/** * Allows user to delete a comment. * * If the comment is the only one in the discussion, the discussion will * be deleted as well. Users without administrative delete abilities * should not be able to delete a comment unless it is a draft. This is * a "hard" delete - it is removed from the database. * * @since 2.0.0 * @access public * * @param int $CommentID Unique comment ID. * @param string $TransientKey Single-use hash to prove intent. */ public function deleteComment($CommentID = '', $TransientKey = '') { $Session = Gdn::session(); $DefaultTarget = '/discussions/'; $ValidCommentID = is_numeric($CommentID) && $CommentID > 0; $ValidUser = $Session->UserID > 0 && $Session->validateTransientKey($TransientKey); if ($ValidCommentID && $ValidUser) { // Get comment and discussion data $Comment = $this->CommentModel->getID($CommentID); $DiscussionID = val('DiscussionID', $Comment); $Discussion = $this->DiscussionModel->getID($DiscussionID); if ($Comment && $Discussion) { $DefaultTarget = discussionUrl($Discussion); // Make sure comment is this user's or they have Delete permission if ($Comment->InsertUserID != $Session->UserID || !c('Vanilla.Comments.AllowSelfDelete')) { $this->permission('Vanilla.Comments.Delete', true, 'Category', $Discussion->PermissionCategoryID); } // Make sure that content can (still) be edited $EditContentTimeout = c('Garden.EditContentTimeout', -1); $CanEdit = $EditContentTimeout == -1 || strtotime($Comment->DateInserted) + $EditContentTimeout > time(); if (!$CanEdit) { $this->permission('Vanilla.Comments.Delete', true, 'Category', $Discussion->PermissionCategoryID); } // Delete the comment if (!$this->CommentModel->deleteID($CommentID)) { $this->Form->addError('Failed to delete comment'); } } else { $this->Form->addError('Invalid comment'); } } else { $this->Form->addError('ErrPermission'); } // Redirect if ($this->_DeliveryType == DELIVERY_TYPE_ALL) { $Target = GetIncomingValue('Target', $DefaultTarget); SafeRedirect($Target); } if ($this->Form->errorCount() > 0) { $this->setJson('ErrorMessage', $this->Form->errors()); } else { $this->jsonTarget("#Comment_{$CommentID}", '', 'SlideUp'); } $this->render(); }
/** * Form to confirm that the administrator wants to delete the selected * comments (and has permission to do so). */ public function confirmCommentDeletes($DiscussionID = '') { $Session = Gdn::session(); $this->Form = new Gdn_Form(); $DiscussionModel = new DiscussionModel(); $Discussion = $DiscussionModel->getID($DiscussionID); if (!$Discussion) { return; } // Verify that the user has permission to perform the delete $PermissionCategory = CategoryModel::categories($Discussion->CategoryID); $this->permission('Vanilla.Comments.Delete', true, 'Category', val('PermissionCategoryID', $PermissionCategory)); $this->title(t('Confirm')); $CheckedComments = Gdn::userModel()->getAttribute($Session->User->UserID, 'CheckedComments', array()); if (!is_array($CheckedComments)) { $CheckedComments = array(); } $CommentIDs = array(); $DiscussionIDs = array(); foreach ($CheckedComments as $DiscID => $Comments) { foreach ($Comments as $Comment) { if (substr($Comment, 0, 11) == 'Discussion_') { $DiscussionIDs[] = str_replace('Discussion_', '', $Comment); } elseif ($DiscID == $DiscussionID) { $CommentIDs[] = str_replace('Comment_', '', $Comment); } } } $CountCheckedComments = count($CommentIDs); $this->setData('CountCheckedComments', $CountCheckedComments); if ($this->Form->authenticatedPostBack()) { // Delete the selected comments $CommentModel = new CommentModel(); foreach ($CommentIDs as $CommentID) { $CommentModel->deleteID($CommentID); } // Clear selections unset($CheckedComments[$DiscussionID]); Gdn::userModel()->saveAttribute($Session->UserID, 'CheckedComments', $CheckedComments); ModerationController::InformCheckedComments($this); $this->RedirectUrl = url('discussions'); } $this->render(); }