/** * Action to handle deleting of a single file * * @param HTTPRequest $request * @return HTTPResponse */ public function delete(HTTPRequest $request) { // Check form field state if ($this->parent->isDisabled() || $this->parent->isReadonly()) { return $this->httpError(403); } // Protect against CSRF on destructive action $token = $this->parent->getForm()->getSecurityToken(); if (!$token->checkRequest($request)) { return $this->httpError(400); } // Check item permissions $item = $this->getItem(); if (!$item) { return $this->httpError(404); } if ($item instanceof Folder) { return $this->httpError(403); } if (!$item->canDelete()) { return $this->httpError(403); } $item->delete(); return null; }
/** * Action to handle deleting of a single file * * @param SS_HTTPRequest $request * @return SS_HTTPResponse */ public function delete(SS_HTTPRequest $request) { // Check form field state if ($this->parent->isDisabled() || $this->parent->isReadonly()) { return $this->httpError(403); } // Protect against CSRF on destructive action $token = $this->parent->getForm()->getSecurityToken(); if (!$token->checkRequest($request)) { return $this->httpError(400); } // Check item permissions $item = $this->getItem(); if (!$item) { return $this->httpError(404); } if (!$item->canDelete()) { return $this->httpError(403); } // Delete the file from the filesystem. The file will be removed // from the relation on save // @todo Investigate if references to deleted files (if unsaved) is dangerous $item->delete(); }
/** * Action to handle deleting of a single file * * @param SS_HTTPRequest $request * @return SS_HTTPResponse */ public function delete(SS_HTTPRequest $request) { // Check form field state if ($this->parent->isDisabled() || $this->parent->isReadonly()) { return $this->httpError(403); } // Protect against CSRF on destructive action $token = $this->parent->getForm()->getSecurityToken(); if (!$token->checkRequest($request)) { return $this->httpError(400); } // Check item permissions $item = $this->getItem(); if (!$item) { return $this->httpError(404); } if (!$item->canDelete()) { return $this->httpError(403); } // Only allow actions on files in the managed relation (if one exists) $items = $this->parent->getItems(); if ($this->parent->managesRelation() && !$items->byID($item->ID)) { return $this->httpError(403); } // First remove the file from the current relationship $this->remove($request); // Then delete the file from the filesystem $item->delete(); }
/** * @param array $data * @param Form $form * @param SS_HTTPRequest $request */ public function doEdit(array $data, Form $form, SS_HTTPRequest $request) { // Check form field state if($this->parent->isDisabled() || $this->parent->isReadonly()) return $this->httpError(403); // Check item permissions $item = $this->getItem(); if(!$item) return $this->httpError(404); if(!$item->canEdit()) return $this->httpError(403); // Only allow actions on files in the managed relation (if one exists) $items = $this->parent->getItems(); if($this->parent->managesRelation() && !$items->byID($item->ID)) return $this->httpError(403); $form->saveInto($item); $item->write(); $form->sessionMessage(_t('UploadField.Saved', 'Saved'), 'good'); return $this->parent->getForm()->Controller()->redirectBack(); }