admin can always delete attachments (unless they are private)

author Marcel Werk <burntime@woltlab.com>

Thu, 27 Oct 2016 16:32:43 +0000 (18:32 +0200)

committer Marcel Werk <burntime@woltlab.com>

Thu, 27 Oct 2016 16:32:43 +0000 (18:32 +0200)
author Marcel Werk <burntime@woltlab.com>
Thu, 27 Oct 2016 16:32:43 +0000 (18:32 +0200)
committer Marcel Werk <burntime@woltlab.com>
Thu, 27 Oct 2016 16:32:43 +0000 (18:32 +0200)
diff --git a/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php b/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php

index 5be8905821ab52607a9f32284da39943903d18cd..ba95255583424a879d0991aef34353beb042e9fd 100644 (file)
--- a/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php
+++ b/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php
@@ -72,7 +72,10 @@ class AttachmentAction extends AbstractDatabaseObjectAction implements ISortable
                                 }
                         }
                         else if (!$attachment->canDelete()) {
-                               throw new PermissionDeniedException();
+                               // admin can always delete attachments (unless they are private)
+                               if (!WCF::getSession()->getPermission('admin.attachment.canManageAttachment') || ObjectTypeCache::getInstance()->getObjectType($attachment->objectTypeID)->private) {
+                                       throw new PermissionDeniedException();
+                               }
                         }
                 }
         }
author	Marcel Werk <burntime@woltlab.com>
	Thu, 27 Oct 2016 16:32:43 +0000 (18:32 +0200)
committer	Marcel Werk <burntime@woltlab.com>
	Thu, 27 Oct 2016 16:32:43 +0000 (18:32 +0200)