diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php index 99fdd923f..7c24c0da8 100644 --- a/airtime_mvc/application/controllers/LibraryController.php +++ b/airtime_mvc/application/controllers/LibraryController.php @@ -129,27 +129,11 @@ class LibraryController extends Zend_Controller_Action } } - $hasPermission = true; - if (count($playlists)) { - // make sure use has permission to delete all playslists in the list - if(!$isAdminOrPM){ - foreach($playlists as $pid){ - $pl = new Application_Model_Playlist($pid); - if($pl->getCreatorId() != $user->getId()){ - $hasPermission = false; - } - } - } - } - - if (!$isAdminOrPM && count($files)) { - $hasPermission = false; - } - if(!$hasPermission){ + try{ + Application_Model_Playlist::DeletePlaylists($playlists, $user->getId()); + }catch (PlaylistNoPermissionException $e){ $this->view->message = "You don't have a permission to delete all playlists/files that are selected."; return; - }else{ - Application_Model_Playlist::DeletePlaylists($playlists); } foreach ($files as $id) { diff --git a/airtime_mvc/application/controllers/PlaylistController.php b/airtime_mvc/application/controllers/PlaylistController.php index c23f95840..74c1500b7 100644 --- a/airtime_mvc/application/controllers/PlaylistController.php +++ b/airtime_mvc/application/controllers/PlaylistController.php @@ -96,6 +96,10 @@ class PlaylistController extends Zend_Controller_Action $this->changePlaylist(null); $this->createFullResponse(null); } + + private function playlistNoPermission(){ + $this->view->error = "You don't have permission to deleted playlist(s)"; + } private function playlistUnknownError($e) { @@ -197,6 +201,9 @@ class PlaylistController extends Zend_Controller_Action $ids = $this->_getParam('ids'); $ids = (!is_array($ids)) ? array($ids) : $ids; $pl = null; + + $userInfo = Zend_Auth::getInstance()->getStorage()->read(); + $user = new Application_Model_User($userInfo->id); try { @@ -210,9 +217,12 @@ class PlaylistController extends Zend_Controller_Action $pl = new Application_Model_Playlist($this->pl_sess->id); } - Application_Model_Playlist::DeletePlaylists($ids); + Application_Model_Playlist::DeletePlaylists($ids, $userInfo->id); $this->createFullResponse($pl); } + catch (PlaylistNoPermissionException $e){ + $this->playlistNoPermission(); + } catch (PlaylistNotFoundException $e) { $this->playlistNotFound(); } diff --git a/airtime_mvc/application/models/Playlist.php b/airtime_mvc/application/models/Playlist.php index 70710f567..c50e41269 100644 --- a/airtime_mvc/application/models/Playlist.php +++ b/airtime_mvc/application/models/Playlist.php @@ -802,12 +802,33 @@ class Application_Model_Playlist { * Delete playlists that match the ids.. * @param array $p_ids */ - public static function DeletePlaylists($p_ids) + public static function DeletePlaylists($p_ids, $p_userId) { - CcPlaylistQuery::create()->findPKs($p_ids)->delete(); + $leftOver = self::playlistsNotOwnedByUser($p_ids, $p_userId); + if(count($leftOver) == 0){ + CcPlaylistQuery::create()->findPKs($p_ids)->delete(); + }else{ + throw new PlaylistNoPermissionException; + } + } + + // This function returns that are not owen by $p_user_id among $p_ids + private static function playlistsNotOwnedByUser($p_ids, $p_userId){ + $ownedByUser = CcPlaylistQuery::create()->filterByDbCreatorId($p_userId)->find()->getData(); + $selectedPls = $p_ids; + $ownedPls = array(); + foreach($ownedByUser as $pl){ + if( in_array($pl->getDbId(), $selectedPls) ){ + $ownedPls[] = $pl->getDbId(); + } + } + + $leftOvers = array_diff($selectedPls, $ownedPls); + return $leftOvers; } } // class Playlist class PlaylistNotFoundException extends Exception {} +class PlaylistNoPermissionException extends Exception {} class PlaylistOutDatedException extends Exception {}