/** * @method POST */ function post() { // get token $token = Utilities::ValidateJWTToken(apache_request_headers()); // check if token is not null if ($token != NULL) { $user = User::GetByUserId($token->UserId); $site = Site::GetBySiteId($token->SiteId); // creates an access object $access = Utilities::SetAccess($user); parse_str($this->request->data, $request); // parse request $pageId = $request['pageId']; $page = Page::GetByPageId($pageId); // check permissions if (Utilities::CanPerformAction($page['PageTypeId'], $access['CanEdit']) == false) { return new Tonic\Response(Tonic\Response::BADREQUEST); } // make sure page is part of the site if ($page['SiteId'] == $site['SiteId']) { // get file location $path = SITES_LOCATION . '/' . $site['FriendlyId'] . '/'; $static_path = SITES_LOCATION . '/' . $site['FriendlyId'] . '/'; // default is root $pageTypeId = -1; // set file $file = $page['FriendlyId'] . '.html'; // set file if ($page['PageTypeId'] != -1) { $pageType = PageType::GetByPageTypeId($page['PageTypeId']); if ($pageType != NULL) { $pageTypeId = $pageType['PageTypeId']; $file = $pageType['FriendlyId'] . '.' . $page['FriendlyId'] . '.html'; $static_path = $static_file . $pageType['FriendlyId'] . '/'; } } // check permissions if (Utilities::CanPerformAction($pageTypeId, $access['CanRemove']) == false) { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } // set template $template = $path . 'templates/page/' . $file; // remove template if (file_exists($template)) { unlink($template); } $static_file = $static_path . $file; // remove static file if it exists if (file_exists($static_file)) { unlink($static_file); } // remove page from the DB Page::Remove($pageId); return new Tonic\Response(Tonic\Response::OK); } else { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } } else { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } }
/** * @method DELETE */ function remove($pageUniqId) { // get an authuser $authUser = new AuthUser(); if (isset($authUser->UserUniqId)) { // check if authorized $site = Site::GetBySiteId($authUser->SiteId); $page = Page::GetByPageUniqId($pageUniqId); // make sure the user is part of the site (or is a superadmin) if ($authUser->IsSuperAdmin == false && $authUser->SiteId != $page['SiteId']) { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } // make sure page is part of the site if ($page['SiteId'] == $site['SiteId']) { // get file location $path = '../sites/' . $site['FriendlyId'] . '/'; // set draft, publish, render locations $draft = $path . 'fragments/draft/' . $page['PageUniqId'] . '.html'; $publish = $path . 'fragments/publish/' . $page['PageUniqId'] . '.html'; $render = $path . 'fragments/render/' . $page['PageUniqId'] . '.php'; // default is root $pageTypeUniqId = -1; // determine if file is in sub-direcotry if ($page['PageTypeId'] != -1) { $pageType = PageType::GetByPageTypeId($page['PageTypeId']); $path = '../sites/' . $site['FriendlyId'] . '/' . $pageType['FriendlyId'] . '/'; // set page type $pageTypeUniqId = $pageType['PageTypeUniqId']; } // check permissions if (Utilities::CanPerformAction($pageTypeUniqId, $authUser->CanRemove) == false) { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } // set file $file = $path . $page['FriendlyId'] . '.php'; // remove file if (file_exists($file)) { unlink($file); } // remove draft if (file_exists($draft)) { unlink($draft); } // remove publish if (file_exists($publish)) { unlink($publish); } // remove render if (file_exists($render)) { unlink($render); } // remove page from the DB Page::Remove($pageUniqId); return new Tonic\Response(Tonic\Response::OK); } else { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } } else { return new Tonic\Response(Tonic\Response::UNAUTHORIZED); } }