1<?php 2 3/* 4 * vim:set softtabstop=4 shiftwidth=4 expandtab: 5 * 6 * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later) 7 * Copyright 2001 - 2020 Ampache.org 8 * 9 * This program is free software: you can redistribute it and/or modify 10 * it under the terms of the GNU Affero General Public License as published by 11 * the Free Software Foundation, either version 3 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU Affero General Public License for more details. 18 * 19 * You should have received a copy of the GNU Affero General Public License 20 * along with this program. If not, see <https://www.gnu.org/licenses/>. 21 * 22 */ 23 24declare(strict_types=0); 25 26namespace Ampache\Module\Api\Method; 27 28use Ampache\Repository\Model\Catalog; 29use Ampache\Repository\Model\User; 30use Ampache\Module\Api\Api; 31use Ampache\Module\Authorization\Access; 32use Ampache\Module\System\Session; 33 34/** 35 * Class UserDeleteMethod 36 * @package Lib\ApiMethods 37 */ 38final class UserDeleteMethod 39{ 40 private const ACTION = 'user_delete'; 41 42 /** 43 * user_delete 44 * MINIMUM_API_VERSION=400001 45 * 46 * Delete an existing user. 47 * Takes the username in parameter. 48 * 49 * @param array $input 50 * username = (string) $username) 51 * @return boolean 52 */ 53 public static function user_delete(array $input) 54 { 55 if (!Api::check_access('interface', 100, User::get_from_username(Session::username($input['auth']))->id, self::ACTION, $input['api_format'])) { 56 return false; 57 } 58 if (!Api::check_parameter($input, array('username'), self::ACTION)) { 59 return false; 60 } 61 $username = $input['username']; 62 $user = User::get_from_username($username); 63 // don't delete yourself or admins 64 if ($user->id && Session::username($input['auth']) != $username && !Access::check('interface', 100, $user->id)) { 65 $user->delete(); 66 Api::message('successfully deleted: ' . $username, $input['api_format']); 67 Catalog::count_table('user'); 68 69 return true; 70 } 71 /* HINT: Requested object string/id/type ("album", "myusername", "some song title", 1298376) */ 72 Api::error(sprintf(T_('Bad Request: %s'), $username), '4710', self::ACTION, 'system', $input['api_format']); 73 Session::extend($input['auth']); 74 75 return false; 76 } 77} 78