diff options
author | zotlabs <mike@macgirvin.com> | 2017-01-25 12:21:52 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-01-25 12:21:52 -0800 |
commit | 45dbd31d286838254cd1ae60e4ebb39c112526be (patch) | |
tree | ba4bd74b443e45da3e21a3daccfa246c247fd34e /Zotlabs | |
parent | 45a9eca792b349984ca11ab9a65e87e65625a718 (diff) | |
download | volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.gz volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.tar.bz2 volse-hubzilla-45dbd31d286838254cd1ae60e4ebb39c112526be.zip |
only allow wiki owner to delete pages
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Wiki.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index d694a28ae..75a620c37 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false)); } // Determine if observer has permission to delete pages + // currently just allow page owner + + if((! local_channel()) || (local_channel() != $owner['channel_id'])) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); + } $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); if(! $perms['write']) { |