From b35ea500cced964f76b9e0efd161ba964ee15b97 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Mon, 16 Jan 2012 13:26:44 -0800
Subject: [PATCH] Allow files to be deleted

Summary:
A couple of people mentioned that they've had users accidentally upload
sensitive files. Allow files to be deleted.

(At some point it might be nice to keep the file handle around and log who
deleted it, but this addresses the immediate problem without needing too much
work.)

Test Plan: Deleted some files.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T780

Differential Revision: https://secure.phabricator.com/D1423
---
 src/__phutil_library_map__.php                |  2 +
 ...AphrontDefaultApplicationConfiguration.php |  1 +
 .../PhabricatorFileDeleteController.php       | 60 +++++++++++++++++++
 .../files/controller/delete/__init__.php      | 21 +++++++
 .../view/PhabricatorFileViewController.php    | 16 +++--
 5 files changed, 96 insertions(+), 4 deletions(-)
 create mode 100644 src/applications/files/controller/delete/PhabricatorFileDeleteController.php
 create mode 100644 src/applications/files/controller/delete/__init__.php

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index 0a48289455..26272151e3 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -469,6 +469,7 @@ phutil_register_library_map(array(
     'PhabricatorFileAltViewController' => 'applications/files/controller/altview',
     'PhabricatorFileController' => 'applications/files/controller/base',
     'PhabricatorFileDAO' => 'applications/files/storage/base',
+    'PhabricatorFileDeleteController' => 'applications/files/controller/delete',
     'PhabricatorFileDropUploadController' => 'applications/files/controller/dropupload',
     'PhabricatorFileImageMacro' => 'applications/files/storage/imagemacro',
     'PhabricatorFileListController' => 'applications/files/controller/list',
@@ -1150,6 +1151,7 @@ phutil_register_library_map(array(
     'PhabricatorFileAltViewController' => 'PhabricatorFileController',
     'PhabricatorFileController' => 'PhabricatorController',
     'PhabricatorFileDAO' => 'PhabricatorLiskDAO',
+    'PhabricatorFileDeleteController' => 'PhabricatorFileController',
     'PhabricatorFileDropUploadController' => 'PhabricatorFileController',
     'PhabricatorFileImageMacro' => 'PhabricatorFileDAO',
     'PhabricatorFileListController' => 'PhabricatorFileController',
diff --git a/src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php
index bda20448dd..89c648ddd3 100644
--- a/src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php
+++ b/src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php
@@ -54,6 +54,7 @@ class AphrontDefaultApplicationConfiguration
         'filter/(?P<filter>\w+)/$' => 'PhabricatorFileListController',
         'upload/$' => 'PhabricatorFileUploadController',
         'dropupload/$' => 'PhabricatorFileDropUploadController',
+        'delete/(?P<id>\d+)/$' => 'PhabricatorFileDeleteController',
         '(?P<view>info)/(?P<phid>[^/]+)/' => 'PhabricatorFileViewController',
         '(?P<view>view)/(?P<phid>[^/]+)/' => 'PhabricatorFileViewController',
         '(?P<view>download)/(?P<phid>[^/]+)/' => 'PhabricatorFileViewController',
diff --git a/src/applications/files/controller/delete/PhabricatorFileDeleteController.php b/src/applications/files/controller/delete/PhabricatorFileDeleteController.php
new file mode 100644
index 0000000000..11ac72147e
--- /dev/null
+++ b/src/applications/files/controller/delete/PhabricatorFileDeleteController.php
@@ -0,0 +1,60 @@
+<?php
+
+/*
+ * Copyright 2012 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+class PhabricatorFileDeleteController extends PhabricatorFileController {
+
+  private $id;
+
+  public function willProcessRequest(array $data) {
+    $this->id = $data['id'];
+  }
+
+  public function processRequest() {
+
+    $request = $this->getRequest();
+    $user = $request->getUser();
+
+    $file = id(new PhabricatorFile())->loadOneWhere(
+      'id = %d',
+      $this->id);
+    if (!$file) {
+      return new Aphront404Response();
+    }
+
+    if (($user->getPHID() != $file->getAuthorPHID()) &&
+        (!$user->getIsAdmin())) {
+      return new Aphront403Response();
+    }
+
+    if ($request->isFormPost()) {
+      $file->delete();
+      return id(new AphrontRedirectResponse())->setURI('/file/');
+    }
+
+    $dialog = new AphrontDialogView();
+    $dialog->setUser($user);
+    $dialog->setTitle('Really delete file?');
+    $dialog->appendChild(
+      "<p>Permanently delete '".phutil_escape_html($file->getName())."'? This ".
+      "action can not be undone.");
+    $dialog->addSubmitButton('Delete');
+    $dialog->addCancelButton($file->getInfoURI());
+
+    return id(new AphrontDialogResponse())->setDialog($dialog);
+  }
+}
diff --git a/src/applications/files/controller/delete/__init__.php b/src/applications/files/controller/delete/__init__.php
new file mode 100644
index 0000000000..6593be5f6a
--- /dev/null
+++ b/src/applications/files/controller/delete/__init__.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * This file is automatically generated. Lint this module to rebuild it.
+ * @generated
+ */
+
+
+
+phutil_require_module('phabricator', 'aphront/response/403');
+phutil_require_module('phabricator', 'aphront/response/404');
+phutil_require_module('phabricator', 'aphront/response/dialog');
+phutil_require_module('phabricator', 'aphront/response/redirect');
+phutil_require_module('phabricator', 'applications/files/controller/base');
+phutil_require_module('phabricator', 'applications/files/storage/file');
+phutil_require_module('phabricator', 'view/dialog');
+
+phutil_require_module('phutil', 'markup');
+phutil_require_module('phutil', 'utils');
+
+
+phutil_require_source('PhabricatorFileDeleteController.php');
diff --git a/src/applications/files/controller/view/PhabricatorFileViewController.php b/src/applications/files/controller/view/PhabricatorFileViewController.php
index ce5bce19b1..8d4525db89 100644
--- a/src/applications/files/controller/view/PhabricatorFileViewController.php
+++ b/src/applications/files/controller/view/PhabricatorFileViewController.php
@@ -109,12 +109,21 @@ class PhabricatorFileViewController extends PhabricatorFileController {
 
     $form = new AphrontFormView();
 
+    $submit = new AphrontFormSubmitControl();
+
     if ($file->isViewableInBrowser()) {
       $form->setAction($file->getViewURI());
-      $button_name = 'View File';
+      $submit->setValue('View File');
     } else {
       $form->setAction('/file/download/'.$file->getPHID().'/');
-      $button_name = 'Download File';
+      $submit->setValue('Download File');
+    }
+
+    if (($user->getPHID() == $file->getAuthorPHID()) ||
+        ($user->getIsAdmin())) {
+      $submit->addCancelButton(
+        '/file/delete/'.$file->getID().'/',
+        'Delete File');
     }
 
     $file_id = 'F'.$file->getID();
@@ -171,8 +180,7 @@ class PhabricatorFileViewController extends PhabricatorFileController {
           ->setName('storageHandle')
           ->setValue($file->getStorageHandle()))
       ->appendChild(
-        id(new AphrontFormSubmitControl())
-          ->setValue($button_name));
+        id($submit));
 
     $panel = new AphrontPanelView();
     $panel->setHeader('File Info - '.$file->getName());