/** * Permanently/Temporarily deletes a set of nodes * @param array The nodeids of the records to be deleted * @param bool hard/soft delete * @param string the reason for soft delete (not used for hard delete) * @param bool Log the deletes in moderator log * @param bool Report node content to spam service * * @return array nodeids that were deleted */ public function deleteNodes($nodeids, $hard = true, $reason = '', $modlog = true, $reportspam = false) { if (empty($nodeids)) { return false; } //If it's a protected channel, don't allow removal. $existing = vB_Library::instance('node')->getNodes($nodeids); // need to see if we require authentication $currentUserId = vB::getCurrentSession()->get('userid'); $need_auth = false; $moderateInfo = vB::getUserContext()->getCanModerate(); $allowToDelete = array(); foreach ($existing as $node) { // this is a Visitor Message if (!empty($node['setfor']) and $node['setfor'] == $currentUserId) { $canModerateOwn = vB::getUserContext()->hasPermission('visitormessagepermissions', 'canmanageownprofile'); if ($canModerateOwn) { $allowToDelete[$node['nodeid']] = $node['nodeid']; continue; } } else { $canModerateOwn = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canmanageownchannels', $node['nodeid']); } // check if this is the owner of a blog that needs to moderate the comments if (!empty($moderateInfo['can']) or $canModerateOwn) { // let's get the channel node $channelid = vB_Library::instance('node')->getChannelId($node); if ($channelid == $node['nodeid']) { $channel = $node; } else { $channel = vB_Library::instance('node')->getNodeBare($channelid); } // this channel was created by the current user so we don't need the auth check if ((in_array($channelid, $moderateInfo['can']) or $canModerateOwn) and $channel['userid'] == $currentUserId) { $allowToDelete[$node['nodeid']] = $node['nodeid']; continue; } } if ($node['userid'] != $currentUserId) { $need_auth = true; break; } } $userContext = vB::getUserContext(); // VBV-12184 Only moderators should get the inline mod auth prompt if (($need_auth or $reportspam) and $userContext->isModerator()) { $this->inlinemodAuthCheck(); } $deleteNodeIds = array(); $ancestorsId = $starters = array(); $vmChannel = $this->fetchVMChannel(); $contenttype_Channel = vB_Types::instance()->getContentTypeId('vBForum_Channel'); foreach ($existing as $node) { //Check for protected- O.K. if it's not a channel. if ($node['protected'] and $node['contenttypeid'] == $contenttype_Channel) { throw new vB_Exception_Api('invalid_request'); } // note that canremoveposts gives them ONLY physical-delete permissions, not soft delete. $canDeleteAsMod = ($userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $node['nodeid']) and $hard or $userContext->getChannelPermission('moderatorpermissions', 'candeleteposts', $node['nodeid']) and !$hard); $canSoftDeleteOwn = ($node['userid'] == $currentUserId and !$hard and ($node['starter'] == $node['nodeid'] and $userContext->getChannelPermission('forumpermissions', 'candeletethread', $node['nodeid']) or $node['starter'] != $node['nodeid'] and $userContext->getChannelPermission('forumpermissions', 'candeletepost', $node['nodeid']))); $canSoftDeleteOthers = ($node['userid'] != $currentUserId and !$hard and $userContext->getChannelPermission('forumpermissions2', 'candeleteothers', $node['nodeid'])); // if they're not allowed to delete this node let's throw an exception in their face if (!(array_key_exists($node['nodeid'], $allowToDelete) or $canDeleteAsMod or $canSoftDeleteOwn or $canSoftDeleteOthers)) { throw new vB_Exception_Api('no_permission'); } if ($node['parentid'] == $vmChannel and $node['setfor'] == $currentUserId) { $vm_user = vB_User::fetchUserinfo($node['setfor']); if (!vB::getUserContext($vm_user['userid'])->hasPermission('genericpermissions', 'canviewmembers')) { throw new vB_Exception_Api('no_permission'); } } array_push($deleteNodeIds, $node['nodeid']); if (!empty($node['starter'])) { $starters[] = $node['starter']; } $parents = $this->library->fetchClosureParent($node['nodeid']); foreach ($parents as $parent) { if ($parent['depth'] > 0) { $ancestorsId[] = $parent['parent']; } } } $ancestorsId = array_unique($ancestorsId); if (empty($deleteNodeIds)) { return array(); } return $this->library->deleteNodes($deleteNodeIds, $hard, $reason, $ancestorsId, $starters, $modlog, $reportspam); }