Alexander Nicolaysen Sørnes : comment: Fix delete permissions

[Chris Morgan]

Module: appdb
Branch: master
Commit: 09d96b79bd714283760acd8a2d74819c486cd3ba
URL:    http://source.winehq.org/git/appdb.git/?a=commit;h=09d96b79bd714283760acd8a2d74819c486cd3ba

Author: Alexander Nicolaysen Sørnes <alexander at ivan.alexstyrt>
Date:   Mon Sep 17 10:24:57 2007 +0200

comment: Fix delete permissions

---

 include/comment.php |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/comment.php b/include/comment.php
index bc6dec3..703cf62 100644
--- a/include/comment.php
+++ b/include/comment.php
@@ -234,10 +234,9 @@ class Comment {
 
         echo "</td></tr>\n";
 
+        $oComment = new comment($oRow->commentId);
         // delete message button, for admins
-        if ($_SESSION['current']->hasPriv("admin")
-            || $_SESSION['current']->isMaintainer($oRow->versionId) 
-            || $_SESSION['current']->isSuperMaintainer($oRow->appId))
+        if ($oComment->canEdit())
         {
             $oVersion = new version($oRow->versionId);
             echo "<tr>";
@@ -353,7 +352,11 @@ class Comment {
 
     function canEdit()
     {
-        return $_SESSION['current']->hasPriv("admin");
+        if($_SESSION['current']->hasPriv("admin"))
+            return TRUE;
+
+        $oVersion = new version($this->iVersionId);
+        return $oVersion->canEdit();
     }
 
     function objectGetId()