From 70fecb1032fe59e3b8e4d8ee8f739a2e75f81bee Mon Sep 17 00:00:00 2001
From: Jonathan Ernst <Jonathan@ErnstFamily.ch>
Date: Thu, 10 Mar 2005 05:29:14 +0000
Subject: [PATCH] - supermaintainers where not able to delete versions -
 maintainers where not able to delete comments

---
 admin/deleteAny.php | 49 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 35 insertions(+), 14 deletions(-)

diff --git a/admin/deleteAny.php b/admin/deleteAny.php
index 861d30e..d9e3708 100644
--- a/admin/deleteAny.php
+++ b/admin/deleteAny.php
@@ -12,12 +12,6 @@ include(BASE."include/category.php");
 include(BASE."include/application.php");
 include(BASE."include/mail.php");
 
-if(!$_SESSION['current']->hasPriv("admin"))
-{
-    errorpage();
-    exit;
-}
-
 if($_REQUEST['confirmed'] != "yes")
 {
     // ask for confirmation
@@ -34,26 +28,53 @@ if($_REQUEST['what'])
 	{
 	case "comment":
             $oComment = new Comment($_REQUEST['commentId']);
-            $oComment->delete();
-            redirect(BASE."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']);
+            if( !$_SESSION['current']->isMaintainer($oComment->iVersionId)
+             && !$_SESSION['current']->isSuperMaintainer($oComment->iAppId) 
+             && !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oComment->delete();
+                redirect(BASE."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']);
+            }
 	    break;
 	case "category":
 	    // delete category and the apps in it
             $oCategory = new Category($_REQUEST['catId']);
-            $oCategory->delete();
-            redirect(BASE."appbrowse.php");
+            if( !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oCategory->delete();
+                redirect(BASE."appbrowse.php");
+            }
 	    break;
 	case "appFamily":
 	    // delete app family & all its versions
             $oApp = new Application($_REQUEST['appId']);
-            $oApp->delete();
-            redirect(BASE."appbrowse.php");
+            if( !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oApp->delete();
+                redirect(BASE."appbrowse.php");
+            }
 	    break;
 	case "appVersion":
 	    // delete a version
             $oVersion = new Version($_REQUEST['versionId']);
-            $oVersion->delete();
-            redirect(BASE."appview.php?appId=".$_REQUEST['appId']);
+            if( !$_SESSION['current']->isSuperMaintainer($oVersion->iAppId) 
+             && !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oVersion->delete();
+                redirect(BASE."appview.php?appId=".$_REQUEST['appId']);
+            }
 	    break;
 	}
 }