aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--services/bookmarkservice.php44
-rw-r--r--services/userservice.php21
2 files changed, 47 insertions, 18 deletions
diff --git a/services/bookmarkservice.php b/services/bookmarkservice.php
index 6a50df5..f119593 100644
--- a/services/bookmarkservice.php
+++ b/services/bookmarkservice.php
@@ -97,22 +97,38 @@ class BookmarkService {
return $this->db->sql_fetchfield(0, 0);
}
- function editAllowed($bookmark) {
- if (!is_numeric($bookmark) && (!is_array($bookmark) || !is_numeric($bookmark['bId'])))
- return false;
+ /**
+ * Check if a bookmark may be edited by the current user
+ *
+ * @param integer|array $bookmark Bookmark uId or bookmark array
+ *
+ * @return boolean True if allowed
+ */
+ function editAllowed($bookmark)
+ {
+ if (!is_numeric($bookmark) && (!is_array($bookmark)
+ || !is_numeric($bookmark['bId']))
+ ) {
+ return false;
+ }
- if (!is_array($bookmark))
- if (!($bookmark = $this->getBookmark($bookmark)))
- return false;
+ if (!is_array($bookmark)
+ && !($bookmark = $this->getBookmark($bookmark))
+ ) {
+ return false;
+ }
- $userservice = & ServiceFactory :: getServiceInstance('UserService');
- $userid = $userservice->getCurrentUserId();
- if(!is_numeric($userid))
- return false; // useful for few servers configuration (see brunaud bugs)
- if ($GLOBALS['adminsCanModifyBookmarksFromOtherUsers'] && $userservice->isAdmin($userid) && !$userservice->isAdmin($bookmark['uId']))
- return true;
- else
- return ($bookmark['uId'] == $userid);
+ $userservice = & ServiceFactory::getServiceInstance('UserService');
+ $user = $userservice->getCurrentUser();
+
+ //user has to be either admin, or owner
+ if ($GLOBALS['adminsCanModifyBookmarksFromOtherUsers']
+ && $userservice->isAdmin($user)
+ ) {
+ return true;
+ } else {
+ return ($bookmark['uId'] == $user['uId']);
+ }
}
function bookmarkExists($address = false, $uid = NULL) {
diff --git a/services/userservice.php b/services/userservice.php
index 512204c..a24c7ba 100644
--- a/services/userservice.php
+++ b/services/userservice.php
@@ -213,11 +213,24 @@ class UserService {
}
}
- function isAdmin($userid) {
- $user = $this->getUser($userid);
+ /**
+ * Checks if the given user is an administrator.
+ * Uses global admin_users property containing admin
+ * user names
+ *
+ * @param integer|array $user User ID or user row from DB
+ *
+ * @return boolean True if the user is admin
+ */
+ function isAdmin($user)
+ {
+ if (is_numeric($user)) {
+ $user = $this->getUser($user);
+ }
- if(isset($GLOBALS['admin_users'])
- && in_array($user['username'], $GLOBALS['admin_users'])) {
+ if (isset($GLOBALS['admin_users'])
+ && in_array($user['username'], $GLOBALS['admin_users'])
+ ) {
return true;
} else {
return false;