/** * @param DoctrineResourceEvent $e * @return \ZF\ApiProblem\ApiProblem */ public function fetch(DoctrineResourceEvent $e) { /** @var User2Note $user2note */ $user2note = $e->getEntity(); $user = $this->getUser($e, $this->userService); $viewCheck = $this->noteService->checkNoteViewPermission($user->getId(), $user2note->getNoteId()); if ($viewCheck === false) { return new ApiProblem(403, 'User is not allowed to view note'); } }
/** * Delete Note * * @return \Zend\View\Model\ViewModel */ public function deleteAction() { $id = $this->getEvent()->getRouteMatch()->getParam('id'); if (empty($id) || !is_numeric($id)) { return $this->redirect()->toRoute('secretary/note'); } // Permission Check $permissionCheck = $this->noteService->checkNoteViewPermission($this->identity->getId(), $id); if (false === $permissionCheck) { $this->events->trigger('logViolation', __METHOD__ . '::l42', array('message' => sprintf('User: %s wants to delete note: %s', $this->identity->getEmail(), $id))); return $this->redirect()->toRoute('secretary/note'); } $viewModel = new ViewModel(); $keyRequestForm = $this->getKeyRequestForm($id, 'delete'); // View Vars $viewModel->setVariable('showKeyRequestForm', true); $viewModel->setVariable('keyRequestForm', $keyRequestForm); // Render Key Request form if (!$this->getRequest()->isPost()) { return $viewModel; } // Key Request Form Validation $keyRequestForm->setData($this->getRequest()->getPost()); if (!$keyRequestForm->isValid()) { return $viewModel; } // Do Note Encryption try { $formValues = $keyRequestForm->getData(); $noteDecrypted = $this->noteService->doNoteEncryption($id, $this->identity->getId(), $formValues['key'], $formValues['passphrase']); } catch (\LogicException $e) { $viewModel->setVariable('msg', array('error', $e->getMessage())); return $viewModel; } // Delete note if ($this->getRequest()->getPost('confirm')) { $this->noteService->deleteUserNote($this->identity->getId(), $id); // Success msg $this->flashMessenger()->addSuccessMessage($this->translator->translate('Note was removed successfully')); return $this->redirect()->toRoute('secretary/note'); } // Change settings of key request form $keyRequestForm->get('key-request')->setName('confirm'); $keyRequestForm->get('submit')->setValue('Delete note'); $keyRequestForm->get('passphrase')->setValue(''); // Show delete verification form $viewModel->setVariable('note', $noteDecrypted['note']); $viewModel->setVariable('decrypted', $noteDecrypted['decrypted']); $viewModel->setVariable('showKeyRequestForm', false); return $viewModel; }