[CORE] Fix notice delete-form

DeletenoticeAction:
- Added tombstone check before deletion

NoticeListItem:
- Added tombstone check before showing delete-form

ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.

diff --git a/actions/deletenotice.php b/actions/deletenotice.php
index 2dd0848aa575e30c17ca371faccebc7769bf2fd6..783a0bf4bff3f89486fb280215ace21bebdac237 100644 (file)
--- a/actions/deletenotice.php
+++ b/actions/deletenotice.php
@@ -39,9 +39,10 @@ class DeletenoticeAction extends FormAction
     {
         $this->notice = Notice::getByID($this->trimmed('notice'));
 
-        if (!$this->scoped->sameAs($this->notice->getProfile()) &&
-                   !$this->scoped->hasRight(Right::DELETEOTHERSNOTICE)) {
-            // TRANS: Error message displayed trying to delete a notice that was not made by the current user.
+        if ($this->notice->isVerb([ActivityVerb::DELETE]) ||
+            (!$this->scoped->sameAs($this->notice->getProfile()) &&
+              !$this->scoped->hasRight(Right::DELETEOTHERSNOTICE))) {
+            // TRANS: Error message displayed when trying to delete a notice that was not made by the current user.
             $this->clientError(_('Cannot delete this notice.'));
         }
 

diff --git a/lib/noticelistitem.php b/lib/noticelistitem.php
index 5468310ea3d5c70e3487cc13a95fa1488571ee70..aa4f6b7bc683f4383a88eae9e8b9e455fa5fc26a 100644 (file)
--- a/lib/noticelistitem.php
+++ b/lib/noticelistitem.php
@@ -618,6 +618,7 @@ class NoticeListItem extends Widget
         $todel = (empty($this->repeat)) ? $this->notice : $this->repeat;
 
         if (!empty($user) &&
+            !$this->notice->isVerb([ActivityVerb::DELETE]) &&
             ($todel->profile_id == $user->id || $user->hasRight(Right::DELETEOTHERSNOTICE))) {
             $this->out->text(' ');
             $deleteurl = common_local_url('deletenotice',

diff --git a/plugins/ActivityVerb/ActivityVerbPlugin.php b/plugins/ActivityVerb/ActivityVerbPlugin.php
index 4d92e3666580c95dc09b81a4e1db5350bd28c885..22b12a680ffdf0b65b8a061437ed72ecb821b931 100644 (file)
--- a/plugins/ActivityVerb/ActivityVerbPlugin.php
+++ b/plugins/ActivityVerb/ActivityVerbPlugin.php
@@ -35,14 +35,26 @@ class ActivityVerbPlugin extends Plugin
 
     public function onRouterInitialized(URLMapper $m)
     {
+        $unsupported = ['delete', 'share'];
+
+        foreach ($unsupported as $idx => $verb) {
+            $unsupported[$idx] = "(?!".$verb.")";
+        }
+
+        // not all verbs are currently handled by ActivityVerb Plugins,
+        // so we need a strong regexp to prevent route replacement in
+        // the URLMapper
+        $verb_regexp = implode("", $unsupported) . '[a-z]+';
+
         $m->connect('notice/:id/:verb',
-                    array('action' => 'activityverb'),
-                    array('id'     => '[0-9]+',
-                          'verb'   => '[a-z]+'));
+                    ['action' => 'activityverb'],
+                    ['id'     => '[0-9]+',
+                     'verb'   => $verb_regexp]);
+
         $m->connect('activity/:id/:verb',
-                    array('action' => 'activityverb'),
-                    array('id'     => '[0-9]+',
-                          'verb'   => '[a-z]+'));
+                    ['action' => 'activityverb'],
+                    ['id'     => '[0-9]+',
+                     'verb'   => $verb_regexp]);
     }
 
     public function onPluginVersion(array &$versions)