summaryrefslogtreecommitdiff
path: root/src/application/actions/deletetopic/post.php
diff options
context:
space:
mode:
authorJonas Kohl2024-10-10 17:33:13 +0200
committerJonas Kohl2024-10-10 17:33:13 +0200
commit64b1ec0fabbf7328a79a20ff58502ebfa80fad8b (patch)
tree88f2281295b347bdd3beee5bc45f68314f2051dc /src/application/actions/deletetopic/post.php
parent4ffc399a847ce4f328d4f14adebb48d06ad033f9 (diff)
Break up actions into individual files
Diffstat (limited to 'src/application/actions/deletetopic/post.php')
-rw-r--r--src/application/actions/deletetopic/post.php67
1 files changed, 67 insertions, 0 deletions
diff --git a/src/application/actions/deletetopic/post.php b/src/application/actions/deletetopic/post.php
new file mode 100644
index 0000000..e67cadf
--- /dev/null
+++ b/src/application/actions/deletetopic/post.php
@@ -0,0 +1,67 @@
+<?php
+
+use mystic\forum\orm\Topic;
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+
+if (!$currentUser) {
+ http_response_code(403);
+ msg_error(__("You need to be logged in to delete topics!"));
+ exit;
+}
+
+$formId = "deletetopic";
+$topicId = RequestUtils::getRequiredField("topic", $formId);
+
+$topic = new Topic();
+$topic->id = $topicId;
+
+if (!$db->fetch($topic)) {
+ http_response_code(404);
+ msg_error(__("No topic exists with this id"));
+ exit;
+}
+
+$topicAuthor = new User();
+$topicAuthor->id = $topic->createdBy;
+
+if (!$db->fetch($topicAuthor))
+ $topicAuthor = null;
+
+$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_TOPIC))
+ || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_TOPIC));
+
+if (!$canEdit) {
+ http_response_code(403);
+ msg_error(__("You don't have permission to delete this topic"));
+ exit;
+}
+
+$confirm = $_POST["confirm"] ?? null;
+if ($confirm !== null) {
+ $expectedConfirm = base64_encode(hash("sha256", "confirm" . $topic->id, true));
+ if ($confirm !== $expectedConfirm) {
+ http_response_code(400);
+ msg_error(__("Invalid confirmation"));
+ exit;
+ }
+
+ if (!$db->delete($topic)) {
+ http_response_code(500);
+ msg_error(__("Failed to delete topic"));
+ exit;
+ }
+
+ header("Location: .");
+} else {
+ _view("template_start", ["_title" => "Delete topic"]);
+ _view("template_navigation_start");
+ _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
+ _view("template_navigation_end");
+ _view("form_delete_topic_confirm", [
+ "topic" => $topic,
+ "topicAuthor" => $topicAuthor,
+ ]);
+ _view("template_end", [...getThemeAndLangInfo()]);
+}