From eee25272a681ee9f0c411ae884e05235d90ab623 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sun, 2 Nov 2014 23:06:13 +0000
Subject: [PATCH] delete.php: - allow users (non-admins) to use delete.php

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1733 a1433add-5e2c-0410-b055-b7f2511e0802
---
 delete.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/delete.php b/delete.php
index 62296a0b..6d09677b 100644
--- a/delete.php
+++ b/delete.php
@@ -32,11 +32,18 @@ if ( !preg_match('/^[a-z]+$/', $table) || !file_exists("model/$handlerclass.php"
     die ("Invalid table name given!");
 }
 
-$handler = new $handlerclass(0, $username);                                                                                                           
+$is_admin = authentication_has_role('admin');
 
+$handler  = new $handlerclass(0, $username, $is_admin);
 $formconf = $handler->webformConfig();
 
-authentication_require_role($formconf['required_role']);
+if ($is_admin) {
+    authentication_require_role($formconf['required_role']);
+} else {
+    if (empty($formconf['user_hardcoded_field'])) {
+        die($handlerclass . ' is not available for users');
+    }
+}
 
 if ($handler->init($id)) { # errors will be displayed as last step anyway, no need for duplicated code ;-)
     $handler->delete();