Allow deletion of replies for all local Sones.

author David ‘Bombe’ Roden <bombe@pterodactylus.net>

Tue, 18 Jan 2011 07:03:54 +0000 (08:03 +0100)

committer David ‘Bombe’ Roden <bombe@pterodactylus.net>

Tue, 18 Jan 2011 07:03:54 +0000 (08:03 +0100)
author David ‘Bombe’ Roden <bombe@pterodactylus.net>
Tue, 18 Jan 2011 07:03:54 +0000 (08:03 +0100)
committer David ‘Bombe’ Roden <bombe@pterodactylus.net>
Tue, 18 Jan 2011 07:03:54 +0000 (08:03 +0100)
diff --git a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java

index 8d90474..e10036b 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
@@ -18,7 +18,6 @@
  package net.pterodactylus.sone.web;
  
  import net.pterodactylus.sone.data.Reply;
-import net.pterodactylus.sone.data.Sone;
  import net.pterodactylus.sone.web.page.Page.Request.Method;
  import net.pterodactylus.util.template.DataProvider;
  import net.pterodactylus.util.template.Template;
@@ -56,8 +55,7 @@ public class DeleteReplyPage extends SoneTemplatePage {
                 Reply reply = webInterface.getCore().getReply(replyId);
                 String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256);
                 if (request.getMethod() == Method.POST) {
-                       Sone currentSone = getCurrentSone(request.getToadletContext());
-                       if (!reply.getSone().equals(currentSone)) {
+                       if (!webInterface.getCore().isLocalSone(reply.getSone())) {
                                 throw new RedirectException("noPermission.html");
                         }
                         if (request.getHttpRequest().isPartSet("confirmDelete")) {
diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java

index 7614de8..f34d202 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java
@@ -18,7 +18,6 @@
  package net.pterodactylus.sone.web.ajax;
  
  import net.pterodactylus.sone.data.Reply;
-import net.pterodactylus.sone.data.Sone;
  import net.pterodactylus.sone.web.WebInterface;
  import net.pterodactylus.util.json.JsonObject;
  
@@ -50,14 +49,10 @@ public class DeleteReplyAjaxPage extends JsonPage {
         protected JsonObject createJsonObject(Request request) {
                 String replyId = request.getHttpRequest().getParam("reply");
                 Reply reply = webInterface.getCore().getReply(replyId);
-               Sone currentSone = getCurrentSone(request.getToadletContext());
                 if (reply == null) {
                         return createErrorJsonObject("invalid-reply-id");
                 }
-               if (currentSone == null) {
-                       return createErrorJsonObject("auth-required");
-               }
-               if (!reply.getSone().equals(currentSone)) {
+               if (!webInterface.getCore().isLocalSone(reply.getSone())) {
                         return createErrorJsonObject("not-authorized");
                 }
                 webInterface.getCore().deleteReply(reply);
author	David ‘Bombe’ Roden <bombe@pterodactylus.net>
	Tue, 18 Jan 2011 07:03:54 +0000 (08:03 +0100)
committer	David ‘Bombe’ Roden <bombe@pterodactylus.net>
	Tue, 18 Jan 2011 07:03:54 +0000 (08:03 +0100)
src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java		patch \| blob \| history
src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java		patch \| blob \| history