public static function canDelete($activity)
{
$session = Gdn::session();
$profileUserId = val('ActivityUserID', $activity);
$notifyUserId = val('NotifyUserID', $activity);
// User can delete any activity
if ($session->checkPermission('Garden.Activity.Delete')) {
return true;
}
$notifyUserIds = [ActivityModel::NOTIFY_PUBLIC];
if (Gdn::session()->checkPermission('Garden.Moderation.Manage')) {
$notifyUserIds[] = ActivityModel::NOTIFY_MODS;
}
// Is this a wall post?
if (!in_array(val('ActivityType', $activity), ['Status', 'WallPost']) || !in_array($notifyUserId, $notifyUserIds)) {
return false;
}
// Is this on the user's wall?
if ($profileUserId && $session->UserID == $profileUserId && $session->checkPermission('Garden.Profiles.Edit')) {
return true;
}
// The user inserted the activity --- may be added in later
// $insertUserId = val('InsertUserID', $activity);
// if ($insertUserId && $insertUserId == $session->UserID) {
// return true;
// }
return false;
} /**
* Delete an activity item.
*
* @since 2.0.0
* @access public
*
* @param int $ActivityID Unique ID of item to delete.
* @param string $TransientKey Verify intent.
*/
public function delete($ActivityID = '', $TransientKey = '')
{
$session = Gdn::session();
if (!$session->validateTransientKey($TransientKey)) {
throw permissionException();
}
if (!is_numeric($ActivityID)) {
throw Gdn_UserException('Invalid ID');
}
if (!$this->ActivityModel->canDelete($this->ActivityModel->getID($ActivityID))) {
throw permissionException();
}
$this->ActivityModel->deleteID($ActivityID);
if ($this->_DeliveryType === DELIVERY_TYPE_ALL) {
$target = Gdn::request()->get('Target');
if ($target) {
// Bail with a redirect if we got one.
redirect($target);
} else {
// We got this as a full page somehow, so send them back to /activity.
$this->RedirectUrl = url('activity');
}
}
$this->render();
}
