From 9a1dbee0fdd1f586512e4517a5abb7898501bc11 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Thu, 1 Oct 2009 17:35:28 -0700
Subject: [PATCH] A new action for /statuses/destroy

---
 actions/apidestroy.php | 152 +++++++++++++++++++++++++++++++++++++++++
 actions/apiupdate.php  |   4 +-
 lib/router.php         |  15 ++--
 3 files changed, 164 insertions(+), 7 deletions(-)
 create mode 100644 actions/apidestroy.php

diff --git a/actions/apidestroy.php b/actions/apidestroy.php
new file mode 100644
index 0000000000..a3b6bf65e8
--- /dev/null
+++ b/actions/apidestroy.php
@@ -0,0 +1,152 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Destroy a notice through the API
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category  API
+ * @package   StatusNet
+ * @author    Zach Copley <zach@status.net>
+ * @copyright 2009 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link      http://status.net/
+ */
+
+if (!defined('STATUSNET')) {
+    exit(1);
+}
+
+require_once INSTALLDIR.'/lib/apiauth.php';
+
+/**
+ * Deletes one of the authenticating user's statuses (notices).
+ *
+ * @category API
+ * @package  StatusNet
+ * @author   Zach Copley <zach@status.net>
+ * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link     http://status.net/
+ */
+
+class ApiDestroyAction extends ApiAuthAction
+{
+
+    var $user                  = null;
+    var $status                = null;
+    var $format                = null;
+
+    /**
+     * Take arguments for running
+     *
+     * @param array $args $_REQUEST args
+     *
+     * @return boolean success flag
+     *
+     */
+
+    function prepare($args)
+    {
+        parent::prepare($args);
+
+        if ($this->requiresAuth()) {
+            if ($this->checkBasicAuthUser() == false) {
+                return false;
+            }
+        }
+
+        $this->user = $this->auth_user;
+        $this->notice_id = (int)$this->trimmed('id');
+
+        if (empty($notice_id)) {
+            $this->notice_id = (int)$this->arg('id');
+        }
+
+        $this->format = $this->arg('format');
+        $this->notice = Notice::staticGet((int)$this->notice_id);
+
+        return true;
+     }
+
+    /**
+     * Handle the request
+     *
+     * Delete the notice and all related replies
+     *
+     * @param array $args $_REQUEST data (unused)
+     *
+     * @return void
+     */
+
+    function handle($args)
+    {
+        parent::handle($args);
+
+        if (!in_array($this->format, array('xml', 'json'))) {
+             $this->clientError(_('API method not found!'), $code = 404);
+             return;
+        }
+
+         if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
+             $this->clientError(_('This method requires a POST or DELETE.'),
+                 400, $this->format);
+             return;
+         }
+
+         if (empty($this->notice)) {
+             $this->clientError(_('No status found with that ID.'),
+                 404, $this->format);
+             return;
+         }
+
+         if ($this->user->id == $this->notice->profile_id) {
+             $replies = new Reply;
+             $replies->get('notice_id', $this->notice_id);
+             $replies->delete();
+             $this->notice->delete();
+
+             if ($this->format == 'xml') {
+                 $this->show_single_xml_status($this->notice);
+             } elseif ($this->format == 'json') {
+                 $this->show_single_json_status($this->notice);
+             }
+         } else {
+             $this->clientError(_('You may not delete another user\'s status.'),
+                 403, $this->format);
+         }
+
+        $this->showNotice();
+    }
+
+    /**
+     * Show the deleted notice
+     *
+     * @return void
+     */
+
+    function showNotice()
+    {
+        if (!empty($this->notice)) {
+            if ($this->format == 'xml') {
+                $this->show_single_xml_status($this->notice);
+            } elseif ($this->format == 'json') {
+                $this->show_single_json_status($this->notice);
+            }
+        }
+    }
+
+}
diff --git a/actions/apiupdate.php b/actions/apiupdate.php
index 9ce208f656..04a38f3f87 100644
--- a/actions/apiupdate.php
+++ b/actions/apiupdate.php
@@ -31,7 +31,7 @@ if (!defined('STATUSNET')) {
     exit(1);
 }
 
-require_once INSTALLDIR.'/lib/apibareauth.php';
+require_once INSTALLDIR.'/lib/apiauth.php';
 
 /**
  * Updates the authenticating user's status (posts a notice).
@@ -109,7 +109,7 @@ class ApiUpdateAction extends ApiAuthAction
     /**
      * Handle the request
      *
-     * Just show the notices
+     * Make a new notice for the update, save it, and show it
      *
      * @param array $args $_REQUEST data (unused)
      *
diff --git a/lib/router.php b/lib/router.php
index 3de4e322f9..5c9513f570 100644
--- a/lib/router.php
+++ b/lib/router.php
@@ -342,17 +342,22 @@ class Router
 
         $m->connect('api/statuses/show/:id.:format',
                     array('action' => 'ApiShow',
-                          'id' => '[a-zA-Z0-9]+',
+                          'id' => '[0-9]+',
                           'format' => '(xml|json)'));
 
         $m->connect('api/statuses/update.:format',
                     array('action' => 'ApiUpdate',
                           'format' => '(xml|json)'));
 
-        $m->connect('api/statuses/:method/:argument',
-                    array('action' => 'api',
-                          'apiaction' => 'statuses'),
-                    array('method' => 'destroy'));
+        $m->connect('api/statuses/destroy.:format',
+                  array('action' => 'ApiDestroy',
+                        'format' => '(xml|json)'));
+
+        $m->connect('api/statuses/destroy/:id.:format',
+                  array('action' => 'ApiDestroy',
+                        'id' => '[0-9]+',
+                        'format' => '(xml|json)'));
+
 
         // users