public function deletePost(string $id) { $id = (int) $id; // Load Data $blogPost = $this->blog->getBlogPostById($id); $blogPost['tags'] = $this->blog->getTagsForPost($id); $latestVersion = $this->blog->getBlogPostLatestVersion($id); if ($this->isSuperUser()) { $authors = $this->author->getAll(); } else { $authors = $this->author->getForUser($this->getActiveUserId()); } $authorsAllowed = []; foreach ($authors as $a) { $authorsAllowed[] = (int) $a['authorid']; } // The 'delete' permission here means "delete any", not just "delete mine": if (!$this->can('delete')) { // Does this author belong to you? if (!\in_array((int) $blogPost['author'], $authorsAllowed)) { // No? Then you don't belong here \Airship\redirect($this->airship_cabin_prefix . '/blog/post'); } } $post = $this->post(new DeletePostFilter()); if (!empty($post)) { if ($this->processDeletePost($post, $authorsAllowed, $blogPost)) { \Airship\redirect($this->airship_cabin_prefix . '/blog/post'); } $this->storeLensVar('form_error', \__('An error has occurred.')); } $this->lens('blog/posts_delete', ['active_link' => 'bridge-link-blog-posts', 'blogpost' => $blogPost, 'latest' => $latestVersion]); }