summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--schema/aur-schema.sql3
-rw-r--r--upgrading/4.1.0.txt9
-rw-r--r--web/html/pkgbase.php2
-rw-r--r--web/lib/pkgbasefuncs.inc.php34
-rw-r--r--web/lib/pkgfuncs.inc.php26
5 files changed, 73 insertions, 1 deletions
diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 594a804..444cb5e 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -254,11 +254,14 @@ CREATE TABLE PackageComments (
UsersID INTEGER UNSIGNED NULL DEFAULT NULL,
Comments TEXT NOT NULL DEFAULT '',
CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
+ EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+ EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
PRIMARY KEY (ID),
INDEX (UsersID),
INDEX (PackageBaseID),
FOREIGN KEY (UsersID) REFERENCES Users(ID) ON DELETE SET NULL,
+ FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL,
FOREIGN KEY (DelUsersID) REFERENCES Users(ID) ON DELETE CASCADE,
FOREIGN KEY (PackageBaseID) REFERENCES PackageBases(ID) ON DELETE CASCADE
) ENGINE = InnoDB;
diff --git a/upgrading/4.1.0.txt b/upgrading/4.1.0.txt
new file mode 100644
index 0000000..7862030
--- /dev/null
+++ b/upgrading/4.1.0.txt
@@ -0,0 +1,9 @@
+1. Add a timestamp for comment editing/deletion and an ID of the last user
+who edited a comment:
+
+----
+ALTER TABLE PackageComments
+ ADD COLUMN EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+ ADD COLUMN EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
+ ADD FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL;
+----
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index f908029..5886f71 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -108,6 +108,8 @@ if (check_token()) {
$uid = uid_from_sid($_COOKIE["AURSID"]);
pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
$ret = true;
+ } elseif (current_action("do_EditComment")) {
+ list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
}
if ($ret) {
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 5d191eb..1ae3166 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -830,7 +830,8 @@ function pkgbase_delete_comment() {
$dbh = DB::connect();
if (can_delete_comment($comment_id)) {
$q = "UPDATE PackageComments ";
- $q.= "SET DelUsersID = ".$uid." ";
+ $q.= "SET DelUsersID = ".$uid.", ";
+ $q.= "EditedTS = UNIX_TIMESTAMP() ";
$q.= "WHERE ID = ".intval($comment_id);
$dbh->exec($q);
return array(true, __("Comment has been deleted."));
@@ -840,6 +841,37 @@ function pkgbase_delete_comment() {
}
/**
+ * Edit a package comment
+ *
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_edit_comment($comment) {
+ $uid = uid_from_sid($_COOKIE["AURSID"]);
+ if (!$uid) {
+ return array(false, __("You must be logged in before you can edit package information."));
+ }
+
+ if (isset($_POST["comment_id"])) {
+ $comment_id = $_POST["comment_id"];
+ } else {
+ return array(false, __("Missing comment ID."));
+ }
+
+ $dbh = DB::connect();
+ if (can_edit_comment($comment_id)) {
+ $q = "UPDATE PackageComments ";
+ $q.= "SET EditedUsersID = ".$uid.", ";
+ $q.= "Comments = ".$dbh->quote($comment).", ";
+ $q.= "EditedTS = UNIX_TIMESTAMP() ";
+ $q.= "WHERE ID = ".intval($comment_id);
+ $dbh->exec($q);
+ return array(true, __("Comment has been edited."));
+ } else {
+ return array(false, __("You are not allowed to edit this comment."));
+ }
+}
+
+/**
* Get a list of package base keywords
*
* @param int $base_id The package base ID to retrieve the keywords for
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 7cb2ffc..de57c3e 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,32 @@ function can_delete_comment_array($comment) {
}
/**
+ * Determine if the user can edit a specific package comment
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the backend side of comment editing.
+ *
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment($comment_id=0) {
+ $dbh = DB::connect();
+
+ $q = "SELECT UsersID FROM PackageComments ";
+ $q.= "WHERE ID = " . intval($comment_id);
+ $result = $dbh->query($q);
+
+ if (!$result) {
+ return false;
+ }
+
+ $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+ return has_credential(CRED_COMMENT_EDIT, array($uid));
+}
+
+/**
* Determine if the user can edit a specific package comment using an array
*
* Only the comment submitter, Trusted Users, and Developers can edit