bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2010-03-19 22:25:39 +00:00
parent ff7e537e2b
commit c695136e4d
26 changed files with 433 additions and 170 deletions

View file

@ -1246,19 +1246,44 @@ function is_adviser()
}
/*
* Return if current user can edit/delete a comment
* @param action edit/delete
* Return if current user can edit/delete/validate a comment
* @param action edit/delete/validate
* @return bool
*/
function can_manage_comment($action, $comment_author_id)
{
if (!in_array($action, array('delete','edit'))) {
global $user, $conf;
if (is_a_guest())
{
return false;
}
return (is_admin() ||
(($GLOBALS['user']['id'] == $comment_author_id)
&& !is_a_guest()
&& $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
if (!in_array($action, array('delete','edit', 'validate')))
{
return false;
}
if (is_admin())
{
return true;
}
if ('edit' == $action and $conf['user_can_edit_comment'])
{
if ($comment_author_id == $user['id']) {
return true;
}
}
if ('delete' == $action and $conf['user_can_delete_comment'])
{
if ($comment_author_id == $user['id']) {
return true;
}
}
return false;
}
/*