Added delete asset route. Fixes #67

src/Helpers/Utils.php

@@ -2,6 +2,8 @@
 
 namespace Godot\AssetLibrary\Helpers;
 
+use PDO;
+
 class Utils
 {
     private $c;
@@ -87,6 +89,26 @@ class Utils
         return false;
     }
 
+    public function errorResponseIfNotOwner($currentStatus, &$response, $user, $asset_id, $message = 'You are not authorized to do this')
+    {
+        if($user === false || $currentStatus) return true;
+
+        $query = $this->c->queries['asset']['get_one'];
+        $query->bindValue(':id', (int) $asset_id, PDO::PARAM_INT);
+        $query->execute();
+
+        if($query->rowCount() <= 0) {
+            return $response->withJson(['error' => 'Couldn\'t find asset with id '.$asset_id.'!'], 404);
+        }
+
+        $asset = $query->fetch();
+
+        if($asset['author_id'] != $user['user_id']) {
+            $response = $response->withJson(['error' => $message], 403);
+            return true;
+        }
+    }
+
     public function errorResponseIfMissingOrNotString($currentStatus, &$response, $object, $property)
     {
         if ($currentStatus) {

src/queries.php

@@ -164,5 +164,6 @@ return [
 
         'set_asset_id' => 'UPDATE `as_asset_edits` SET asset_id=:asset_id WHERE edit_id=:edit_id',
         'set_status_and_reason' => 'UPDATE `as_asset_edits` SET status=:status, reason=:reason WHERE edit_id=:edit_id',
-    ],
+        'delete' => 'UPDATE `as_assets` SET searchable=0 WHERE asset_id=:asset_id'
+    ]
 ];

src/routes/asset.php

@@ -235,3 +235,30 @@ $app->post('/asset/{id:[0-9]+}/support_level', function ($request, $response, $a
         'url' => 'asset/' . $args['id'],
     ], 200);
 });
+
+/*
+ * Delete asset from library
+ */
+$app->get('/asset/{id:[0-9]+}/delete', function ($request, $response, $args) {
+
+    $body = $request->getParsedBody();
+
+    $error = $this->utils->ensureLoggedIn(false, $response, $body, $user);
+    $error = $this->utils->errorResponseIfNotOwner($error, $response, $user, $args['id']);
+
+    if($error) return $response;
+
+    $query = $this->queries['asset_edit']['delete'];
+    $query->bindValue(':asset_id', (int) $args['id'], PDO::PARAM_INT);
+    $query->execute();
+
+    $error = $this->utils->errorResponseIfQueryBad(false, $response, $query);
+    if($error) return $response;
+
+    return $response->withJson([
+        'changed' => true,
+        'url' => '/',
+    ], 200);
+});
+
+

src/routes/asset_edit.php

@@ -333,6 +333,7 @@ $app->get('/asset/edit', function ($request, $response, $args) {
     ], 200);
 });
 
+
 // Get an edit
 $get_edit = function ($request, $response, $args) {
     $query = $this->queries['asset_edit']['get_one'];

templates/edit_asset.phtml

@@ -23,6 +23,11 @@
                         </div>
                 </div>
 
+                <div class="form-group">
+                    <div class="col-md-4 col-md-push-9 align-right">
+                        <a href="<?php echo raw($basepath) ?>/asset/<?php echo url($data['asset_id']) ?>/delete" id="delete" class="btn btn-danger">Delete asset from library</a>
+                    </div>
+                </div>
         </fieldset>
 </form>
 <?php include("_footer.phtml") ?>