don't allow deletion of specific page versions, fixes #4486

Closes #4486 Merge request studip/studip!3339

don't allow deletion of specific page versions, fixes #4486
69f09111 · Elmar Ludwig · f4917a35 · 69f09111 · 69f09111
Commit 69f09111 authored 6 months ago by Elmar Ludwig
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -308,29 +308,24 @@ class Course_WikiController extends AuthenticatedController
        $this->redirect($this->allpagesURL());
    }

-    public function deleteversion_action(WikiPage $page, $version_id = null)
+    public function deleteversion_action(WikiPage $page)
    {
        if (!Request::isPost() || !$page->isEditable() || !CSRFProtection::verifyRequest()) {
            throw new AccessDeniedException();
        }
-        if ($version_id === null) {
-            $version = $page->versions[0];
-            if ($version) {
-                $page['name'] = $version['name'];
-                $page['content'] = $version['content'];
-                $page['user_id'] = $version['user_id'];
-                $page['chdate'] = $version['mkdate'];
-                $page->store();
-                $version->delete();
-            } else {
-                $page->delete();
-            }
+
+        $version = $page->versions[0];
+        if ($version) {
+            $page['name'] = $version['name'];
+            $page['content'] = $version['content'];
+            $page['user_id'] = $version['user_id'];
+            $page['chdate'] = $version['mkdate'];
+            $page->store();
+            $version->delete();
        } else {
-            $version = WikiVersion::find($version_id);
-            if ($version['page_id'] === $page->id) {
-                $version->delete();
-            }
+            $page->delete();
        }
+
        PageLayout::postSuccess(_('Version wurde gelöscht.'));
        if (Request::get('redirect_to') === 'page') {
            $this->redirect($this->page($page));

--- a/app/views/course/wiki/history.php
+++ b/app/views/course/wiki/history.php
@@ -45,16 +45,6 @@
                <a href="<?= $controller->versiondiff($page) ?>" data-dialog>
                    <?= Icon::create('log')->asImg(['class' => 'text-bottom']) ?>
                </a>
-                <? if ($page->isEditable()) : ?>
-                    <form action="<?= $controller->deleteversion($page) ?>"
-                          method="post"
-                          class="inline"
-                          title="<?= _('Version löschen') ?>"
-                          data-confirm="<?= _('Wirklich diese Version löschen?') ?>">
-                        <?= CSRFProtection::tokenTag() ?>
-                        <?= Icon::create('trash')->asInput() ?>
-                    </form>
-                <? endif ?>
            </td>
        </tr>
        <? foreach ($page->versions as $i => $version) : ?>
@@ -79,16 +69,6 @@
                <a href="<?= $controller->versiondiff($page, $version->id) ?>" data-dialog>
                    <?= Icon::create('log')->asImg(['class' => 'text-bottom']) ?>
                </a>
-                <? if ($page->isEditable()) : ?>
-                    <form action="<?= $controller->deleteversion($page, $version->id) ?>"
-                          method="post"
-                          class="inline"
-                          title="<?= _('Version löschen') ?>"
-                          data-confirm="<?= _('Wirklich diese Version löschen?') ?>">
-                        <?= CSRFProtection::tokenTag() ?>
-                        <?= Icon::create('trash')->asInput() ?>
-                    </form>
-                <? endif ?>
            </td>
        </tr>
        <? endforeach ?>