public function editAction(\Difra\Param\AnyInt $id)
{
$editNode = $this->root->appendChild($this->xml->createElement('announcementsEdit'));
\Difra\Plugins\Announcements::getInstance()->getByIdXML($id->val(), $editNode);
if (\Difra\Plugger::getInstance()->isEnabled('blogs')) {
\Difra\Plugins\Blogs\Group::getNewGroupsXml($editNode, 0, false);
}
}
public static function checkDeleteRights($id, $module)
{
$db = \Difra\MySQL::getInstance();
$parentOwner = false;
switch ($module) {
case 'blogs':
$query = "SELECT bl.`user`, bl.`group`\n\t\t\t\t\t\tFROM `blogs_posts` bp\n\t\t\t\t\t\tRIGHT JOIN `blogs` AS `bl` ON bl.`id`=bp.`blog`\n\t\t\t\t\t\tWHERE bp.`id`='" . intval($id) . "'";
break;
case 'albums':
$query = "SELECT al.`group_id` as `group`\n\t\t\t\t\t\tFROM `albums` al\n\t\t\t\t\t\tWHERE al.`id` = '" . intval($id) . "'";
break;
default:
$query = false;
}
if ($query) {
$parentOwner = $db->fetchRow($query);
}
$groups = [];
$Auth = \Difra\Auth::getInstance();
$userId = $Auth->getEmail();
if ($userId && \Difra\Plugger::getInstance()->isEnabled('blogs')) {
$groups = \Difra\Plugins\Blogs\Group::getOwnedGroupsIds($userId);
}
$commentData = $db->fetchRow("SELECT `user` FROM `{$module}_comments` WHERE `id`='" . intval($id) . "'");
if ($userId && ($userId == $commentData['user'] || $Auth->isModerator())) {
return true;
} elseif ($userId && $parentOwner && in_array($parentOwner['group'], $groups)) {
return true;
} elseif ($userId && $parentOwner && isset($parentOwner['user']) && $parentOwner['user'] == $userId) {
return true;
}
return false;
}
