/**
* Permanently/Temporarily deletes a set of nodes
* @param array The nodeids of the records to be deleted
* @param bool hard/soft delete
* @param string the reason for soft delete (not used for hard delete)
* @param bool Log the deletes in moderator log
* @param bool Report node content to spam service
*
* @return array nodeids that were deleted
*/
public function deleteNodes($nodeids, $hard = true, $reason = '', $modlog = true, $reportspam = false)
{
if (empty($nodeids)) {
return false;
}
//If it's a protected channel, don't allow removal.
$existing = vB_Library::instance('node')->getNodes($nodeids);
// need to see if we require authentication
$currentUserId = vB::getCurrentSession()->get('userid');
$need_auth = false;
$moderateInfo = vB::getUserContext()->getCanModerate();
$allowToDelete = array();
foreach ($existing as $node) {
// this is a Visitor Message
if (!empty($node['setfor']) and $node['setfor'] == $currentUserId) {
$canModerateOwn = vB::getUserContext()->hasPermission('visitormessagepermissions', 'canmanageownprofile');
if ($canModerateOwn) {
$allowToDelete[$node['nodeid']] = $node['nodeid'];
continue;
}
} else {
$canModerateOwn = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canmanageownchannels', $node['nodeid']);
}
// check if this is the owner of a blog that needs to moderate the comments
if (!empty($moderateInfo['can']) or $canModerateOwn) {
// let's get the channel node
$channelid = vB_Library::instance('node')->getChannelId($node);
if ($channelid == $node['nodeid']) {
$channel = $node;
} else {
$channel = vB_Library::instance('node')->getNodeBare($channelid);
}
// this channel was created by the current user so we don't need the auth check
if ((in_array($channelid, $moderateInfo['can']) or $canModerateOwn) and $channel['userid'] == $currentUserId) {
$allowToDelete[$node['nodeid']] = $node['nodeid'];
continue;
}
}
if ($node['userid'] != $currentUserId) {
$need_auth = true;
break;
}
}
$userContext = vB::getUserContext();
// VBV-12184 Only moderators should get the inline mod auth prompt
if (($need_auth or $reportspam) and $userContext->isModerator()) {
$this->inlinemodAuthCheck();
}
$deleteNodeIds = array();
$ancestorsId = $starters = array();
$vmChannel = $this->fetchVMChannel();
$contenttype_Channel = vB_Types::instance()->getContentTypeId('vBForum_Channel');
foreach ($existing as $node) {
//Check for protected- O.K. if it's not a channel.
if ($node['protected'] and $node['contenttypeid'] == $contenttype_Channel) {
throw new vB_Exception_Api('invalid_request');
}
// note that canremoveposts gives them ONLY physical-delete permissions, not soft delete.
$canDeleteAsMod = ($userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $node['nodeid']) and $hard or $userContext->getChannelPermission('moderatorpermissions', 'candeleteposts', $node['nodeid']) and !$hard);
$canSoftDeleteOwn = ($node['userid'] == $currentUserId and !$hard and ($node['starter'] == $node['nodeid'] and $userContext->getChannelPermission('forumpermissions', 'candeletethread', $node['nodeid']) or $node['starter'] != $node['nodeid'] and $userContext->getChannelPermission('forumpermissions', 'candeletepost', $node['nodeid'])));
$canSoftDeleteOthers = ($node['userid'] != $currentUserId and !$hard and $userContext->getChannelPermission('forumpermissions2', 'candeleteothers', $node['nodeid']));
// if they're not allowed to delete this node let's throw an exception in their face
if (!(array_key_exists($node['nodeid'], $allowToDelete) or $canDeleteAsMod or $canSoftDeleteOwn or $canSoftDeleteOthers)) {
throw new vB_Exception_Api('no_permission');
}
if ($node['parentid'] == $vmChannel and $node['setfor'] == $currentUserId) {
$vm_user = vB_User::fetchUserinfo($node['setfor']);
if (!vB::getUserContext($vm_user['userid'])->hasPermission('genericpermissions', 'canviewmembers')) {
throw new vB_Exception_Api('no_permission');
}
}
array_push($deleteNodeIds, $node['nodeid']);
if (!empty($node['starter'])) {
$starters[] = $node['starter'];
}
$parents = $this->library->fetchClosureParent($node['nodeid']);
foreach ($parents as $parent) {
if ($parent['depth'] > 0) {
$ancestorsId[] = $parent['parent'];
}
}
}
$ancestorsId = array_unique($ancestorsId);
if (empty($deleteNodeIds)) {
return array();
}
return $this->library->deleteNodes($deleteNodeIds, $hard, $reason, $ancestorsId, $starters, $modlog, $reportspam);
}
