/** * delete item * This is a standard function that is called whenever an administrator * wishes to delete a current module item. Note that this function is * the equivalent of both of the modify() and update() functions above as * it both creates a form and processes its output. This is fine for * simpler functions, but for more complex operations such as creation and * modification it is generally easier to separate them into separate * functions. There is no requirement in the PostNuke MDG to do one or the * other, so either or both can be used as seen appropriate by the module * developer * @param 'tid' the id of the item to be deleted * @param 'confirmation' confirmation that this item can be deleted */ function template_admin_delete($args) { // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke list($tid, $objectid, $confirmation) = pnVarCleanFromInput('tid', 'objectid', 'confirmation'); // User functions of this type can be called by other modules. If this // happens then the calling module will be able to pass in arguments to // this function through the $args parameter. Hence we extract these // arguments *after* we have obtained any form-based input through // pnVarCleanFromInput(). extract($args); // At this stage we check to see if we have been passed $objectid, the // generic item identifier. This could have been passed in by a hook or // through some other function calling this as part of a larger module, but // if it exists it overrides $tid // // Note that this module couuld just use $objectid everywhere to avoid all // of this munging of variables, but then the resultant code is less // descriptive, especially where multiple objects are being used. The // decision of which of these ways to go is up to the module developer if (!empty($objectid)) { $tid = $objectid; } // Load API. Note that this is loading the user API, that is because the // user API contains the function to obtain item information which is the // first thing that we need to do. If the API fails to load an appropriate // error message is posted and the function returns if (!pnModAPILoad('Template', 'user')) { $output->Text(_LOADFAILED); return $output->GetOutput(); } // The user API function is called. This takes the item ID which we // obtained from the input and gets us the information on the appropriate // item. If the item does not exist we post an appropriate message and // return $item = pnModAPIFunc('Template', 'user', 'get', array('tid' => $tid)); if ($item == false) { $output->Text(_TEMPLATENOSUCHITEM); return $output->GetOutput(); } // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing. However, // in this case we had to wait until we could obtain the item name to // complete the instance information so this is the first chance we get to // do the check if (!pnSecAuthAction(0, 'Template::Item', "{$item['name']}::{$tid}", ACCESS_DELETE)) { $output->Text(_TEMPLATENOAUTH); return $output->GetOutput(); } // Check for confirmation. if (empty($confirmation)) { // No confirmation yet - display a suitable form to obtain confirmation // of this action from the user // Create output object - this object will store all of our output so // that we can return it easily when required $output = new pnHTML(); // Add menu to output - it helps if all of the module pages have a // standard menu at their head to aid in navigation $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(template_adminmenu()); $output->SetInputMode(_PNH_PARSEINPUT); // Title - putting a title ad the head of each page reminds the user // what they are doing $output->Title(_DELETETEMPLATE); // Add confirmation to output. Note that this uses a pnHTML helper // function to produce the requested confirmation in a standard // fashion. This not only cuts down on code within the module but // allows it to be altered in future without the module developer // having to worry about it $output->ConfirmAction(_CONFIRMTEMPLATEDELETE, pnModURL('Template', 'admin', 'delete'), _CANCELTEMPLATEDELETE, pnVarPrepForDisplay(pnModURL('Template', 'admin', 'view')), array('tid' => $tid)); // Return the output that has been generated by this function return $output->GetOutput(); } // If we get here it means that the user has confirmed the action // Confirm authorisation code. This checks that the form had a valid // authorisation code attached to it. If it did not then the function will // proceed no further as it is possible that this is an attempt at sending // in false data to the system if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('Template', 'admin', 'view')); return true; } // Load API. All of the actual work for the deletion of the item is done // within the API, so we need to load that in before before we can do // anything. If the API fails to load an appropriate error message is // posted and the function returns if (!pnModAPILoad('Template', 'admin')) { $output->Text(_LOADFAILED); return $output->GetOutput(); } // The API function is called. Note that the name of the API function and // the name of this function are identical, this helps a lot when // programming more complex modules. The arguments to the function are // passed in as their own arguments array. // // The return value of the function is checked here, and if the function // suceeded then an appropriate message is posted. Note that if the // function did not succeed then the API function should have already // posted a failure message so no action is required if (pnModAPIFunc('Template', 'admin', 'delete', array('tid' => $tid))) { // Success pnSessionSetVar('statusmsg', _TEMPLATEDELETED); } // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work pnRedirect(pnModURL('Template', 'admin', 'view')); // Return return true; }