public function deleteAction($request, $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to delete data", 400); } if (isset($request->url_elements[4])) { switch ($request->url_elements[4]) { case 'starred': $talk_id = $this->getItemId($request); $talk_mapper = new TalkMapper($db, $request); $talk_mapper->setUserNonStarred($talk_id, $request->user_id); header("Location: " . $request->base . $request->path_info, null, 200); exit; default: throw new Exception("Operation not supported, sorry", 404); } } else { // delete the talk $talk_id = $this->getItemId($request); $talk_mapper = new TalkMapper($db, $request); $list = $talk_mapper->getTalkById($talk_id); if (false === $list) { // talk isn't there so it's as good as deleted header("Content-Length: 0", null, 204); exit; // no more content } $is_admin = $talk_mapper->thisUserHasAdminOn($talk_id); if (!$is_admin) { throw new Exception("You do not have permission to do that", 400); } $talk_mapper->delete($talk_id); header("Content-Length: 0", null, 204); exit; // no more content } }
/** * Edit a talk * * Edit talk after being called via the URL "/talks/[talkId]" * * @param Request $request * @param PDO $db * * @throws Exception * @return void */ public function editTalk(Request $request, PDO $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 400); } $talk_id = $this->getItemId($request); $talk_mapper = new TalkMapper($db, $request); $talk = $talk_mapper->getTalkById($talk_id); if (!$talk) { throw new Exception("Talk not found", 404); } $is_admin = $talk_mapper->thisUserHasAdminOn($talk_id); $is_speaker = $talk_mapper->isUserASpeakerOnTalk($talk_id, $request->user_id); if (!($is_admin || $is_speaker)) { throw new Exception("You do not have permission to update this talk", 403); } // retrieve the talk data from the request $data = $this->getTalkDataFromRequest($db, $request, $talk->event_id); // edit the talk $talk_mapper->editTalk($data, $talk_id); header("Location: " . $request->base . $request->path_info, null, 204); exit; }