/** * @deprecated Replaced by {@link phorum_api_error->code()}. */ function phorum_api_errno() { return phorum_api_error_code(); }
/** * Check if the active user has permission to delete a file. * * @example file_delete.php Delete a file. * * @param integer $file_id * The file_id of the file for which to check the delete access. * * @return boolean * TRUE if the user has rights to delete the file, FALSE otherwise. */ function phorum_api_file_check_delete_access($file_id) { global $PHORUM; settype($file_id, "int"); // Administrator users always have rights to delete files. if ($PHORUM["user"]["admin"]) { return TRUE; } // Anonymous users never have rights to delete files. if (empty($PHORUM["user"]["user_id"])) { return FALSE; } // For other users, the file information has to be retrieved // to be able to check the delete access. $file = phorum_api_file_check_read_access($file_id, PHORUM_FLAG_IGNORE_PERMS); // To prevent permission errors after deleting the same file twice, // we'll return TRUE if we did not find a file (if the file is not found, // then there's no harm in deleting it; the file storage API will // silently ignore deleting non-existent files). If some other error // occurred, then we return FALSE (most likely, the user does not // even have read permission for the file, so delete access would // be out of the question too). if ($file === FALSE) { if (phorum_api_error_code() == PHORUM_ERRNO_NOTFOUND) { return TRUE; } else { return FALSE; } } // We don't care about deleting temporary files and files that // are linked to the posting editor (during writing a post). // Those are both intermediate states for files, without them // being available on the forum. So for those, we always grant // delete access. if ($file["link"] == PHORUM_LINK_TEMPFILE || $file["link"] == PHORUM_LINK_EDITOR) { return TRUE; } // If the file is owned by the user, then the user has rights // to delete the file (this would be a personal user file). if (!empty($file["user_id"]) && $file["user_id"] == $PHORUM["user"]["user_id"]) { return TRUE; } // The file is not owned by the user. In that case, the user only has // rights to delete it if it is a file that is linked to a message that // the user posted himself of which was posted in a forum for which // the user is a moderator. if ($file["link"] == PHORUM_LINK_MESSAGE) { // Retrieve the message to which the file is linked. $message = $PHORUM['DB']->get_message($file["message_id"]); // If the message cannot be found, we do not care if the linked // file is deleted. It's clearly an orphin file. if (!$message) { return TRUE; } // Check if the user posted the message himself. if (!empty($message["user_id"]) && $message["user_id"] == $PHORUM["user"]["user_id"]) { return TRUE; } // Check if the user is moderator for the forum_id of the message. if (phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, $message["forum_id"])) { return TRUE; } } // The default policy for any unhandled case is to deny access. return FALSE; }