Merge branch 'marijn-postdelete' into 'master'

Marijn postdelete See merge request !174
2017-02-01 14:42:02 +01:00
parent 7955509cb2 96f421d088
commit 6ad1c0edf5
6 changed files with 123 additions and 12 deletions
--- a/website/public/API/deletePost.php
+++ b/website/public/API/deletePost.php
@@ -0,0 +1,20 @@
+<?php
+session_start();
+
+require_once "../../queries/post.php";
+require_once "../../queries/user.php";
+
+if (isset($_SESSION["userID"]) and
+    getRoleByID($_SESSION["userID"]) != 'frozen' and
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+
+    if (empty($_POST["postID"]) or empty($_SESSION["userID"])) {
+        header('HTTP/1.1 500 Non enough arguments');
+    }
+
+    deletePost($_POST["postID"], $_SESSION["userID"]);
+    return;
+
+} else {
+    echo "frozen";
+}
--- a/website/public/js/masonry.js
+++ b/website/public/js/masonry.js
@@ -61,19 +61,9 @@ $(document).ready(function () {
 });

 $(window).on("load", function() {
-    $(".modal-close").click(function () {
-        $(".modal").hide();
-        scrollbarMargin(0, 'auto');
-        $('#modal-response').hide();
-        $('.modal-default').show();
-    });
+    $(".modal-close").click(function (){closeModal()});

    // http://stackoverflow.com/questions/9439725/javascript-how-to-detect-if-browser-window-is-scrolled-to-bottom
-    // $(window).on("scroll", function () {
-    //     if ((window.innerHeight + window.pageYOffset) >= document.body.offsetHeight) {
-    //         loadMorePosts(userID, groupID, postAmount, postLimit);
-    //     }
-    // });
    window.onscroll = function(ev) {
        if($(window).scrollTop() + $(window).height() == $(document).height() ) {
            loadMorePosts(userID, groupID, postAmount, postLimit);
@@ -81,6 +71,13 @@ $(window).on("load", function() {
    };
 });

+function closeModal() {
+    $(".modal").hide();
+    scrollbarMargin(0, 'auto');
+    $('#modal-response').hide();
+    $('.modal-default').show();
+}
+
 $(window).resize(function() {
    clearTimeout(window.resizedFinished);
    window.resizeFinished = setTimeout(function() {
--- a/website/public/js/post.js
+++ b/website/public/js/post.js
@@ -1,3 +1,4 @@
+
 function postComment(buttonValue) {
    formData = $("#newcommentform").serializeArray();
    formData.push({name: "button", value: buttonValue});
@@ -20,3 +21,19 @@ function postComment(buttonValue) {
        $('#modal-response').html(fancyText(data));
    });
 }
+
+function deletePost(postID) {
+    var formData = [{name: "postID", value: postID}];
+    $.post(
+        "API/deletePost.php",
+        formData
+    ).done(function (response) {
+        if (response == "frozen") {
+            alert("Je account is bevroren, dus je kan geen posts verwijderen. Contacteer een admin als je denkt dat dit onjuist is.");
+        }
+    });
+    closeModal();
+    masonry(masonryMode);
+
+
+}
--- a/website/public/styles/post-popup.css
+++ b/website/public/styles/post-popup.css
@@ -84,3 +84,20 @@
    height: 24px;
    width: 24px;
 }
+
+.deleteButton {
+    background-color: firebrick;
+
+}
+
+.deleteButton i {
+    display: inline-block;
+}
+
+.deleteButton:hover span {
+    display: inline-block;
+}
+
+.deleteButton span {
+    display: none;
+}
--- a/website/queries/post.php
+++ b/website/queries/post.php
@@ -243,3 +243,56 @@ function deleteNietSlecht(int $postID, int $userID) {
    $stmt->execute();
    return $stmt->rowCount();
 }
+
+function deletePost(int $postID, int $userID) {
+    if (checkPermissionOnPost($postID, $userID)) {
+        $stmt = prepareQuery("
+        DELETE FROM
+            `post`
+        WHERE
+            `postID` = :postID
+        ");
+        $stmt->bindParam(":postID", $postID);
+        $stmt->execute();
+    }
+}
+
+function checkPermissionOnPost(int $postID, int $userID) : bool {
+    $getGroupID = prepareQuery("
+    SELECT
+        `author`,
+        `groupID`
+    FROM
+        `post`
+    WHERE
+        `postID` = :postID
+    ");
+    $getGroupID->bindParam(":postID", $postID);
+    $getGroupID->execute();
+    $postinfo = $getGroupID->fetch();
+
+    if ($postinfo["groupID"] == null) {
+        // User post
+        return ($userID == $postinfo["author"]);
+    } else {
+        // Group post
+        $roleInGroup = getRoleInGroup($userID, $postinfo["groupID"]);
+        return ($roleInGroup == "mod" or $roleInGroup == "admin");
+    }
+}
+
+function getRoleInGroup(int $userID, int $groupID) {
+    $stmt = prepareQuery("
+    SELECT
+        `role`
+    FROM
+        `group_member`
+    WHERE
+      `userID` = :userID AND
+      `groupID` = :groupID
+    ");
+    $stmt->bindParam(":userID", $userID);
+    $stmt->bindParam(":groupID", $groupID);
+    $stmt->execute();
+    return $stmt->fetch()["role"];
+}
--- a/website/views/post-view.php
+++ b/website/views/post-view.php
@@ -6,7 +6,14 @@ session_start();
 ?>
 <div class='post-header header'>
    <h4><?=$post['title']?></h4>
-    <form method="post" onclick=""><span class="delete-post">verwijder post</span><br /></form>
+    <?php if (checkPermissionOnPost($postID, $_SESSION["userID"])) {?>
+    <button class="deleteButton"
+            onclick="deletePost('<?=$postID?>')"
+            type="submit">
+        <i class="fa fa-trash"></i>
+        <span>Verwijder post</span>
+    </button><br />
+    <?php } ?>
    <span class='postinfo'>
        gepost door <?=$fullname?>,
            <span class='posttime' title='<?=$post['creationdate']?>'>