From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 19 Aug 2020 12:52:18 +0000 (+0200)
Subject: Disallow deleting official update servers
X-Git-Tag: 5.3.0_Alpha_1~22^2~10
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8ce3e768fee33aafd765e188ae80635942a913d0;p=GitHub%2FWoltLab%2FWCF.git

Disallow deleting official update servers
---

diff --git a/wcfsetup/install/files/acp/templates/packageUpdateServerList.tpl b/wcfsetup/install/files/acp/templates/packageUpdateServerList.tpl
index a4027cdbcd..4684b62a1f 100644
--- a/wcfsetup/install/files/acp/templates/packageUpdateServerList.tpl
+++ b/wcfsetup/install/files/acp/templates/packageUpdateServerList.tpl
@@ -49,7 +49,7 @@
 						<td class="columnIcon">
 							<span class="icon icon16 fa-{if !$updateServer->isDisabled}check-{/if}square-o jsToggleButton jsTooltip pointer" title="{lang}wcf.global.button.{if !$updateServer->isDisabled}disable{else}enable{/if}{/lang}" data-object-id="{@$updateServer->packageUpdateServerID}"></span>
 							<a href="{link controller='PackageUpdateServerEdit' id=$updateServer->packageUpdateServerID}{/link}" title="{lang}wcf.global.button.edit{/lang}" class="jsTooltip"><span class="icon icon16 fa-pencil"></span></a>
-							<span class="icon icon16 fa-times jsDeleteButton jsTooltip pointer" title="{lang}wcf.global.button.delete{/lang}" data-object-id="{@$updateServer->packageUpdateServerID}" data-confirm-message-html="{lang __encode=true}wcf.acp.updateServer.delete.sure{/lang}"></span>
+							<span class="icon icon16 fa-times {if $updateServer->canDelete()}jsDeleteButton jsTooltip pointer{else}disabled{/if}" title="{lang}wcf.global.button.delete{/lang}" data-object-id="{@$updateServer->packageUpdateServerID}" data-confirm-message-html="{lang __encode=true}wcf.acp.updateServer.delete.sure{/lang}"></span>
 							
 							{event name='itemButtons'}
 						</td>
diff --git a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
index 5cd2294177..45b06e43f9 100644
--- a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
+++ b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServer.class.php
@@ -238,6 +238,15 @@ class PackageUpdateServer extends DatabaseObject {
 		return false;
 	}
 	
+	/**
+	 * Returns whether the current user may delete this update server.
+	 * 
+	 * @return      boolean
+	 */
+	public final function canDelete() {
+		return !$this->isWoltLabUpdateServer() && !$this->isWoltLabStoreServer();
+	}
+	
 	/**
 	 * Returns true if the host is `update.woltlab.com`.
 	 * 
diff --git a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServerAction.class.php b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServerAction.class.php
index 897ef73de3..51be70377a 100644
--- a/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServerAction.class.php
+++ b/wcfsetup/install/files/lib/data/package/update/server/PackageUpdateServerAction.class.php
@@ -3,6 +3,7 @@ namespace wcf\data\package\update\server;
 use wcf\data\AbstractDatabaseObjectAction;
 use wcf\data\IToggleAction;
 use wcf\data\TDatabaseObjectToggle;
+use wcf\system\exception\PermissionDeniedException;
 
 /**
  * Executes package update server-related actions.
@@ -43,4 +44,16 @@ class PackageUpdateServerAction extends AbstractDatabaseObjectAction implements
 	 * @inheritDoc
 	 */
 	protected $requireACP = ['create', 'delete', 'toggle', 'update'];
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function validateDelete() {
+		parent::validateDelete();
+		
+		/** @var PackageUpdateServer $updateServer */
+		foreach ($this->getObjects() as $updateServer) {
+			if (!$updateServer->canDelete()) throw new PermissionDeniedException();
+		}
+	}
 }