[PLUGIN][DeleteNote] Delete Note action implemented
Replaces Note content with a tombstone, removes any attachment relations and decrements their lives (possibly even removing the attachment), and creates the respective activity
This commit is contained in:
@@ -24,13 +24,89 @@ declare(strict_types = 1);
|
||||
namespace Plugin\DeleteNote\Controller;
|
||||
|
||||
use App\Core\Controller;
|
||||
use App\Util\Exception\NotImplementedException;
|
||||
use App\Core\DB\DB;
|
||||
use App\Core\Form;
|
||||
use function App\Core\I18n\_m;
|
||||
use App\Core\Log;
|
||||
use App\Core\Router\Router;
|
||||
use App\Entity\Note;
|
||||
use App\Util\Common;
|
||||
use App\Util\Exception\ClientException;
|
||||
use App\Util\Exception\NoLoggedInUser;
|
||||
use App\Util\Exception\NoSuchNoteException;
|
||||
use App\Util\Exception\RedirectException;
|
||||
use App\Util\Exception\ServerException;
|
||||
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
class DeleteNote extends Controller
|
||||
{
|
||||
/**
|
||||
* Create delete note view
|
||||
* @throws ClientException
|
||||
* @throws NoLoggedInUser
|
||||
* @throws RedirectException
|
||||
* @throws ServerException
|
||||
*/
|
||||
public function __invoke(Request $request)
|
||||
{
|
||||
throw new NotImplementedException;
|
||||
$user = Common::ensureLoggedIn();
|
||||
$note_id = (int) $request->get('note_id');
|
||||
$note = Note::getByPK($note_id);
|
||||
if (\is_null($note) || !$note->isVisibleTo($user)) {
|
||||
throw new NoSuchNoteException();
|
||||
}
|
||||
|
||||
// Only let the original actor delete it
|
||||
// TODO: should be anyone with permissions to do this? Admins and what not
|
||||
$actor = $user->getActor();
|
||||
$actor_id = $actor->getId();
|
||||
if ($note->getActor()->getId() !== $actor_id) {
|
||||
// Log this shenanigans and get the user redirected
|
||||
Log::warning("Actor {$actor_id} attempted to delete note {$note_id} without any permissions to do so)");
|
||||
throw new RedirectException('root');
|
||||
}
|
||||
|
||||
// We made sure that the note can be deleted, lets make the form
|
||||
$form_delete = Form::create([
|
||||
['delete_note', SubmitType::class,
|
||||
[
|
||||
'label' => _m('Delete it'),
|
||||
'attr' => [
|
||||
'title' => _m('Press to delete this note'),
|
||||
],
|
||||
],
|
||||
],
|
||||
]);
|
||||
|
||||
$form_delete->handleRequest($request);
|
||||
if ($form_delete->isSubmitted()) {
|
||||
if (!\is_null(\Plugin\DeleteNote\DeleteNote::deleteNote(note_id: $note_id, actor_id: $actor_id))) {
|
||||
DB::flush();
|
||||
} else {
|
||||
throw new ClientException(_m('Note already deleted!'));
|
||||
}
|
||||
|
||||
// Redirect user to where they came from
|
||||
// Prevent open redirect
|
||||
if (!\is_null($from = $this->string('from'))) {
|
||||
if (Router::isAbsolute($from)) {
|
||||
Log::warning("Actor {$actor_id} attempted to delete to a note and then get redirected to another host, or the URL was invalid ({$from})");
|
||||
throw new ClientException(_m('Can not redirect to outside the website from here'), 400); // 400 Bad request (deceptive)
|
||||
} else {
|
||||
// TODO anchor on element id
|
||||
throw new RedirectException(url: $from);
|
||||
}
|
||||
} else {
|
||||
// If we don't have a URL to return to, go to the instance root
|
||||
throw new RedirectException('root');
|
||||
}
|
||||
}
|
||||
|
||||
return [
|
||||
'_template' => 'delete_note/delete_note.html.twig',
|
||||
'note' => $note,
|
||||
'delete' => $form_delete->createView(),
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user