forked from GNUsocial/gnu-social
[CORE] Fix notice delete-form
DeletenoticeAction: - Added tombstone check before deletion NoticeListItem: - Added tombstone check before showing delete-form ActivityVerb: - The plugin was overwriting the deletenotice route. Added stronger regexp to the connected routes.
This commit is contained in:
parent
f67a93eddc
commit
0b58465fb9
@ -39,9 +39,10 @@ class DeletenoticeAction extends FormAction
|
||||
{
|
||||
$this->notice = Notice::getByID($this->trimmed('notice'));
|
||||
|
||||
if (!$this->scoped->sameAs($this->notice->getProfile()) &&
|
||||
!$this->scoped->hasRight(Right::DELETEOTHERSNOTICE)) {
|
||||
// TRANS: Error message displayed trying to delete a notice that was not made by the current user.
|
||||
if ($this->notice->isVerb([ActivityVerb::DELETE]) ||
|
||||
(!$this->scoped->sameAs($this->notice->getProfile()) &&
|
||||
!$this->scoped->hasRight(Right::DELETEOTHERSNOTICE))) {
|
||||
// TRANS: Error message displayed when trying to delete a notice that was not made by the current user.
|
||||
$this->clientError(_('Cannot delete this notice.'));
|
||||
}
|
||||
|
||||
|
@ -618,6 +618,7 @@ class NoticeListItem extends Widget
|
||||
$todel = (empty($this->repeat)) ? $this->notice : $this->repeat;
|
||||
|
||||
if (!empty($user) &&
|
||||
!$this->notice->isVerb([ActivityVerb::DELETE]) &&
|
||||
($todel->profile_id == $user->id || $user->hasRight(Right::DELETEOTHERSNOTICE))) {
|
||||
$this->out->text(' ');
|
||||
$deleteurl = common_local_url('deletenotice',
|
||||
|
@ -35,14 +35,26 @@ class ActivityVerbPlugin extends Plugin
|
||||
|
||||
public function onRouterInitialized(URLMapper $m)
|
||||
{
|
||||
$unsupported = ['delete', 'share'];
|
||||
|
||||
foreach ($unsupported as $idx => $verb) {
|
||||
$unsupported[$idx] = "(?!".$verb.")";
|
||||
}
|
||||
|
||||
// not all verbs are currently handled by ActivityVerb Plugins,
|
||||
// so we need a strong regexp to prevent route replacement in
|
||||
// the URLMapper
|
||||
$verb_regexp = implode("", $unsupported) . '[a-z]+';
|
||||
|
||||
$m->connect('notice/:id/:verb',
|
||||
array('action' => 'activityverb'),
|
||||
array('id' => '[0-9]+',
|
||||
'verb' => '[a-z]+'));
|
||||
['action' => 'activityverb'],
|
||||
['id' => '[0-9]+',
|
||||
'verb' => $verb_regexp]);
|
||||
|
||||
$m->connect('activity/:id/:verb',
|
||||
array('action' => 'activityverb'),
|
||||
array('id' => '[0-9]+',
|
||||
'verb' => '[a-z]+'));
|
||||
['action' => 'activityverb'],
|
||||
['id' => '[0-9]+',
|
||||
'verb' => $verb_regexp]);
|
||||
}
|
||||
|
||||
public function onPluginVersion(array &$versions)
|
||||
|
Loading…
Reference in New Issue
Block a user