don't allow deletion of specific page versions, fixes #4486

Closes #4486

Merge request studip/studip!3339

2 files changed, 12 insertions, 37 deletions

diff --git a/app/controllers/course/wiki.php b/app/controllers/course/wiki.php
index 6bfa0ce..cf87b08 100644
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -308,29 +308,24 @@ class Course_WikiController extends AuthenticatedController
         $this->redirect($this->allpagesURL());
     }
 
-    public function deleteversion_action(WikiPage $page, $version_id = null)
+    public function deleteversion_action(WikiPage $page)
     {
         if (!Request::isPost() || !$page->isEditable() || !CSRFProtection::verifyRequest()) {
             throw new AccessDeniedException();
         }
-        if ($version_id === null) {
-            $version = $page->versions[0];
-            if ($version) {
-                $page['name'] = $version['name'];
-                $page['content'] = $version['content'];
-                $page['user_id'] = $version['user_id'];
-                $page['chdate'] = $version['mkdate'];
-                $page->store();
-                $version->delete();
-            } else {
-                $page->delete();
-            }
+
+        $version = $page->versions[0];
+        if ($version) {
+            $page['name'] = $version['name'];
+            $page['content'] = $version['content'];
+            $page['user_id'] = $version['user_id'];
+            $page['chdate'] = $version['mkdate'];
+            $page->store();
+            $version->delete();
         } else {
-            $version = WikiVersion::find($version_id);
-            if ($version['page_id'] === $page->id) {
-                $version->delete();
-            }
+            $page->delete();
         }
+
         PageLayout::postSuccess(_('Version wurde gelöscht.'));
         if (Request::get('redirect_to') === 'page') {
             $this->redirect($this->page($page));
diff --git a/app/views/course/wiki/history.php b/app/views/course/wiki/history.php
index cbd324d..81fde59 100644
--- a/app/views/course/wiki/history.php
+++ b/app/views/course/wiki/history.php
@@ -45,16 +45,6 @@
                 <a href="<?= $controller->versiondiff($page) ?>" data-dialog>
                     <?= Icon::create('log')->asImg(['class' => 'text-bottom']) ?>
                 </a>
-                <? if ($page->isEditable()) : ?>
-                    <form action="<?= $controller->deleteversion($page) ?>"
-                          method="post"
-                          class="inline"
-                          title="<?= _('Version löschen') ?>"
-                          data-confirm="<?= _('Wirklich diese Version löschen?') ?>">
-                        <?= CSRFProtection::tokenTag() ?>
-                        <?= Icon::create('trash')->asInput() ?>
-                    </form>
-                <? endif ?>
             </td>
         </tr>
         <? foreach ($page->versions as $i => $version) : ?>
@@ -79,16 +69,6 @@
                 <a href="<?= $controller->versiondiff($page, $version->id) ?>" data-dialog>
                     <?= Icon::create('log')->asImg(['class' => 'text-bottom']) ?>
                 </a>
-                <? if ($page->isEditable()) : ?>
-                    <form action="<?= $controller->deleteversion($page, $version->id) ?>"
-                          method="post"
-                          class="inline"
-                          title="<?= _('Version löschen') ?>"
-                          data-confirm="<?= _('Wirklich diese Version löschen?') ?>">
-                        <?= CSRFProtection::tokenTag() ?>
-                        <?= Icon::create('trash')->asInput() ?>
-                    </form>
-                <? endif ?>
             </td>
         </tr>
         <? endforeach ?>