mirror of
https://github.com/Piwigo/Piwigo.git
synced 2025-04-29 12:49:57 +03:00
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring on this feature to make the code simpler and easier to maintain (I hope). git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
parent
ff7e537e2b
commit
c695136e4d
26 changed files with 433 additions and 170 deletions
|
@ -1246,19 +1246,44 @@ function is_adviser()
|
|||
}
|
||||
|
||||
/*
|
||||
* Return if current user can edit/delete a comment
|
||||
* @param action edit/delete
|
||||
* Return if current user can edit/delete/validate a comment
|
||||
* @param action edit/delete/validate
|
||||
* @return bool
|
||||
*/
|
||||
function can_manage_comment($action, $comment_author_id)
|
||||
{
|
||||
if (!in_array($action, array('delete','edit'))) {
|
||||
global $user, $conf;
|
||||
|
||||
if (is_a_guest())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return (is_admin() ||
|
||||
(($GLOBALS['user']['id'] == $comment_author_id)
|
||||
&& !is_a_guest()
|
||||
&& $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
|
||||
|
||||
if (!in_array($action, array('delete','edit', 'validate')))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if (is_admin())
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
if ('edit' == $action and $conf['user_can_edit_comment'])
|
||||
{
|
||||
if ($comment_author_id == $user['id']) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if ('delete' == $action and $conf['user_can_delete_comment'])
|
||||
{
|
||||
if ($comment_author_id == $user['id']) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue