Fix PHP fatal error in DeletenoticeAction: died when we had a valid notice, but weren...

[quix0rs-gnu-social.git] / actions / deletenotice.php
diff --git a/actions/deletenotice.php b/actions/deletenotice.php

index 24f70b5dbbc54201eaf6929618f4a698c1c13c27..2879faa5df70003521961f692049abe8bbc9619b 100644 (file)
--- a/actions/deletenotice.php
+++ b/actions/deletenotice.php
@@ -28,19 +28,52 @@
   * @link      http://status.net/
   */
  
-if (!defined('LACONICA')) {
+if (!defined('STATUSNET') && !defined('LACONICA')) {
      exit(1);
  }
  
-require_once INSTALLDIR.'/lib/deleteaction.php';
-
-class DeletenoticeAction extends DeleteAction
+class DeletenoticeAction extends Action
  {
-    var $error = null;
+    var $error        = null;
+    var $user         = null;
+    var $notice       = null;
+    var $profile      = null;
+    var $user_profile = null;
+
+    function prepare($args)
+    {
+        parent::prepare($args);
+
+        $this->user   = common_current_user();
+
+        if (!$this->user) {
+            common_user_error(_('Not logged in.'));
+            exit;
+        }
+
+        $notice_id    = $this->trimmed('notice');
+        $this->notice = Notice::staticGet($notice_id);
+
+        if (!$this->notice) {
+            common_user_error(_('No such notice.'));
+            exit;
+        }
+
+        $this->profile      = $this->notice->getProfile();
+        $this->user_profile = $this->user->getProfile();
+
+        return true;
+    }
  
      function handle($args)
      {
          parent::handle($args);
+
+        if ($this->notice->profile_id != $this->user_profile->id &&
+                   !$this->user->hasRight(Right::DELETEOTHERSNOTICE)) {
+            common_user_error(_('Can\'t delete this notice.'));
+            exit;
+        }
          // XXX: Ajax!
  
          if ($_SERVER['REQUEST_METHOD'] == 'POST') {
@@ -112,8 +145,20 @@ class DeletenoticeAction extends DeleteAction
          $this->hidden('token', common_session_token());
          $this->hidden('notice', $this->trimmed('notice'));
          $this->element('p', null, _('Are you sure you want to delete this notice?'));
-        $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not delete this notice"));
-        $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Delete this notice'));
+        $this->submit('form_action-no',
+                      // TRANS: Button label on the delete notice form.
+                      _m('BUTTON','No'),
+                      'submit form_action-primary',
+                      'no',
+                      // TRANS: Submit button title for 'No' when deleting a notice.
+                      _("Do not delete this notice"));
+        $this->submit('form_action-yes',
+                      // TRANS: Button label on the delete notice form.
+                      _m('BUTTON','Yes'),
+                      'submit form_action-secondary',
+                      'yes',
+                      // TRANS: Submit button title for 'Yes' when deleting a notice.
+                      _('Delete this notice'));
          $this->elementEnd('fieldset');
          $this->elementEnd('form');
      }
@@ -125,12 +170,15 @@ class DeletenoticeAction extends DeleteAction
  
          if (!$token || $token != common_session_token()) {
              $this->showForm(_('There was a problem with your session token. ' .
-                              ' Try again, please.'));
+                              'Try again, please.'));
              return;
          }
  
          if ($this->arg('yes')) {
-            $this->notice->delete();
+            if (Event::handle('StartDeleteOwnNotice', array($this->user, $this->notice))) {
+                $this->notice->delete();
+                Event::handle('EndDeleteOwnNotice', array($this->user, $this->notice));
+            }
          }
  
          $url = common_get_returnto();