Changeset 5195 for trunk/include/functions_user.inc.php

Timestamp:

Mar 19, 2010, 11:25:39 PM (14 years ago)

Author:

plg

Message:

bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

File:

• trunk/include/functions_user.inc.php (modified) (1 diff)

trunk/include/functions_user.inc.php

@@ -1247 +1247 @@
 
 /*
- * Return if current user can edit/delete a comment
- * @param action edit/delete
+ * Return if current user can edit/delete/validate a comment
+ * @param action edit/delete/validate
  * @return bool
  */
 function can_manage_comment($action, $comment_author_id)
 {
-  if (!in_array($action, array('delete','edit'))) {
+  global $user, $conf;
+  
+  if (is_a_guest())
+  {
     return false;
   }
-  return (is_admin() ||
-          (($GLOBALS['user']['id'] == $comment_author_id)
-           && !is_a_guest()
-           && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
+  
+  if (!in_array($action, array('delete','edit', 'validate')))
+  {
+    return false;
+  }
+
+  if (is_admin())
+  {
+    return true;
+  }
+
+  if ('edit' == $action and $conf['user_can_edit_comment'])
+  {
+    if ($comment_author_id == $user['id']) {
+      return true;
+    }
+  }
+
+  if ('delete' == $action and $conf['user_can_delete_comment'])
+  {
+    if ($comment_author_id == $user['id']) {
+      return true;
+    }
+  }
+
+  return false;
 }