diff options
| -rw-r--r-- | controllers/list.php | 2 | ||||
| -rw-r--r-- | views/list/delete/index.php | 4 | ||||
| -rw-r--r-- | views/list/index.php | 20 |
3 files changed, 15 insertions, 11 deletions
diff --git a/controllers/list.php b/controllers/list.php index e608136..7056088 100644 --- a/controllers/list.php +++ b/controllers/list.php @@ -102,7 +102,7 @@ function on_delete() { try { $user = Database\Cookie::fromDB($TOKEN); $author = Database\User::fromDBuid($list->AuthorUID); - if ($author->UID !== $user->UID) { + if ($author->UID !== $user->UID && $user->Role !== 'Admin') { $list_status = "You're not the owner of this list! You have no permission to delete it!"; return; } diff --git a/views/list/delete/index.php b/views/list/delete/index.php index 02eb37d..19c3b4f 100644 --- a/views/list/delete/index.php +++ b/views/list/delete/index.php @@ -10,9 +10,9 @@ catch(Exception $e) {} ?> -<?php if ($list !== null && $user->UID === $author->UID): ?> +<?php if ($list !== null && ($user->UID === $author->UID || $user->Role === 'Admin')): ?> - <h1>Are you sure you want to delete <?= $user->Username ?>'s "<?= $list->Name ?>"?</h1> + <h1>Are you sure you want to delete <?= $author->Username ?>'s "<?= $list->Name ?>"?</h1> <form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin"> <input type="hidden" name="method" value="DELETE"> diff --git a/views/list/index.php b/views/list/index.php index 759ab04..98c2eb4 100644 --- a/views/list/index.php +++ b/views/list/index.php @@ -22,14 +22,18 @@ <p><?= $list->Description ?></p> <section id="list-buttons" hidden> - <form action="/list/update" method="GET"> - <input type="hidden" name="lid" value="<?= $list->LID ?>"> - <input type="submit" value="Update"> - </form> - <form action="/list/delete" method="GET"> - <input type="hidden" name="lid" value="<?= $list->LID ?>"> - <input type="submit" value="Delete"> - </form> + <?php if ($user !== null && $user->UID === $author->UID): ?> + <form action="/list/update" method="GET"> + <input type="hidden" name="lid" value="<?= $list->LID ?>"> + <input type="submit" value="Update"> + </form> + <?php endif; ?> + <?php if ($user !== null && ($user->UID === $author->UID || $user->Role === 'Admin')): ?> + <form action="/list/delete" method="GET"> + <input type="hidden" name="lid" value="<?= $list->LID ?>"> + <input type="submit" value="Delete"> + </form> + <?php endif; ?> </section> <script type="text/javascript"> function showListButtons() { |