payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
payfrit-api/api/hub/messages/delete.php
Mike 1dacefcf70 Add Hub Messages, Files, Users, Reactions, and Pins APIs 
Complete backend for SprintChat Hub migration:
- Messages: send, edit, delete, list (paginated cursor), thread, search
- Files: upload (multipart), download, thumbnail, info, list
- Users: get, getByIds, search, status (online detection)
- Reactions: add, remove, list (grouped by emoji)
- Pins: pin, unpin, list (with message content)
- Channel stats: member/message/pinned/unread counts

4 new DB tables: Hub_Messages, Hub_Files, Hub_Reactions, Hub_PinnedPosts
21 new endpoints added to PUBLIC_ROUTES

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 02:03:14 +00:00

47 lines
1.5 KiB
PHP
Raw Permalink Blame History

<?php
/**
* POST /api/hub/messages/delete.php
*
* Soft-delete a message. Only the sender or channel admin/owner can delete.
*
* Body:
* MessageID int REQUIRED
* AgentAddress string REQUIRED who is requesting the delete
*
* Response: { OK: true }
*/
require_once __DIR__ . '/../../helpers.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
jsonResponse(['OK' => false, 'ERROR' => 'method_not_allowed'], 405);
}
$body = readJsonBody();
$messageId = (int) ($body['MessageID'] ?? 0);
$agentAddress = trim($body['AgentAddress'] ?? '');
if ($messageId <= 0) jsonResponse(['OK' => false, 'ERROR' => 'message_id_required']);
if ($agentAddress === '') jsonResponse(['OK' => false, 'ERROR' => 'agent_address_required']);
$msg = queryOne("SELECT * FROM Hub_Messages WHERE ID = ? AND IsDeleted = 0", [$messageId]);
if (!$msg) jsonResponse(['OK' => false, 'ERROR' => 'message_not_found']);
// Check permission: sender can delete their own, admins/owners can delete any
$allowed = ($msg['SenderAddress'] === $agentAddress);
if (!$allowed) {
$membership = queryOne(
"SELECT Role FROM Hub_ChannelMembers WHERE ChannelID = ? AND AgentAddress = ?",
[(int) $msg['ChannelID'], $agentAddress]
);
if ($membership && in_array($membership['Role'], ['admin', 'owner'], true)) {
$allowed = true;
}
}
if (!$allowed) jsonResponse(['OK' => false, 'ERROR' => 'permission_denied']);
queryTimed("UPDATE Hub_Messages SET IsDeleted = 1 WHERE ID = ?", [$messageId]);
jsonResponse(['OK' => true]);
Reference in a new issue View git blame Copy permalink