diff options
author | canyonknight <canyonknight@gmail.com> | 2012-08-10 03:15:50 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-08-23 22:47:50 +0200 |
commit | e8cd6abc6e8921223a7a290088153bffc364e9d5 (patch) | |
tree | 9883f62565332efc4a3c2a999b183ac27912ca55 /web | |
parent | 44d8588b6304c12ef8ae8b3151a697a73dce526d (diff) | |
download | aur-e8cd6abc6e8921223a7a290088153bffc364e9d5.tar.gz aur-e8cd6abc6e8921223a7a290088153bffc364e9d5.tar.xz |
Allow only Trusted Users, Developers, and Maintainers to unflag packages
Currently everyone is allowed to unflag a package as out of date. This should
be limited to only the appropriate people for a specific package.
Fixes FS#27263
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/lib/pkgfuncs.inc.php | 4 | ||||
-rw-r--r-- | web/template/actions_form.php | 3 | ||||
-rw-r--r-- | web/template/pkg_details.php | 3 |
3 files changed, 8 insertions, 2 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 6fad628d..c592e393 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -728,6 +728,10 @@ function pkg_flag ($atype, $ids, $action=true, $dbh=NULL) { } $q.= " WHERE ID IN (" . implode(",", $ids) . ")"; + if (!$action && ($atype != "Trusted User" && $atype != "Developer")) { + $q.= "AND MaintainerUID = " . uid_from_sid($_COOKIE["AURSID"], $dbh); + } + db_query($q, $dbh); if ($action) { diff --git a/web/template/actions_form.php b/web/template/actions_form.php index bfc0611c..d687f503 100644 --- a/web/template/actions_form.php +++ b/web/template/actions_form.php @@ -21,7 +21,8 @@ <?php if ($row["OutOfDateTS"] === NULL): ?> <input type="submit" class="button" name="do_Flag" value="<?php echo __("Flag Out-of-date") ?>" /> - <?php else: ?> + <?php elseif (($row["OutOfDateTS"] !== NULL) && + ($uid == $row["MaintainerUID"] || $atype == "Trusted User" || $atype == "Developer")): ?> <input type="submit" class="button" name="do_UnFlag" value="<?php echo __("UnFlag Out-of-date") ?>" /> <?php endif; ?> <?php endif; ?> diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index da173ec1..7176e106 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -40,7 +40,8 @@ $sources = package_sources($row["ID"]); <?php if ($USE_VIRTUAL_URLS && $uid): ?> <?php if ($row["OutOfDateTS"] === NULL): ?> <li><a href="<?php echo get_pkg_uri($row['Name']) . 'flag/'; ?>"><?php echo __('Flag package out-of-date'); ?></a></li> - <?php else: ?> + <?php elseif (($row["OutOfDateTS"] !== NULL) && + ($uid == $row["MaintainerUID"] || $atype == "Trusted User" || $atype == "Developer")): ?> <li><a href="<?php echo get_pkg_uri($row['Name']) . 'unflag/'; ?>"><?php echo __('Unflag package'); ?></a></li> <?php endif; ?> <?php if (user_voted($uid, $row['ID'])): ?> |