From 44435b0191204fac5375063c95324645e5cfe6f8 Mon Sep 17 00:00:00 2001
From: Matt Lebofsky <mattl@ssl.berkeley.edu>
Date: Tue, 17 Oct 2006 05:40:33 +0000
Subject: [PATCH] *** empty log message ***

svn path=/trunk/boinc/; revision=11289
---
 html/inc/forum.inc                       | 2 +-
 html/inc/forum_moderators.inc            | 6 ++++--
 html/user/forum_moderate_post_action.php | 4 ++++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/html/inc/forum.inc b/html/inc/forum.inc
index 3ff760f971..d3b98297ef 100644
--- a/html/inc/forum.inc
+++ b/html/inc/forum.inc
@@ -295,7 +295,7 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS
 
     if ($post->getParentPostID()) echo " - in response to <a href=\"forum_thread.php?id=".$thread->getID()."&nowrap=true#".$post->getParentPostID()."\">Message ID ".$post->getParentPostID()."</a>.";
     if ($can_edit && $controls != NO_CONTROLS) echo "&nbsp;<a href=\"forum_edit.php?id=".$post->getID()."\">[Edit this post]</a>";
-    if ($logged_in_user && $logged_in_user->isSpecialUser(S_MODERATOR)) echo post_moderation_links($post); //If user is moderator, show links
+    if ($logged_in_user && $logged_in_user->isSpecialUser(S_MODERATOR)) echo post_moderation_links($post,$logged_in_user->isSpecialUser(S_ADMIN)); //If user is moderator, show links
     if ($post->getModificationTimestamp()) echo "<br>Last modified: ", pretty_time_Str($post->getModificationTimestamp());
     if ($rated_below_threshold && $filter){
         if ($user_is_on_ignorelist) $andtext=" and the user is on your ignore list";
diff --git a/html/inc/forum_moderators.inc b/html/inc/forum_moderators.inc
index 7766b54390..731d90b4bb 100644
--- a/html/inc/forum_moderators.inc
+++ b/html/inc/forum_moderators.inc
@@ -3,14 +3,16 @@
 /** 
  * Show the links for possible moderation actions related to a single post 
  **/
-function post_moderation_links($post){
+function post_moderation_links($post,$admin=0){
     if ($post->isHidden()){
         $x = " - <a href=\"forum_moderate_post_action.php?action=unhide&id=".$post->getID()."\">[undelete post]</a> - ";
     } else {
         $x = " - <a href=\"forum_moderate_post.php?action=hide&id=".$post->getID()."\">[delete post]</a> ";
     }
     $x.= " - <a href=\"forum_moderate_post.php?action=move&id=".$post->getID()."\">[move post]</a>";
-    $x .= " - <a href=forum_moderate_post.php?action=banish_user&id=".$post->getID()."&userid=".$post->getOwnerID().">[banish author]</a>";
+    if ($admin == 1) {
+      $x .= " - <a href=forum_moderate_post.php?action=banish_user&id=".$post->getID()."&userid=".$post->getOwnerID().">[banish author]</a>";
+    }
     return $x;
 }
 
diff --git a/html/user/forum_moderate_post_action.php b/html/user/forum_moderate_post_action.php
index ccc3534f40..5840e31e1f 100644
--- a/html/user/forum_moderate_post_action.php
+++ b/html/user/forum_moderate_post_action.php
@@ -42,6 +42,10 @@ if ($action=="hide"){
     $destination_thread = new Thread(post_int('threadid'));
     $result = $post->move($destination_thread);
 } elseif ($action=="banish_user"){
+    if (!$user->isSpecialUser(S_ADMIN)) {
+      // Can't banish without being administrator
+      error_page("You are not authorized to banish this user.");
+    }
     $userid = get_int('userid');
     $user = newUser($userid);
     if (!$user) {