Kicking this to the daemons should be like 20 lines of code, but we probably also need to flag the file as "queued for deletion" in the UI in the meantime and prevent you from interacting with it, which touches a few other interfaces, so this isn't completely trivial.

When using local disk storage, the file is owned by the web-server user, not the daemon user.

T4752 is the detail on that.

Broadly:

• When you click "Delete File", we currently delete the file in the web process. Since we've supported enormous files and pluggable storage backends for a while, this could take an arbitrarily long amount of time to complete.
• Instead, we want to flag the file as "deleted", hide it in the web UI, and queue up a task in the daemons to actually get rid of the data.

To do this:

• D15743 may be somewhat helpful as a reference, particularly for the daemon queue stuff.
• Since we want to hide these files from queries, we should use a separate isDeleted column, not just a property.
  • Add a new column and a schema migration for it. D17566 is a recent change you can look at.
• Change PhabricatorFileQuery to have a method like withIsDeleted(...), similar to withIsPartial(...). This method should accept true (find only deleted files), false (find only non-deleted files) and null (find all files).
• If the query has withIsDeleted(false) specified, don't match files with isDeleted set (deleted files) or ttl non-null and less than PhabicatorTime::getNow() (temporary files which have expired).
• Add withIsDeleted(false) to the queries in PhabricatorFileSearchEngine, PhabricatorFileEditEngine, FileDataController, FileInfoController, FileDeleteController (and maybe some others, like FileTransformController) so they treat "deleted" files as though they really don't exist.

To test:

• Deleting a file or setting its TTL to some time in the past (e.g., manually in the database) should make it vanish from the web UI.
• A daemon task should queue up (visible in /daemon/ as long as you aren't running the daemons -- if you are, it may process immediately).
• You should be able to run it in the foreground with bin/worker execute --id <id> to debug it and make sure it really destroys the file data.
• If you want to make this a little easier to test, you can write a bin/files delete <file> that applies logic similar to the DeleteController, but uses PhabricatorWorker::setRunAllTasksInProcess(true); to run the worker in the foreground. Then you won't have to go through the whole delete a file -> find the task id -> run it manually setup every time you want to test a change. PhabricatorFeedManagementRepublishWorkflow is a similar example.

Once this works, convert deletion to use ModularTransactions and make it available via the API eventually once file.edit gets written:

• Add a DeleteTransaction, similar to FileNameTransaction, and move the code to flag the file as deleted there.
• Have the DeleteController apply it, similar to PhabricatorPasteArchiveController.

This will also run into T4752 but installs generally shouldn't be worse off after these changes than they already are.