diff options
| author | root <root@adnab.me> | 2014-01-31 19:08:03 +0100 |
|---|---|---|
| committer | root <root@adnab.me> | 2014-01-31 19:08:03 +0100 |
| commit | 77048675abf5fad43e8b5371c35e1c86b3be59c2 (patch) | |
| tree | 2d77c78988a4a354af3653481785aeea00429e5e /lib/notes | |
| parent | 2a274c011d177f5ad1e863301b8b88c560a3829d (diff) | |
| download | Bits-adnab.me-site.tar.gz Bits-adnab.me-site.zip | |
Privilege changesadnab.me-site
Diffstat (limited to 'lib/notes')
| -rw-r--r-- | lib/notes/delete.php | 2 | ||||
| -rw-r--r-- | lib/notes/edit.php | 2 | ||||
| -rw-r--r-- | lib/notes/move.php | 2 | ||||
| -rw-r--r-- | lib/notes/view.php | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/lib/notes/delete.php b/lib/notes/delete.php index e8ef31e..43dbf44 100644 --- a/lib/notes/delete.php +++ b/lib/notes/delete.php @@ -4,7 +4,7 @@ assert_redir(count($args) >= 3, 'notes'); $noteid = intval($args[2]); $note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid")); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to delete it."); token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid"); diff --git a/lib/notes/edit.php b/lib/notes/edit.php index 17f1573..ec479b0 100644 --- a/lib/notes/edit.php +++ b/lib/notes/edit.php @@ -11,7 +11,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to edit it."); $note_title = $note['title']; diff --git a/lib/notes/move.php b/lib/notes/move.php index c3439d7..d51b4ad 100644 --- a/lib/notes/move.php +++ b/lib/notes/move.php @@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to move it."); if (count($args) == 4) { diff --git a/lib/notes/view.php b/lib/notes/view.php index f81b6d7..a6a014c 100644 --- a/lib/notes/view.php +++ b/lib/notes/view.php @@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), +assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to see it."); $can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']); |