phabricator/src/applications/files/controller/PhabricatorFileDeleteController.php

<?php

final class PhabricatorFileDeleteController extends PhabricatorFileController {

  public function handleRequest(AphrontRequest $request) {
    $viewer = $request->getViewer();
    $id = $request->getURIData('id');

    $file = id(new PhabricatorFileQuery())
      ->setViewer($viewer)
      ->withIDs(array($id))
      ->requireCapabilities(
        array(
          PhabricatorPolicyCapability::CAN_VIEW,
          PhabricatorPolicyCapability::CAN_EDIT,
        ))
      ->executeOne();
    if (!$file) {
      return new Aphront404Response();
    }

    if (($viewer->getPHID() != $file->getAuthorPHID()) &&
        (!$viewer->getIsAdmin())) {
      return new Aphront403Response();
    }

    if ($request->isFormPost()) {
      $file->delete();
      return id(new AphrontRedirectResponse())->setURI('/file/');
    }

    $dialog = new AphrontDialogView();
    $dialog->setUser($viewer);
    $dialog->setTitle(pht('Really delete file?'));
    $dialog->appendChild(hsprintf(
      '<p>%s</p>',
      pht(
        "Permanently delete '%s'? This action can not be undone.",
        $file->getName())));
    $dialog->addSubmitButton(pht('Delete'));
    $dialog->addCancelButton($file->getInfoURI());

    return id(new AphrontDialogResponse())->setDialog($dialog);
  }
}
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 13:26:44 -08:00			`<?php`

Add "final" to all Phabricator "Controller" classes Summary: These are all unambiguously unextensible. Issues I hit: - Maniphest Change/Diff controllers, just consolidated them. - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects. - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962. Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1843 2012-03-09 15:46:25 -08:00			`final class PhabricatorFileDeleteController extends PhabricatorFileController {`
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 13:26:44 -08:00
Update Files for handleRequest Summary: Update Files application Test Plan: Upload a file, edit a file, view details, transforms, delete file Reviewers: epriestley Reviewed By: epriestley Subscribers: epriestley, Korvin Differential Revision: https://secure.phabricator.com/D13735 2015-07-27 09:41:53 -07:00			`public function handleRequest(AphrontRequest $request) {`
			`$viewer = $request->getViewer();`
			`$id = $request->getURIData('id');`
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 13:26:44 -08:00
Make most file reads policy-aware Summary: Ref T603. Swaps out most `PhabricatorFile` loads for `PhabricatorFileQuery`. Test Plan: - Viewed Differential changesets. - Used `file.info`. - Used `file.download`. - Viewed a file. - Deleted a file. - Used `/Fnnnn` to access a file. - Uploaded an image, verified a thumbnail generated. - Created and edited a macro. - Added a meme. - Did old-school attach-a-file-to-a-task. - Viewed a paste. - Viewed a mock. - Embedded a mock. - Profiled a page. - Parsed a commit with image files linked to a revision with image files. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7178 2013-09-30 09:38:13 -07:00			`$file = id(new PhabricatorFileQuery())`
Update Files for handleRequest Summary: Update Files application Test Plan: Upload a file, edit a file, view details, transforms, delete file Reviewers: epriestley Reviewed By: epriestley Subscribers: epriestley, Korvin Differential Revision: https://secure.phabricator.com/D13735 2015-07-27 09:41:53 -07:00			`->setViewer($viewer)`
			`->withIDs(array($id))`
Make most file reads policy-aware Summary: Ref T603. Swaps out most `PhabricatorFile` loads for `PhabricatorFileQuery`. Test Plan: - Viewed Differential changesets. - Used `file.info`. - Used `file.download`. - Viewed a file. - Deleted a file. - Used `/Fnnnn` to access a file. - Uploaded an image, verified a thumbnail generated. - Created and edited a macro. - Added a meme. - Did old-school attach-a-file-to-a-task. - Viewed a paste. - Viewed a mock. - Embedded a mock. - Profiled a page. - Parsed a commit with image files linked to a revision with image files. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7178 2013-09-30 09:38:13 -07:00			`->requireCapabilities(`
			`array(`
			`PhabricatorPolicyCapability::CAN_VIEW,`
			`PhabricatorPolicyCapability::CAN_EDIT,`
			`))`
			`->executeOne();`
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 13:26:44 -08:00			`if (!$file) {`
			`return new Aphront404Response();`
			`}`

Update Files for handleRequest Summary: Update Files application Test Plan: Upload a file, edit a file, view details, transforms, delete file Reviewers: epriestley Reviewed By: epriestley Subscribers: epriestley, Korvin Differential Revision: https://secure.phabricator.com/D13735 2015-07-27 09:41:53 -07:00			`if (($viewer->getPHID() != $file->getAuthorPHID()) &&`
			`(!$viewer->getIsAdmin())) {`
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 13:26:44 -08:00			`return new Aphront403Response();`
			`}`

			`if ($request->isFormPost()) {`
			`$file->delete();`
			`return id(new AphrontRedirectResponse())->setURI('/file/');`
			`}`

			`$dialog = new AphrontDialogView();`
Update Files for handleRequest Summary: Update Files application Test Plan: Upload a file, edit a file, view details, transforms, delete file Reviewers: epriestley Reviewed By: epriestley Subscribers: epriestley, Korvin Differential Revision: https://secure.phabricator.com/D13735 2015-07-27 09:41:53 -07:00			`$dialog->setUser($viewer);`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 17:27:56 +10:00			`$dialog->setTitle(pht('Really delete file?'));`
Convert some phutil_escape_html() to hsprintf() Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`. Test Plan: / /D1 /uiexample/ /countdown/1/ /herald/transcript/1/all/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4869 2013-02-08 12:07:44 -08:00			`$dialog->appendChild(hsprintf(`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 17:27:56 +10:00			`'<p>%s</p>',`
			`pht(`
			`"Permanently delete '%s'? This action can not be undone.",`
			`$file->getName())));`
			`$dialog->addSubmitButton(pht('Delete'));`
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423 2012-01-16 13:26:44 -08:00			`$dialog->addCancelButton($file->getInfoURI());`

			`return id(new AphrontDialogResponse())->setDialog($dialog);`
			`}`
			`}`