summaryrefslogtreecommitdiff
path: root/src/application/actions/updatepost
diff options
context:
space:
mode:
authorJonas Kohl2024-10-10 17:33:13 +0200
committerJonas Kohl2024-10-10 17:33:13 +0200
commit64b1ec0fabbf7328a79a20ff58502ebfa80fad8b (patch)
tree88f2281295b347bdd3beee5bc45f68314f2051dc /src/application/actions/updatepost
parent4ffc399a847ce4f328d4f14adebb48d06ad033f9 (diff)
Break up actions into individual files
Diffstat (limited to 'src/application/actions/updatepost')
-rw-r--r--src/application/actions/updatepost/post.php66
1 files changed, 66 insertions, 0 deletions
diff --git a/src/application/actions/updatepost/post.php b/src/application/actions/updatepost/post.php
new file mode 100644
index 0000000..fb4b58a
--- /dev/null
+++ b/src/application/actions/updatepost/post.php
@@ -0,0 +1,66 @@
+<?php
+
+use mystic\forum\orm\Post;
+use mystic\forum\orm\Topic;
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+
+if (!$currentUser) {
+ http_response_code(403);
+ msg_error(__("You need to be logged in to update posts!"));
+ exit;
+}
+
+$formId = "updatepost";
+$postId = RequestUtils::getRequiredField("post", $formId);
+$message = RequestUtils::getRequiredField("message", $formId);
+
+$item = new Post();
+$item->id = $postId;
+
+if (!$db->fetch($item) || $item->deleted) {
+ http_response_code(404);
+ msg_error(__("No post exists with this id"));
+ exit;
+}
+
+$topicAuthor = new User();
+$topicAuthor->id = $item->authorId;
+
+if (!$db->fetch($topicAuthor))
+ $topicAuthor = null;
+
+$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_POST))
+ || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_POST));
+
+$topic = new Topic();
+$topic->id = $item->topicId;
+
+if (!$db->fetch($topic))
+ $topic = null;
+
+if ($topic->isLocked) {
+ http_response_code(403);
+ msg_error(__("This topic has been locked"));
+ exit;
+}
+
+if (!$canEdit) {
+ http_response_code(403);
+ msg_error(__("You don't have permission to edit this post"));
+ exit;
+}
+
+$confirm = $_POST["confirm"] ?? null;
+
+$item->content = $message;
+$item->edited = true;
+
+if (!$db->update($item)) {
+ http_response_code(500);
+ msg_error(__("Failed to update post"));
+ exit;
+}
+
+header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId) . "#post-" . urlencode($postId));