From: David ‘Bombe’ Roden Date: Tue, 18 Jan 2011 07:03:54 +0000 (+0100) Subject: Allow deletion of replies for all local Sones. X-Git-Tag: 0.4.2^2~30^2~3 X-Git-Url: https://git.pterodactylus.net/?a=commitdiff_plain;h=f840f1f3508b5e09cee9e95182c47775a5a2dc2e;p=Sone.git Allow deletion of replies for all local Sones. --- diff --git a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java index 8d90474..e10036b 100644 --- a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java +++ b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java @@ -18,7 +18,6 @@ package net.pterodactylus.sone.web; import net.pterodactylus.sone.data.Reply; -import net.pterodactylus.sone.data.Sone; import net.pterodactylus.sone.web.page.Page.Request.Method; import net.pterodactylus.util.template.DataProvider; import net.pterodactylus.util.template.Template; @@ -56,8 +55,7 @@ public class DeleteReplyPage extends SoneTemplatePage { Reply reply = webInterface.getCore().getReply(replyId); String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256); if (request.getMethod() == Method.POST) { - Sone currentSone = getCurrentSone(request.getToadletContext()); - if (!reply.getSone().equals(currentSone)) { + if (!webInterface.getCore().isLocalSone(reply.getSone())) { throw new RedirectException("noPermission.html"); } if (request.getHttpRequest().isPartSet("confirmDelete")) { diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java index 7614de8..f34d202 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java @@ -18,7 +18,6 @@ package net.pterodactylus.sone.web.ajax; import net.pterodactylus.sone.data.Reply; -import net.pterodactylus.sone.data.Sone; import net.pterodactylus.sone.web.WebInterface; import net.pterodactylus.util.json.JsonObject; @@ -50,14 +49,10 @@ public class DeleteReplyAjaxPage extends JsonPage { protected JsonObject createJsonObject(Request request) { String replyId = request.getHttpRequest().getParam("reply"); Reply reply = webInterface.getCore().getReply(replyId); - Sone currentSone = getCurrentSone(request.getToadletContext()); if (reply == null) { return createErrorJsonObject("invalid-reply-id"); } - if (currentSone == null) { - return createErrorJsonObject("auth-required"); - } - if (!reply.getSone().equals(currentSone)) { + if (!webInterface.getCore().isLocalSone(reply.getSone())) { return createErrorJsonObject("not-authorized"); } webInterface.getCore().deleteReply(reply);