external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow users to delete their own comments

Browse source 
Fixes a regression introduced in 03c6304 (Rework permission handling,
2014-07-15). Fixes FS#41379.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-07-29 15:17:58 +02:00
parent 63f95bd86f
commit d136d7c874
1 changed files with 5 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
web/lib/pkgfuncs.inc.php
View file

@ -13,27 +13,19 @@ include_once("pkgbasefuncs.inc.php");
* @return bool True if the user can delete the comment, otherwise false * @return bool True if the user can delete the comment, otherwise false
*/ */
function can_delete_comment($comment_id=0) { function can_delete_comment($comment_id=0) {
if (!uid_from_sid($_COOKIE["AURSID"])) {
/* Unauthenticated users cannot delete anything. */
return false;
}
if (has_credential(CRED_COMMENT_DELETE)) {
/* TUs and developers can delete any comment. */
return true;
}
$dbh = DB::connect(); $dbh = DB::connect();
$q = "SELECT COUNT(*) FROM PackageComments "; $q = "SELECT UsersID FROM PackageComments ";
$q.= "WHERE ID = " . intval($comment_id) . " AND UsersID = " . $uid; $q.= "WHERE ID = " . intval($comment_id);
$result = $dbh->query($q); $result = $dbh->query($q);
if (!$result) { if (!$result) {
return false; return false;
} }
$row = $result->fetch(PDO::FETCH_NUM); $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
return ($row[0] > 0);
return has_credential(CRED_COMMENT_DELETE, array($uid));
} }
/** /**