diff options
Diffstat (limited to 'lib/notes')
| -rw-r--r-- | lib/notes/delete.php | 2 | ||||
| -rw-r--r-- | lib/notes/edit.php | 2 | ||||
| -rw-r--r-- | lib/notes/move.php | 2 | ||||
| -rw-r--r-- | lib/notes/view.php | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/lib/notes/delete.php b/lib/notes/delete.php index e8ef31e..43dbf44 100644 --- a/lib/notes/delete.php +++ b/lib/notes/delete.php @@ -4,7 +4,7 @@ assert_redir(count($args) >= 3, 'notes'); $noteid = intval($args[2]); $note = mysql_fetch_assoc(sql("SELECT owner FROM notes WHERE id = $noteid")); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to delete it."); token_validate("Do you really want to delete this note ? All children notes will become children of the root note.", "view-notes-$noteid"); diff --git a/lib/notes/edit.php b/lib/notes/edit.php index 17f1573..ec479b0 100644 --- a/lib/notes/edit.php +++ b/lib/notes/edit.php @@ -11,7 +11,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to edit it."); $note_title = $note['title']; diff --git a/lib/notes/move.php b/lib/notes/move.php index c3439d7..d51b4ad 100644 --- a/lib/notes/move.php +++ b/lib/notes/move.php @@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && $note['owner'] == $user['id'], +assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to move it."); if (count($args) == 4) { diff --git a/lib/notes/view.php b/lib/notes/view.php index f81b6d7..a6a014c 100644 --- a/lib/notes/view.php +++ b/lib/notes/view.php @@ -9,7 +9,7 @@ $note = mysql_fetch_assoc(sql( "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $noteid" )); -assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id']), +assert_error($note && ($note['public'] != 0 || $note['owner'] == $user['id'] || $user['priv'] >= $priv_admin), "This note does not exist, or you are not allowed to see it."); $can_new = ($user['priv'] >= $apps['notes']['new'] && $user['id'] == $note['owner']); |