From e331ce273cab901726983e18249e0bb3455fc463 Mon Sep 17 00:00:00 2001 From: Marcel Korpel Date: Fri, 10 Jul 2015 18:47:32 +0200 Subject: Support comment editing in the backend Create two new actions, do_AddComment and do_EditComment. When editing or deleting a comment, a timestamp is added. Signed-off-by: Marcel Korpel Signed-off-by: Lukas Fleischer --- schema/aur-schema.sql | 3 +++ upgrading/4.1.0.txt | 9 +++++++++ web/html/pkgbase.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++- web/lib/pkgfuncs.inc.php | 26 ++++++++++++++++++++++++++ 5 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 upgrading/4.1.0.txt diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql index 594a804..444cb5e 100644 --- a/schema/aur-schema.sql +++ b/schema/aur-schema.sql @@ -254,11 +254,14 @@ CREATE TABLE PackageComments ( UsersID INTEGER UNSIGNED NULL DEFAULT NULL, Comments TEXT NOT NULL DEFAULT '', CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0, + EditedTS BIGINT UNSIGNED NULL DEFAULT NULL, + EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL, DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL, PRIMARY KEY (ID), INDEX (UsersID), INDEX (PackageBaseID), FOREIGN KEY (UsersID) REFERENCES Users(ID) ON DELETE SET NULL, + FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL, FOREIGN KEY (DelUsersID) REFERENCES Users(ID) ON DELETE CASCADE, FOREIGN KEY (PackageBaseID) REFERENCES PackageBases(ID) ON DELETE CASCADE ) ENGINE = InnoDB; diff --git a/upgrading/4.1.0.txt b/upgrading/4.1.0.txt new file mode 100644 index 0000000..7862030 --- /dev/null +++ b/upgrading/4.1.0.txt @@ -0,0 +1,9 @@ +1. Add a timestamp for comment editing/deletion and an ID of the last user +who edited a comment: + +---- +ALTER TABLE PackageComments + ADD COLUMN EditedTS BIGINT UNSIGNED NULL DEFAULT NULL, + ADD COLUMN EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL, + ADD FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL; +---- diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index f908029..5886f71 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -108,6 +108,8 @@ if (check_token()) { $uid = uid_from_sid($_COOKIE["AURSID"]); pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); $ret = true; + } elseif (current_action("do_EditComment")) { + list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']); } if ($ret) { diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 5d191eb..1ae3166 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -830,7 +830,8 @@ function pkgbase_delete_comment() { $dbh = DB::connect(); if (can_delete_comment($comment_id)) { $q = "UPDATE PackageComments "; - $q.= "SET DelUsersID = ".$uid." "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); @@ -839,6 +840,37 @@ function pkgbase_delete_comment() { } } +/** + * Edit a package comment + * + * @return array Tuple of success/failure indicator and error message + */ +function pkgbase_edit_comment($comment) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { + return array(false, __("You must be logged in before you can edit package information.")); + } + + if (isset($_POST["comment_id"])) { + $comment_id = $_POST["comment_id"]; + } else { + return array(false, __("Missing comment ID.")); + } + + $dbh = DB::connect(); + if (can_edit_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET EditedUsersID = ".$uid.", "; + $q.= "Comments = ".$dbh->quote($comment).", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been edited.")); + } else { + return array(false, __("You are not allowed to edit this comment.")); + } +} + /** * Get a list of package base keywords * diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 7cb2ffc..de57c3e 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -42,6 +42,32 @@ function can_delete_comment_array($comment) { return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID'])); } +/** + * Determine if the user can edit a specific package comment + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the backend side of comment editing. + * + * @param string $comment_id The comment ID in the database + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment($comment_id=0) { + $dbh = DB::connect(); + + $q = "SELECT UsersID FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); + $result = $dbh->query($q); + + if (!$result) { + return false; + } + + $uid = $result->fetch(PDO::FETCH_COLUMN, 0); + + return has_credential(CRED_COMMENT_EDIT, array($uid)); +} + /** * Determine if the user can edit a specific package comment using an array * -- cgit v1.2.3-54-g00ecf