diff --git a/rest/index.php b/rest/index.php
index da689b1c997d2f9f2d939849224b61f21d64e3eb..6eedc24b6a7d6af127f3624c2d6d5f9206710cf0 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -314,7 +314,7 @@ $app->get('/users/{id}/signatures/{signatureId}/content', \User\controllers\User
$app->put('/users/{id}/signatures/{signatureId}', \User\controllers\UserController::class . ':updateSignature');
$app->delete('/users/{id}/signatures/{signatureId}', \User\controllers\UserController::class . ':deleteSignature');
$app->post('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':setRedirectedBaskets');
-$app->delete('/users/{id}/redirectedBaskets/{redirectBasketid}', \User\controllers\UserController::class . ':deleteRedirectedBasket');
+$app->delete('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':deleteRedirectedBasket');
$app->put('/users/{id}/baskets', \User\controllers\UserController::class . ':updateBasketsDisplay');
//VersionsUpdate
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index 3c02ef1b37514098b421168f049b040dbd5c87e3..bd22239cdaa09c61a1ad1b00ed84f6376065d66b 100755
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -414,21 +414,30 @@ class UserController
return $response->withStatus($error['status'])->withJson(['errors' => $error['error']]);
}
- $redirectedBasket = RedirectBasketModel::get(['select' => ['actual_user_id', 'owner_user_id'], 'where' => ['id = ?'], 'data' => [$aArgs['redirectBasketid']]]);
- if (empty($redirectedBasket[0]) || ($redirectedBasket[0]['actual_user_id'] != $aArgs['id'] && $redirectedBasket[0]['owner_user_id'] != $aArgs['id'])) {
- return $response->withStatus(403)->withJson(['errors' => 'Redirected basket out of perimeter']);
+ $data = $request->getQueryParams();
+
+ $check = Validator::notEmpty()->arrayType()->validate($data['redirectedBasketIds']);
+ if (!$check) {
+ return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
}
- RedirectBasketModel::delete(['where' => ['id = ?'], 'data' => [$aArgs['redirectBasketid']]]);
+ foreach($data['redirectedBasketIds'] as $redirectedBasketId) {
+ $redirectedBasket = RedirectBasketModel::get(['select' => ['actual_user_id', 'owner_user_id', 'basket_id'], 'where' => ['id = ?'], 'data' => [$redirectedBasketId]]);
+ if (empty($redirectedBasket[0]) || ($redirectedBasket[0]['actual_user_id'] != $aArgs['id'] && $redirectedBasket[0]['owner_user_id'] != $aArgs['id'])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Redirected basket out of perimeter']);
+ }
- $user = UserModel::getById(['id' => $aArgs['id'], 'select' => ['user_id']]);
- HistoryController::add([
- 'tableName' => 'redirected_baskets',
- 'recordId' => $GLOBALS['userId'],
- 'eventType' => 'DEL',
- 'eventId' => 'basketRedirection',
- 'info' => _BASKET_REDIRECTION_SUPPRESSION . " {$user['user_id']}"
- ]);
+ RedirectBasketModel::delete(['where' => ['id = ?'], 'data' => [$redirectedBasketId]]);
+
+ $user = UserModel::getById(['id' => $aArgs['id'], 'select' => ['user_id']]);
+ HistoryController::add([
+ 'tableName' => 'redirected_baskets',
+ 'recordId' => $GLOBALS['userId'],
+ 'eventType' => 'DEL',
+ 'eventId' => 'basketRedirection',
+ 'info' => _BASKET_REDIRECTION_SUPPRESSION . " {$user['user_id']} : " . $redirectedBasket[0]['basket_id']
+ ]);
+ }
return $response->withJson([
'baskets' => BasketModel::getBasketsByLogin(['login' => $user['user_id'], 'unneededBasketId' => ['IndexingBasket']])