public function run()
{
// file id must be defined and valid
if (!isset($this->application->parameters['file'])) {
throw new ApplicationException('File identifier is missing.', 400);
}
$fileId = (int) $this->application->parameters['file'];
if (!ApplicationModel_File::validateId($fileId)) {
throw new ApplicationException('Id of the file is invalid.', 400);
}
// user must be authorized
if (!isset($_SESSION['authorized_user_id'])) {
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /login.php';
$this->application->outputContent = '';
return;
}
// load user's information
$user = new ApplicationModel_User($this->application);
try {
$user->setId($_SESSION['authorized_user_id']);
$user->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load user.', 500);
}
// load file's information
$file = new ApplicationModel_File($this->application);
try {
$file->setId($fileId);
$file->load();
} catch (ApplicationModelException_File $e) {
throw new ApplicationException('File is not found.', 404);
}
// load file owner's information
try {
$owner = new ApplicationModel_User($this->application);
$owner->setId(ApplicationModel_User::getIdForUuid($this->application, $file->getUploader()));
$owner->load();
} catch (ApplicationModelException_User $e) {
throw new ApplicationException('Cannot load file\'s owner.', 500);
}
// authorized user must be the owner of the file
if ($user->getId() != $owner->getId()) {
throw new ApplicationException('Cannot delete file which belongs to a different user.', 403);
}
// delete the file from the database and filesystem
unlink($file->getPath());
$file->delete();
// redirect user back to his account
$this->application->outputHeaders[] = 'HTTP/1.1 302 Found';
$this->application->outputHeaders[] = 'Location: /account.php';
$this->application->outputContent = '';
}
