From: Marcel Werk <burntime@woltlab.com>
Date: Thu, 27 Oct 2016 16:32:43 +0000 (+0200)
Subject: admin can always delete attachments (unless they are private)
X-Git-Tag: 3.0.0_Beta_5~97
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=496f7f94482e6ce5257f48533798a130ca1834fb;p=GitHub%2FWoltLab%2FWCF.git

admin can always delete attachments (unless they are private)
---

diff --git a/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php b/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php
index 5be8905821..ba95255583 100644
--- a/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php
+++ b/wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php
@@ -72,7 +72,10 @@ class AttachmentAction extends AbstractDatabaseObjectAction implements ISortable
 				}
 			}
 			else if (!$attachment->canDelete()) {
-				throw new PermissionDeniedException();
+				// admin can always delete attachments (unless they are private)
+				if (!WCF::getSession()->getPermission('admin.attachment.canManageAttachment') || ObjectTypeCache::getInstance()->getObjectType($attachment->objectTypeID)->private) {
+					throw new PermissionDeniedException();
+				}
 			}
 		}
 	}