equal
deleted
inserted
replaced
37 } |
37 } |
38 |
38 |
39 $row = $db->fetchrow(); |
39 $row = $db->fetchrow(); |
40 $db->free_result(); |
40 $db->free_result(); |
41 |
41 |
42 $acl_type = ( $row['poster_id'] == $session->user_id && $session->user_logged_in ) ? 'decir_edit_own' : 'decir_edit_other'; |
42 $own_post = ( $row['poster_id'] == $session->user_id && $session->user_logged_in ); |
|
43 $acl_type = ( $own_post ) ? 'decir_edit_own' : 'decir_edit_other'; |
43 |
44 |
44 $post_perms = $session->fetch_page_acl(strval($pid), 'DecirPost'); |
45 $post_perms = $session->fetch_page_acl(strval($pid), 'DecirPost'); |
45 if ( !$post_perms->get_permissions($acl_type) ) |
46 if ( !$post_perms->get_permissions($acl_type) ) |
46 { |
47 { |
47 die_friendly('Error', '<p>You do not have permission to edit this post.</p>'); |
48 die_friendly('Error', '<p>You do not have permission to edit this post.</p>'); |
67 else if ( isset($_POST['do']['save']) ) |
68 else if ( isset($_POST['do']['save']) ) |
68 { |
69 { |
69 // Save changes |
70 // Save changes |
70 if ( isset($_POST['do']['delete']) ) |
71 if ( isset($_POST['do']['delete']) ) |
71 { |
72 { |
|
73 // Check permissions (of course!) |
|
74 $acl_type = ( $own_post |
|
75 ? ( $_POST['delete_method'] == 'hard' ? 'decir_delete_own_post_hard' : 'decir_delete_own_post_soft' ) |
|
76 : ( $_POST['delete_method'] == 'hard' ? 'decir_delete_other_post_hard' : 'decir_delete_other_post_soft' ) |
|
77 ); |
|
78 if ( !$post_perms->get_permissions($acl_type) ) |
|
79 { |
|
80 die_friendly('Error', '<p>You do not have access to perform this type of deletion on this post.</p>'); |
|
81 } |
72 // Nuke it |
82 // Nuke it |
73 $result = decir_delete_post($pid, $_POST['edit_reason']); |
83 $result = decir_delete_post($pid, $_POST['edit_reason']); |
74 if ( $result ) |
84 if ( $result ) |
75 { |
85 { |
76 $url = makeUrlNS('Special', 'Forum/Post/' . $pid, false, true) . '#post' . $pid; |
86 $url = makeUrlNS('Special', 'Forum/Post/' . $pid, false, true) . '#post' . $pid; |