public function undelete($id)
{
//SQL injection safe
$pid = (int) $id;
$qry = 'SELECT uid FROM ' . PREFIX . 'codo_posts WHERE post_id=' . $pid;
$res = $this->db->query($qry);
$result = $res->fetch();
if ($result) {
$puid = $result['uid'];
if ($puid == \CODOF\User\CurrentUser\CurrentUser::id()) {
$has_permission = \CODOF\Access\Access::hasPermission(array('edit my posts', 'edit all posts'));
} else {
$has_permission = \CODOF\Access\Access::hasPermission('edit all posts');
}
if ($has_permission) {
$post = new \CODOF\Forum\Post($this->db);
//Delete post ie set status as 0
$post->undelete($pid);
echo 'success';
} else {
echo "Unauthorized request to delete post " . $id;
exit;
}
} else {
echo 'no post found';
}
}
public function get_edit_view($passed_id, $uid)
{
$view = 'access_denied';
if ($passed_id && isset($_SESSION[UID . 'USER']['id'])) {
if ($passed_id == $_SESSION[UID . 'USER']['id'] && \CODOF\Access\Access::hasPermission('edit my profile') || \CODOF\Access\Access::hasPermission('edit all profiles')) {
$view = 'user/profile/edit';
\CODOF\Hook::call('before_profile_edit_load', array($uid));
}
}
return $view;
}
/**
* Returns true only if user has permission to perform any of the actions
* @param array $permission
* @return boolean
*/
public function canAny($permission, $cid = 0, $tid = 0)
{
return \CODOF\Access\Access::hasPermission($permission, $this->user->id, $cid, $tid);
}
private function assign_admin_vars($tuid)
{
if ($tuid == \CODOF\User\CurrentUser\CurrentUser::id()) {
//this topic belongs to current user
$this->smarty->assign('can_edit_topic', json_encode(Access::hasPermission(array('edit my topics', 'edit all topics'))));
$this->smarty->assign('can_delete_topic', json_encode(Access::hasPermission(array('delete my topics', 'delete all topics'))));
} else {
$this->smarty->assign('can_edit_topic', json_encode(Access::hasPermission('edit all topics')));
$this->smarty->assign('can_delete_topic', json_encode(Access::hasPermission('delete all topics')));
}
}