From f238e5b448d70700b276c471e45413a341465c2e Mon Sep 17 00:00:00 2001
From: bshuttle <bshuttle@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Tue, 31 Jan 2006 10:04:03 +0000
Subject: [PATCH] KTS-250: restrict mass delete to write permission.

---
 browse.php | 5 +++++
 1 file changed, 5 insertions(+), 0 deletions(-)

diff --git a/browse.php b/browse.php
index a6ae92c..dcc4925 100755
--- a/browse.php
+++ b/browse.php
@@ -498,6 +498,8 @@ class BrowseDispatcher extends KTStandardDispatcher {
         $res = KTUtil::arrayGet($_REQUEST,'sReason');
         $sReason = $this->oValidator->notEmpty($res, $aErrorOptions);
         
+        
+        
         // FIXME we need to sort out the (inconsistent) use of transactions here.
         $aFolders = array();
         $aDocuments = array();
@@ -511,6 +513,9 @@ class BrowseDispatcher extends KTStandardDispatcher {
         }
         foreach ($aDocumentSelection as $id) {
             $oD = Document::get($id);
+            if (!Permission::userHasDocumentWritePermission($oD)) {
+                return $this->errorRedirectToMain(sprintf(_('You do not have permissions to delete the documen: %s'), $oD->getName()));             
+            }
             if (PEAR::isError($oD) || ($oD == false)) {
                 return $this->errorRedirectToMain(_('Invalid Document selected.'));
             } else {
--
libgit2 0.21.4