Use permission `admin.user.canDeleteUser` for deleting user content
authorCyperghost <olaf_schmitz_1@t-online.de>
Thu, 29 Feb 2024 11:12:05 +0000 (12:12 +0100)
committerCyperghost <olaf_schmitz_1@t-online.de>
Thu, 29 Feb 2024 11:12:05 +0000 (12:12 +0100)
wcfsetup/install/files/lib/system/clipboard/action/UserClipboardAction.class.php
wcfsetup/install/files/lib/system/worker/UserContentRemoveWorker.class.php

index 74160c569f599cf69b7fef2eed2a17e4b63063d4..59b1f67f0ea3d11d95258aa38d2587664cebf106 100644 (file)
@@ -347,6 +347,10 @@ class UserClipboardAction extends AbstractClipboardAction
      */
     protected function validateDeleteUserContent()
     {
+        if (!WCF::getSession()->getPermission('admin.user.canDeleteUser')) {
+            return [];
+        }
+
         return $this->__validateAccessibleGroups(\array_keys($this->objects));
     }
 }
index eb197fb6bcdb17f713ce9e4e05dfadd64fcde9f4..a3b0bd742cc3d4ffe71b9849628704945b937fd2 100644 (file)
@@ -4,6 +4,7 @@ namespace wcf\system\worker;
 
 use wcf\data\object\type\ObjectType;
 use wcf\data\object\type\ObjectTypeCache;
+use wcf\data\user\group\UserGroup;
 use wcf\data\user\User;
 use wcf\data\user\UserList;
 use wcf\system\clipboard\ClipboardHandler;
@@ -75,7 +76,10 @@ class UserContentRemoveWorker extends AbstractWorker
             }
 
             foreach ($userList as $user) {
-                if (!$user->canEdit()) {
+                if (
+                    !WCF::getSession()->getPermission('admin.user.canDeleteUser')
+                    || !UserGroup::isAccessibleGroup($user->getGroupIDs())
+                ) {
                     throw new PermissionDeniedException();
                 }