diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-21 22:46:34 +0100 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-03-21 22:46:34 +0100 |
| commit | ec77d2f77b96488b1bc170ced2abab12b3c19416 (patch) | |
| tree | d27fa6b4bcee9a8f204510ddb855e135562031f3 /src/app/Controllers/EditorController.php | |
| parent | d63e3c91a97d77b202e280ab0fa007dfbe1baa46 (diff) | |
| download | camagru-ec77d2f77b96488b1bc170ced2abab12b3c19416.tar.gz camagru-ec77d2f77b96488b1bc170ced2abab12b3c19416.zip | |
Add user's own posts grid and post deletion to editor page
Diffstat (limited to 'src/app/Controllers/EditorController.php')
| -rw-r--r-- | src/app/Controllers/EditorController.php | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/src/app/Controllers/EditorController.php b/src/app/Controllers/EditorController.php index 7cfb9b9..c7dd9fc 100644 --- a/src/app/Controllers/EditorController.php +++ b/src/app/Controllers/EditorController.php @@ -31,6 +31,8 @@ class EditorController // Map filesystem paths to URL paths the browser can load $overlays = array_map(static fn($path) => '/assets/overlays/' . basename($path), $overlayFiles); + $userPosts = $this->post->findByUserId($_SESSION['user_id']); + $content = __DIR__ . '/../Views/editor/index.php'; include __DIR__ . '/../Views/layouts/main.php'; } @@ -102,7 +104,40 @@ class EditorController $relativePath = 'uploads/posts/' . basename($outputPath); $this->post->create($_SESSION['user_id'], $relativePath); - echo json_encode(['success' => true, 'redirect' => '/gallery']); + echo json_encode(['success' => true, 'redirect' => '/editor']); + } + + public function destroy(string $id): void + { + if (!isset($_SESSION['user_id'])) { + header('Location: /login'); + return; + } + + if (!Csrf::validate($_POST['csrf_token'] ?? '')) { + Flash::set('error', 'Invalid CSRF token.'); + header('Location: /editor'); + return; + } + + $post = $this->post->findById((int) $id); + + // Only the post owner can delete it + if (!$post || $post['user_id'] !== $_SESSION['user_id']) { + Flash::set('error', 'Post not found.'); + header('Location: /editor'); + return; + } + + // Delete the image file from disk + $filePath = \dirname(__DIR__, 2) . '/' . $post['image_path']; + if (file_exists($filePath)) { + unlink($filePath); + } + + $this->post->delete((int) $id); + Flash::set('success', 'Post deleted.'); + header('Location: /editor'); } /** |