}
//attempts to remove the note with the id provided in $_GET['note']
$note = Database::getNotesByID($_POST['note']);
if (!isset($note['id'])) {
$message = urlencode("The file you want to remove does not exist.");
header("Location: error.php?error={$message}");
exit;
}
$myAcc = Database::getAccount(Database::getUserId(Session::user()), $note['courseID']);
//if the current user does not have an account with file delete permissions then redirect and exit
if ($myAcc === NULL || !$myAcc->canDelete()) {
$message = urlencode("You do not have permission to remove files for this course.");
header("Location: error.php?error={$message}");
exit;
}
if (!Database::removeNoteFile($note['id'])) {
$message = urlencode("The file could not be deleted.");
header("Location: error.php?error={$message}");
exit;
}
Database::removeNoteWithID($note['id']);
header("Location: admin.php?course={$note['courseID']}");
exit;
} else {
header("Location: index.php");
exit;
}
}
}
}
}
