Adds a Confirm Delete page and actually delete the assets.

controllers/ConfirmDelete.php

@@ -0,0 +1,43 @@
+<?php
+/*****************************************************************************
+ * ConfirmDelete.php
+ * Contains the ConfirmDelete controller
+ *
+ * Kabuki CMS (C) 2013-2016, Aaron van Geffen
+ *****************************************************************************/
+
+class ConfirmDelete extends HTMLController
+{
+	public function __construct()
+	{
+		// Ensure we're logged in at this point.
+		$user = Registry::get('user');
+		if (!$user->isLoggedIn())
+			throw new NotAllowedException();
+
+		$photo = Asset::fromSlug($_GET['slug']);
+		if (empty($photo))
+			throw new NotFoundException();
+
+		$author = $photo->getAuthor();
+		if (!($user->isAdmin() || $user->getUserId() === $author->getUserId()))
+			throw new NotAllowedException();
+
+		if (isset($_REQUEST['confirmed']))
+			$this->handleDelete($photo);
+
+		parent::__construct('Confirm deletion' . ' - ' . SITE_TITLE);
+		$page = new ConfirmDeletePage($photo->getImage());
+
+		$this->page->adopt($page);
+	}
+
+	private function handleDelete(Asset $photo) {
+		$album_url = $photo->getSubdir();
+
+		$photo->delete();
+
+		header('Location: ' . BASEURL . '/' . $album_url);
+		exit;
+	}
+}