Commit d136d7c8 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Allow users to delete their own comments

Fixes a regression introduced in 03c6304e

 (Rework permission handling,
2014-07-15). Fixes FS#41379.

Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 63f95bd8
......@@ -13,27 +13,19 @@ include_once("pkgbasefuncs.inc.php");
* @return bool True if the user can delete the comment, otherwise false
*/
function can_delete_comment($comment_id=0) {
if (!uid_from_sid($_COOKIE["AURSID"])) {
/* Unauthenticated users cannot delete anything. */
return false;
}
if (has_credential(CRED_COMMENT_DELETE)) {
/* TUs and developers can delete any comment. */
return true;
}
$dbh = DB::connect();
$q = "SELECT COUNT(*) FROM PackageComments ";
$q.= "WHERE ID = " . intval($comment_id) . " AND UsersID = " . $uid;
$q = "SELECT UsersID FROM PackageComments ";
$q.= "WHERE ID = " . intval($comment_id);
$result = $dbh->query($q);
if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM);
return ($row[0] > 0);
$uid = $result->fetch(PDO::FETCH_COLUMN, 0);
return has_credential(CRED_COMMENT_DELETE, array($uid));
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment