aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_user.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
committerplegall <plg@piwigo.org>2010-03-19 22:25:39 +0000
commitc695136e4d75695178a9fc848a7cf6bfa2b9346c (patch)
treeefba21de4995d7bd6b2f792e6d118a8e6e6bd405 /include/functions_user.inc.php
parentff7e537e2b4bceaef241096a377d12af4b917c43 (diff)
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_user.inc.php')
-rw-r--r--include/functions_user.inc.php39
1 files changed, 32 insertions, 7 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index f3eb0b172..4488294f7 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1246,19 +1246,44 @@ function is_adviser()
}
/*
- * Return if current user can edit/delete a comment
- * @param action edit/delete
+ * Return if current user can edit/delete/validate a comment
+ * @param action edit/delete/validate
* @return bool
*/
function can_manage_comment($action, $comment_author_id)
{
- if (!in_array($action, array('delete','edit'))) {
+ global $user, $conf;
+
+ if (is_a_guest())
+ {
+ return false;
+ }
+
+ if (!in_array($action, array('delete','edit', 'validate')))
+ {
return false;
}
- return (is_admin() ||
- (($GLOBALS['user']['id'] == $comment_author_id)
- && !is_a_guest()
- && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
+
+ if (is_admin())
+ {
+ return true;
+ }
+
+ if ('edit' == $action and $conf['user_can_edit_comment'])
+ {
+ if ($comment_author_id == $user['id']) {
+ return true;
+ }
+ }
+
+ if ('delete' == $action and $conf['user_can_delete_comment'])
+ {
+ if ($comment_author_id == $user['id']) {
+ return true;
+ }
+ }
+
+ return false;
}
/*