aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-01-25 12:21:52 -0800
committerzotlabs <mike@macgirvin.com>2017-01-25 12:21:52 -0800
commit45dbd31d286838254cd1ae60e4ebb39c112526be (patch)
treeba4bd74b443e45da3e21a3daccfa246c247fd34e /Zotlabs
parent45a9eca792b349984ca11ab9a65e87e65625a718 (diff)
downloadvolse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.gz
volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.bz2
volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.zip
only allow wiki owner to delete pages
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Wiki.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index d694a28ae..75a620c37 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false));
}
// Determine if observer has permission to delete pages
+ // currently just allow page owner
+
+ if((! local_channel()) || (local_channel() != $owner['channel_id'])) {
+ logger('Wiki write permission denied. ' . EOL);
+ json_return_and_die(array('success' => false));
+ }
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(! $perms['write']) {