diff options
Diffstat (limited to 'src/application/actions/deletepost/post.php')
| -rw-r--r-- | src/application/actions/deletepost/post.php | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/src/application/actions/deletepost/post.php b/src/application/actions/deletepost/post.php new file mode 100644 index 0000000..b711021 --- /dev/null +++ b/src/application/actions/deletepost/post.php @@ -0,0 +1,90 @@ +<?php + +use mystic\forum\orm\Attachment; +use mystic\forum\orm\Post; +use mystic\forum\orm\Topic; +use mystic\forum\orm\User; +use mystic\forum\orm\UserPermissions; +use mystic\forum\utils\RequestUtils; + +if (!$currentUser) { + http_response_code(403); + msg_error("You need to be logged in to delete posts!"); + exit; +} +$formId = "deletepost"; +$postId = RequestUtils::getRequiredField("post", $formId); + +$item = new Post(); +$item->id = $postId; + +if (!$db->fetch($item) || $item->deleted) { + http_response_code(404); + msg_error("No post exists with this id"); + exit; +} + +$topicAuthor = new User(); +$topicAuthor->id = $item->authorId; + +if (!$db->fetch($topicAuthor)) + $topicAuthor = null; + +$topic = new Topic(); +$topic->id = $item->topicId; + +if (!$db->fetch($topic)) + $topic = null; + +$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST)) + || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST)); + +if (!$canEdit) { + http_response_code(403); + msg_error("You don't have permission to delete this post"); + exit; +} + +$attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $item->id ]); + +$confirm = $_POST["confirm"] ?? null; +if ($confirm !== null) { + $expectedConfirm = base64_encode(hash("sha256", "confirm" . $item->id, true)); + if ($confirm !== $expectedConfirm) { + http_response_code(400); + msg_error("Invalid confirmation"); + exit; + } + + $item->deleted = true; + $item->content = ""; + + if (!$db->update($item)) { + http_response_code(500); + msg_error("Failed to delete post"); + exit; + } + + foreach ($attachments as $attachment) { + if (!$db->delete($attachment)) { + http_response_code(500); + msg_error("Failed to delete attachment"); + exit; + } + } + + header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId)); +} else { + _view("template_start", ["_title" => __("Delete post")]); + _view("template_navigation_start"); + _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]); + _view("template_navigation_end"); + _view("form_delete_post_confirm", [ + "post" => $item, + "postAuthor" => $topicAuthor, + "topicAuthor" => null, + "attachments" => $attachments, + "topic" => $topic, + ]); + _view("template_end", [...getThemeAndLangInfo()]); +} |