Check permissions + security token in lock + draft modification FS#2265

This disables lock and draft creation for pages the user can't edit. It additionally adds a security token to the draft creation and deletion request so - at least for logged in users - drafts can't be created, modified or deleted so easily anymore.
author: Michael Hamann <michael@content-space.de> 2011-05-24 22:38:27 +0200
committer: Michael Hamann <michael@content-space.de> 2011-05-24 22:42:13 +0200
commit: 31bc8f119cd896f19085ea120b89356393d4f8e6 (patch)
tree: 052d634e73d3c90aa386200b6ec00a03f839f5b4 /inc/actions.php
parent: 76388d5c9afc51bec28898bfa445600b5e5711bc (diff)
download: rpg-31bc8f119cd896f19085ea120b89356393d4f8e6.tar.gz
rpg-31bc8f119cd896f19085ea120b89356393d4f8e6.tar.bz2
1 files changed, 7 insertions, 3 deletions
diff --git a/inc/actions.php b/inc/actions.php
index a36fdfd5b..ecf09036f 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -509,10 +509,14 @@ function act_edit($act){
     if(!$DATE) $DATE = $INFO['meta']['date']['modified'];
 
     //check if locked by anyone - if not lock for my self
-    $lockedby = checklock($ID);
-    if($lockedby) return 'locked';
+    //do not lock when the user can't edit anyway
+    if ($INFO['writable']) {
+        $lockedby = checklock($ID);
+        if($lockedby) return 'locked';
+
+        lock($ID);
+    }
 
-    lock($ID);
     return $act;
 }
author	Michael Hamann <michael@content-space.de>	2011-05-24 22:38:27 +0200
committer	Michael Hamann <michael@content-space.de>	2011-05-24 22:42:13 +0200
commit	31bc8f119cd896f19085ea120b89356393d4f8e6 (patch)
tree	052d634e73d3c90aa386200b6ec00a03f839f5b4 /inc/actions.php
parent	76388d5c9afc51bec28898bfa445600b5e5711bc (diff)
download	rpg-31bc8f119cd896f19085ea120b89356393d4f8e6.tar.gz rpg-31bc8f119cd896f19085ea120b89356393d4f8e6.tar.bz2