Merge 9f365e5fa2 into d96bbaf42c

client/themes/default/components/page.vue

@@ -559,11 +559,14 @@ export default {
     tocDecoded () {
       return JSON.parse(Buffer.from(this.toc, 'base64').toString())
     },
+    currentUserId: get('user/id'),
     tocPosition: get('site/tocPosition'),
     hasAdminPermission: get('page/effectivePermissions@system.manage'),
     hasWritePagesPermission: get('page/effectivePermissions@pages.write'),
     hasManagePagesPermission: get('page/effectivePermissions@pages.manage'),
-    hasDeletePagesPermission: get('page/effectivePermissions@pages.delete'),
+    hasDeletePagesPermission() {
+      return get('page/effectivePermissions@pages.delete').call(this) || (this.authorId === this.currentUserId && this.hasWritePagesPermission)
+    },
     hasReadSourcePermission: get('page/effectivePermissions@source.read'),
     hasReadHistoryPermission: get('page/effectivePermissions@history.read'),
     hasAnyPagePermissions () {

server/graph/schemas/page.graphql

@@ -130,7 +130,7 @@ type PageMutation {
 
   delete(
     id: Int!
-  ): DefaultResponse @auth(requires: ["delete:pages", "manage:system"])
+  ): DefaultResponse @auth(requires: ["delete:pages", "write:pages", "manage:system"])
 
   deleteTag(
     id: Int!

server/models/pages.js

@@ -795,10 +795,17 @@ module.exports = class Page extends Model {
     }
 
     // -> Check for page access
-    if (!WIKI.auth.checkAccess(opts.user, ['delete:pages'], {
+    const isTheAuthorAndHasWritePermission = page.authorId === opts.user.id && WIKI.auth.checkAccess(opts.user, ['write:pages'], {
       locale: page.locale,
       path: page.path
-    })) {
+    })
+
+    const hasDeletePermission = WIKI.auth.checkAccess(opts.user, ['delete:pages'], {
+      locale: page.locale,
+      path: page.path
+    })
+
+    if (!isTheAuthorAndHasWritePermission && !hasDeletePermission) {
       throw new WIKI.Error.PageDeleteForbidden()
     }