public function deleteAction() { if (!isset($_POST['id_article'])) { return json_encode(["error" => "article_id missing"]); } $article_id = $_POST['id_article']; $result = ArticleModel::getArticle($this->pdo, $article_id); if ($result['id_user'] != $_SESSION['id_user']) { return json_encode(['error' => 'utilisateur']); } ArticleModel::delete($this->pdo, $article_id); return json_encode(["message" => "delete", "article_id" => $article_id]); }
if ($article['acc_id'] != $account['acc_id']) { return Helper::response(false, array(), 'Forbidden, article belongs to different account', 403); } $patched = ArticleModel::patchArticle($article['acc_id'], array('art_title' => $app->request->post('art_title', ''), 'art_body' => $app->request->post('art_body', ''))); if (!$patched) { return Helper::response(false, array(), 'Application error', 500); } return Helper::response(true); }); $app->post('/api-v1.0/article/delete/', function () use($app) { if (!($account = Helper::checkSecret())) { return; } $artId = $app->request->post('art_id'); if (empty($artId)) { return Helper::response(false, array(), 'Bad request, art_id required', 400); } $article = ArticleModel::getArticle($artId); if (empty($article)) { return Helper::response(false, array(), 'Article not found', 404); } if ($article['acc_id'] != $account['acc_id']) { return Helper::response(false, array(), 'Forbidden, article belongs to different account', 403); } $deleted = ArticleModel::deleteArticle($article['art_id']); if (!$deleted) { return Helper::response(false, array(), 'Application error', 500); } FB::log($deleted); return Helper::response(true); });