/blog/add-post.php |
---|
40,7 → 40,7 |
} |
else |
{ |
if ($page->getLoggedInUser()->accessID >= 2 && $parentID == -1) |
if (($page->getLoggedInUser()->accessID >= 2 && $parentID == -1) || $page->getLoggedInUser()->accessID > 2) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
/blog/del-post.php |
---|
7,7 → 7,7 |
$id = $_GET['id']; |
if ($id) |
{ |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $page->getBlogPost($id)->author->ID) |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $page->getBlogPost($id)->author->ID && $page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->delBlogPost($id); |
} |
/blog/edit-post.php |
---|
20,7 → 20,7 |
$page->checkLoggedIn(); |
$post = $page->getBlogPost($id); |
if (!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |