mirror of
https://bitbucket.org/jsuto/piler.git
synced 2025-06-13 01:37:02 +02:00
Janos SUTO
51
webui/controller/message/remove.php
Normal file
51
webui/controller/message/remove.php
Normal file
@ -0,0 +1,51 @@
|
||||
<?php
|
||||
|
||||
|
||||
class ControllerMessageRemove extends Controller {
|
||||
|
||||
public function index(){
|
||||
|
||||
$this->id = "content";
|
||||
$this->template = "message/bulkremove.tpl";
|
||||
$this->layout = "common/layout-empty";
|
||||
|
||||
$session = Registry::get('session');
|
||||
$request = Registry::get('request');
|
||||
$db = Registry::get('db');
|
||||
|
||||
$this->load->model('search/search');
|
||||
$this->load->model('search/message');
|
||||
$this->load->model('user/user');
|
||||
|
||||
$this->document->title = $this->data['text_message'];
|
||||
|
||||
if(!isset($this->request->get['id']) || $this->request->get['id'] == '') { die("no id parameter given"); }
|
||||
if(!isset($this->request->get['confirmed']) || $this->request->get['confirmed'] != 1) { die("not confirmed"); }
|
||||
|
||||
$id = (int)$this->request->get['id'];
|
||||
|
||||
// FIXME: For the moment data officer has no permission to see the message
|
||||
if(!$this->model_search_search->check_your_permission_by_id($id)) {
|
||||
die("no permission for $id");
|
||||
}
|
||||
|
||||
$this->data['username'] = Registry::get('username');
|
||||
|
||||
if(Registry::get('data_officer') == 0) {
|
||||
die("go away");
|
||||
}
|
||||
|
||||
// Shouldn't we ask for a token or something as well?
|
||||
|
||||
AUDIT(ACTION_REMOVE_MESSAGE, '', '', $id, '');
|
||||
$db->query("UPDATE " . TABLE_META . " SET retained=? WHERE id=?", [NOW, $id]);
|
||||
$db->query("UPDATE " . TABLE_DELETED . " SET deleted=1 WHERE id=?", [$id]);
|
||||
syslog(LOG_INFO, $this->data['username'] . " removed message: $id");
|
||||
|
||||
$this->data['x'] = $this->data['text_successfully_removed'];
|
||||
|
||||
$this->render();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user