From dd885424d7281728893cb7829216313f8e776436 Mon Sep 17 00:00:00 2001 From: simo Date: Tue, 7 Jun 2005 21:32:07 +0000 Subject: Fix deletion abilities such that: TUs and DEVs may delete any package in unsupported Otherwise only package maintainers may delete their own --- web/html/packages.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'web') diff --git a/web/html/packages.php b/web/html/packages.php index 604ba72..4ea4b01 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -202,8 +202,14 @@ if (isset($_REQUEST["do_Flag"])) { $q.= "WHERE Packages.ID IN (" . $delete . ") "; $q.= "AND Packages.LocationID = PackageLocations.ID "; $q.= "AND PackageLocations.Location = 'unsupported' "; - $q.= "AND $field IN (0, " . uid_from_sid($_COOKIE["AURSID"]) . ")"; - $result = db_query($q, $dbh); + # If they're a TU or dev, can always delete, otherwise check ownership + # + if ($atype == "Trusted User" || $atype == "Developer") { + $result = db_query($q, $dbh); + } else { + $q.= "AND $field IN (0, " . uid_from_sid($_COOKIE["AURSID"]) . ")"; + $result = db_query($q, $dbh); + } if ($result != Null && mysql_num_rows($result) > 0) { while ($row = mysql_fetch_assoc($result)) { $ids_to_delete[] = $row['ID']; -- cgit v1.2.3-54-g00ecf