feat(editor): added delete button, closes #3765

Author: thorsten

phpmyfaq/admin/assets/src/content/faqs.editor.ts

@@ -13,7 +13,7 @@
  * @since     2023-04-30
  */
 
-import { create, update } from '../api';
+import { create, update, deleteFaq } from '../api';
 import { pushErrorNotification, pushNotification, serialize } from '../../../../assets/src/utils';
 import { Response } from '../interfaces';
 
@@ -41,7 +41,7 @@ export const handleSaveFaqData = (): void => {
       }
 
       if (response?.success) {
-        const data = JSON.parse(response.data);
+        const data = response.data ? JSON.parse(response.data) : {};
         const faqId = document.getElementById('faqId') as HTMLInputElement;
         const revisionId = document.getElementById('revisionId') as HTMLInputElement;
 
@@ -50,12 +50,55 @@ export const handleSaveFaqData = (): void => {
 
         pushNotification(response.success);
       } else {
-        pushErrorNotification(response.error);
+        if (response && response.error) {
+          pushErrorNotification(response.error);
+        }
       }
     });
   }
 };
 
+export const handleDeleteFaqEditorModal = (): void => {
+  const deleteButton = document.getElementById('faqEditorDelete') as HTMLButtonElement | null;
+  const confirmDeleteButton = document.getElementById('pmf-confirm-delete-faq') as HTMLButtonElement | null;
+
+  if (!deleteButton || !confirmDeleteButton) {
+    return;
+  }
+
+  confirmDeleteButton.addEventListener('click', async (event: Event): Promise<void> => {
+    event.preventDefault();
+
+    const faqId = deleteButton.getAttribute('data-faq-id') as string;
+    const faqLanguage = deleteButton.getAttribute('data-faq-language') as string;
+    const csrfToken = deleteButton.getAttribute('data-pmf-csrf-token') as string;
+
+    if (!faqId || !faqLanguage || !csrfToken) {
+      pushErrorNotification('Fehlende Parameter zum Löschen der FAQ.');
+      return;
+    }
+
+    try {
+      const response = await deleteFaq(faqId, faqLanguage, csrfToken);
+
+      if (response?.success) {
+        pushNotification(response.success);
+        // Nach kurzer Verzögerung zur FAQ-Übersicht umleiten
+        window.setTimeout(() => {
+          window.location.href = './faqs';
+        }, 1000);
+      } else if (response?.error) {
+        pushErrorNotification(response.error);
+      } else {
+        pushErrorNotification('Beim Löschen der FAQ ist ein unbekannter Fehler aufgetreten.');
+      }
+    } catch (error) {
+      console.error(error);
+      pushErrorNotification('Beim Löschen der FAQ ist ein Fehler aufgetreten.');
+    }
+  });
+};
+
 export const handleUpdateQuestion = (): void => {
   const input = document.getElementById('question') as HTMLInputElement | null;
   if (input) {

phpmyfaq/admin/assets/src/index.ts

@@ -64,7 +64,7 @@ import {
   handleToggleVisibility,
   handleResetCategoryImage,
   handleResetButton,
-  handleDeleteFaqModal,
+  handleDeleteFaqEditorModal,
 } from './content';
 import { handleUserList, handleUsers } from './user';
 import { handleGroups } from './group';
@@ -111,7 +111,7 @@ document.addEventListener('DOMContentLoaded', async (): Promise<void> => {
   handleFileFilter();
   handleSaveFaqData();
   handleUpdateQuestion();
-  handleDeleteFaqModal();
+  handleDeleteFaqEditorModal();
   handleResetButton();
   await handleFaqOverview();
 

phpmyfaq/assets/templates/admin/content/faq.editor.twig

@@ -449,8 +449,18 @@
             <button class="btn btn-info" type="reset">
               {{ ad_gen_reset }}
             </button>
+
+            {% if editExistingFaq %}
+            <button class="btn btn-danger" type="button" id="faqEditorDelete" data-bs-toggle="modal"
+                    data-bs-target="#deleteFaqModal" data-faq-id="{{ faqData['id'] }}"
+                    data-faq-language="{{ faqData['lang'] }}"
+                    data-pmf-csrf-token="{{ csrfToken }}">
+              <i class="bi bi-trash" aria-hidden="true"></i> {{ 'msgDelete' | translate }}
+            </button>
+            {% endif %}
+
             <button class="btn btn-primary" type="submit" id="faqEditorSubmit">
-              {{ ad_entry_save }}
+              <i class="bi bi-save" aria-hidden="true"></i> {{ ad_entry_save }}
             </button>
           {% endif %}
         </div>
@@ -610,6 +620,29 @@
     </div>
   </div>
 
+  <!-- Delete FAQ Modal -->
+  <div class="modal fade" id="deleteFaqModal" tabindex="-1" role="dialog" aria-labelledby="deleteFaqModalLabel" aria-hidden="true">
+    <div class="modal-dialog" role="document">
+      <div class="modal-content">
+        <div class="modal-header">
+          <h5 class="modal-title" id="deleteFaqModalLabel">{{ 'msgDelete' | translate }}</h5>
+          <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+        </div>
+        <div class="modal-body">
+          {{ 'msgConfirmDeleteFAQ' | translate }}
+        </div>
+        <div class="modal-footer">
+          <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
+            {{ 'msgCancel' | translate }}
+          </button>
+          <button type="button" class="btn btn-danger" id="pmf-confirm-delete-faq">
+            {{ 'msgDelete' | translate }}
+          </button>
+        </div>
+      </div>
+    </div>
+  </div>
+
   {% if isMarkdownEditorEnabled %}
     <!-- Markdown Image Modal -->
     <div class="modal modal-lg fade " id="pmf-markdown-insert-image-modal" tabindex="-1" role="dialog"

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/FaqController.php

@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * The Admin FAQ Controller
  * This Source Code Form is subject to the terms of the Mozilla Public License,
@@ -16,6 +14,8 @@
  * @since     2023-10-28
  */
 
+declare(strict_types=1);
+
 namespace phpMyFAQ\Controller\Administration\Api;
 
 use DateTime;
@@ -82,7 +82,10 @@ public function create(Request $request): JsonResponse
 
         $data = json_decode($request->getContent())->data;
 
-        if (!Token::getInstance($this->container->get('session'))->verifyToken('edit-faq', $data->{'pmf-csrf-token'})) {
+        if (!Token::getInstance($this->container->get('session'))->verifyToken(
+            'pmf-csrf-token',
+            $data->{'pmf-csrf-token'},
+        )) {
             return $this->json(['error' => Translation::get(
                 languageKey: 'msgNoPermission',
             )], Response::HTTP_UNAUTHORIZED);
@@ -292,7 +295,10 @@ public function update(Request $request): JsonResponse
 
         $data = json_decode($request->getContent())->data;
 
-        if (!Token::getInstance($this->container->get('session'))->verifyToken('edit-faq', $data->{'pmf-csrf-token'})) {
+        if (!Token::getInstance($this->container->get('session'))->verifyToken(
+            'pmf-csrf-token',
+            $data->{'pmf-csrf-token'},
+        )) {
             return $this->json(['error' => Translation::get(
                 languageKey: 'msgNoPermission',
             )], Response::HTTP_UNAUTHORIZED);
@@ -538,7 +544,7 @@ public function activate(Request $request): JsonResponse
         $faqLanguage = Filter::filterVar($data->faqLanguage, FILTER_SANITIZE_SPECIAL_CHARS);
         $checked = Filter::filterVar($data->checked, FILTER_VALIDATE_BOOLEAN);
 
-        if (!Token::getInstance($this->container->get('session'))->verifyToken('faq-overview', $data->csrf)) {
+        if (!Token::getInstance($this->container->get('session'))->verifyToken('pmf-csrf-token', $data->csrf)) {
             return $this->json(['error' => Translation::get(
                 languageKey: 'msgNoPermission',
             )], Response::HTTP_UNAUTHORIZED);
@@ -582,7 +588,7 @@ public function sticky(Request $request): JsonResponse
         $faqLanguage = Filter::filterVar($data->faqLanguage, FILTER_SANITIZE_SPECIAL_CHARS);
         $checked = Filter::filterVar($data->checked, FILTER_VALIDATE_BOOLEAN);
 
-        if (!Token::getInstance($this->container->get('session'))->verifyToken('faq-overview', $data->csrf)) {
+        if (!Token::getInstance($this->container->get('session'))->verifyToken('pmf-csrf-token', $data->csrf)) {
             return $this->json(['error' => Translation::get(
                 languageKey: 'msgNoPermission',
             )], Response::HTTP_UNAUTHORIZED);
@@ -627,10 +633,10 @@ public function delete(Request $request): JsonResponse
         $faqId = Filter::filterVar($data->faqId, FILTER_VALIDATE_INT);
         $faqLanguage = Filter::filterVar($data->faqLanguage, FILTER_SANITIZE_SPECIAL_CHARS);
 
-        if (!Token::getInstance($this->container->get('session'))->verifyToken('faq-overview', $data->csrf)) {
-            return $this->json(['error' => Translation::get(
-                languageKey: 'msgNoPermission',
-            )], Response::HTTP_UNAUTHORIZED);
+        if (!Token::getInstance($this->container->get('session'))->verifyToken('pmf-csrf-token', $data->csrf)) {
+            return $this->json([
+                'error' => 'CSRF Token - ' . Translation::get(languageKey: 'msgNoPermission'),
+            ], Response::HTTP_UNAUTHORIZED);
         }
 
         $adminLog = $this->container->get('phpmyfaq.admin.admin-log');
@@ -655,7 +661,7 @@ public function search(Request $request): JsonResponse
 
         $data = json_decode($request->getContent());
 
-        if (!Token::getInstance($this->container->get('session'))->verifyToken('edit-faq', $data->csrf)) {
+        if (!Token::getInstance($this->container->get('session'))->verifyToken('pmf-csrf-token', $data->csrf)) {
             return $this->json(['error' => Translation::get(
                 languageKey: 'msgNoPermission',
             )], Response::HTTP_UNAUTHORIZED);

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/ImageController.php

@@ -46,7 +46,7 @@ public function upload(Request $request): JsonResponse
         $validFileExtensions = ['gif', 'jpg', 'jpeg', 'png', 'webp', 'svg', 'mov', 'mp4', 'webm'];
         $timestamp = time();
 
-        if (!Token::getInstance($session)->verifyToken('edit-faq', $request->query->get('csrf'))) {
+        if (!Token::getInstance($session)->verifyToken('pmf-csrf-token', $request->query->get('csrf'))) {
             return $this->json([
                 'success' => false,
                 'data' => ['code' => Response::HTTP_UNAUTHORIZED],

phpmyfaq/src/phpMyFAQ/Controller/Administration/FaqController.php

@@ -75,8 +75,8 @@ public function index(Request $request): Response
         return $this->render('@admin/content/faq.overview.twig', [
             ...$this->getHeader($request),
             ...$this->getFooter(),
-            'csrfTokenSearch' => Token::getInstance($sessions)->getTokenInput('edit-faq'),
-            'csrfTokenOverview' => Token::getInstance($sessions)->getTokenString('faq-overview'),
+            'csrfTokenSearch' => Token::getInstance($sessions)->getTokenInput('pmf-csrf-token'),
+            'csrfTokenOverview' => Token::getInstance($sessions)->getTokenString('pmf-csrf-token'),
             'categories' => $category->getCategoryTree(),
             'numberOfRecords' => $categoryRelation->getNumberOfFaqsPerCategory(),
             'numberOfComments' => $comments->getNumberOfCommentsByCategory(),
@@ -627,7 +627,7 @@ private function getBaseTemplateVars(): array
         );
 
         return [
-            'csrfToken' => $token->getTokenString('edit-faq'),
+            'csrfToken' => $token->getTokenString('pmf-csrf-token'),
             'csrfTokenDeleteAttachment' => $token->getTokenString('delete-attachment'),
             'csrfTokenUploadAttachment' => $token->getTokenString('upload-attachment'),
             'isEditorEnabled' => $this->configuration->get(item: 'main.enableWysiwygEditor'),

phpmyfaq/src/phpMyFAQ/Faq.php

@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * The main FAQ class. Yes, it's very huge.
  *
@@ -22,6 +20,8 @@
  * @since     2005-12-20
  */
 
+declare(strict_types=1);
+
 namespace phpMyFAQ;
 
 use DateTime;
@@ -1117,7 +1117,7 @@ public function getSolutionIdFromId(int $faqId, string $faqLang): int
         $result = $this->configuration->getDb()->query($query);
 
         if ($row = $this->configuration->getDb()->fetchObject($result)) {
-            return $row->solution_id;
+            return (int) $row->solution_id;
         }
 
         return $this->getNextSolutionId();

phpmyfaq/translations/language_de.php

@@ -1518,5 +1518,6 @@
 $PMF_LANG['msgNewestUsers'] = 'Neueste Benutzer';
 $PMF_LANG['msgMemberSince'] = 'Mitglied seit';
 $PMF_LANG['msgNumberRegisteredUsers'] = 'Benutzer';
+$PMF_LANG['msgConfirmDeleteFAQ'] = 'Möchten Sie diese FAQ wirklich löschen? Diese Aktion kann nicht rückgängig gemacht werden.';
 
 return $PMF_LANG;

phpmyfaq/translations/language_en.php

@@ -1519,5 +1519,6 @@
 $PMF_LANG['msgNewestUsers'] = 'Newest users';
 $PMF_LANG['msgMemberSince'] = 'Member since';
 $PMF_LANG['msgNumberRegisteredUsers'] = 'Registered users';
+$PMF_LANG['msgConfirmDeleteFAQ'] = 'Do you really want to delete this FAQ? This action cannot be undone.';
 
 return $PMF_LANG;