1<?php
2
3/*
4 * vim:set softtabstop=4 shiftwidth=4 expandtab:
5 *
6 *  LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
7 * Copyright 2001 - 2020 Ampache.org
8 *
9 * This program is free software: you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
21 *
22 */
23
24declare(strict_types=0);
25
26namespace Ampache\Module\Api\Method;
27
28use Ampache\Repository\Model\Catalog;
29use Ampache\Repository\Model\User;
30use Ampache\Module\Api\Api;
31use Ampache\Module\Authorization\Access;
32use Ampache\Module\System\Session;
33
34/**
35 * Class UserDeleteMethod
36 * @package Lib\ApiMethods
37 */
38final class UserDeleteMethod
39{
40    private const ACTION = 'user_delete';
41
42    /**
43     * user_delete
44     * MINIMUM_API_VERSION=400001
45     *
46     * Delete an existing user.
47     * Takes the username in parameter.
48     *
49     * @param array $input
50     * username = (string) $username)
51     * @return boolean
52     */
53    public static function user_delete(array $input)
54    {
55        if (!Api::check_access('interface', 100, User::get_from_username(Session::username($input['auth']))->id, self::ACTION, $input['api_format'])) {
56            return false;
57        }
58        if (!Api::check_parameter($input, array('username'), self::ACTION)) {
59            return false;
60        }
61        $username = $input['username'];
62        $user     = User::get_from_username($username);
63        // don't delete yourself or admins
64        if ($user->id && Session::username($input['auth']) != $username && !Access::check('interface', 100, $user->id)) {
65            $user->delete();
66            Api::message('successfully deleted: ' . $username, $input['api_format']);
67            Catalog::count_table('user');
68
69            return true;
70        }
71        /* HINT: Requested object string/id/type ("album", "myusername", "some song title", 1298376) */
72        Api::error(sprintf(T_('Bad Request: %s'), $username), '4710', self::ACTION, 'system', $input['api_format']);
73        Session::extend($input['auth']);
74
75        return false;
76    }
77}
78