->isAdmin($userId)) {
+            return true;
+        }
+
+        return false;
+    }
+
 }
diff --git a/protected/modules_core/comment/widgets/views/showComment.php b/protected/modules_core/comment/widgets/views/showComment.php
index e1763dbd21..88aaaea751 100644
--- a/protected/modules_core/comment/widgets/views/showComment.php
+++ b/protected/modules_core/comment/widgets/views/showComment.php
@@ -9,40 +9,49 @@
  * @since 0.5
  */
 ?>
+<?php
+$canWrite = $comment->canWrite();
+$canDelete = $comment->canDelete();
+?>
 
 <div class="media" id="comment_<?php echo $comment->id; ?>">
-    <?php if ($comment->canDelete()) : ?>
+    <?php if ($canWrite || $canDelete) : ?>
 
         <ul class="nav nav-pills preferences">
             <li class="dropdown ">
                 <a class="dropdown-toggle" data-toggle="dropdown" href="#"><i class="fa fa-angle-down"></i></a>
 
                 <ul class="dropdown-menu pull-right">
-                    <li>
-                        <?php
-                        echo HHtml::ajaxLink('<i class="fa fa-pencil"></i> Edit', Yii::app()->createAbsoluteUrl('//comment/comment/edit', array('id' => $comment->id)), array(
-                            'success' => "js:function(html){ $('.preferences .dropdown').removeClass('open'); $('#comment_editarea_" . $comment->id . "').replaceWith(html); $('#comment_input_" . $comment->id . "_contenteditable').focus(); }"
-                        ));
-                        ?>
-                    </li>
-                    <li>
 
-                        <!-- load modal confirm widget -->
-                        <?php
-                        $this->widget('application.widgets.ModalConfirmWidget', array(
-                            'uniqueID' => 'modal_commentdelete_' . $comment->id,
-                            'linkOutput' => 'a',
-                            'title' => Yii::t('CommentModule.widgets_views_showComment', '<strong>Confirm</strong> comment deleting'),
-                            'message' => Yii::t('CommentModule.widgets_views_showComment', 'Do you really want to delete this comment?'),
-                            'buttonTrue' => Yii::t('CommentModule.widgets_views_showComment', 'Delete'),
-                            'buttonFalse' => Yii::t('CommentModule.widgets_views_showComment', 'Cancel'),
-                            'linkContent' => '<i class="fa fa-trash-o"></i> ' . Yii::t('CommentModule.widgets_views_showComment', 'Delete'),
-                            'linkHref' => $this->createUrl("//comment/comment/delete", array('model' => $comment->object_model, 'id' => $comment->object_id, 'cid' => $comment->id)),
-                            'confirmJS' => "function(html) { $('#comments_area_" . $comment->object_model . "_" . $comment->object_id . "').html(html); }"
-                        ));
-                        ?>
+                    <?php if ($canWrite): ?>
+                        <li>
+                            <?php
+                            echo HHtml::ajaxLink('<i class="fa fa-pencil"></i> Edit', Yii::app()->createAbsoluteUrl('//comment/comment/edit', array('id' => $comment->id)), array(
+                                'success' => "js:function(html){ $('.preferences .dropdown').removeClass('open'); $('#comment_editarea_" . $comment->id . "').replaceWith(html); $('#comment_input_" . $comment->id . "_contenteditable').focus(); }"
+                            ));
+                            ?>
+                        </li>
+                    <?php endif; ?>
 
-                    </li>
+                    <?php if ($canDelete): ?>
+                        <li>
+
+                            <!-- load modal confirm widget -->
+                            <?php
+                            $this->widget('application.widgets.ModalConfirmWidget', array(
+                                'uniqueID' => 'modal_commentdelete_' . $comment->id,
+                                'linkOutput' => 'a',
+                                'title' => Yii::t('CommentModule.widgets_views_showComment', '<strong>Confirm</strong> comment deleting'),
+                                'message' => Yii::t('CommentModule.widgets_views_showComment', 'Do you really want to delete this comment?'),
+                                'buttonTrue' => Yii::t('CommentModule.widgets_views_showComment', 'Delete'),
+                                'buttonFalse' => Yii::t('CommentModule.widgets_views_showComment', 'Cancel'),
+                                'linkContent' => '<i class="fa fa-trash-o"></i> ' . Yii::t('CommentModule.widgets_views_showComment', 'Delete'),
+                                'linkHref' => $this->createUrl("//comment/comment/delete", array('model' => $comment->object_model, 'id' => $comment->object_id, 'cid' => $comment->id)),
+                                'confirmJS' => "function(html) { $('#comments_area_" . $comment->object_model . "_" . $comment->object_id . "').html(html); }"
+                            ));
+                            ?>
+                        </li>
+                    <?php endif; ?>
                 </ul>
             </li>
         </ul>