<?php

use mystic\forum\orm\Topic;
use mystic\forum\orm\User;
use mystic\forum\orm\UserPermissions;
use mystic\forum\utils\RequestUtils;

if (!$currentUser) {
    http_response_code(403);
    msg_error(__("You need to be logged in to delete topics!"));
    exit;
}

$formId = "deletetopic";
$topicId = RequestUtils::getRequiredField("topic", $formId);

$topic = new Topic();
$topic->id = $topicId;

if (!$db->fetch($topic)) {
    http_response_code(404);
    msg_error(__("No topic exists with this id"));
    exit;
}

$topicAuthor = new User();
$topicAuthor->id = $topic->createdBy;

if (!$db->fetch($topicAuthor))
    $topicAuthor = null;

$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_TOPIC))
          || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_TOPIC));

if (!$canEdit) {
    http_response_code(403);
    msg_error(__("You don't have permission to delete this topic"));
    exit;
}

$confirm = $_POST["confirm"] ?? null;
if ($confirm !== null) {
    $expectedConfirm = base64_encode(hash("sha256", "confirm" . $topic->id, true));
    if ($confirm !== $expectedConfirm) {
        http_response_code(400);
        msg_error(__("Invalid confirmation"));
        exit;
    }

    if (!$db->delete($topic)) {
        http_response_code(500);
        msg_error(__("Failed to delete topic"));
        exit;
    }

    header("Location: .");
} else {
    _view("template_start", ["_title" => "Delete topic"]);
    _view("template_navigation_start");
    _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
    _view("template_navigation_end");
    _view("form_delete_topic_confirm", [
        "topic" => $topic,
        "topicAuthor" => $topicAuthor,
    ]);
    _view("template_end", [...getThemeAndLangInfo()]);
}