/**
* delete item
* This is a standard function that is called whenever an administrator
* wishes to delete a current module item. Note that this function is
* the equivalent of both of the modify() and update() functions above as
* it both creates a form and processes its output. This is fine for
* simpler functions, but for more complex operations such as creation and
* modification it is generally easier to separate them into separate
* functions. There is no requirement in the PostNuke MDG to do one or the
* other, so either or both can be used as seen appropriate by the module
* developer
* @param 'tid' the id of the item to be deleted
* @param 'confirmation' confirmation that this item can be deleted
*/
function template_admin_delete($args)
{
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
list($tid, $objectid, $confirmation) = pnVarCleanFromInput('tid', 'objectid', 'confirmation');
// User functions of this type can be called by other modules. If this
// happens then the calling module will be able to pass in arguments to
// this function through the $args parameter. Hence we extract these
// arguments *after* we have obtained any form-based input through
// pnVarCleanFromInput().
extract($args);
// At this stage we check to see if we have been passed $objectid, the
// generic item identifier. This could have been passed in by a hook or
// through some other function calling this as part of a larger module, but
// if it exists it overrides $tid
//
// Note that this module couuld just use $objectid everywhere to avoid all
// of this munging of variables, but then the resultant code is less
// descriptive, especially where multiple objects are being used. The
// decision of which of these ways to go is up to the module developer
if (!empty($objectid)) {
$tid = $objectid;
}
// Load API. Note that this is loading the user API, that is because the
// user API contains the function to obtain item information which is the
// first thing that we need to do. If the API fails to load an appropriate
// error message is posted and the function returns
if (!pnModAPILoad('Template', 'user')) {
$output->Text(_LOADFAILED);
return $output->GetOutput();
}
// The user API function is called. This takes the item ID which we
// obtained from the input and gets us the information on the appropriate
// item. If the item does not exist we post an appropriate message and
// return
$item = pnModAPIFunc('Template', 'user', 'get', array('tid' => $tid));
if ($item == false) {
$output->Text(_TEMPLATENOSUCHITEM);
return $output->GetOutput();
}
// Security check - important to do this as early as possible to avoid
// potential security holes or just too much wasted processing. However,
// in this case we had to wait until we could obtain the item name to
// complete the instance information so this is the first chance we get to
// do the check
if (!pnSecAuthAction(0, 'Template::Item', "{$item['name']}::{$tid}", ACCESS_DELETE)) {
$output->Text(_TEMPLATENOAUTH);
return $output->GetOutput();
}
// Check for confirmation.
if (empty($confirmation)) {
// No confirmation yet - display a suitable form to obtain confirmation
// of this action from the user
// Create output object - this object will store all of our output so
// that we can return it easily when required
$output = new pnHTML();
// Add menu to output - it helps if all of the module pages have a
// standard menu at their head to aid in navigation
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(template_adminmenu());
$output->SetInputMode(_PNH_PARSEINPUT);
// Title - putting a title ad the head of each page reminds the user
// what they are doing
$output->Title(_DELETETEMPLATE);
// Add confirmation to output. Note that this uses a pnHTML helper
// function to produce the requested confirmation in a standard
// fashion. This not only cuts down on code within the module but
// allows it to be altered in future without the module developer
// having to worry about it
$output->ConfirmAction(_CONFIRMTEMPLATEDELETE, pnModURL('Template', 'admin', 'delete'), _CANCELTEMPLATEDELETE, pnVarPrepForDisplay(pnModURL('Template', 'admin', 'view')), array('tid' => $tid));
// Return the output that has been generated by this function
return $output->GetOutput();
}
// If we get here it means that the user has confirmed the action
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Template', 'admin', 'view'));
return true;
}
// Load API. All of the actual work for the deletion of the item is done
// within the API, so we need to load that in before before we can do
// anything. If the API fails to load an appropriate error message is
// posted and the function returns
if (!pnModAPILoad('Template', 'admin')) {
$output->Text(_LOADFAILED);
return $output->GetOutput();
}
// The API function is called. Note that the name of the API function and
// the name of this function are identical, this helps a lot when
// programming more complex modules. The arguments to the function are
// passed in as their own arguments array.
//
// The return value of the function is checked here, and if the function
// suceeded then an appropriate message is posted. Note that if the
// function did not succeed then the API function should have already
// posted a failure message so no action is required
if (pnModAPIFunc('Template', 'admin', 'delete', array('tid' => $tid))) {
// Success
pnSessionSetVar('statusmsg', _TEMPLATEDELETED);
}
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect(pnModURL('Template', 'admin', 'view'));
// Return
return true;
}
