From 09d96b79bd714283760acd8a2d74819c486cd3ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Nicolaysen=20S=F8rnes?=
 <alexander@ivan.alexstyrt>
Date: Mon, 17 Sep 2007 10:24:57 +0200
Subject: [PATCH] comment: Fix delete permissions

---
 include/comment.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/comment.php b/include/comment.php
index bc6dec3..703cf62 100644
--- a/include/comment.php
+++ b/include/comment.php
@@ -234,10 +234,9 @@ class Comment {
 
         echo "</td></tr>\n";
 
+        $oComment = new comment($oRow->commentId);
         // delete message button, for admins
-        if ($_SESSION['current']->hasPriv("admin")
-            || $_SESSION['current']->isMaintainer($oRow->versionId) 
-            || $_SESSION['current']->isSuperMaintainer($oRow->appId))
+        if ($oComment->canEdit())
         {
             $oVersion = new version($oRow->versionId);
             echo "<tr>";
@@ -353,7 +352,11 @@ class Comment {
 
     function canEdit()
     {
-        return $_SESSION['current']->hasPriv("admin");
+        if($_SESSION['current']->hasPriv("admin"))
+            return TRUE;
+
+        $oVersion = new version($this->iVersionId);
+        return $oVersion->canEdit();
     }
 
     function objectGetId()