/**
* @deprecated Replaced by {@link phorum_api_error->code()}.
*/
function phorum_api_errno()
{
return phorum_api_error_code();
}
/**
* Check if the active user has permission to delete a file.
*
* @example file_delete.php Delete a file.
*
* @param integer $file_id
* The file_id of the file for which to check the delete access.
*
* @return boolean
* TRUE if the user has rights to delete the file, FALSE otherwise.
*/
function phorum_api_file_check_delete_access($file_id)
{
global $PHORUM;
settype($file_id, "int");
// Administrator users always have rights to delete files.
if ($PHORUM["user"]["admin"]) {
return TRUE;
}
// Anonymous users never have rights to delete files.
if (empty($PHORUM["user"]["user_id"])) {
return FALSE;
}
// For other users, the file information has to be retrieved
// to be able to check the delete access.
$file = phorum_api_file_check_read_access($file_id, PHORUM_FLAG_IGNORE_PERMS);
// To prevent permission errors after deleting the same file twice,
// we'll return TRUE if we did not find a file (if the file is not found,
// then there's no harm in deleting it; the file storage API will
// silently ignore deleting non-existent files). If some other error
// occurred, then we return FALSE (most likely, the user does not
// even have read permission for the file, so delete access would
// be out of the question too).
if ($file === FALSE) {
if (phorum_api_error_code() == PHORUM_ERRNO_NOTFOUND) {
return TRUE;
} else {
return FALSE;
}
}
// We don't care about deleting temporary files and files that
// are linked to the posting editor (during writing a post).
// Those are both intermediate states for files, without them
// being available on the forum. So for those, we always grant
// delete access.
if ($file["link"] == PHORUM_LINK_TEMPFILE || $file["link"] == PHORUM_LINK_EDITOR) {
return TRUE;
}
// If the file is owned by the user, then the user has rights
// to delete the file (this would be a personal user file).
if (!empty($file["user_id"]) && $file["user_id"] == $PHORUM["user"]["user_id"]) {
return TRUE;
}
// The file is not owned by the user. In that case, the user only has
// rights to delete it if it is a file that is linked to a message that
// the user posted himself of which was posted in a forum for which
// the user is a moderator.
if ($file["link"] == PHORUM_LINK_MESSAGE) {
// Retrieve the message to which the file is linked.
$message = $PHORUM['DB']->get_message($file["message_id"]);
// If the message cannot be found, we do not care if the linked
// file is deleted. It's clearly an orphin file.
if (!$message) {
return TRUE;
}
// Check if the user posted the message himself.
if (!empty($message["user_id"]) && $message["user_id"] == $PHORUM["user"]["user_id"]) {
return TRUE;
}
// Check if the user is moderator for the forum_id of the message.
if (phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, $message["forum_id"])) {
return TRUE;
}
}
// The default policy for any unhandled case is to deny access.
return FALSE;
}
