public function remove($id) { try { $user = User::find(Session::uid()); if (!$user->getId()) { throw new Exception('Not enough rights'); } $file = new File(); $file->findFileById($id); if ($file->getWorkitem()) { $workitem = WorkItem::getById($file->getWorkitem()); $userInvolved = $user->getId() == $file->getUserid() || $user->getId() == $workitem->getCreatorId() || $user->getId() == $workitem->getMechanicId() || $user->getId() == $workitem->getRunnerId(); } else { $userInvolved = false; } if (!$user->isRunner() && !$user->isPayer() && !$userInvolved) { throw new Exception('Permission denied'); } $success = $file->remove(); return $this->setOutput(array('success' => true, 'message' => 'Attachment removed')); } catch (Exception $e) { return $this->setOutput(array('success' => false, 'message' => $e->getMessage())); } }