only allow wiki owner to delete pages

2017-01-25 12:21:52 -08:00 · 2017-01-25 12:21:52 -08:00 · 45dbd31d28
commit 45dbd31d28
parent 45a9eca792
4 changed files with 12 additions and 3 deletions
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller {
 				json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false));
 			}
 			// Determine if observer has permission to delete pages
+			// currently just allow page owner
+
+			if((! local_channel()) || (local_channel() != $owner['channel_id'])) {
+				logger('Wiki write permission denied. ' . EOL);
+				json_return_and_die(array('success' => false));					
+			}

 			$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
 			if(! $perms['write']) {
--- a/include/items.php
+++ b/include/items.php
@ -3311,7 +3311,7 @@ function retain_item($id) {
 	);
 }

-function drop_items($items) {
+function drop_items($items,$interactive = false,$stage = DROPITEM_NORMAL,$force = false) {
 	$uid = 0;

 	if(! local_channel() && ! remote_channel())
@ -3319,7 +3319,7 @@ function drop_items($items) {

 	if(count($items)) {
 		foreach($items as $item) {
-			$owner = drop_item($item,false);
+			$owner = drop_item($item,$interactive,$stage,$force);
 			if($owner && ! $uid)
 				$uid = $owner;
 		}
--- a/include/widgets.php
+++ b/include/widgets.php
@ -945,6 +945,8 @@ function widget_wiki_pages($arr) {
 	}
 	$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_pages');

+	$can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);
+
 	return replace_macros(get_markup_template('wiki_page_list.tpl'), array(
 			'$hide' => $hide,
 			'$resource_id' => $arr['resource_id'],
@ -954,6 +956,7 @@ function widget_wiki_pages($arr) {
 			'$wikiname' => $wikiname,
 			'$pages' => $pages,
 			'$canadd' => $can_create,
+			'$candel' => $can_delete,
 			'$addnew' => t('Add new page'),
 			'$pageName' => array('pageName', t('Page name')),
 	));
--- a/view/tpl/wiki_page_list.tpl
+++ b/view/tpl/wiki_page_list.tpl
@ -5,7 +5,7 @@
 		{{if $pages}}
 		{{foreach $pages as $page}}
 		<li id="{{$page.link_id}}">
-			{{if $page.resource_id && $canadd}}
+			{{if $page.resource_id && $candel}}
 			<i class="widget-nav-pills-icons fa fa-trash-o drop-icons" onclick="wiki_delete_page('{{$page.title}}', '{{$page.url}}', '{{$page.resource_id}}', '{{$page.link_id}}')"></i>
 			{{/if}}
 			<a href="/wiki/{{$channel}}/{{$wikiname}}/{{$page.url}}">{{$page.title}}</a>