Merge pull request #90 from TomWor/delete-assets

Added delete asset route. Fixes #67
godotengine · Sep 13, 2017 · 6f7ea84 · 6f7ea84
2 parents a9e8ef3 + 589b4d2
commit 6f7ea84
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 1 deletion.
diff --git a/src/Helpers/Utils.php b/src/Helpers/Utils.php
@@ -2,6 +2,8 @@
 
 namespace Godot\AssetLibrary\Helpers;
 
+use PDO;
+
 class Utils
 {
     private $c;
@@ -87,6 +89,30 @@ public function errorResponseIfNotUserHasLevel($currentStatus, &$response, $user
         return false;
     }
 
+    public function errorResponseIfNotOwner($currentStatus, &$response, $user, $asset_id, $message = 'You are not authorized to do this')
+    {
+        if($user === false || $currentStatus) {
+            return true;
+        }
+
+        $query = $this->c->queries['asset']['get_one'];
+        $query->bindValue(':id', (int) $asset_id, PDO::PARAM_INT);
+        $query->execute();
+
+        if($query->rowCount() <= 0) {
+            return $response->withJson(['error' => 'Couldn\'t find asset with id '.$asset_id.'!'], 404);
+        }
+
+        $asset = $query->fetch();
+
+        if($asset['author_id'] != $user['user_id']) {
+            $response = $response->withJson(['error' => $message], 403);
+            return true;
+        }
+
+        return false;
+    }
+
     public function errorResponseIfMissingOrNotString($currentStatus, &$response, $object, $property)
     {
         if ($currentStatus) {

diff --git a/src/queries.php b/src/queries.php
@@ -164,5 +164,6 @@
 
         'set_asset_id' => 'UPDATE `as_asset_edits` SET asset_id=:asset_id WHERE edit_id=:edit_id',
         'set_status_and_reason' => 'UPDATE `as_asset_edits` SET status=:status, reason=:reason WHERE edit_id=:edit_id',
-    ],
+        'delete' => 'UPDATE `as_assets` SET searchable=0 WHERE asset_id=:asset_id'
+    ]
 ];
diff --git a/src/routes/asset.php b/src/routes/asset.php
@@ -235,3 +235,30 @@
         'url' => 'asset/' . $args['id'],
     ], 200);
 });
+
+/*
+ * Delete asset from library
+ */
+$app->post('/asset/{id:[0-9]+}/delete', function ($request, $response, $args) {
+
+    $body = $request->getParsedBody();
+
+    $error = $this->utils->ensureLoggedIn(false, $response, $body, $user);
+    $error = $this->utils->errorResponseIfNotOwner($error, $response, $user, $args['id']);
+
+    if($error) return $response;
+
+    $query = $this->queries['asset_edit']['delete'];
+    $query->bindValue(':asset_id', (int) $args['id'], PDO::PARAM_INT);
+    $query->execute();
+
+    $error = $this->utils->errorResponseIfQueryBad(false, $response, $query);
+    if($error) return $response;
+
+    return $response->withJson([
+        'changed' => true,
+        'url' => 'asset/',
+    ], 200);
+});
+
+
diff --git a/src/routes/asset_edit.php b/src/routes/asset_edit.php
@@ -333,6 +333,7 @@ function _add_previews_to_edit($c, $error, &$response, $edit_id, $previews, $ass
     ], 200);
 });
 
+
 // Get an edit
 $get_edit = function ($request, $response, $args) {
     $query = $this->queries['asset_edit']['get_one'];

diff --git a/templates/edit_asset.phtml b/templates/edit_asset.phtml
@@ -23,6 +23,13 @@
                         </div>
                 </div>
 
+                <div class="form-group">
+                    <div class="col-md-4 col-md-push-9 align-right">
+                        <form action="<?php echo raw($basepath) ?>/asset/<?php echo url($data['asset_id']) ?>/delete" method="POST">
+                            <button type="submit" id="delete" class="btn btn-danger" onclick="javascript:if(window.confirm('Do you really want to delete this asset?')){ return true; }else{ return false; }">Delete asset from library</button>
+                        </form>
+                    </div>
+                </div>
         </fieldset>
 </form>
 <?php include("_footer.phtml") ?>