diff options
author | zotlabs <mike@macgirvin.com> | 2017-01-25 12:21:52 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-01-25 12:21:52 -0800 |
commit | 45dbd31d286838254cd1ae60e4ebb39c112526be (patch) | |
tree | ba4bd74b443e45da3e21a3daccfa246c247fd34e | |
parent | 45a9eca792b349984ca11ab9a65e87e65625a718 (diff) | |
download | volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.gz volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.bz2 volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.zip |
only allow wiki owner to delete pages
-rw-r--r-- | Zotlabs/Module/Wiki.php | 6 | ||||
-rwxr-xr-x | include/items.php | 4 | ||||
-rw-r--r-- | include/widgets.php | 3 | ||||
-rw-r--r-- | view/tpl/wiki_page_list.tpl | 2 |
4 files changed, 12 insertions, 3 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index d694a28ae..75a620c37 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false)); } // Determine if observer has permission to delete pages + // currently just allow page owner + + if((! local_channel()) || (local_channel() != $owner['channel_id'])) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); + } $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); if(! $perms['write']) { diff --git a/include/items.php b/include/items.php index 5986038bc..66ec2ffea 100755 --- a/include/items.php +++ b/include/items.php @@ -3311,7 +3311,7 @@ function retain_item($id) { ); } -function drop_items($items) { +function drop_items($items,$interactive = false,$stage = DROPITEM_NORMAL,$force = false) { $uid = 0; if(! local_channel() && ! remote_channel()) @@ -3319,7 +3319,7 @@ function drop_items($items) { if(count($items)) { foreach($items as $item) { - $owner = drop_item($item,false); + $owner = drop_item($item,$interactive,$stage,$force); if($owner && ! $uid) $uid = $owner; } diff --git a/include/widgets.php b/include/widgets.php index 799310908..98ea4e6a1 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -945,6 +945,8 @@ function widget_wiki_pages($arr) { } $can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_pages'); + $can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false); + return replace_macros(get_markup_template('wiki_page_list.tpl'), array( '$hide' => $hide, '$resource_id' => $arr['resource_id'], @@ -954,6 +956,7 @@ function widget_wiki_pages($arr) { '$wikiname' => $wikiname, '$pages' => $pages, '$canadd' => $can_create, + '$candel' => $can_delete, '$addnew' => t('Add new page'), '$pageName' => array('pageName', t('Page name')), )); diff --git a/view/tpl/wiki_page_list.tpl b/view/tpl/wiki_page_list.tpl index a270e6cee..78657ec10 100644 --- a/view/tpl/wiki_page_list.tpl +++ b/view/tpl/wiki_page_list.tpl @@ -5,7 +5,7 @@ {{if $pages}} {{foreach $pages as $page}} <li id="{{$page.link_id}}"> - {{if $page.resource_id && $canadd}} + {{if $page.resource_id && $candel}} <i class="widget-nav-pills-icons fa fa-trash-o drop-icons" onclick="wiki_delete_page('{{$page.title}}', '{{$page.url}}', '{{$page.resource_id}}', '{{$page.link_id}}')"></i> {{/if}} <a href="/wiki/{{$channel}}/{{$wikiname}}/{{$page.url}}">{{$page.title}}</a> |