diff options
| author | wjames5 <will@tekimaki.com> | 2008-08-01 03:31:46 +0000 |
|---|---|---|
| committer | wjames5 <will@tekimaki.com> | 2008-08-01 03:31:46 +0000 |
| commit | 3a22553520d0ff3330828c729ffe9a4c90cc8766 (patch) | |
| tree | 9a35794ff3fb80e9623fcba717146ae33b7479db /edit_topic.php | |
| parent | 39bc2e90c0a9edc60ef91374c746cf829cf58492 (diff) | |
| download | boards-3a22553520d0ff3330828c729ffe9a4c90cc8766.tar.gz boards-3a22553520d0ff3330828c729ffe9a4c90cc8766.tar.bz2 boards-3a22553520d0ff3330828c729ffe9a4c90cc8766.zip | |
move expunge topic into edit_topic, and do perm checks on the root board for editing topics instead of on the topic itself - NOTE! change to expunge topic is now either hasEditPerm on the board if its root is a board or has admin_comments perm. Prevents someone from killing a tree of comments on content that is not controlled by the board but is mapped to the board - but does give board editor more power over its native comments
Diffstat (limited to 'edit_topic.php')
| -rw-r--r-- | edit_topic.php | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/edit_topic.php b/edit_topic.php index 35cc856..be760c6 100644 --- a/edit_topic.php +++ b/edit_topic.php @@ -16,17 +16,44 @@ if( !$gContent->isValid() ){ // Check the user's ticket $gBitUser->verifyTicket(); +// Load up the Topic's board - we'll respect its permissions +$board = new BitBoard( $gContent->mInfo['board_id'] ); + $rslt = false; + // Edit calls +// Set locked or sticky if( isset($_REQUEST['is_locked']) || isset($_REQUEST['is_sticky']) ){ // Check permissions to edit this topic - $gContent->verifyEditPermission(); + $board->verifyEditPermission(); if ( isset($_REQUEST['is_locked']) && is_numeric($_REQUEST['is_locked']) ){ $rslt = $gContent->lock($_REQUEST['is_locked']); } elseif ( isset($_REQUEST['is_sticky']) && is_numeric($_REQUEST['is_sticky']) ){ $rslt = $gContent->sticky($_REQUEST['is_sticky']); } +// Remove a topic +}elseif( isset( $_REQUEST['remove'] ) ) { + // Check permissions to edit this topic if the root object is the board check its perms, otherwise check general comment admin perms + if( !(( $gContent->mInfo['root_id'] == $gContent->mInfo['board_id'] && $board->hasEditPermission() ) || $gBitUser->hasPermission('p_liberty_admin_comments')) ){ + $gBitSystem->fatalError( 'You do not have permission to delete this topic.' ); + } + + if( !empty( $_REQUEST['cancel'] ) ) { + // user cancelled - just continue on, doing nothing + } elseif( empty( $_REQUEST['confirm'] ) ) { + $formHash['remove'] = TRUE; + $formHash['t'] = $_REQUEST['t']; + $gBitSystem->confirmDialog( $formHash, array( 'warning' => tra( 'Are you sure you want to delete the topic' ).' "'.$gContent->getTitle().'" ?', 'error' => 'This cannot be undone!' ) ); + } else { + // @TODO Topic should extend LibertyComment - but until that day we load it up a second time + $topicAsComment = new LibertyComment( $_REQUEST['t'] ); + if( !$topicAsComment->expunge() ) { + $gBitSmarty->assign_by_ref( 'errors', $topicAsComment->mErrors ); + } + // send us back to the baord - http_referer won't work with confirm process + bit_redirect( BOARDS_PKG_URL.'index.php?b='. $gContent->mInfo['board_id'] ); + } // User pref options on a topic - not really editing but this simplifies topic related processes putting it here }elseif( isset($_REQUEST['new']) || isset($_REQUEST['notify']) ){ // Check permissions to view this topic |