daktylos/libs/RemoveUserFromAccountAction.class.php

<?php
class RemoveUserFromAccountAction implements IAction {
	public function execute() {
		if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
			return array("error" => "Access not authorized");
		}

		$userId = $_POST['user_id'] ?? $_GET['user_id'] ?? "";
		$clientId = $_POST['client_id'] ?? $_GET['client_id'] ?? "";
			
		//TODO: scrub inputs
		if(empty($userId) || empty($clientId)) {
			return array("error" => "One or more required fields missing: user_id, client_id");
		}
		
		$db = SqliteDatabase::getSingleton();

		$sql = "DELETE FROM user_accounts WHERE user_id = :user_id AND account_id = :client_id LIMIT 1;";
		$preparedQuery = $db->prepare($sql);
		$preparedQuery->bindValue(':client_id', $clientId);
		$preparedQuery->bindValue(':user_id', $userId);
		try {
			$result = $preparedQuery->execute();

			$loggerData = array();
			$loggerData['admin_display_name'] = $_SESSION['display_name'];
			$loggerData['admin_user_id'] = $_SESSION['user_id'];
			$loggerData['user_removed'] = $userId;
			$loggerData['domain_removed'] = $clientId;
			SecurityLogger::action("remove-user-domain", $loggerData, time());

			return array("status" => "success");
		}
		catch(Exception $e) {
			return array("error" => "Error" , "exception" => $e->getMessage());
		}
	}
}