harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

only allow wiki owner to delete pages

Browse Source
This commit is contained in:
zotlabs
2017-01-25 12:21:52 -08:00
parent 45a9eca792
commit 45dbd31d28
4 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Module/Wiki.php
View File

@@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false));
}
// Determine if observer has permission to delete pages
// currently just allow page owner
if((! local_channel()) || (local_channel() != $owner['channel_id'])) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(! $perms['write']) {