phorge-phorge/src/applications/files/controller/PhabricatorFileDeleteController.php

<?php

/*
 * Copyright 2012 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

final class PhabricatorFileDeleteController extends PhabricatorFileController {

  private $id;

  public function willProcessRequest(array $data) {
    $this->id = $data['id'];
  }

  public function processRequest() {

    $request = $this->getRequest();
    $user = $request->getUser();

    $file = id(new PhabricatorFile())->loadOneWhere(
      'id = %d',
      $this->id);
    if (!$file) {
      return new Aphront404Response();
    }

    if (($user->getPHID() != $file->getAuthorPHID()) &&
        (!$user->getIsAdmin())) {
      return new Aphront403Response();
    }

    if ($request->isFormPost()) {
      $file->delete();
      return id(new AphrontRedirectResponse())->setURI('/file/');
    }

    $dialog = new AphrontDialogView();
    $dialog->setUser($user);
    $dialog->setTitle('Really delete file?');
    $dialog->appendChild(
      "<p>Permanently delete '".phutil_escape_html($file->getName())."'? This ".
      "action can not be undone.");
    $dialog->addSubmitButton('Delete');
    $dialog->addCancelButton($file->getInfoURI());

    return id(new AphrontDialogResponse())->setDialog($dialog);
  }
}
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 22:26:44 +01:00			`<?php`

			`/*`
			`* Copyright 2012 Facebook, Inc.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Add "final" to all Phabricator "Controller" classes Summary: These are all unambiguously unextensible. Issues I hit: - Maniphest Change/Diff controllers, just consolidated them. - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects. - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962. Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1843 2012-03-10 00:46:25 +01:00			`final class PhabricatorFileDeleteController extends PhabricatorFileController {`
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 22:26:44 +01:00
			`private $id;`

			`public function willProcessRequest(array $data) {`
			`$this->id = $data['id'];`
			`}`

			`public function processRequest() {`

			`$request = $this->getRequest();`
			`$user = $request->getUser();`

			`$file = id(new PhabricatorFile())->loadOneWhere(`
			`'id = %d',`
			`$this->id);`
			`if (!$file) {`
			`return new Aphront404Response();`
			`}`

			`if (($user->getPHID() != $file->getAuthorPHID()) &&`
			`(!$user->getIsAdmin())) {`
			`return new Aphront403Response();`
			`}`

			`if ($request->isFormPost()) {`
			`$file->delete();`
			`return id(new AphrontRedirectResponse())->setURI('/file/');`
			`}`

			`$dialog = new AphrontDialogView();`
			`$dialog->setUser($user);`
			`$dialog->setTitle('Really delete file?');`
			`$dialog->appendChild(`
			`"<p>Permanently delete '".phutil_escape_html($file->getName())."'? This ".`
			`"action can not be undone.");`
			`$dialog->addSubmitButton('Delete');`
			`$dialog->addCancelButton($file->getInfoURI());`

			`return id(new AphrontDialogResponse())->setDialog($dialog);`
			`}`
			`}`