<?php
/**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
use Friendica\BaseModule;
use Friendica\Core\Session;
use Friendica\Core\System;
+use Friendica\Database\DBA;
use Friendica\DI;
-use Friendica\Model\Item;
+use Friendica\Model\Post;
use Friendica\Network\HTTPException;
/**
*/
class Pin extends BaseModule
{
- public static function rawContent(array $parameters = [])
+ protected function rawContent(array $request = [])
{
$l10n = DI::l10n();
throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
}
- if (empty($parameters['id'])) {
+ if (empty($this->parameters['id'])) {
throw new HTTPException\BadRequestException();
}
- $itemId = intval($parameters['id']);
+ $itemId = intval($this->parameters['id']);
- $pinned = !Item::getPinned($itemId, local_user());
+ $item = Post::selectFirst(['uri-id', 'uid'], ['id' => $itemId]);
+ if (!DBA::isResult($item)) {
+ throw new HTTPException\NotFoundException();
+ }
+
+ if (!in_array($item['uid'], [0, local_user()])) {
+ throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
+ }
+
+ $pinned = !Post\ThreadUser::getPinned($item['uri-id'], local_user());
- Item::setPinned($itemId, local_user(), $pinned);
+ Post\ThreadUser::setPinned($item['uri-id'], local_user(), $pinned);
// See if we've been passed a return path to redirect to
$return_path = $_REQUEST['return'] ?? '';
projects / friendica.git / blobdiff