From 016f3c7da0d4b8df8598b80cfa01decec700f281 Mon Sep 17 00:00:00 2001
From: following <following>
Date: Sun, 26 Aug 2012 11:57:59 +0200
Subject: [PATCH] 638: fixed log edit permissions for locked caches

---
 htdocs/editlog.php                            | 22 ++++++++++++++++---
 .../ocstyle/articles/DE/changelog.tpl         |  2 ++
 .../ocstyle/articles/EN/changelog.tpl         |  2 ++
 .../ocstyle/res_logentry_logitem.tpl          |  6 ++---
 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/htdocs/editlog.php b/htdocs/editlog.php
index 82ad1b71..799b1c1d 100644
--- a/htdocs/editlog.php
+++ b/htdocs/editlog.php
@@ -50,11 +50,27 @@
 		else
 		{
 			//does log with this logid exist?
-			$log_rs = sql("SELECT `cache_logs`.`cache_id` AS `cache_id`, `cache_logs`.`node` AS `node`, `cache_logs`.`text` AS `text`, `cache_logs`.`date` AS `date`, `cache_logs`.`user_id` AS `user_id`, `cache_logs`.`type` AS `logtype`, `cache_logs`.`text_html` AS `text_html`, `cache_logs`.`text_htmledit` AS `text_htmledit`, `caches`.`name` AS `cachename`, `caches`.`type` AS `cachetype`, `caches`.`user_id` AS `cache_user_id`, `caches`.`logpw` as `logpw`, `caches`.`status` as `status` FROM `cache_logs` INNER JOIN `caches` ON (`caches`.`cache_id`=`cache_logs`.`cache_id`) WHERE `id`='&1'", $log_id);
+			$log_rs = sql("SELECT `cache_logs`.`cache_id` AS `cache_id`, 
+														`cache_logs`.`node` AS `node`, 
+														`cache_logs`.`text` AS `text`, 
+														`cache_logs`.`date` AS `date`, 
+														`cache_logs`.`user_id` AS `user_id`, 
+														`cache_logs`.`type` AS `logtype`, 
+														`cache_logs`.`text_html` AS `text_html`, 
+														`cache_logs`.`text_htmledit` AS `text_htmledit`, 
+														`caches`.`name` AS `cachename`, 
+														`caches`.`type` AS `cachetype`, 
+														`caches`.`user_id` AS `cache_user_id`, 
+														`caches`.`logpw` as `logpw`, 
+														`caches`.`status` as `status` 
+											FROM `cache_logs` 
+											INNER JOIN `caches` ON (`caches`.`cache_id`=`cache_logs`.`cache_id`) WHERE `id`='&1'", 
+											$log_id);
 			$log_record = sql_fetch_array($log_rs);
 			sql_free_result($log_rs);
-
-			if ($log_record !== false && $log_record['status'] != 6 && $log_record['status'] != 7)
+			if ($log_record !== false && 
+					($log_record['status'] != 6 || ($log_record['cache_user_id'] == $login->userid && $log_record['user_id'] == $login->userid)) &&   
+					$log_record['status'] != 7)
 			{
 				require($stylepath . '/editlog.inc.php');
 				require($stylepath.'/rating.inc.php');
diff --git a/htdocs/templates2/ocstyle/articles/DE/changelog.tpl b/htdocs/templates2/ocstyle/articles/DE/changelog.tpl
index 9309872a..0ae56aeb 100644
--- a/htdocs/templates2/ocstyle/articles/DE/changelog.tpl
+++ b/htdocs/templates2/ocstyle/articles/DE/changelog.tpl
@@ -47,6 +47,8 @@
 	   <li class="changelogitem">Fehlermeldung bei ungültigem Logdatum korrigiert</li>
 	   <li class="changelogitem">Schreibweisenabhängigkeit von Logpasswörtern korrigiert (Groß-/Kleinschreibung ist nun immer egal)</li>
 	   <li class="changelogitem">Hinweis-Entschlüsselung bei abgeschaltetem JavaScript</li>
+	   <li class="changelogitem">nicht funktionierenden Log-Bild-Löschlink für Cachebesitzer entfernt</li>
+	   <li class="changelogitem">Logbearbeitungsberechtigungen für gesperrte Caches korrigiert</li>
    </ul>
 	<br />
 
diff --git a/htdocs/templates2/ocstyle/articles/EN/changelog.tpl b/htdocs/templates2/ocstyle/articles/EN/changelog.tpl
index 5a63d767..f1214f8e 100644
--- a/htdocs/templates2/ocstyle/articles/EN/changelog.tpl
+++ b/htdocs/templates2/ocstyle/articles/EN/changelog.tpl
@@ -45,6 +45,8 @@
 	   <li class="changelogitem">fixed error message for invalid log date</li>
 	   <li class="changelogitem">fixed case insensitivity of log passwords</li>
 	   <li class="changelogitem">decrypting hints when JavaScript is disabled</li>
+	   <li class="changelogitem">removed non-workink log entry deletion link for cache owners</li>
+	   <li class="changelogitem">fixed log edit permissions for locked caches</li>
    </ul>
 	<br />
 
diff --git a/htdocs/templates2/ocstyle/res_logentry_logitem.tpl b/htdocs/templates2/ocstyle/res_logentry_logitem.tpl
index 509fe63c..ab401326 100644
--- a/htdocs/templates2/ocstyle/res_logentry_logitem.tpl
+++ b/htdocs/templates2/ocstyle/res_logentry_logitem.tpl
@@ -33,17 +33,17 @@
 
 	{if $cache.userid==$login.userid || $logItem.userid==$login.userid}
 		<p style="font-weight: 400;display:inline;"><img src="images/trans.gif" border="0" width="16" height="16" alt="" title="" />
-			{if $logItem.userid==$login.userid}
+			{if $logItem.userid==$login.userid && ($cache.userid==$login.userid || $cache.status!=6)}
 				<a href="editlog.php?logid={$logItem.id|urlencode}"><img src="resource2/{$opt.template.style}/images/action/16x16-properties.png" border="0" align="middle" border="0" width="16" height="16" alt="" /></a>
 				[<a href="editlog.php?logid={$logItem.id|urlencode}">{t}Edit{/t}</a>]
 			{/if}
 
-			{if $cache.userid==$login.userid || $logItem.userid==$login.userid}
+			{if $logItem.userid==$login.userid}
 				<a href="removelog.php?logid={$logItem.id|urlencode}"><img src="resource2/{$opt.template.style}/images/log/16x16-trash.png" border="0" align="middle" border="0" width="16" height="16" alt="" /></a>
 				[<a href="removelog.php?logid={$logItem.id|urlencode}">{t}Delete{/t}</a>]
 			{/if}
 
-			{if $logItem.userid==$login.userid}
+			{if $logItem.userid==$login.userid && $cache.status!=6}
 				<a href="picture.php?action=add&loguuid={$logItem.uuid|urlencode}"><img src="resource2/{$opt.template.style}/images/action/16x16-addimage.png" border="0" align="middle" border="0" width="16" height="16" alt="" /></a>
 				[<a href="picture.php?action=add&loguuid={$logItem.uuid|urlencode}">{t}Upload picture{/t}</a>]
 			{/if}