summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgbase.php2
-rw-r--r--web/lib/pkgbasefuncs.inc.php34
-rw-r--r--web/lib/pkgfuncs.inc.php26
3 files changed, 61 insertions, 1 deletions
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index f908029..5886f71 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -108,6 +108,8 @@ if (check_token()) {
$uid = uid_from_sid($_COOKIE["AURSID"]);
pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
$ret = true;
+ } elseif (current_action("do_EditComment")) {
+ list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
}
if ($ret) {
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 5d191eb..1ae3166 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -830,7 +830,8 @@ function pkgbase_delete_comment() {
$dbh = DB::connect();
if (can_delete_comment($comment_id)) {
$q = "UPDATE PackageComments ";
- $q.= "SET DelUsersID = ".$uid." ";
+ $q.= "SET DelUsersID = ".$uid.", ";
+ $q.= "EditedTS = UNIX_TIMESTAMP() ";
$q.= "WHERE ID = ".intval($comment_id);
$dbh->exec($q);
return array(true, __("Comment has been deleted."));
@@ -840,6 +841,37 @@ function pkgbase_delete_comment() {
}
/**
+ * Edit a package comment
+ *
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_edit_comment($comment) {
+ $uid = uid_from_sid($_COOKIE["AURSID"]);
+ if (!$uid) {
+ return array(false, __("You must be logged in before you can edit package information."));
+ }
+
+ if (isset($_POST["comment_id"])) {
+ $comment_id = $_POST["comment_id"];
+ } else {
+ return array(false, __("Missing comment ID."));
+ }
+
+ $dbh = DB::connect();
+ if (can_edit_comment($comment_id)) {
+ $q = "UPDATE PackageComments ";
+ $q.= "SET EditedUsersID = ".$uid.", ";
+ $q.= "Comments = ".$dbh->quote($comment).", ";
+ $q.= "EditedTS = UNIX_TIMESTAMP() ";
+ $q.= "WHERE ID = ".intval($comment_id);
+ $dbh->exec($q);
+ return array(true, __("Comment has been edited."));
+ } else {
+ return array(false, __("You are not allowed to edit this comment."));
+ }
+}
+
+/**
* Get a list of package base keywords
*
* @param int $base_id The package base ID to retrieve the keywords for
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 7cb2ffc..de57c3e 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,32 @@ function can_delete_comment_array($comment) {
}
/**
+ * Determine if the user can edit a specific package comment
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the backend side of comment editing.
+ *
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment($comment_id=0) {
+ $dbh = DB::connect();
+
+ $q = "SELECT UsersID FROM PackageComments ";
+ $q.= "WHERE ID = " . intval($comment_id);
+ $result = $dbh->query($q);
+
+ if (!$result) {
+ return false;
+ }
+
+ $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+ return has_credential(CRED_COMMENT_EDIT, array($uid));
+}
+
+/**
* Determine if the user can edit a specific package comment using an array
*
* Only the comment submitter, Trusted Users, and Developers can edit