/**
* Delete (a) record(s)
*
* @param array $where WHERE clause, specifying which records to delete
* @return bool
*/
public function destroy(array $where)
{
$where = $this->_createWhereClause($where, 'AND', false);
try {
/**
* First, see if the user is allowed to update everything
*/
$this->_checkAcl('destroy');
$this->_model->delete($where);
} catch (Garp_Auth_Exception $e) {
/**
* If that fails, check if the user is allowed to update her own material
* AND if the current item is hers.
*/
$this->_checkAcl('destroy_own');
/**
* Good, the user is allowed to 'destroy_own'. In that case we have to check
* if the current item is actually the user's.
*/
$rows = $this->_model->fetchAll($where);
foreach ($rows as $row) {
if (!$this->_itemBelongsToUser($row->toArray())) {
throw new Garp_Auth_Exception('You are only allowed to delete your own material.');
}
$row->delete();
}
}
}
