aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-01-25 12:21:52 -0800
committerzotlabs <mike@macgirvin.com>2017-01-25 12:21:52 -0800
commit45dbd31d286838254cd1ae60e4ebb39c112526be (patch)
treeba4bd74b443e45da3e21a3daccfa246c247fd34e
parent45a9eca792b349984ca11ab9a65e87e65625a718 (diff)
downloadvolse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.gz
volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.bz2
volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.zip
only allow wiki owner to delete pages
-rw-r--r--Zotlabs/Module/Wiki.php6
-rwxr-xr-xinclude/items.php4
-rw-r--r--include/widgets.php3
-rw-r--r--view/tpl/wiki_page_list.tpl2
4 files changed, 12 insertions, 3 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index d694a28ae..75a620c37 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false));
}
// Determine if observer has permission to delete pages
+ // currently just allow page owner
+
+ if((! local_channel()) || (local_channel() != $owner['channel_id'])) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
+ }
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(! $perms['write']) {
diff --git a/include/items.php b/include/items.php
index 5986038bc..66ec2ffea 100755
--- a/include/items.php
+++ b/include/items.php
@@ -3311,7 +3311,7 @@ function retain_item($id) {
);
}
-function drop_items($items) {
+function drop_items($items,$interactive = false,$stage = DROPITEM_NORMAL,$force = false) {
$uid = 0;
if(! local_channel() && ! remote_channel())
@@ -3319,7 +3319,7 @@ function drop_items($items) {
if(count($items)) {
foreach($items as $item) {
- $owner = drop_item($item,false);
+ $owner = drop_item($item,$interactive,$stage,$force);
if($owner && ! $uid)
$uid = $owner;
}
diff --git a/include/widgets.php b/include/widgets.php
index 799310908..98ea4e6a1 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -945,6 +945,8 @@ function widget_wiki_pages($arr) {
}
$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_pages');
+ $can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);
+
return replace_macros(get_markup_template('wiki_page_list.tpl'), array(
'$hide' => $hide,
'$resource_id' => $arr['resource_id'],
@@ -954,6 +956,7 @@ function widget_wiki_pages($arr) {
'$wikiname' => $wikiname,
'$pages' => $pages,
'$canadd' => $can_create,
+ '$candel' => $can_delete,
'$addnew' => t('Add new page'),
'$pageName' => array('pageName', t('Page name')),
));
diff --git a/view/tpl/wiki_page_list.tpl b/view/tpl/wiki_page_list.tpl
index a270e6cee..78657ec10 100644
--- a/view/tpl/wiki_page_list.tpl
+++ b/view/tpl/wiki_page_list.tpl
@@ -5,7 +5,7 @@
{{if $pages}}
{{foreach $pages as $page}}
<li id="{{$page.link_id}}">
- {{if $page.resource_id && $canadd}}
+ {{if $page.resource_id && $candel}}
<i class="widget-nav-pills-icons fa fa-trash-o drop-icons" onclick="wiki_delete_page('{{$page.title}}', '{{$page.url}}', '{{$page.resource_id}}', '{{$page.link_id}}')"></i>
{{/if}}
<a href="/wiki/{{$channel}}/{{$wikiname}}/{{$page.url}}">{{$page.title}}</a>