[image] enable users to delete own posts

core/util.php

@@ -209,6 +209,19 @@ function get_session_ip(Config $config): string
 }
 
 
+/**
+ * Check if the user is allowed to delete a specific image.
+ */
+function can_delete_image(Image $image): bool
+{
+    global $config, $user;
+    if ($config->get_bool("delete_own_posts") && !$user->is_anonymous() && $image->owner_id == $user->id) {
+        return true;
+    }
+    return $user->can(Permissions::DELETE_IMAGE);
+}
+
+
 /**
  * A shorthand way to send a TextFormattingEvent and get the results.
  */

ext/image/main.php

@@ -88,17 +88,21 @@ public function onPageRequest(PageRequestEvent $event): void
         $thumb_height = $config->get_int(ImageConfig::THUMB_HEIGHT, 192);
         $page->add_html_header(STYLE(":root {--thumb-width: {$thumb_width}px; --thumb-height: {$thumb_height}px;}"));
 
-        if ($event->page_matches("image/delete", method: "POST", permission: Permissions::DELETE_IMAGE)) {
+        if ($event->page_matches("image/delete", method: "POST")) {
             global $page, $user;
             $image = Image::by_id(int_escape($event->req_POST('image_id')));
             if ($image) {
-                send_event(new ImageDeletionEvent($image));
-
-                if ($config->get_string(ImageConfig::ON_DELETE) === ImageConfig::ON_DELETE_NEXT) {
-                    redirect_to_next_image($image, $event->get_GET('search'));
+                if (can_delete_image($image)) {
+                    send_event(new ImageDeletionEvent($image));
+
+                    if ($config->get_string(ImageConfig::ON_DELETE) === ImageConfig::ON_DELETE_NEXT) {
+                        redirect_to_next_image($image, $event->get_GET('search'));
+                    } else {
+                        $page->set_mode(PageMode::REDIRECT);
+                        $page->set_redirect(referer_or(make_link(), ['post/view']));
+                    }
                 } else {
-                    $page->set_mode(PageMode::REDIRECT);
-                    $page->set_redirect(referer_or(make_link(), ['post/view']));
+                    throw new PermissionDenied("Permission Denied: {$user->name} lacks permission");
                 }
             }
         } elseif ($event->page_matches("image/{image_id}/{filename}")) {
@@ -114,7 +118,7 @@ public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event):
     {
         global $user;
 
-        if ($user->can(Permissions::DELETE_IMAGE)) {
+        if (can_delete_image($event->image)) {
             $form = SHM_FORM("image/delete", form_id: "image_delete_form");
             $form->appendChild(emptyHTML(
                 INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $event->image->id]),

ext/user/main.php

@@ -137,6 +137,7 @@ class UserPage extends Extension
     public function onInitExt(InitExtEvent $event): void
     {
         global $config;
+        $config->set_default_bool("delete_own_posts", true);
         $config->set_default_bool("login_signup_enabled", true);
         $config->set_default_int("login_memory", 365);
         $config->set_default_string("avatar_host", "none");
@@ -419,6 +420,7 @@ public function onSetupBuilding(SetupBuildingEvent $event): void
 
         $sb = $event->panel->create_new_block("User Options");
         $sb->start_table();
+        $sb->add_bool_option("delete_own_posts", "Allow deleting own posts", true);
         $sb->add_bool_option(UserConfig::ENABLE_API_KEYS, "Enable user API keys", true);
         $sb->add_bool_option("login_signup_enabled", "Allow new signups", true);
         $sb->add_bool_option("user_email_required", "Require email address", true);