projects
/
Sone.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
364347e
)
Allow deletion of posts of all local Sones, not only the logged in.
author
David ‘Bombe’ Roden
<bombe@pterodactylus.net>
Tue, 18 Jan 2011 05:57:24 +0000
(06:57 +0100)
committer
David ‘Bombe’ Roden
<bombe@pterodactylus.net>
Tue, 18 Jan 2011 05:57:24 +0000
(06:57 +0100)
src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
patch
|
blob
|
history
src/main/java/net/pterodactylus/sone/web/ajax/DeletePostAjaxPage.java
patch
|
blob
|
history
src/main/resources/templates/include/viewPost.html
patch
|
blob
|
history
src/main/resources/templates/include/viewReply.html
patch
|
blob
|
history
diff --git
a/src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
b/src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
index
5722ee3
..
78c9f22
100644
(file)
--- a/
src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
+++ b/
src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
@@
-18,7
+18,6
@@
package net.pterodactylus.sone.web;
import net.pterodactylus.sone.data.Post;
package net.pterodactylus.sone.web;
import net.pterodactylus.sone.data.Post;
-import net.pterodactylus.sone.data.Sone;
import net.pterodactylus.sone.web.page.Page.Request.Method;
import net.pterodactylus.util.template.DataProvider;
import net.pterodactylus.util.template.Template;
import net.pterodactylus.sone.web.page.Page.Request.Method;
import net.pterodactylus.util.template.DataProvider;
import net.pterodactylus.util.template.Template;
@@
-63,12
+62,11
@@
public class DeletePostPage extends SoneTemplatePage {
String postId = request.getHttpRequest().getPartAsStringFailsafe("post", 36);
String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256);
Post post = webInterface.getCore().getPost(postId);
String postId = request.getHttpRequest().getPartAsStringFailsafe("post", 36);
String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256);
Post post = webInterface.getCore().getPost(postId);
- Sone currentSone = getCurrentSone(request.getToadletContext());
- if (!post.getSone().equals(currentSone)) {
+ if (!webInterface.getCore().isLocalSone(post.getSone())) {
throw new RedirectException("noPermission.html");
}
if (request.getHttpRequest().isPartSet("confirmDelete")) {
throw new RedirectException("noPermission.html");
}
if (request.getHttpRequest().isPartSet("confirmDelete")) {
-
currentSone.remov
ePost(post);
+
webInterface.getCore().delet
ePost(post);
throw new RedirectException(returnPage);
} else if (request.getHttpRequest().isPartSet("abortDelete")) {
throw new RedirectException(returnPage);
throw new RedirectException(returnPage);
} else if (request.getHttpRequest().isPartSet("abortDelete")) {
throw new RedirectException(returnPage);
diff --git
a/src/main/java/net/pterodactylus/sone/web/ajax/DeletePostAjaxPage.java
b/src/main/java/net/pterodactylus/sone/web/ajax/DeletePostAjaxPage.java
index
479e71e
..
8d3b414
100644
(file)
--- a/
src/main/java/net/pterodactylus/sone/web/ajax/DeletePostAjaxPage.java
+++ b/
src/main/java/net/pterodactylus/sone/web/ajax/DeletePostAjaxPage.java
@@
-18,7
+18,6
@@
package net.pterodactylus.sone.web.ajax;
import net.pterodactylus.sone.data.Post;
package net.pterodactylus.sone.web.ajax;
import net.pterodactylus.sone.data.Post;
-import net.pterodactylus.sone.data.Sone;
import net.pterodactylus.sone.web.WebInterface;
import net.pterodactylus.util.json.JsonObject;
import net.pterodactylus.sone.web.WebInterface;
import net.pterodactylus.util.json.JsonObject;
@@
-50,14
+49,10
@@
public class DeletePostAjaxPage extends JsonPage {
protected JsonObject createJsonObject(Request request) {
String postId = request.getHttpRequest().getParam("post");
Post post = webInterface.getCore().getPost(postId, false);
protected JsonObject createJsonObject(Request request) {
String postId = request.getHttpRequest().getParam("post");
Post post = webInterface.getCore().getPost(postId, false);
- Sone currentSone = getCurrentSone(request.getToadletContext());
if ((post == null) || (post.getSone() == null)) {
return createErrorJsonObject("invalid-post-id");
}
if ((post == null) || (post.getSone() == null)) {
return createErrorJsonObject("invalid-post-id");
}
- if (currentSone == null) {
- return createErrorJsonObject("auth-required");
- }
- if (!post.getSone().equals(currentSone)) {
+ if (!webInterface.getCore().isLocalSone(post.getSone())) {
return createErrorJsonObject("not-authorized");
}
webInterface.getCore().deletePost(post);
return createErrorJsonObject("not-authorized");
}
webInterface.getCore().deletePost(post);
diff --git
a/src/main/resources/templates/include/viewPost.html
b/src/main/resources/templates/include/viewPost.html
index
5161dfe
..
b4f570f
100644
(file)
--- a/
src/main/resources/templates/include/viewPost.html
+++ b/
src/main/resources/templates/include/viewPost.html
@@
-62,7
+62,7
@@
</form>
<%/if>
<%/if>
</form>
<%/if>
<%/if>
- <%if post.sone.
current
>
+ <%if post.sone.
local
>
<span class='separator'>·</span>
<form class="delete delete-post" action="deletePost.html" method="post">
<input type="hidden" name="formPassword" value="<% formPassword|html>" />
<span class='separator'>·</span>
<form class="delete delete-post" action="deletePost.html" method="post">
<input type="hidden" name="formPassword" value="<% formPassword|html>" />
diff --git
a/src/main/resources/templates/include/viewReply.html
b/src/main/resources/templates/include/viewReply.html
index
805626a
..
6b13776
100644
(file)
--- a/
src/main/resources/templates/include/viewReply.html
+++ b/
src/main/resources/templates/include/viewReply.html
@@
-54,7
+54,7
@@
</form>
<%/if>
<%/if>
</form>
<%/if>
<%/if>
- <%if reply.sone.
current
>
+ <%if reply.sone.
local
>
<span class='separator'>·</span>
<form class="delete delete-reply" action="deleteReply.html" method="post">
<input type="hidden" name="formPassword" value="<% formPassword|html>" />
<span class='separator'>·</span>
<form class="delete delete-reply" action="deleteReply.html" method="post">
<input type="hidden" name="formPassword" value="<% formPassword|html>" />