From 179ebaebc36b6dc470dacad5a9020e4d6bf9921a Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Sun, 2 Feb 2025 15:30:53 +0200
Subject: feat: Allow admins to delete lists

---
 controllers/list.php        |  2 +-
 views/list/delete/index.php |  4 ++--
 views/list/index.php        | 20 ++++++++++++--------
 3 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/controllers/list.php b/controllers/list.php
index e608136..7056088 100644
--- a/controllers/list.php
+++ b/controllers/list.php
@@ -102,7 +102,7 @@ function on_delete() {
     try {
         $user = Database\Cookie::fromDB($TOKEN);
         $author = Database\User::fromDBuid($list->AuthorUID);
-        if ($author->UID !== $user->UID) {
+        if ($author->UID !== $user->UID && $user->Role !== 'Admin') {
             $list_status = "You're not the owner of this list! You have no permission to delete it!";
             return;
         }
diff --git a/views/list/delete/index.php b/views/list/delete/index.php
index 02eb37d..19c3b4f 100644
--- a/views/list/delete/index.php
+++ b/views/list/delete/index.php
@@ -10,9 +10,9 @@
     catch(Exception $e) {}
 ?>
 
-<?php if ($list !== null && $user->UID === $author->UID): ?>
+<?php if ($list !== null && ($user->UID === $author->UID || $user->Role === 'Admin')): ?>
 
-    <h1>Are you sure you want to delete <?= $user->Username ?>'s "<?= $list->Name ?>"?</h1>
+    <h1>Are you sure you want to delete <?= $author->Username ?>'s "<?= $list->Name ?>"?</h1>
 
     <form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
         <input type="hidden" name="method" value="DELETE">
diff --git a/views/list/index.php b/views/list/index.php
index 759ab04..98c2eb4 100644
--- a/views/list/index.php
+++ b/views/list/index.php
@@ -22,14 +22,18 @@
             <p><?= $list->Description ?></p>
 
             <section id="list-buttons" hidden>
-                <form action="/list/update" method="GET">
-                    <input type="hidden" name="lid" value="<?= $list->LID ?>">
-                    <input type="submit" value="Update">
-                </form>
-                <form action="/list/delete" method="GET">
-                    <input type="hidden" name="lid" value="<?= $list->LID ?>">
-                    <input type="submit" value="Delete">
-                </form>
+                <?php if ($user !== null && $user->UID === $author->UID): ?>
+                    <form action="/list/update" method="GET">
+                        <input type="hidden" name="lid" value="<?= $list->LID ?>">
+                        <input type="submit" value="Update">
+                    </form>
+                <?php endif; ?>
+                <?php if ($user !== null && ($user->UID === $author->UID || $user->Role === 'Admin')): ?>
+                    <form action="/list/delete" method="GET">
+                        <input type="hidden" name="lid" value="<?= $list->LID ?>">
+                        <input type="submit" value="Delete">
+                    </form>
+                <?php endif; ?>
             </section>
             <script type="text/javascript">
                 function showListButtons() {
-- 
cgit v1.2.3