From ec77d2f77b96488b1bc170ced2abab12b3c19416 Mon Sep 17 00:00:00 2001
From: Thomas Vanbesien <tvanbesi@proton.me>
Date: Sat, 21 Mar 2026 22:46:34 +0100
Subject: Add user's own posts grid and post deletion to editor page

---
 src/app/Controllers/EditorController.php | 37 +++++++++++++++++++++++++++++++-
 src/app/Views/editor/index.php           | 15 +++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)

(limited to 'src/app')

diff --git a/src/app/Controllers/EditorController.php b/src/app/Controllers/EditorController.php
index 7cfb9b9..c7dd9fc 100644
--- a/src/app/Controllers/EditorController.php
+++ b/src/app/Controllers/EditorController.php
@@ -31,6 +31,8 @@ class EditorController
         // Map filesystem paths to URL paths the browser can load
         $overlays = array_map(static fn($path) => '/assets/overlays/' . basename($path), $overlayFiles);
 
+        $userPosts = $this->post->findByUserId($_SESSION['user_id']);
+
         $content = __DIR__ . '/../Views/editor/index.php';
         include __DIR__ . '/../Views/layouts/main.php';
     }
@@ -102,7 +104,40 @@ class EditorController
         $relativePath = 'uploads/posts/' . basename($outputPath);
         $this->post->create($_SESSION['user_id'], $relativePath);
 
-        echo json_encode(['success' => true, 'redirect' => '/gallery']);
+        echo json_encode(['success' => true, 'redirect' => '/editor']);
+    }
+
+    public function destroy(string $id): void
+    {
+        if (!isset($_SESSION['user_id'])) {
+            header('Location: /login');
+            return;
+        }
+
+        if (!Csrf::validate($_POST['csrf_token'] ?? '')) {
+            Flash::set('error', 'Invalid CSRF token.');
+            header('Location: /editor');
+            return;
+        }
+
+        $post = $this->post->findById((int) $id);
+
+        // Only the post owner can delete it
+        if (!$post || $post['user_id'] !== $_SESSION['user_id']) {
+            Flash::set('error', 'Post not found.');
+            header('Location: /editor');
+            return;
+        }
+
+        // Delete the image file from disk
+        $filePath = \dirname(__DIR__, 2) . '/' . $post['image_path'];
+        if (file_exists($filePath)) {
+            unlink($filePath);
+        }
+
+        $this->post->delete((int) $id);
+        Flash::set('success', 'Post deleted.');
+        header('Location: /editor');
     }
 
     /**
diff --git a/src/app/Views/editor/index.php b/src/app/Views/editor/index.php
index 624002a..7f2c258 100644
--- a/src/app/Views/editor/index.php
+++ b/src/app/Views/editor/index.php
@@ -46,4 +46,19 @@
             <button id="btn-save" class="btn" disabled>Save post</button>
         </div>
     </div>
+
+    <?php if (!empty($userPosts)): ?>
+        <h2 class="my-posts-title">My posts</h2>
+        <div class="my-posts-grid">
+            <?php foreach ($userPosts as $post): ?>
+                <div class="my-post">
+                    <img src="/<?= htmlspecialchars($post['image_path']) ?>" alt="My post">
+                    <form method="POST" action="/editor/delete/<?= $post['id'] ?>" class="delete-form">
+                        <?= \App\Csrf::field() ?>
+                        <button type="submit" class="btn-delete" onclick="return confirm('Delete this post?')">Delete</button>
+                    </form>
+                </div>
+            <?php endforeach; ?>
+        </div>
+    <?php endif; ?>
 </div>
-- 
cgit v1.2.3