Divergence\Controllers\MediaRequestHandler

Complexity

Total Complexity

115

Size/Duplication

Total Lines	665
Duplicated Lines	0 %

Importance

Changes

0

11 Methods

Rating	Name	Duplication	Size	Complexity
C	handleRequest()	0	76	14
A	handleInfoRequest()	0	22	6
A	handleCaptionRequest()	0	33	6
A	handleBrowseRequest()	0	23	6
F	handleMediaRequest()	0	115	24
B	handleDownloadRequest()	0	38	9
B	handleDeleteRequest()	0	34	8
A	handleManageRequest()	0	6	1
B	handleThumbnailRequest()	0	74	10
B	handleMediaDeleteRequest()	0	34	9
D	handleUploadRequest()	0	99	22

<?php
namespace Divergence\Controllers;

use Divergence\Helpers\JSON;
use Divergence\Models\Media\Media;
use Divergence\Models\ActiveRecord;

class MediaRequestHandler extends RecordsRequestHandler
{
    // RecordRequestHandler configuration
    public static $recordClass = Media::class;
    public static $accountLevelRead = false;
    public static $accountLevelBrowse = 'Staff';
    public static $accountLevelWrite = 'Staff';
    public static $accountLevelAPI = false;
    public static $browseLimit = 100;
    public static $browseOrder = ['ID' => 'DESC'];

    // configurables
    public static $defaultPage = 'browse';
    public static $defaultThumbnailWidth = 100;
    public static $defaultThumbnailHeight = 100;
    public static $uploadFileFieldName = 'mediaFile';
    public static $responseMode = 'html';

    public static $searchConditions = [
        'Caption' => [
            'qualifiers' => ['any','caption']
            ,'points' => 2
            ,'sql' => 'Caption LIKE "%%%s%%"',
        ]
        ,'CaptionLike' => [
            'qualifiers' => ['caption-like']
            ,'points' => 2
            ,'sql' => 'Caption LIKE "%s"',
        ]
        ,'CaptionNot' => [
            'qualifiers' => ['caption-not']
            ,'points' => 2
            ,'sql' => 'Caption NOT LIKE "%%%s%%"',
        ]
        ,'CaptionNotLike' => [
            'qualifiers' => ['caption-not-like']
            ,'points' => 2
            ,'sql' => 'Caption NOT LIKE "%s"',
        ],
    ];

    public static function handleRequest()
    {
        // handle json response mode
        if (static::peekPath() == 'json') {
            static::$responseMode = static::shiftPath();
        }

        // handle action
        switch ($action = static::shiftPath()) {

#    		case 'media':
#			{
#				return static::handleMediaRequest();
#			}

            case 'upload':
            {
                return static::handleUploadRequest();
            }

            case 'open':
            {
                $mediaID = static::shiftPath();

                return static::handleMediaRequest($mediaID);
            }

            case 'download':
            {
                $mediaID = static::shiftPath();
                $filename = urldecode(static::shiftPath());

                return static::handleDownloadRequest($mediaID, $filename);
            }

            case 'info':
            {
                $mediaID = static::shiftPath();

                return static::handleInfoRequest($mediaID);
            }

            case 'caption':
            {
                $mediaID = static::shiftPath();

                return static::handleCaptionRequest($mediaID);
            }

            case 'delete':
            {
                return static::handleDeleteRequest();

The call to Divergence\Controllers\MediaRequestHandler::handleDeleteRequest() has too few arguments starting with Record.

            }

            case 'thumbnail':
            {
                return static::handleThumbnailRequest();
            }

            case false:
            case '':
            case 'browse':
            {
                if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                    return static::handleUploadRequest();
                }

                return static::handleBrowseRequest();
            }

            default:
            {
                if (ctype_digit($action)) {
                    return static::handleMediaRequest($action);
                } else {
                    return parent::handleRecordsRequest($action);
                }
            }
        }
    }


    public static function handleUploadRequest($options = [], $authenticationRequired = true)
    {
        // require authentication
        if ($authenticationRequired) {
            static::checkUploadAccess();

The method checkUploadAccess() does not exist on Divergence\Controllers\MediaRequestHandler. Did you maybe mean checkReadAccess()?

        }

        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            // init options
            $options = array_merge([
                'fieldName' => static::$uploadFileFieldName,
            ], $options);


            // check upload
            if (empty($_FILES[$options['fieldName']])) {
                return static::throwError('You did not select a file to upload');

The method throwError() does not exist on Divergence\Controllers\MediaRequestHandler.

            }

            // handle upload errors
            if ($_FILES[$options['fieldName']]['error'] != UPLOAD_ERR_OK) {
                switch ($_FILES[$options['fieldName']]['error']) {
                    case UPLOAD_ERR_NO_FILE:
                        return static::throwError('You did not select a file to upload');

                    case UPLOAD_ERR_INI_SIZE:
                    case UPLOAD_ERR_FORM_SIZE:
                        return static::throwError('Your file exceeds the maximum upload size. Please try again with a smaller file.');

                    case UPLOAD_ERR_PARTIAL:
                        return static::throwError('Your file was only partially uploaded, please try again.');

                    default:
                        return static::throwError('There was an unknown problem while processing your upload, please try again.');
                }
            }

            // init caption
            if (!isset($options['Caption'])) {
                if (!empty($_REQUEST['Caption'])) {
                    $options['Caption'] = $_REQUEST['Caption'];
                } else {
                    $options['Caption'] = preg_replace('/\.[^.]+$/', '', $_FILES[$options['fieldName']]['name']);
                }
            }

            // create media
            try {
                $Media = Media::createFromUpload($_FILES[$options['fieldName']]['tmp_name'], $options);
            } catch (Exception $e) {

The type Divergence\Controllers\Exception was not found. Did you mean Exception? If so, make sure to prefix the type with \.

                return static::throwInvalidRequestError('The file you uploaded is not of a supported media format');

The method throwInvalidRequestError() does not exist on Divergence\Controllers\MediaRequestHandler.

            }
        } elseif ($_SERVER['REQUEST_METHOD'] == 'PUT') {
            $put = fopen("php://input", "r"); // open input stream

            $tmp = tempnam("/tmp", "emr");  // use PHP to make a temporary file
            $fp = fopen($tmp, "w"); // open write stream to temp file

            // write
            while ($data = fread($put, 1024)) {

It seems like $put can also be of type false; however, parameter $handle of fread() does only seem to accept resource, maybe add an additional type check?

                fwrite($fp, $data);

It seems like $fp can also be of type false; however, parameter $handle of fwrite() does only seem to accept resource, maybe add an additional type check?

            }

            // close handles
            fclose($fp);

It seems like $fp can also be of type false; however, parameter $handle of fclose() does only seem to accept resource, maybe add an additional type check?

            fclose($put);

            // create media
            try {
                $Media = Media::createFromFile($tmp, $options);
            } catch (Exception $e) {
                return static::throwInvalidRequestError('The file you uploaded is not of a supported media format');
            }
        } else {
            return static::respond('upload');
        }

        // assign tag
        /*if (!empty($_REQUEST['Tag']) && ($Tag = Tag::getByHandle($_REQUEST['Tag']))) {
            $Tag->assignItem('Media', $Media->ID);
        }*/

        // assign context
        if (!empty($_REQUEST['ContextClass']) && !empty($_REQUEST['ContextID'])) {
            if (!is_subclass_of($_REQUEST['ContextClass'], ActiveRecord::class)
                || !in_array($_REQUEST['ContextClass']::getStaticRootClass(), Media::$fields['ContextClass']['values'])
                || !is_numeric($_REQUEST['ContextID'])) {
                return static::throwError('Context is invalid');
            } elseif (!$Media->Context = $_REQUEST['ContextClass']::getByID($_REQUEST['ContextID'])) {
                return static::throwError('Context class not found');
            }

            $Media->save();
        }

        return static::respond('uploadComplete', [
            'success' => (boolean)$Media
            ,'data' => $Media
            ,'TagID' => isset($Tag) ? $Tag->ID : null,

The variable $Tag seems to never exist and therefore isset should always be false.

        ]);
    }


    public static function handleMediaRequest($mediaID)
    {
        if (empty($mediaID) || !is_numeric($mediaID)) {
            static::throwError('Missing or invalid media_id');
        }

        // get media
        try {
            $Media = Media::getById($mediaID);
        } catch (Exception $e) {
            return static::throwUnauthorizedError('You are not authorized to download this media');

The call to Divergence\Controllers\RecordsRequestHandler::throwUnauthorizedError() has too many arguments starting with 'You are not authorized to download this media'.

        }

        if (!$Media) {
            static::throwNotFoundError('Media ID #%u was not found', $media_id);

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Media ID #%u was not found'.

The variable $media_id seems to be never defined.

        }

        if (!static::checkReadAccess($Media)) {
            return static::throwUnauthorizedError();
        }

        if (static::$responseMode == 'json' || $_SERVER['HTTP_ACCEPT'] == 'application/json') {
            JSON::translateAndRespond([
                'success' => true
                ,'data' => $Media,
            ]);
        } else {

            // determine variant
            if ($variant = static::shiftPath()) {
                if (!$Media->isVariantAvailable($variant)) {

The method isVariantAvailable() does not exist on Divergence\Models\ActiveRecord. It seems like you code against a sub-type of Divergence\Models\ActiveRecord such as Divergence\Models\Media\Media.

                    return static::throwNotFoundError('Requested variant is not available');
                }
            } else {
                $variant = 'original';
            }

            // send caching headers
            $expires = 60*60*24*365;
            header("Cache-Control: public, max-age=$expires");
            header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time()+$expires));
            header('Pragma: public');

            // media are immutable for a given URL, so no need to actually check anything if the browser wants to revalidate its cache
            if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
                header('HTTP/1.0 304 Not Modified');
                exit();
            }

            // initialize response
            set_time_limit(0);
            $filePath = $Media->getFilesystemPath($variant);

The method getFilesystemPath() does not exist on Divergence\Models\ActiveRecord. It seems like you code against a sub-type of Divergence\Models\ActiveRecord such as Divergence\Models\Media\Media.

            $fp = fopen($filePath, 'rb');
            $size = filesize($filePath);
            $length = $filesize;

The variable $filesize seems to be never defined.

            $start = 0;
            $end = $size - 1;

            header('Content-Type: '.$Media->getMIMEType($variant));

The method getMIMEType() does not exist on Divergence\Models\ActiveRecord. It seems like you code against a sub-type of Divergence\Models\ActiveRecord such as Divergence\Models\Media\Media.

            header('ETag: media-'.$Media->ID.'-'.$variant);
            header('Accept-Ranges: bytes');

            // interpret range requests
            if (!empty($_SERVER['HTTP_RANGE'])) {
                $chunkStart = $start;

The assignment to $chunkStart is dead and can be removed.

                $chunkEnd = $end;

                list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);

                if (strpos($range, ',') !== false) {
                    header('HTTP/1.1 416 Requested Range Not Satisfiable');
                    header("Content-Range: bytes $start-$end/$size");
                    exit();
                }

                if ($range == '-') {
                    $chunkStart = $size - substr($range, 1);
                } else {
                    $range = explode('-', $range);
                    $chunkStart = $range[0];
                    $chunkEnd = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
                }

                $chunkEnd = ($chunkEnd > $end) ? $end : $chunkEnd;
                if ($chunkStart > $chunkEnd || $chunkStart > $size - 1 || $chunkEnd >= $size) {
                    header('HTTP/1.1 416 Requested Range Not Satisfiable');
                    header("Content-Range: bytes $start-$end/$size");
                    exit();
                }

                $start = $chunkStart;
                $end = $chunkEnd;
                $length = $end - $start + 1;

                fseek($fp, $start);

It seems like $fp can also be of type false; however, parameter $handle of fseek() does only seem to accept resource, maybe add an additional type check?

It seems like $start can also be of type string; however, parameter $offset of fseek() does only seem to accept integer, maybe add an additional type check?

                header('HTTP/1.1 206 Partial Content');
            }

            // finish response
            header("Content-Range: bytes $start-$end/$size");
            header("Content-Length: $length");

            $buffer = 1024 * 8;
            while (!feof($fp) && ($p = ftell($fp)) <= $end) {

It seems like $fp can also be of type false; however, parameter $handle of ftell() does only seem to accept resource, maybe add an additional type check?

It seems like $fp can also be of type false; however, parameter $handle of feof() does only seem to accept resource, maybe add an additional type check?

                if ($p + $buffer > $end) {
                    $buffer = $end - $p + 1;
                }

                echo fread($fp, $buffer);

It seems like $fp can also be of type false; however, parameter $handle of fread() does only seem to accept resource, maybe add an additional type check?

                flush();
            }

            fclose($fp);

It seems like $fp can also be of type false; however, parameter $handle of fclose() does only seem to accept resource, maybe add an additional type check?

            Site::finishRequest();
        }
    }

    public static function handleInfoRequest($mediaID)
    {
        if (empty($mediaID) || !is_numeric($mediaID)) {
            static::throwError('Missing or invalid mediaID');
        }

        // get media
        try {
            $Media = Media::getById($mediaID);
        } catch (Exception $e) {
            return static::throwUnauthorizedError('You are not authorized to download this media');

The call to Divergence\Controllers\RecordsRequestHandler::throwUnauthorizedError() has too many arguments starting with 'You are not authorized to download this media'.

        }

        if (!$Media) {
            static::throwNotFoundError('Media ID #%u was not found', $mediaID);

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Media ID #%u was not found'.

        }

        if (!static::checkReadAccess($Media)) {
            return static::throwUnauthorizedError();
        }

        return parent::handleRecordRequest($Media);
    }

    public static function handleDownloadRequest($media_id, $filename = false)
    {
        if (empty($media_id) || !is_numeric($media_id)) {
            static::throwError('Missing or invalid media_id');
        }

        // get media
        try {
            $Media = Media::getById($media_id);
        } catch (Exception $e) {
            return static::throwUnauthorizedError('You are not authorized to download this media');

The call to Divergence\Controllers\RecordsRequestHandler::throwUnauthorizedError() has too many arguments starting with 'You are not authorized to download this media'.

        }


        if (!$Media) {
            static::throwNotFoundError('Media ID #%u was not found', $media_id);

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Media ID #%u was not found'.

        }

        if (!static::checkReadAccess($Media)) {
            return static::throwUnauthorizedError();
        }

        // determine filename
        if (empty($filename)) {
            $filename = $Media->Caption ? $Media->Caption : sprintf('%s_%u', $Media->ContextClass, $Media->ContextID);

The property ContextID does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

It seems like $Media->ContextClass can also be of type array; however, parameter $args of sprintf() does only seem to accept string, maybe add an additional type check?

The property Caption does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

The property ContextClass does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

        }

        if (strpos($filename, '.') === false) {
            // add extension
            $filename .= '.'.$Media->Extension;

The property Extension does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

        }

        header('Content-Type: '.$Media->MIMEType);

The property MIMEType does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

        header('Content-Disposition: attachment; filename="'.str_replace('"', '', $filename).'"');
        header('Content-Length: '.filesize($Media->FilesystemPath));

The property FilesystemPath does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

It seems like $Media->FilesystemPath can also be of type array; however, parameter $filename of filesize() does only seem to accept string, maybe add an additional type check?

        readfile($Media->FilesystemPath);

It seems like $Media->FilesystemPath can also be of type array; however, parameter $filename of readfile() does only seem to accept string, maybe add an additional type check?

        exit();

Using exit here is not recommended.

    }

    public static function handleCaptionRequest($media_id)
    {
        // require authentication
        $GLOBALS['Session']->requireAccountLevel('Staff');

        if (empty($media_id) || !is_numeric($media_id)) {
            static::throwError('Missing or invalid media_id');
        }

        // get media
        try {
            $Media = Media::getById($media_id);
        } catch (Exception $e) {
            return static::throwUnauthorizedError('You are not authorized to download this media');

The call to Divergence\Controllers\RecordsRequestHandler::throwUnauthorizedError() has too many arguments starting with 'You are not authorized to download this media'.

        }


        if (!$Media) {
            static::throwNotFoundError('Media ID #%u was not found', $media_id);

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Media ID #%u was not found'.

        }

        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            $Media->Caption = $_REQUEST['Caption'];

The property Caption does not exist on Divergence\Models\ActiveRecord. Since you implemented __set, consider adding a @property annotation.

            $Media->save();

            return static::respond('mediaCaptioned', [
                'success' => true
                ,'data' => $Media,
            ]);
        }

        return static::respond('mediaCaption', [
            'data' => $Media,
        ]);
    }

    public static function handleDeleteRequest(ActiveRecord $Record)
    {
        // require authentication
        $GLOBALS['Session']->requireAccountLevel('Staff');

        if ($mediaID = static::peekPath()) {
            $mediaIDs = [$mediaID];
        } elseif (!empty($_REQUEST['mediaID'])) {
            $mediaIDs = [$_REQUEST['mediaID']];
        } elseif (is_array($_REQUEST['media'])) {
            $mediaIDs = $_REQUEST['media'];
        }

        $deleted = [];
        foreach ($mediaIDs as $mediaID) {

The variable $mediaIDs does not seem to be defined for all execution paths leading up to this point.

            if (!is_numeric($mediaID)) {
                static::throwError('Invalid mediaID');
            }

            // get media
            $Media = Media::getByID($mediaID);

            if (!$Media) {
                static::throwNotFoundError('Media ID #%u was not found', $mediaID);

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Media ID #%u was not found'.

            }

            if ($Media->destroy()) {
                $deleted[] = $Media;
            }
        }

        return static::respond('mediaDeleted', [
            'success' => true
            ,'data' => $deleted,
        ]);
    }






    public static function handleThumbnailRequest(Media $Media = null)
    {
        // send caching headers
        $expires = 60*60*24*365;
        header("Cache-Control: public, max-age=$expires");
        header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time()+$expires));
        header('Pragma: public');


        // thumbnails are immutable for a given URL, so no need to actually check anything if the browser wants to revalidate its cache
        if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) || !empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
            header('HTTP/1.0 304 Not Modified');
            exit();
        }


        // get media
        if (!$Media) {
            if (!$mediaID = static::shiftPath()) {
                return static::throwError('Invalid request');
            } elseif (!$Media = Media::getByID($mediaID)) {
                return static::throwNotFoundError('Media not found');

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Media not found'.

            }
        }


        // get format
        if (preg_match('/^(\d+)x(\d+)(x([0-9A-F]{6})?)?$/i', static::peekPath(), $matches)) {

It seems like static::peekPath() can also be of type false; however, parameter $subject of preg_match() does only seem to accept string, maybe add an additional type check?

            static::shiftPath();
            $maxWidth = $matches[1];
            $maxHeight = $matches[2];
            $fillColor = !empty($matches[4]) ? $matches[4] : false;
        } else {
            $maxWidth = static::$defaultThumbnailWidth;
            $maxHeight = static::$defaultThumbnailHeight;
            $fillColor = false;
        }

        if (static::peekPath() == 'cropped') {
            static::shiftPath();
            $cropped = true;
        } else {
            $cropped = false;
        }


        // fetch thumbnail
        try {
            // get thumbnail
            $thumbPath = $Media->getThumbnail($maxWidth, $maxHeight, $fillColor, $cropped);

The method getThumbnail() does not exist on Divergence\Models\ActiveRecord. It seems like you code against a sub-type of Divergence\Models\ActiveRecord such as Divergence\Models\Media\Media.

        } catch (Exception $e) {
            /*\Emergence\Logger::general_warning('Caught exception while creating thumbnail for media, returning server error', array(
                'exceptionClass' => get_class($e)
                ,'exceptionMessage' => $e->getMessage()
                ,'exceptionCode' => $e->getCode()
                ,'recordData' => $Media->getData()
                ,'thumbFormat' => array(
                    'maxWidth' => $maxWidth
                    ,'maxHeight' => $maxHeight
                    ,'fillColor' => $fillColor
                    ,'cropped' => $cropped
                )
            ));*/

            return static::throwServerError('Thumbnail unavailable');

The method throwServerError() does not exist on Divergence\Controllers\MediaRequestHandler.

        }


        // dump it out
        header("ETag: media-$Media->ID-$maxWidth-$maxHeight-$fillColor-$cropped");
        header("Content-Type: $Media->ThumbnailMIMEType");

The property ThumbnailMIMEType does not exist on Divergence\Models\ActiveRecord. Since you implemented __get, consider adding a @property annotation.

The property ThumbnailMIMEType does not exist on Divergence\Models\Media\Media. Since you implemented __get, consider adding a @property annotation.

        header('Content-Length: '.filesize($thumbPath));
        readfile($thumbPath);
        exit();

Using exit here is not recommended.

    }



    public static function handleManageRequest()
    {
        // access control
        $GLOBALS['Session']->requireAccountLevel('Staff');

        return static::respond('manage');
    }



    public static function handleBrowseRequest($options = [], $conditions = [], $responseID = null, $responseData = [])
    {
        // apply tag filter
        if (!empty($_REQUEST['tag'])) {
            // get tag
            if (!$Tag = Tag::getByHandle($_REQUEST['tag'])) {

The type Divergence\Controllers\Tag was not found. Maybe you did not declare it correctly or list all dependencies?

                return static::throwNotFoundError('Tag not found');

The call to Divergence\Controllers\RecordsRequestHandler::throwNotFoundError() has too many arguments starting with 'Tag not found'.

            }

            $conditions[] = 'ID IN (SELECT ContextID FROM tag_items WHERE TagID = '.$Tag->ID.' AND ContextClass = "Product")';
        }


        // apply context filter
        if (!empty($_REQUEST['ContextClass'])) {
            $conditions['ContextClass'] = $_REQUEST['ContextClass'];
        }

        if (!empty($_REQUEST['ContextID']) && is_numeric($_REQUEST['ContextID'])) {
            $conditions['ContextID'] = $_REQUEST['ContextID'];
        }

        return parent::handleBrowseRequest($options, $conditions, $responseID, $responseData);
    }



    #	public static function handleMediaRequest()
    #	{
    #		if(static::peekPath() == 'delete')
    #		{
    #			return static::handleMediaDeleteRequest();
    #		}
    #
    #
    #		// get media
    #		$media = JSON::translateRecords(Media::getAll(), true);
    #
    #		// get tag media assignments
    #		$media_tags = Tag::getAllItems('media');
    #
    #		// inject album assignments to photo records
    #		foreach($media_tags AS $media_id => $tags)
    #		{
    #			foreach($tags AS $tag)
    #			{
    #				$media[$media_id]['tags'][] = $tag['tag_id'];
    #			}
    #		}
    #
    #		return static::respond('media', array(
    #			'success' => true
    #			,'data' => array_values($media)
    #		));
    #	}


    public static function handleMediaDeleteRequest()
    {
        // sanity check
        if (empty($_REQUEST['media']) || !is_array($_REQUEST['media'])) {
            static::throwError('Invalid request');
        }

        // retrieve photos
        $media_array = [];
        foreach ($_REQUEST['media'] as $media_id) {
            if (!is_numeric($media_id)) {
                static::throwError('Invalid request');
            }

            if ($Media = Media::getById($media_id)) {
                $media_array[$Media->ID] = $Media;

                if (!static::checkWriteAccess($Media)) {
                    return static::throwUnauthorizedError();
                }
            }
        }

        // delete
        $deleted = [];
        foreach ($media_array as $media_id => $Media) {
            if ($Media->delete()) {
                $deleted[] = $media_id;
            }
        }

        return static::respond('mediaDeleted', [
            'success' => true
            ,'deleted' => $deleted,
        ]);
    }
}