Changeset 1498
- Timestamp:
- 12/24/07 11:40:57 (7 months ago)
- Files:
-
- devel/mod/blog/lib/weblogs_actions.php (modified) (2 diffs)
- devel/mod/blog/lib/weblogs_posts_add.php (modified) (1 diff)
- devel/mod/blog/lib/weblogs_posts_edit.php (modified) (1 diff)
- devel/mod/blog/lib/weblogs_posts_view.php (modified) (1 diff)
- devel/mod/community/lib/permissions_check.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
devel/mod/blog/lib/weblogs_actions.php
r1401 r1498 70 70 $exists = false; 71 71 if ($oldpost = get_record('weblog_posts','ident',$post->ident)) { 72 if (run("permissions:check", array("weblog:edit", $oldpost->owner))) {72 if (run("permissions:check", array("weblog:edit", $oldpost->owner,$oldpost->weblog))) { 73 73 $exists = true; 74 74 } … … 132 132 if (logged_on && !empty($id)) { 133 133 if ($post_info = get_record('weblog_posts','ident',$id)) { 134 if (run("permissions:check", array("weblog:edit", $post_info->owner))) {134 if (run("permissions:check", array("weblog:edit", $post_info->owner),$post_info->weblog)) { 135 135 $post_info = plugin_hook("weblog_post","delete",$post_info); 136 136 if (!empty($post_info)) { devel/mod/blog/lib/weblogs_posts_add.php
r1401 r1498 19 19 $extensionContext = trim(optional_param('extension','weblog')); 20 20 21 if (!run("permissions:check", array("weblog:edit",$profile_id))) {21 if (!run("permissions:check", "weblog")) { // just check if the logged on user can add posts 22 22 $messages[] = __gettext("Permission denied"); 23 23 $messages[] = __gettext("You can modify only your own content!"); devel/mod/blog/lib/weblogs_posts_edit.php
r1401 r1498 13 13 $extensionContext = trim(optional_param('extension','weblog')); 14 14 15 if (!($aver=run("permissions:check", array("weblog:edit",$post->owner )))) {15 if (!($aver=run("permissions:check", array("weblog:edit",$post->owner,$post->weblog)))) { 16 16 $messages[] = __gettext("Permission denied"); 17 17 $messages[] = __gettext("You can modify only your own content!"); devel/mod/blog/lib/weblogs_posts_view.php
r1395 r1498 121 121 } 122 122 // if ($post->owner == $_SESSION['userid'] && logged_on) { 123 if (run("permissions:check",array("weblog:edit",$post->owner ))) {123 if (run("permissions:check",array("weblog:edit",$post->owner,$post->weblog))) { 124 124 $Edit = __gettext("Edit"); 125 125 $Delete = __gettext("Delete"); devel/mod/community/lib/permissions_check.php
r1248 r1498 37 37 } else { 38 38 switch($parameter[0]) { 39 39 40 case "files:edit": 40 41 case "weblog:edit": 42 // we need to know 2 things about file or post: its owner and the community it is 43 // posted to. 41 44 $owner = $parameter[1]; 42 if (record_exists('users','ident',$owner,'owner',$USER->ident,'user_type','community')) { 45 if(isset($parameter[2])){ 46 $weblog=$parameter[2]; 47 } else { 48 $weblog=0; 49 } 50 // Here we only check wether the logged on user is the moderator of the community 51 // where the posts was made or file was uploaded ($weblog). 52 // Permission to edit their own content is granted in mod/blog/lib/permission_check.php and 53 // mod/file/lib/permission_check.php. 54 if (record_exists('users','ident',$weblog,'owner',$USER->ident,'user_type','community')) { 43 55 $run_result = true; 44 56 } 45 if (empty($run_result)) { 46 if(run('community:membership',array($page_owner,$USER->ident))){ 47 $run_result = true; 48 } 49 } 57 50 58 break; 51 59 case "userdetails:change":
