From 4b2eefb7120a5efbbf1779d01500e45b9390813c Mon Sep 17 00:00:00 2001
From: Janos SUTO <sj@acts.hu>
Date: Tue, 16 Jul 2019 21:31:48 +0200
Subject: [PATCH] prototype of message removal

Signed-off-by: Janos SUTO <sj@acts.hu>
---
 webui/controller/audit/removal.php            |  4 +-
 webui/controller/message/remove.php           | 51 +++++++++++++++++++
 .../theme/default/templates/audit/removal.tpl | 25 ++++++---
 .../theme/default/templates/audit/remove.tpl  |  6 +++
 4 files changed, 76 insertions(+), 10 deletions(-)
 create mode 100644 webui/controller/message/remove.php
 create mode 100644 webui/view/theme/default/templates/audit/remove.tpl

diff --git a/webui/controller/audit/removal.php b/webui/controller/audit/removal.php
index fe89fa52..8fd79734 100644
--- a/webui/controller/audit/removal.php
+++ b/webui/controller/audit/removal.php
@@ -7,14 +7,14 @@ class ControllerAuditRemoval extends Controller {
 
       $this->id = "content";
       $this->template = "audit/removal.tpl";
-      $this->layout = "common/layout-audit";
+      $this->layout = "common/layout";
 
       $request = Registry::get('request');
       $db = Registry::get('db');
 
       $this->load->model('audit/removal');
 
-      if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0) {
+      if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0 && Registry::get('data_officer') == 0) {
          die("go away");
       }
 
diff --git a/webui/controller/message/remove.php b/webui/controller/message/remove.php
new file mode 100644
index 00000000..9319b6d7
--- /dev/null
+++ b/webui/controller/message/remove.php
@@ -0,0 +1,51 @@
+<?php
+
+
+class ControllerMessageRemove extends Controller {
+
+   public function index(){
+
+      $this->id = "content";
+      $this->template = "message/bulkremove.tpl";
+      $this->layout = "common/layout-empty";
+
+      $session = Registry::get('session');
+      $request = Registry::get('request');
+      $db = Registry::get('db');
+
+      $this->load->model('search/search');
+      $this->load->model('search/message');
+      $this->load->model('user/user');
+
+      $this->document->title = $this->data['text_message'];
+
+      if(!isset($this->request->get['id']) || $this->request->get['id'] == '') { die("no id parameter given"); }
+      if(!isset($this->request->get['confirmed']) || $this->request->get['confirmed'] != 1) { die("not confirmed"); }
+
+      $id = (int)$this->request->get['id'];
+
+      // FIXME: For the moment data officer has no permission to see the message
+      if(!$this->model_search_search->check_your_permission_by_id($id)) {
+         die("no permission for $id");
+      }
+
+      $this->data['username'] = Registry::get('username');
+
+      if(Registry::get('data_officer') == 0) {
+         die("go away");
+      }
+
+      // Shouldn't we ask for a token or something as well?
+
+      AUDIT(ACTION_REMOVE_MESSAGE, '', '', $id, '');
+      $db->query("UPDATE " . TABLE_META . " SET retained=? WHERE id=?", [NOW, $id]);
+      $db->query("UPDATE " . TABLE_DELETED . " SET deleted=1 WHERE id=?", [$id]);
+      syslog(LOG_INFO, $this->data['username'] . " removed message: $id");
+
+      $this->data['x'] = $this->data['text_successfully_removed'];
+
+      $this->render();
+   }
+
+
+}
diff --git a/webui/view/theme/default/templates/audit/removal.tpl b/webui/view/theme/default/templates/audit/removal.tpl
index e2debc75..a91d4107 100644
--- a/webui/view/theme/default/templates/audit/removal.tpl
+++ b/webui/view/theme/default/templates/audit/removal.tpl
@@ -1,5 +1,16 @@
-<div id="sspinner" class="alert alert-info lead"><i class="icon-spinner icon-spin icon-2x pull-left"></i><?php print $text_working; ?></div>
-<div id="resultscontainer"  class="boxlistcontent<?php if($n <= 0) { ?> empty<?php } ?>" >
+<div id="deleteconfirm-modal" class="modal hide fade">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal" role="dialog" aria-hidden="true"><i class="icon-remove"></i></button>
+    <h3><?php print $text_confirm; ?> <?php print $text_delete; ?></h3>
+  </div>
+  <div class="modal-body">
+    <p>Remove message <span id="name">ERROR</span>?</p>
+  </div>
+  <div class="modal-footer">
+    <a href="#" class="btn" data-dismiss="modal" aria-hidden="true"><?php print $text_close; ?></a>
+    <a href="index.php?route=message/remove&amp;id=Error&amp;confirmed=0" class="btn btn-primary" id="id"><?php print $text_delete; ?></a>
+  </div>
+</div>
 
    <table id="resultstable" class="table table-striped table-condensed">
     <thead id="resultstop">
@@ -25,7 +36,9 @@
           <th class="auditcell ref header">
              <?php print $text_ref; ?>
           </th>
-
+          <th class="auditcell removal header">
+             &nbsp;
+          </th>
        </tr>
     </thead>
    
@@ -38,14 +51,10 @@
             <td class="auditcell date"><?php print $d['deleted']; ?></td>
             <td class="auditcell ip"><?php print $d['reason']; ?></td>
             <td class="auditcell ref"><?php if($d['deleted'] == 0) { ?><a href="#" onclick="Piler.view_message(<?php print $d['id']; ?>);"><?php } print $d['id']; if($d['deleted'] == 0) { ?></a><?php } ?></td>
+            <td class="auditcell aaa"><a href="#" class="confirm-delete" data-id="<?php print $d['id']; ?>" data-name="<?php print $d['id']; ?>"><i class="icon-remove-sign"></i>&nbsp;<?php print $text_remove; ?></a></td>
          </tr>
 <?php } ?>
 
     </tbody>
    </table>
 
-</div>
-
-
-<!--div id="messagelistfooter" class="boxfooter">
-</div-->
diff --git a/webui/view/theme/default/templates/audit/remove.tpl b/webui/view/theme/default/templates/audit/remove.tpl
new file mode 100644
index 00000000..9aace2d3
--- /dev/null
+++ b/webui/view/theme/default/templates/audit/remove.tpl
@@ -0,0 +1,6 @@
+<div>
+
+<div class="alert alert-success"><?php print $x; ?>.</div>
+<p><a href="index.php?route=audit/removal"><i class="icon-circle-arrow-left"></i>&nbsp;<?php print $text_back; ?></a></p>
+
+</div>