From f840f1f3508b5e09cee9e95182c47775a5a2dc2e Mon Sep 17 00:00:00 2001
From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?=
 <bombe@pterodactylus.net>
Date: Tue, 18 Jan 2011 08:03:54 +0100
Subject: [PATCH] Allow deletion of replies for all local Sones.

---
 src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java      | 4 +---
 .../java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java  | 7 +------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
index 8d90474..e10036b 100644
--- a/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/DeleteReplyPage.java
@@ -18,7 +18,6 @@
 package net.pterodactylus.sone.web;
 
 import net.pterodactylus.sone.data.Reply;
-import net.pterodactylus.sone.data.Sone;
 import net.pterodactylus.sone.web.page.Page.Request.Method;
 import net.pterodactylus.util.template.DataProvider;
 import net.pterodactylus.util.template.Template;
@@ -56,8 +55,7 @@ public class DeleteReplyPage extends SoneTemplatePage {
 		Reply reply = webInterface.getCore().getReply(replyId);
 		String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 256);
 		if (request.getMethod() == Method.POST) {
-			Sone currentSone = getCurrentSone(request.getToadletContext());
-			if (!reply.getSone().equals(currentSone)) {
+			if (!webInterface.getCore().isLocalSone(reply.getSone())) {
 				throw new RedirectException("noPermission.html");
 			}
 			if (request.getHttpRequest().isPartSet("confirmDelete")) {
diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java
index 7614de8..f34d202 100644
--- a/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/ajax/DeleteReplyAjaxPage.java
@@ -18,7 +18,6 @@
 package net.pterodactylus.sone.web.ajax;
 
 import net.pterodactylus.sone.data.Reply;
-import net.pterodactylus.sone.data.Sone;
 import net.pterodactylus.sone.web.WebInterface;
 import net.pterodactylus.util.json.JsonObject;
 
@@ -50,14 +49,10 @@ public class DeleteReplyAjaxPage extends JsonPage {
 	protected JsonObject createJsonObject(Request request) {
 		String replyId = request.getHttpRequest().getParam("reply");
 		Reply reply = webInterface.getCore().getReply(replyId);
-		Sone currentSone = getCurrentSone(request.getToadletContext());
 		if (reply == null) {
 			return createErrorJsonObject("invalid-reply-id");
 		}
-		if (currentSone == null) {
-			return createErrorJsonObject("auth-required");
-		}
-		if (!reply.getSone().equals(currentSone)) {
+		if (!webInterface.getCore().isLocalSone(reply.getSone())) {
 			return createErrorJsonObject("not-authorized");
 		}
 		webInterface.getCore().deleteReply(reply);
-- 
2.7.4