diff options
author | simo <simo> | 2005-06-07 21:32:07 +0000 |
---|---|---|
committer | simo <simo> | 2005-06-07 21:32:07 +0000 |
commit | dd885424d7281728893cb7829216313f8e776436 (patch) | |
tree | 9b24e92e3745eccaccd8539ff902dcf7f995577a /web/html/packages.php | |
parent | 726a3a3b93b585dc27d7caee90445b1af792970a (diff) | |
download | aurweb-dd885424d7281728893cb7829216313f8e776436.tar.xz |
Fix deletion abilities such that:
TUs and DEVs may delete any package in unsupported
Otherwise only package maintainers may delete their own
Diffstat (limited to 'web/html/packages.php')
-rw-r--r-- | web/html/packages.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/web/html/packages.php b/web/html/packages.php index 604ba72..4ea4b01 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -202,8 +202,14 @@ if (isset($_REQUEST["do_Flag"])) { $q.= "WHERE Packages.ID IN (" . $delete . ") "; $q.= "AND Packages.LocationID = PackageLocations.ID "; $q.= "AND PackageLocations.Location = 'unsupported' "; - $q.= "AND $field IN (0, " . uid_from_sid($_COOKIE["AURSID"]) . ")"; - $result = db_query($q, $dbh); + # If they're a TU or dev, can always delete, otherwise check ownership + # + if ($atype == "Trusted User" || $atype == "Developer") { + $result = db_query($q, $dbh); + } else { + $q.= "AND $field IN (0, " . uid_from_sid($_COOKIE["AURSID"]) . ")"; + $result = db_query($q, $dbh); + } if ($result != Null && mysql_num_rows($result) > 0) { while ($row = mysql_fetch_assoc($result)) { $ids_to_delete[] = $row['ID']; |