/** * Delete (a) record(s) * * @param array $where WHERE clause, specifying which records to delete * @return bool */ public function destroy(array $where) { $where = $this->_createWhereClause($where, 'AND', false); try { /** * First, see if the user is allowed to update everything */ $this->_checkAcl('destroy'); $this->_model->delete($where); } catch (Garp_Auth_Exception $e) { /** * If that fails, check if the user is allowed to update her own material * AND if the current item is hers. */ $this->_checkAcl('destroy_own'); /** * Good, the user is allowed to 'destroy_own'. In that case we have to check * if the current item is actually the user's. */ $rows = $this->_model->fetchAll($where); foreach ($rows as $row) { if (!$this->_itemBelongsToUser($row->toArray())) { throw new Garp_Auth_Exception('You are only allowed to delete your own material.'); } $row->delete(); } } }