From: Cyperghost Date: Thu, 29 Feb 2024 11:12:05 +0000 (+0100) Subject: Use permission `admin.user.canDeleteUser` for deleting user content X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8f7d1910f4d81a32ab523275abaa5ead9f0ea3ff;p=GitHub%2FWoltLab%2FWCF.git Use permission `admin.user.canDeleteUser` for deleting user content --- diff --git a/wcfsetup/install/files/lib/system/clipboard/action/UserClipboardAction.class.php b/wcfsetup/install/files/lib/system/clipboard/action/UserClipboardAction.class.php index 74160c569f..59b1f67f0e 100644 --- a/wcfsetup/install/files/lib/system/clipboard/action/UserClipboardAction.class.php +++ b/wcfsetup/install/files/lib/system/clipboard/action/UserClipboardAction.class.php @@ -347,6 +347,10 @@ class UserClipboardAction extends AbstractClipboardAction */ protected function validateDeleteUserContent() { + if (!WCF::getSession()->getPermission('admin.user.canDeleteUser')) { + return []; + } + return $this->__validateAccessibleGroups(\array_keys($this->objects)); } } diff --git a/wcfsetup/install/files/lib/system/worker/UserContentRemoveWorker.class.php b/wcfsetup/install/files/lib/system/worker/UserContentRemoveWorker.class.php index eb197fb6bc..a3b0bd742c 100644 --- a/wcfsetup/install/files/lib/system/worker/UserContentRemoveWorker.class.php +++ b/wcfsetup/install/files/lib/system/worker/UserContentRemoveWorker.class.php @@ -4,6 +4,7 @@ namespace wcf\system\worker; use wcf\data\object\type\ObjectType; use wcf\data\object\type\ObjectTypeCache; +use wcf\data\user\group\UserGroup; use wcf\data\user\User; use wcf\data\user\UserList; use wcf\system\clipboard\ClipboardHandler; @@ -75,7 +76,10 @@ class UserContentRemoveWorker extends AbstractWorker } foreach ($userList as $user) { - if (!$user->canEdit()) { + if ( + !WCF::getSession()->getPermission('admin.user.canDeleteUser') + || !UserGroup::isAccessibleGroup($user->getGroupIDs()) + ) { throw new PermissionDeniedException(); }