From 64b1ec0fabbf7328a79a20ff58502ebfa80fad8b Mon Sep 17 00:00:00 2001
From: Jonas Kohl
Date: Thu, 10 Oct 2024 17:33:13 +0200
Subject: Break up actions into individual files

---
 src/application/actions/deletepost/post.php | 90 +++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 src/application/actions/deletepost/post.php

(limited to 'src/application/actions/deletepost')

diff --git a/src/application/actions/deletepost/post.php b/src/application/actions/deletepost/post.php
new file mode 100644
index 0000000..b711021
--- /dev/null
+++ b/src/application/actions/deletepost/post.php
@@ -0,0 +1,90 @@
+<?php
+
+use mystic\forum\orm\Attachment;
+use mystic\forum\orm\Post;
+use mystic\forum\orm\Topic;
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+
+if (!$currentUser) {
+    http_response_code(403);
+    msg_error("You need to be logged in to delete posts!");
+    exit;
+}
+$formId = "deletepost";
+$postId = RequestUtils::getRequiredField("post", $formId);
+
+$item = new Post();
+$item->id = $postId;
+
+if (!$db->fetch($item) || $item->deleted) {
+    http_response_code(404);
+    msg_error("No post exists with this id");
+    exit;
+}
+
+$topicAuthor = new User();
+$topicAuthor->id = $item->authorId;
+
+if (!$db->fetch($topicAuthor))
+    $topicAuthor = null;
+
+$topic = new Topic();
+$topic->id = $item->topicId;
+
+if (!$db->fetch($topic))
+    $topic = null;
+
+$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
+          || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST));
+
+if (!$canEdit) {
+    http_response_code(403);
+    msg_error("You don't have permission to delete this post");
+    exit;
+}
+
+$attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $item->id ]);
+
+$confirm = $_POST["confirm"] ?? null;
+if ($confirm !== null) {
+    $expectedConfirm = base64_encode(hash("sha256", "confirm" . $item->id, true));
+    if ($confirm !== $expectedConfirm) {
+        http_response_code(400);
+        msg_error("Invalid confirmation");
+        exit;
+    }
+
+    $item->deleted = true;
+    $item->content = "";
+
+    if (!$db->update($item)) {
+        http_response_code(500);
+        msg_error("Failed to delete post");
+        exit;
+    }
+    
+    foreach ($attachments as $attachment) {
+        if (!$db->delete($attachment)) {
+            http_response_code(500);
+            msg_error("Failed to delete attachment");
+            exit;
+        }
+    }
+
+    header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId));
+} else {
+    _view("template_start", ["_title" => __("Delete post")]);
+    _view("template_navigation_start");
+    _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
+    _view("template_navigation_end");
+    _view("form_delete_post_confirm", [
+        "post" => $item,
+        "postAuthor" => $topicAuthor,
+        "topicAuthor" => null,
+        "attachments" => $attachments,
+        "topic" => $topic,
+    ]);
+    _view("template_end", [...getThemeAndLangInfo()]);
+}
-- 
cgit v1.2.3