diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/api.php | 1 | ||||
| -rw-r--r-- | actions/deletenotice.php | 38 | ||||
| -rw-r--r-- | actions/editgroup.php | 1 | ||||
| -rw-r--r-- | actions/newnotice.php | 7 | ||||
| -rw-r--r-- | actions/twitapistatuses.php | 5 |
5 files changed, 35 insertions, 17 deletions
diff --git a/actions/api.php b/actions/api.php index d570bb017..1bc90de11 100644 --- a/actions/api.php +++ b/actions/api.php @@ -160,6 +160,7 @@ class ApiAction extends Action static $bareauth = array('statuses/user_timeline', 'statuses/friends_timeline', + 'statuses/home_timeline', 'statuses/friends', 'statuses/replies', 'statuses/mentions', diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 3d040f2fa..4a48a9c34 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -32,15 +32,45 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/lib/deleteaction.php'; - -class DeletenoticeAction extends DeleteAction +class DeletenoticeAction extends Action { - var $error = null; + var $error = null; + var $user = null; + var $notice = null; + var $profile = null; + var $user_profile = null; + + function prepare($args) + { + parent::prepare($args); + + $this->user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $this->notice = Notice::staticGet($notice_id); + + if (!$this->notice) { + common_user_error(_('No such notice.')); + exit; + } + + $this->profile = $this->notice->getProfile(); + $this->user_profile = $this->user->getProfile(); + + return true; + } function handle($args) { parent::handle($args); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + exit; + } else if ($this->notice->profile_id != $this->user_profile->id && + !$this->user->hasRight(Right::deleteOthersNotice)) { + common_user_error(_('Can\'t delete this notice.')); + exit; + } // XXX: Ajax! if ($_SERVER['REQUEST_METHOD'] == 'POST') { diff --git a/actions/editgroup.php b/actions/editgroup.php index 0c2dc8bdf..5dd039f8a 100644 --- a/actions/editgroup.php +++ b/actions/editgroup.php @@ -250,7 +250,6 @@ class EditgroupAction extends GroupDesignAction $this->group->homepage = $homepage; $this->group->description = $description; $this->group->location = $location; - $this->group->created = common_sql_now(); $result = $this->group->update($orig); diff --git a/actions/newnotice.php b/actions/newnotice.php index 23ec2a1b5..d5b0332f4 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -255,13 +255,6 @@ class NewnoticeAction extends Action $notice = Notice::saveNew($user->id, $content_shortened, 'web', 1, ($replyto == 'false') ? null : $replyto); - if (is_string($notice)) { - if (isset($filename)) { - $this->deleteFile($filename); - } - $this->clientError($notice); - } - if (isset($mimetype)) { $this->attachFile($notice, $fileRecord); } diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 2f10ff966..87043b182 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -297,11 +297,6 @@ class TwitapistatusesAction extends TwitterapiAction html_entity_decode($status, ENT_NOQUOTES, 'UTF-8'), $source, 1, $reply_to); - if (is_string($notice)) { - $this->serverError($notice); - return; - } - common_broadcast_notice($notice); $apidata['api_arg'] = $notice->id; } |