From 862cc3b68ac3588d3a22e0bdf1cc7479a4015d5c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 4 Aug 2019 20:34:15 +0100
Subject: [PATCH] Check that deletions are allowed

---
 daemon.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/daemon.py b/daemon.py
index 101179ce..f9107364 100644
--- a/daemon.py
+++ b/daemon.py
@@ -310,11 +310,12 @@ class PubServer(BaseHTTPRequestHandler):
         outboxUndoLike(self.server.baseDir,self.server.httpPrefix, \
                        self.postToNickname,self.server.domain,self.server.port, \
                        messageJson,self.server.debug)
-        if self.server.debug:
-            print('DEBUG: handle delete requests')
-        outboxDelete(self.server.baseDir,self.server.httpPrefix, \
-                     self.postToNickname,self.server.domain, \
-                     messageJson,self.server.debug)
+        if self.server.allowDeletion:
+            if self.server.debug:
+                print('DEBUG: handle delete requests')        
+            outboxDelete(self.server.baseDir,self.server.httpPrefix, \
+                         self.postToNickname,self.server.domain, \
+                         messageJson,self.server.debug)
         if self.server.debug:
             print('DEBUG: handle block requests')
         outboxBlock(self.server.baseDir,self.server.httpPrefix, \
@@ -792,7 +793,7 @@ class PubServer(BaseHTTPRequestHandler):
             return
 
         # delete a post from the web interface icon
-        if authorized and '?delete=' in self.path:
+        if authorized and self.server.allowDeletion and '?delete=' in self.path:
             deleteUrl=self.path.split('?delete=')[1]
             actor=self.path.split('?delete=')[0]
             if actor not in deleteUrl: