X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fdeletenotice.php;h=69cb1ebe87982e912dc41ba19d0d740ff0a8e303;hb=ad651c35353021d05ef4a013e57c17d0b885c5dc;hp=22c3fc3b94ad3e8a82c68dc77f461fc82f565758;hpb=d35b2d3f3c2128b147a6fa897032262c1f632262;p=quix0rs-gnu-social.git

diff --git a/actions/deletenotice.php b/actions/deletenotice.php
index 22c3fc3b94..69cb1ebe87 100644
--- a/actions/deletenotice.php
+++ b/actions/deletenotice.php
@@ -21,26 +21,56 @@
  *
  * @category  Personal
  * @package   StatusNet
- * @author    Evan Prodromou <evan@controlyourself.ca>
- * @author    Sarven Capadisli <csarven@controlyourself.ca>
+ * @author    Evan Prodromou <evan@status.net>
+ * @author    Sarven Capadisli <csarven@status.net>
  * @copyright 2008 StatusNet, Inc.
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link      http://status.net/
  */
 
-if (!defined('LACONICA')) {
+if (!defined('STATUSNET') && !defined('LACONICA')) {
     exit(1);
 }
 
-require_once INSTALLDIR.'/lib/deleteaction.php';
-
-class DeletenoticeAction extends DeleteAction
+class DeletenoticeAction extends Action
 {
-    var $error = null;
+    var $error        = null;
+    var $user         = null;
+    var $notice       = null;
+    var $profile      = null;
+    var $user_profile = null;
+
+    function prepare($args)
+    {
+        parent::prepare($args);
+
+        $this->user   = common_current_user();
+        $notice_id    = $this->trimmed('notice');
+        $this->notice = Notice::staticGet($notice_id);
+
+        if (!$this->notice) {
+            common_user_error(_('No such notice.'));
+            exit;
+        }
+
+        $this->profile      = $this->notice->getProfile();
+        $this->user_profile = $this->user->getProfile();
+
+        return true;
+    }
 
     function handle($args)
     {
         parent::handle($args);
+
+        if (!common_logged_in()) {
+            common_user_error(_('Not logged in.'));
+            exit;
+        } else if ($this->notice->profile_id != $this->user_profile->id &&
+                   !$this->user->hasRight(Right::DELETEOTHERSNOTICE)) {
+            common_user_error(_('Can\'t delete this notice.'));
+            exit;
+        }
         // XXX: Ajax!
 
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
@@ -125,7 +155,7 @@ class DeletenoticeAction extends DeleteAction
 
         if (!$token || $token != common_session_token()) {
             $this->showForm(_('There was a problem with your session token. ' .
-                              ' Try again, please.'));
+                              'Try again, please.'));
             return;
         }