/** * @param HTTPRequest $request * * @return HTTPResponse */ public function apiDelete(HTTPRequest $request) { parse_str($request->getBody(), $vars); // CSRF check $token = SecurityToken::inst(); if (empty($vars[$token->getName()]) || !$token->check($vars[$token->getName()])) { return new HTTPResponse(null, 400); } if (!isset($vars['ids']) || !$vars['ids']) { return (new HTTPResponse(json_encode(['status' => 'error']), 400))->addHeader('Content-Type', 'application/json'); } $fileIds = $vars['ids']; $files = $this->getList()->filter("ID", $fileIds)->toArray(); if (!count($files)) { return (new HTTPResponse(json_encode(['status' => 'error']), 404))->addHeader('Content-Type', 'application/json'); } if (!min(array_map(function (File $file) { return $file->canArchive(); }, $files))) { return (new HTTPResponse(json_encode(['status' => 'error']), 401))->addHeader('Content-Type', 'application/json'); } /** @var File $file */ foreach ($files as $file) { $file->doArchive(); } return (new HTTPResponse(json_encode(['status' => 'file was deleted'])))->addHeader('Content-Type', 'application/json'); }