$url = $app->request->params('url');
$business = $_SESSION['user_business'];
if ($url == NULL) {
die(json_encode(array('error' => 'insufficient parameters')));
}
if ($business == NULL) {
die(json_encode(array('error' => 'invalid session')));
}
// match with current business
// Permission Check!
// Parse for domain & res
$parts = explode('/', $url, 2);
$domain = trim($parts[0]);
$res = isset($parts[1]) && strlen(trim($parts[1])) > 0 ? trim('/' . $parts[1]) : NULL;
$obj = NULL;
if ($res == NULL) {
// domain only
$obj = $entityManager->getRepository('WhitelistEntry')->findOneBy(array('domain' => $domain, 'business' => $business));
} else {
// domain + res
$obj = $entityManager->getRepository('WhitelistEntryRes')->findOneBy(array('domain' => $domain, 'res' => $res, 'business' => $business));
}
// If No Record (with suitable business) Retrieved & Not a Browser Team Account --> FAIL
if ($business != "Browser Team" && $obj == NULL) {
die(json_encode(array('error' => 'not authorized to delete entries of another business')));
}
// Commit Remove
$result = SitesXMLManager::commitRemove($entityManager, $url);
echo json_encode($result);
});
$app->run();
