From e6b39e11dd5aa285406228f0f64cf11c00e7aef4 Mon Sep 17 00:00:00 2001
From: Ben Kibbey <bjk@luxsci.net>
Date: Tue, 9 Sep 2014 21:17:37 -0400
Subject: [PATCH] Check permissions before DELETE.

---
 src/commands.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/commands.c b/src/commands.c
index 40fe76f8..d0deed79 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -1110,22 +1110,32 @@ do_delete (assuan_context_t ctx, char *line)
     {
       if (n)
 	{
-	  rc = unlink_node (n);
-	  xmlFreeNode (n);
+          rc = peer_is_self (client);
+          if (rc == GPG_ERR_EPERM)
+            rc = is_element_owner (client, n);
+
+          if (!rc)
+            {
+              rc = unlink_node (n);
+              xmlFreeNode (n);
+            }
 	}
 
       strv_free (req);
       return rc;
     }
 
-  n =
-    find_elements (client, client->doc, n->children, req + 1, &rc, NULL, NULL, NULL,
-		   0, 0, NULL, 0);
+  n = find_elements (client, client->doc, n->children, req + 1, &rc, NULL,
+                     NULL, NULL, 0, 0, NULL, 0);
   strv_free (req);
   if (!n)
     return rc;
 
-  if (n)
+  rc = peer_is_self (client);
+  if (rc == GPG_ERR_EPERM)
+    rc = is_element_owner (client, n);
+
+  if (!rc)
     {
       rc = unlink_node (n);
       xmlFreeNode (n);
-- 
2.11.4.GIT