diff --git a/webui/controller/audit/removal.php b/webui/controller/audit/removal.php
index fe89fa5..8fd7973 100644
--- a/webui/controller/audit/removal.php
+++ b/webui/controller/audit/removal.php
@@ -7,14 +7,14 @@
$this->id = "content";
$this->template = "audit/removal.tpl";
- $this->layout = "common/layout-audit";
+ $this->layout = "common/layout";
$request = Registry::get('request');
$db = Registry::get('db');
$this->load->model('audit/removal');
- if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0) {
+ if(Registry::get('admin_user') == 0 && Registry::get('auditor_user') == 0 && Registry::get('data_officer') == 0) {
die("go away");
}
diff --git a/webui/controller/message/remove.php b/webui/controller/message/remove.php
new file mode 100644
index 0000000..9319b6d
--- /dev/null
+++ b/webui/controller/message/remove.php
@@ -0,0 +1,51 @@
+id = "content";
+ $this->template = "message/bulkremove.tpl";
+ $this->layout = "common/layout-empty";
+
+ $session = Registry::get('session');
+ $request = Registry::get('request');
+ $db = Registry::get('db');
+
+ $this->load->model('search/search');
+ $this->load->model('search/message');
+ $this->load->model('user/user');
+
+ $this->document->title = $this->data['text_message'];
+
+ if(!isset($this->request->get['id']) || $this->request->get['id'] == '') { die("no id parameter given"); }
+ if(!isset($this->request->get['confirmed']) || $this->request->get['confirmed'] != 1) { die("not confirmed"); }
+
+ $id = (int)$this->request->get['id'];
+
+ // FIXME: For the moment data officer has no permission to see the message
+ if(!$this->model_search_search->check_your_permission_by_id($id)) {
+ die("no permission for $id");
+ }
+
+ $this->data['username'] = Registry::get('username');
+
+ if(Registry::get('data_officer') == 0) {
+ die("go away");
+ }
+
+ // Shouldn't we ask for a token or something as well?
+
+ AUDIT(ACTION_REMOVE_MESSAGE, '', '', $id, '');
+ $db->query("UPDATE " . TABLE_META . " SET retained=? WHERE id=?", [NOW, $id]);
+ $db->query("UPDATE " . TABLE_DELETED . " SET deleted=1 WHERE id=?", [$id]);
+ syslog(LOG_INFO, $this->data['username'] . " removed message: $id");
+
+ $this->data['x'] = $this->data['text_successfully_removed'];
+
+ $this->render();
+ }
+
+
+}
diff --git a/webui/view/theme/default/templates/audit/removal.tpl b/webui/view/theme/default/templates/audit/removal.tpl
index e2debc7..a91d410 100644
--- a/webui/view/theme/default/templates/audit/removal.tpl
+++ b/webui/view/theme/default/templates/audit/removal.tpl
@@ -1,5 +1,16 @@
-
-
+
+
+
+
Remove message ERROR?
+
+
+
@@ -25,7 +36,9 @@
-
+
@@ -38,14 +51,10 @@
|
|
|
+ |
-