summaryrefslogtreecommitdiff
path: root/src/application/actions/deletepost/post.php
blob: b711021a8f2c3fbb358621ebcb57e0362e2fe291 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

<?php

use mystic\forum\orm\Attachment;
use mystic\forum\orm\Post;
use mystic\forum\orm\Topic;
use mystic\forum\orm\User;
use mystic\forum\orm\UserPermissions;
use mystic\forum\utils\RequestUtils;

if (!$currentUser) {
    http_response_code(403);
    msg_error("You need to be logged in to delete posts!");
    exit;
}
$formId = "deletepost";
$postId = RequestUtils::getRequiredField("post", $formId);

$item = new Post();
$item->id = $postId;

if (!$db->fetch($item) || $item->deleted) {
    http_response_code(404);
    msg_error("No post exists with this id");
    exit;
}

$topicAuthor = new User();
$topicAuthor->id = $item->authorId;

if (!$db->fetch($topicAuthor))
    $topicAuthor = null;

$topic = new Topic();
$topic->id = $item->topicId;

if (!$db->fetch($topic))
    $topic = null;

$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::DELETE_OWN_POST))
          || ($currentUser->hasPermission(UserPermissions::DELETE_OTHER_POST));

if (!$canEdit) {
    http_response_code(403);
    msg_error("You don't have permission to delete this post");
    exit;
}

$attachments = $db->fetchCustom(Attachment::class, 'WHERE post_id = $1', [ $item->id ]);

$confirm = $_POST["confirm"] ?? null;
if ($confirm !== null) {
    $expectedConfirm = base64_encode(hash("sha256", "confirm" . $item->id, true));
    if ($confirm !== $expectedConfirm) {
        http_response_code(400);
        msg_error("Invalid confirmation");
        exit;
    }

    $item->deleted = true;
    $item->content = "";

    if (!$db->update($item)) {
        http_response_code(500);
        msg_error("Failed to delete post");
        exit;
    }
    
    foreach ($attachments as $attachment) {
        if (!$db->delete($attachment)) {
            http_response_code(500);
            msg_error("Failed to delete attachment");
            exit;
        }
    }

    header("Location: ?_action=viewtopic&topic=" . urlencode($item->topicId));
} else {
    _view("template_start", ["_title" => __("Delete post")]);
    _view("template_navigation_start");
    _view("template_navigation", ["user" => RequestUtils::getAuthorizedUser($db)]);
    _view("template_navigation_end");
    _view("form_delete_post_confirm", [
        "post" => $item,
        "postAuthor" => $topicAuthor,
        "topicAuthor" => null,
        "attachments" => $attachments,
        "topic" => $topic,
    ]);
    _view("template_end", [...getThemeAndLangInfo()]);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 10:03:55 +0000