/** * Action to delete a post * * This action should only be called via HTTP POST * * The expected HTTP parameters are: * <ul> * <li>id: Id of the post (via HTTP POST)</li> * </ul> * * The views are: * <ul> * <li>posts/index: If post was successfully deleted (via redirect)</li> * </ul> * @throws Exception if no id was provided * @throws Exception if no user is in session * @throws Exception if there is not any post with the provided id * @throws Exception if the author of the post to be deleted is not the current user * @return void */ public function delete() { if (!isset($_POST["id"])) { throw new Exception("id is mandatory"); } if (!isset($this->currentUser)) { throw new Exception("Not in session. Editing posts requires login"); } // Get the Post object from the database $postid = $_REQUEST["id"]; $post = $this->postMapper->findById($postid); // Does the post exist? if ($post == NULL) { throw new Exception("no such post with id: " . $postid); } // Check if the Post author is the currentUser (in Session) if ($post->getAuthor() != $this->currentUser) { throw new Exception("Post author is not the logged user"); } // Delete the Post object from the database $this->postMapper->delete($post); // POST-REDIRECT-GET // Everything OK, we will redirect the user to the list of posts // We want to see a message after redirection, so we establish // a "flash" message (which is simply a Session variable) to be // get in the view after redirection. $this->view->setFlash("Post \"" . $post->getTitle() . "\" successfully deleted."); // perform the redirection. More or less: // header("Location: index.php?controller=posts&action=index") // die(); $this->view->redirect("posts", "index"); }