diff options
author | Zach Copley <zach@status.net> | 2009-09-30 10:32:05 -0700 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2009-09-30 10:32:05 -0700 |
commit | 5bab0288afe90996729101df1372071e1bf2cffc (patch) | |
tree | 6f715547d0cb1cf632c7be4e596fa4d45f347f41 /actions/deletenotice.php | |
parent | 34ba2d03e94d3708a68166a8eae248152691f628 (diff) | |
parent | a57783de0214f061eca3ab65880f573e8668de03 (diff) |
Merge branch '0.9.x' into refactor-api
* 0.9.x: (39 commits)
Timeout a little incase the notice item from XHR response is
Relocated the button for pop up window for notice stream
Script no longer needed for Realtime plugin
Better check to see if the XML prolog should be outputted for XML
Outputting UTF-8 charset in document header irrespective of mimetype.
Switched Doctype to XHTML 1.0 Strict (which best reflects the current
Twitter API returns server errors in preferred format
move HTTP error code strings to class variables
remove string-checks from code using Notice::saveNew()
change string return from Notice::saveNew to exceptions
stop overwriting created timestamp on group edit
Forgot to add home_timeline to the list of methods that only require
Forgot to add home_timeline to the list of methods that only require
moderator can delete another user's notice
show delete button when user has deleteOthersNotice right
let hooks override standard user rights
user rights
Merge DeleteAction class into DeletenoticeAction
Fix some bugs in the URL linkification, and fixed the unit test.
Fix URL linkification test cases for addition of 'title' attribution with long URL in f3c8fccc
...
Diffstat (limited to 'actions/deletenotice.php')
-rw-r--r-- | actions/deletenotice.php | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 3d040f2fa..4a48a9c34 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -32,15 +32,45 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/lib/deleteaction.php'; - -class DeletenoticeAction extends DeleteAction +class DeletenoticeAction extends Action { - var $error = null; + var $error = null; + var $user = null; + var $notice = null; + var $profile = null; + var $user_profile = null; + + function prepare($args) + { + parent::prepare($args); + + $this->user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $this->notice = Notice::staticGet($notice_id); + + if (!$this->notice) { + common_user_error(_('No such notice.')); + exit; + } + + $this->profile = $this->notice->getProfile(); + $this->user_profile = $this->user->getProfile(); + + return true; + } function handle($args) { parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + exit; + } else if ($this->notice->profile_id != $this->user_profile->id && + !$this->user->hasRight(Right::deleteOthersNotice)) { + common_user_error(_('Can\'t delete this notice.')); + exit; + } // XXX: Ajax! if ($_SERVER['REQUEST_METHOD'] == 'POST') { |