diff options
author | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
commit | c695136e4d75695178a9fc848a7cf6bfa2b9346c (patch) | |
tree | efba21de4995d7bd6b2f792e6d118a8e6e6bd405 /include/functions_user.inc.php | |
parent | ff7e537e2b4bceaef241096a377d12af4b917c43 (diff) |
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk
feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).
git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_user.inc.php')
-rw-r--r-- | include/functions_user.inc.php | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index f3eb0b172..4488294f7 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1246,19 +1246,44 @@ function is_adviser() } /* - * Return if current user can edit/delete a comment - * @param action edit/delete + * Return if current user can edit/delete/validate a comment + * @param action edit/delete/validate * @return bool */ function can_manage_comment($action, $comment_author_id) { - if (!in_array($action, array('delete','edit'))) { + global $user, $conf; + + if (is_a_guest()) + { + return false; + } + + if (!in_array($action, array('delete','edit', 'validate'))) + { return false; } - return (is_admin() || - (($GLOBALS['user']['id'] == $comment_author_id) - && !is_a_guest() - && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)])); + + if (is_admin()) + { + return true; + } + + if ('edit' == $action and $conf['user_can_edit_comment']) + { + if ($comment_author_id == $user['id']) { + return true; + } + } + + if ('delete' == $action and $conf['user_can_delete_comment']) + { + if ($comment_author_id == $user['id']) { + return true; + } + } + + return false; } /* |