/** * Show the profile of a student */ public function view($params) { $this->setView('view.php'); $is_logged = isset(User_Model::$auth_data); $is_student = $is_logged && isset(User_Model::$auth_data['student_number']); $is_admin = $is_logged && User_Model::$auth_data['admin'] == '1'; // If the user isn't logged in if (!$is_logged) { throw new ActionException('User', 'signin', array('redirect' => $_SERVER['REQUEST_URI'])); } try { $student = $this->model->getInfo($params['username']); $post_model = new Post_Model(); $this->setTitle(htmlspecialchars($student['firstname'] . ' ' . $student['lastname'])); $this->set(array('student' => $student, 'groups' => isset($student['id']) ? Group_Model::getAuth((int) $student['id']) : array(), 'is_owner' => User_Model::$auth_data['username'] == $student['username'], 'is_logged' => true, 'is_student' => $is_student, 'is_admin' => $is_admin, 'username' => User_Model::$auth_data['username'])); if ($is_student) { $this->set(array('firstname' => User_Model::$auth_data['firstname'], 'lastname' => User_Model::$auth_data['lastname'], 'avatar_url' => User_Model::$auth_data['avatar_url'])); } // If the student is a user, we show their posts if (isset($student['id'])) { $category = isset($params['category']) ? $params['category'] : null; $category_model = new Category_Model(); $this->set(array('posts' => $post_model->getPosts(array('restricted' => true, 'user_id' => (int) $student['id'], 'category_name' => $category, 'official' => false, 'show_private' => $is_student), Config::POST_DISPLAYED), 'categories' => $category_model->getAll(), 'current_category' => $category)); } } catch (Exception $e) { throw new ActionException('Page', 'error404'); } }
/** * Delete a post */ public function delete($params) { $this->setView('delete.php'); try { $comment = $this->model->get((int) $params['id']); $is_logged = isset(User_Model::$auth_data); $is_admin = $is_logged && User_Model::$auth_data['admin'] == '1'; $groups_auth = isset($is_logged) ? Group_Model::getAuth() : array(); if ($is_logged && User_Model::$auth_data['id'] == $comment['user_id'] || $is_admin || isset($post['group_id']) && isset($groups_auth[(int) $post['group_id']]) && $groups_auth[(int) $post['group_id']]['admin']) { $this->model->delete((int) $params['id']); $this->set('success', true); } else { $this->set('success', false); } } catch (Exception $e) { // Post not found $this->set('success', true); } }
/** * Delete a group */ public function delete($params) { $this->setView('delete.php'); $is_logged = isset(User_Model::$auth_data); $is_admin = $is_logged && User_Model::$auth_data['admin'] == '1'; try { if (!$is_logged) { throw new Exception(); } $group = $this->model->getInfoByName($params['group']); } catch (Exception $e) { throw new ActionException('Page', 'error404'); } $this->setTitle(__('GROUP_DELETE_TITLE')); // Authorization $groups_auth = Group_Model::getAuth(); if (!$is_admin && !(isset($groups_auth[(int) $group['id']]) && $groups_auth[(int) $group['id']]['admin'])) { throw new ActionException('Page', 'error404'); } $this->set('group_name', $group['name']); $this->model->delete((int) $group['id']); }