From 64b1ec0fabbf7328a79a20ff58502ebfa80fad8b Mon Sep 17 00:00:00 2001 From: Jonas Kohl Date: Thu, 10 Oct 2024 17:33:13 +0200 Subject: Break up actions into individual files --- src/application/actions/deletetopic/post.php | 67 ++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 src/application/actions/deletetopic/post.php (limited to 'src/application/actions/deletetopic/post.php') diff --git a/src/application/actions/deletetopic/post.php b/src/application/actions/deletetopic/post.php new file mode 100644 index 0000000..e67cadf --- /dev/null +++ b/src/application/actions/deletetopic/post.php @@ -0,0 +1,67 @@ +id = $topicId; + +if (!$db->fetch($topic)) { + http_response_code(404); + msg_error(__("No topic exists with this id")); + exit; +} + +$topicAuthor = new User(); +$topicAuthor->id = $topic->createdBy; + +if (!$db->fetch($topicAuthor)) + $topicAuthor = null; + +$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_TOPIC)) + || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_TOPIC)); + +if (!$canEdit) { + http_response_code(403); + msg_error(__("You don't have permission to delete this topic")); + exit; +} + +$confirm = $_POST["confirm"] ?? null; +if ($confirm !== null) { + $expectedConfirm = base64_encode(hash("sha256", "confirm" . $topic->id, true)); + if ($confirm !== $expectedConfirm) { + http_response_code(400); + msg_error(__("Invalid confirmation")); + exit; + } + + if (!$db->delete($topic)) { + http_response_code(500); + msg_error(__("Failed to delete topic")); + exit; + } + + header("Location: ."); +} else { + _view("template_start", ["_title" => "Delete topic"]); + _view("template_navigation_start"); + _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]); + _view("template_navigation_end"); + _view("form_delete_topic_confirm", [ + "topic" => $topic, + "topicAuthor" => $topicAuthor, + ]); + _view("template_end", [...getThemeAndLangInfo()]); +} -- cgit v1.2.3