summaryrefslogtreecommitdiff
path: root/actions/deletenotice.php
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2009-09-30 10:32:05 -0700
committerZach Copley <zach@status.net>2009-09-30 10:32:05 -0700
commit5bab0288afe90996729101df1372071e1bf2cffc (patch)
tree6f715547d0cb1cf632c7be4e596fa4d45f347f41 /actions/deletenotice.php
parent34ba2d03e94d3708a68166a8eae248152691f628 (diff)
parenta57783de0214f061eca3ab65880f573e8668de03 (diff)
Merge branch '0.9.x' into refactor-api
* 0.9.x: (39 commits) Timeout a little incase the notice item from XHR response is Relocated the button for pop up window for notice stream Script no longer needed for Realtime plugin Better check to see if the XML prolog should be outputted for XML Outputting UTF-8 charset in document header irrespective of mimetype. Switched Doctype to XHTML 1.0 Strict (which best reflects the current Twitter API returns server errors in preferred format move HTTP error code strings to class variables remove string-checks from code using Notice::saveNew() change string return from Notice::saveNew to exceptions stop overwriting created timestamp on group edit Forgot to add home_timeline to the list of methods that only require Forgot to add home_timeline to the list of methods that only require moderator can delete another user's notice show delete button when user has deleteOthersNotice right let hooks override standard user rights user rights Merge DeleteAction class into DeletenoticeAction Fix some bugs in the URL linkification, and fixed the unit test. Fix URL linkification test cases for addition of 'title' attribution with long URL in f3c8fccc ...
Diffstat (limited to 'actions/deletenotice.php')
-rw-r--r--actions/deletenotice.php38
1 files changed, 34 insertions, 4 deletions
diff --git a/actions/deletenotice.php b/actions/deletenotice.php
index 3d040f2fa..4a48a9c34 100644
--- a/actions/deletenotice.php
+++ b/actions/deletenotice.php
@@ -32,15 +32,45 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
-require_once INSTALLDIR.'/lib/deleteaction.php';
-
-class DeletenoticeAction extends DeleteAction
+class DeletenoticeAction extends Action
{
- var $error = null;
+ var $error = null;
+ var $user = null;
+ var $notice = null;
+ var $profile = null;
+ var $user_profile = null;
+
+ function prepare($args)
+ {
+ parent::prepare($args);
+
+ $this->user = common_current_user();
+ $notice_id = $this->trimmed('notice');
+ $this->notice = Notice::staticGet($notice_id);
+
+ if (!$this->notice) {
+ common_user_error(_('No such notice.'));
+ exit;
+ }
+
+ $this->profile = $this->notice->getProfile();
+ $this->user_profile = $this->user->getProfile();
+
+ return true;
+ }
function handle($args)
{
parent::handle($args);
+
+ if (!common_logged_in()) {
+ common_user_error(_('Not logged in.'));
+ exit;
+ } else if ($this->notice->profile_id != $this->user_profile->id &&
+ !$this->user->hasRight(Right::deleteOthersNotice)) {
+ common_user_error(_('Can\'t delete this notice.'));
+ exit;
+ }
// XXX: Ajax!
if ($_SERVER['REQUEST_METHOD'] == 'POST') {