only allow wiki owner to delete pages
This commit is contained in:
zotlabs
parent
45a9eca792
commit
45dbd31d28
@ -538,6 +538,12 @@ class Wiki extends \Zotlabs\Web\Controller {
|
|||||||
json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false));
|
json_return_and_die(array('message' => t('Cannot delete Home'),'success' => false));
|
||||||
}
|
}
|
||||||
// Determine if observer has permission to delete pages
|
// Determine if observer has permission to delete pages
|
||||||
|
// currently just allow page owner
|
||||||
|
|
||||||
|
if((! local_channel()) || (local_channel() != $owner['channel_id'])) {
|
||||||
|
logger('Wiki write permission denied. ' . EOL);
|
||||||
|
json_return_and_die(array('success' => false));
|
||||||
|
}
|
||||||
|
|
||||||
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
|
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
|
||||||
if(! $perms['write']) {
|
if(! $perms['write']) {
|
||||||
|
|||||||
@ -3311,7 +3311,7 @@ function retain_item($id) {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
function drop_items($items) {
|
function drop_items($items,$interactive = false,$stage = DROPITEM_NORMAL,$force = false) {
|
||||||
$uid = 0;
|
$uid = 0;
|
||||||
|
|
||||||
if(! local_channel() && ! remote_channel())
|
if(! local_channel() && ! remote_channel())
|
||||||
@ -3319,7 +3319,7 @@ function drop_items($items) {
|
|||||||
|
|
||||||
if(count($items)) {
|
if(count($items)) {
|
||||||
foreach($items as $item) {
|
foreach($items as $item) {
|
||||||
$owner = drop_item($item,false);
|
$owner = drop_item($item,$interactive,$stage,$force);
|
||||||
if($owner && ! $uid)
|
if($owner && ! $uid)
|
||||||
$uid = $owner;
|
$uid = $owner;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -945,6 +945,8 @@ function widget_wiki_pages($arr) {
|
|||||||
}
|
}
|
||||||
$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_pages');
|
$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_pages');
|
||||||
|
|
||||||
|
$can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);
|
||||||
|
|
||||||
return replace_macros(get_markup_template('wiki_page_list.tpl'), array(
|
return replace_macros(get_markup_template('wiki_page_list.tpl'), array(
|
||||||
'$hide' => $hide,
|
'$hide' => $hide,
|
||||||
'$resource_id' => $arr['resource_id'],
|
'$resource_id' => $arr['resource_id'],
|
||||||
@ -954,6 +956,7 @@ function widget_wiki_pages($arr) {
|
|||||||
'$wikiname' => $wikiname,
|
'$wikiname' => $wikiname,
|
||||||
'$pages' => $pages,
|
'$pages' => $pages,
|
||||||
'$canadd' => $can_create,
|
'$canadd' => $can_create,
|
||||||
|
'$candel' => $can_delete,
|
||||||
'$addnew' => t('Add new page'),
|
'$addnew' => t('Add new page'),
|
||||||
'$pageName' => array('pageName', t('Page name')),
|
'$pageName' => array('pageName', t('Page name')),
|
||||||
));
|
));
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
{{if $pages}}
|
{{if $pages}}
|
||||||
{{foreach $pages as $page}}
|
{{foreach $pages as $page}}
|
||||||
<li id="{{$page.link_id}}">
|
<li id="{{$page.link_id}}">
|
||||||
{{if $page.resource_id && $canadd}}
|
{{if $page.resource_id && $candel}}
|
||||||
<i class="widget-nav-pills-icons fa fa-trash-o drop-icons" onclick="wiki_delete_page('{{$page.title}}', '{{$page.url}}', '{{$page.resource_id}}', '{{$page.link_id}}')"></i>
|
<i class="widget-nav-pills-icons fa fa-trash-o drop-icons" onclick="wiki_delete_page('{{$page.title}}', '{{$page.url}}', '{{$page.resource_id}}', '{{$page.link_id}}')"></i>
|
||||||
{{/if}}
|
{{/if}}
|
||||||
<a href="/wiki/{{$channel}}/{{$wikiname}}/{{$page.url}}">{{$page.title}}</a>
|
<a href="/wiki/{{$channel}}/{{$wikiname}}/{{$page.url}}">{{$page.title}}</a>
|
||||||
|
|||||||
Reference in New Issue
Block a user