From ec5de07c42cf1c456ab6d3fba1e04ac91e0885df Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Wed, 24 Aug 2022 14:31:34 +0800
Subject: [PATCH] changed: user can not delete torrent

---
 include/globalfunctions.php |  8 +++-----
 lang/chs/lang_details.php   |  3 ++-
 lang/cht/lang_details.php   |  3 ++-
 lang/en/lang_details.php    |  3 ++-
 public/announce.php         | 10 +++++++---
 public/delete.php           |  2 +-
 public/details.php          |  2 +-
 public/edit.php             | 32 +++++++++++++++++---------------
 8 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/include/globalfunctions.php b/include/globalfunctions.php
index 335940a5..997ca8e2 100644
--- a/include/globalfunctions.php
+++ b/include/globalfunctions.php
@@ -977,7 +977,7 @@ function clear_staff_message_cache()
     \App\Repositories\MessageRepository::updateStaffMessageCountCache(false);
 }
 
-function user_can($permission, $fail = false, $uid = 0, $class = null): bool
+function user_can($permission, $fail = false, $uid = 0): bool
 {
     $log = "permission: $permission, fail: $fail, user: $uid";
     static $userCanCached = [];
@@ -993,10 +993,8 @@ function user_can($permission, $fail = false, $uid = 0, $class = null): bool
     if (!$fail && isset($userCanCached[$permission][$uid])) {
         return $userCanCached[$permission][$uid];
     }
-    if ($class === null) {
-        $userInfo = get_user_row($uid);
-        $class = $userInfo['class'];
-    }
+    $userInfo = get_user_row($uid);
+    $class = $userInfo['class'];
     $log .= ", userClass: $class";
     if ($class == \App\Models\User::CLASS_STAFF_LEADER) {
         do_log("$log, CLASS_STAFF_LEADER, true");
diff --git a/lang/chs/lang_details.php b/lang/chs/lang_details.php
index e1f5d9ed..f0f0b672 100644
--- a/lang/chs/lang_details.php
+++ b/lang/chs/lang_details.php
@@ -111,7 +111,8 @@ $lang_details = array
 	'text_dead' => "断种",
 	'row_health' => "活力度",
 	'text_anonymous' => "匿名",
-	'text_edit_torrent' => "编辑/刪除",
+	'text_edit_torrent' => "编辑",
+	'text_edit_and_delete_torrent' => "编辑/刪除",
 	'title_edit_torrent' => "点击编辑或删除本种子",
 	'row_upped_by' => "由",
 	'text_click' => "点击",
diff --git a/lang/cht/lang_details.php b/lang/cht/lang_details.php
index a6b46761..f963817f 100644
--- a/lang/cht/lang_details.php
+++ b/lang/cht/lang_details.php
@@ -111,7 +111,8 @@ $lang_details = array
 	'text_dead' => "斷種",
 	'row_health' => "活力度",
 	'text_anonymous' => "匿名",
-	'text_edit_torrent' => "編輯/刪除",
+	'text_edit_torrent' => "編輯",
+	'text_edit_and_delete_torrent' => "編輯/刪除",
 	'title_edit_torrent' => "點擊編輯或移除本種子",
 	'row_upped_by' => "由",
 	'text_click' => "點擊",
diff --git a/lang/en/lang_details.php b/lang/en/lang_details.php
index 7fd6a173..53621957 100644
--- a/lang/en/lang_details.php
+++ b/lang/en/lang_details.php
@@ -110,7 +110,8 @@ $lang_details = array
 	'text_dead' => "dead",
 	'row_health' => "Health",
 	'text_anonymous' => "Anonymous",
-	'text_edit_torrent' => "Edit/Delete",
+	'text_edit_torrent' => "Edit",
+	'text_edit_and_delete_torrent' => "Edit/Delete",
 	'title_edit_torrent' => "Click&nbsp;to&nbsp;Edit&nbsp;or&nbsp;Delete&nbsp;this&nbsp;torrent",
 	'row_upped_by' => "Uploaded by",
 	'text_click' => "Click ",
diff --git a/public/announce.php b/public/announce.php
index 299374e7..6430c311 100644
--- a/public/announce.php
+++ b/public/announce.php
@@ -173,13 +173,17 @@ if (!$torrent) {
 
     err("torrent not registered with this tracker");
 }
-if (!user_can('seebanned', false, $az['id'], $az['class'])) {
-    if ($torrent['banned'] == 'yes') {
+if ($torrent['banned'] == 'yes') {
+    if (!user_can('seebanned', false, $az['id'])) {
         err("torrent banned");
-    } elseif ($torrent['approval_status'] != \App\Models\Torrent::APPROVAL_STATUS_ALLOW && get_setting('torrent.approval_status_none_visible') == 'no') {
+    }
+}
+if ($torrent['approval_status'] != \App\Models\Torrent::APPROVAL_STATUS_ALLOW && get_setting('torrent.approval_status_none_visible') == 'no') {
+    if (!user_can('seebanned', false, $az['id'])) {
         err("torrent review not approved");
     }
 }
+
 // select peers info from peers table for this torrent
 $torrentid = $torrent["id"];
 $numpeers = $torrent["seeders"]+$torrent["leechers"];
diff --git a/public/delete.php b/public/delete.php
index 9b66e804..0db79d51 100644
--- a/public/delete.php
+++ b/public/delete.php
@@ -4,7 +4,7 @@ dbconn();
 require_once(get_langfile_path());
 require_once(get_langfile_path("",true));
 loggedinorreturn();
-
+user_can('torrentmanage', true);
 function bark($msg) {
   global $lang_delete;
   stdhead();
diff --git a/public/details.php b/public/details.php
index f5569865..9864a4f8 100644
--- a/public/details.php
+++ b/public/details.php
@@ -151,7 +151,7 @@ if (!$row) {
             $actions[] = "<a title=\"".$lang_details['title_download_torrent']."\" href=\"download.php?id=".$id."\"><img class=\"dt_download\" src=\"pic/trans.gif\" alt=\"download\" />&nbsp;<b><font class=\"small\">".$lang_details['text_download_torrent']."</font></b></a>";
         }
         if ($owned == 1) {
-            $actions[] = "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" />&nbsp;<b><font class=\"small\">".$lang_details['text_edit_torrent'] . "</font></b></a>";
+            $actions[] = "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" />&nbsp;<b><font class=\"small\">".(user_can('torrentmanage') ? $lang_details['text_edit_and_delete_torrent'] : $lang_details['text_edit_torrent']). "</font></b></a>";
         }
         if (user_can('askreseed') && $row['seeders'] == 0) {
             $actions[] = "<a title=\"".$lang_details['title_ask_for_reseed']."\" href=\"takereseed.php?reseedid=$id\"><img class=\"dt_reseed\" src=\"pic/trans.gif\" alt=\"reseed\">&nbsp;<b><font class=\"small\">".$lang_details['text_ask_for_reseed'] ."</font></b></a>";
diff --git a/public/edit.php b/public/edit.php
index 915ea331..2d99b928 100644
--- a/public/edit.php
+++ b/public/edit.php
@@ -205,21 +205,23 @@ else {
 	print("<tr><td class=\"toolbox\" colspan=\"2\" align=\"center\"><input id=\"qr\" type=\"submit\" value=\"".$lang_edit['submit_edit_it']."\" /> <input type=\"reset\" value=\"".$lang_edit['submit_revert_changes']."\" /></td></tr>\n");
 	print("</table>\n");
 	print("</form>\n");
-	print("<br /><br />");
-	print("<form method=\"post\" action=\"delete.php\">\n");
-	print("<input type=\"hidden\" name=\"id\" value=\"$id\" />\n");
-	if (isset($_GET["returnto"]))
-	print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($_GET["returnto"]) . "\" />\n");
-	print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");
-	print("<tr><td class=\"colhead\" align=\"left\" style='padding-bottom: 3px' colspan=\"2\">".$lang_edit['text_delete_torrent']."</td></tr>");
-	tr("<input name=\"reasontype\" type=\"radio\" value=\"1\" />&nbsp;".$lang_edit['radio_dead'], $lang_edit['text_dead_note'], 1);
-	tr("<input name=\"reasontype\" type=\"radio\" value=\"2\" />&nbsp;".$lang_edit['radio_dupe'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />", 1);
-	tr("<input name=\"reasontype\" type=\"radio\" value=\"3\" />&nbsp;".$lang_edit['radio_nuked'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />", 1);
-	tr("<input name=\"reasontype\" type=\"radio\" value=\"4\" />&nbsp;".$lang_edit['radio_rules'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />".$lang_edit['text_req'], 1);
-	tr("<input name=\"reasontype\" type=\"radio\" value=\"5\" checked=\"checked\" />&nbsp;".$lang_edit['radio_other'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />".$lang_edit['text_req'], 1);
-	print("<tr><td class=\"toolbox\" colspan=\"2\" align=\"center\"><input type=\"submit\" style='height: 25px' value=\"".$lang_edit['submit_delete_it']."\" /></td></tr>\n");
-	print("</table>");
-	print("</form>\n");
+	if (user_can('torrentmanage')) {
+        print("<br /><br />");
+        print("<form method=\"post\" action=\"delete.php\">\n");
+        print("<input type=\"hidden\" name=\"id\" value=\"$id\" />\n");
+        if (isset($_GET["returnto"]))
+            print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($_GET["returnto"]) . "\" />\n");
+        print("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");
+        print("<tr><td class=\"colhead\" align=\"left\" style='padding-bottom: 3px' colspan=\"2\">".$lang_edit['text_delete_torrent']."</td></tr>");
+        tr("<input name=\"reasontype\" type=\"radio\" value=\"1\" />&nbsp;".$lang_edit['radio_dead'], $lang_edit['text_dead_note'], 1);
+        tr("<input name=\"reasontype\" type=\"radio\" value=\"2\" />&nbsp;".$lang_edit['radio_dupe'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />", 1);
+        tr("<input name=\"reasontype\" type=\"radio\" value=\"3\" />&nbsp;".$lang_edit['radio_nuked'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />", 1);
+        tr("<input name=\"reasontype\" type=\"radio\" value=\"4\" />&nbsp;".$lang_edit['radio_rules'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />".$lang_edit['text_req'], 1);
+        tr("<input name=\"reasontype\" type=\"radio\" value=\"5\" checked=\"checked\" />&nbsp;".$lang_edit['radio_other'], "<input type=\"text\" style=\"width: 200px\" name=\"reason[]\" />".$lang_edit['text_req'], 1);
+        print("<tr><td class=\"toolbox\" colspan=\"2\" align=\"center\"><input type=\"submit\" style='height: 25px' value=\"".$lang_edit['submit_delete_it']."\" /></td></tr>\n");
+        print("</table>");
+        print("</form>\n");
+    }
     $json_sticky_series = json_encode(array(4, 6, 12, 24, 36, 48, 72, 168, 360));
     echo <<<EOT
 <script>