- supermaintainers where not able to delete versions

- maintainers where not able to delete comments
2005-03-10 05:29:14 +00:00
parent 57223914a0
commit 70fecb1032
1 changed files with 35 additions and 14 deletions
--- a/admin/deleteAny.php
+++ b/admin/deleteAny.php
@@ -12,12 +12,6 @@ include(BASE."include/category.php");
 include(BASE."include/application.php");
 include(BASE."include/mail.php");

-if(!$_SESSION['current']->hasPriv("admin"))
-{
-    errorpage();
-    exit;
-}
-
 if($_REQUEST['confirmed'] != "yes")
 {
    // ask for confirmation
@@ -34,26 +28,53 @@ if($_REQUEST['what'])
 	{
 	case "comment":
            $oComment = new Comment($_REQUEST['commentId']);
-            $oComment->delete();
-            redirect(BASE."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']);
+            if( !$_SESSION['current']->isMaintainer($oComment->iVersionId)
+             && !$_SESSION['current']->isSuperMaintainer($oComment->iAppId) 
+             && !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oComment->delete();
+                redirect(BASE."appview.php?appId=".$_REQUEST['appId']."&versionId=".$_REQUEST['versionId']);
+            }
 	    break;
 	case "category":
 	    // delete category and the apps in it
            $oCategory = new Category($_REQUEST['catId']);
-            $oCategory->delete();
-            redirect(BASE."appbrowse.php");
+            if( !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oCategory->delete();
+                redirect(BASE."appbrowse.php");
+            }
 	    break;
 	case "appFamily":
 	    // delete app family & all its versions
            $oApp = new Application($_REQUEST['appId']);
-            $oApp->delete();
-            redirect(BASE."appbrowse.php");
+            if( !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oApp->delete();
+                redirect(BASE."appbrowse.php");
+            }
 	    break;
 	case "appVersion":
 	    // delete a version
            $oVersion = new Version($_REQUEST['versionId']);
-            $oVersion->delete();
-            redirect(BASE."appview.php?appId=".$_REQUEST['appId']);
+            if( !$_SESSION['current']->isSuperMaintainer($oVersion->iAppId) 
+             && !$_SESSION['current']->hasPriv("admin") )
+            {
+                errorpage();
+            } else
+            {
+                $oVersion->delete();
+                redirect(BASE."appview.php?appId=".$_REQUEST['appId']);
+            }
 	    break;
 	}
 }