diff --git a/Web/Models/Entities/Traits/TOwnable.php b/Web/Models/Entities/Traits/TOwnable.php index 4c6c9c94..9dc9ce2a 100644 --- a/Web/Models/Entities/Traits/TOwnable.php +++ b/Web/Models/Entities/Traits/TOwnable.php @@ -6,7 +6,7 @@ trait TOwnable { function canBeModifiedBy(User $user): bool { - if(is_callable([$this, "isCreatedBySystem"])) + if(method_exists($this, "isCreatedBySystem")) if($this->isCreatedBySystem()) return false; diff --git a/Web/Presenters/NotesPresenter.php b/Web/Presenters/NotesPresenter.php index 0353354d..7dba6c65 100644 --- a/Web/Presenters/NotesPresenter.php +++ b/Web/Presenters/NotesPresenter.php @@ -57,7 +57,7 @@ final class NotesPresenter extends OpenVKPresenter if(empty($this->postParam("name"))) { $this->flashFail("err", tr("error"), tr("error_segmentation")); } - + $note = new Note; $note->setOwner($this->user->id); $note->setCreated(time()); @@ -68,4 +68,22 @@ final class NotesPresenter extends OpenVKPresenter $this->redirect("/note" . $this->user->id . "_" . $note->getId()); } } + + function renderDelete(int $owner, int $id): void + { + $this->assertUserLoggedIn(); + $this->willExecuteWriteAction(); + $this->assertNoCSRF(); + + $note = $this->notes->get($id); + if(!$note) $this->notFound(); + if($note->getOwner()->getId() . "_" . $note->getId() !== $owner . "_" . $id || $note->isDeleted()) $this->notFound(); + if(is_null($this->user) || !$note->canBeModifiedBy($this->user->identity)) + $this->flashFail("err", "Ошибка доступа", "Недостаточно прав для модификации данного ресурса."); + + $name = $note->getName(); + $note->delete(); + $this->flash("succ", "Заметка удалена", "Заметка \"$name\" была успешно удалена."); + $this->redirect("/notes" . $this->user->id); + } } diff --git a/Web/Presenters/templates/Notes/View.xml b/Web/Presenters/templates/Notes/View.xml index 9d712393..c2da6188 100644 --- a/Web/Presenters/templates/Notes/View.xml +++ b/Web/Presenters/templates/Notes/View.xml @@ -39,11 +39,19 @@