From 3020c04bb0f2605eb2c256fcf5250de31fecacd8 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Fri, 3 Dec 2004 07:27:12 +0000
Subject: [PATCH] Check for delete permissions before deleting messages.

---
 web/root/msgs/management.ssjs | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/web/root/msgs/management.ssjs b/web/root/msgs/management.ssjs
index 0a36185fe4..f338e7209f 100644
--- a/web/root/msgs/management.ssjs
+++ b/web/root/msgs/management.ssjs
@@ -13,12 +13,26 @@ if(http_request.query.Action=="Delete Message(s)") {
 	var deleted=0;
 	var errors=0;
 	errorlist=new Array;
-	for(num in http_request.query.number) {
-		if(msgbase.remove_msg(false,parseInt(http_request.query.number[num])))
-			deleted++;
-		else {
-			errors++;
-			errorlist.push(msgbase.last_error);
+
+	if(sub!='mail' && !msg_area.grp_list[g].sub_list[s].is_operator) {
+		errorlist.push("Only operators can delete messages!");
+		errors++;
+	}
+	else {
+		for(num in http_request.query.number) {
+			var mnum=parseInt(http_request.query.number[num]);
+			if(sub==mail && ((idx=get_msg_index(false,mnum))==null || idx.to!=user.number) {
+				errors++;
+				errorlist.push("Cannot delete message "+mnum);
+			}
+			else {
+				if(msgbase.remove_msg(false,mnum))
+					deleted++;
+				else {
+					errors++;
+					errorlist.push(msgbase.last_error);
+				}
+			}
 		}
 	}
 	template.title=deleted+" Messages Deleted";
-- 
GitLab