Commit e331ce27 authored by Marcel Korpel's avatar Marcel Korpel Committed by Lukas Fleischer
Browse files

Support comment editing in the backend



Create two new actions, do_AddComment and do_EditComment. When editing
or deleting a comment, a timestamp is added.

Signed-off-by: default avatarMarcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent 92e19e95
......@@ -254,11 +254,14 @@ CREATE TABLE PackageComments (
UsersID INTEGER UNSIGNED NULL DEFAULT NULL,
Comments TEXT NOT NULL DEFAULT '',
CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
PRIMARY KEY (ID),
INDEX (UsersID),
INDEX (PackageBaseID),
FOREIGN KEY (UsersID) REFERENCES Users(ID) ON DELETE SET NULL,
FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL,
FOREIGN KEY (DelUsersID) REFERENCES Users(ID) ON DELETE CASCADE,
FOREIGN KEY (PackageBaseID) REFERENCES PackageBases(ID) ON DELETE CASCADE
) ENGINE = InnoDB;
......
1. Add a timestamp for comment editing/deletion and an ID of the last user
who edited a comment:
----
ALTER TABLE PackageComments
ADD COLUMN EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
ADD COLUMN EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
ADD FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL;
----
......@@ -108,6 +108,8 @@ if (check_token()) {
$uid = uid_from_sid($_COOKIE["AURSID"]);
pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
$ret = true;
} elseif (current_action("do_EditComment")) {
list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
}
if ($ret) {
......
......@@ -830,7 +830,8 @@ function pkgbase_delete_comment() {
$dbh = DB::connect();
if (can_delete_comment($comment_id)) {
$q = "UPDATE PackageComments ";
$q.= "SET DelUsersID = ".$uid." ";
$q.= "SET DelUsersID = ".$uid.", ";
$q.= "EditedTS = UNIX_TIMESTAMP() ";
$q.= "WHERE ID = ".intval($comment_id);
$dbh->exec($q);
return array(true, __("Comment has been deleted."));
......@@ -839,6 +840,37 @@ function pkgbase_delete_comment() {
}
}
/**
* Edit a package comment
*
* @return array Tuple of success/failure indicator and error message
*/
function pkgbase_edit_comment($comment) {
$uid = uid_from_sid($_COOKIE["AURSID"]);
if (!$uid) {
return array(false, __("You must be logged in before you can edit package information."));
}
if (isset($_POST["comment_id"])) {
$comment_id = $_POST["comment_id"];
} else {
return array(false, __("Missing comment ID."));
}
$dbh = DB::connect();
if (can_edit_comment($comment_id)) {
$q = "UPDATE PackageComments ";
$q.= "SET EditedUsersID = ".$uid.", ";
$q.= "Comments = ".$dbh->quote($comment).", ";
$q.= "EditedTS = UNIX_TIMESTAMP() ";
$q.= "WHERE ID = ".intval($comment_id);
$dbh->exec($q);
return array(true, __("Comment has been edited."));
} else {
return array(false, __("You are not allowed to edit this comment."));
}
}
/**
* Get a list of package base keywords
*
......
......@@ -42,6 +42,32 @@ function can_delete_comment_array($comment) {
return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID']));
}
/**
* Determine if the user can edit a specific package comment
*
* Only the comment submitter, Trusted Users, and Developers can edit
* comments. This function is used for the backend side of comment editing.
*
* @param string $comment_id The comment ID in the database
*
* @return bool True if the user can edit the comment, otherwise false
*/
function can_edit_comment($comment_id=0) {
$dbh = DB::connect();
$q = "SELECT UsersID FROM PackageComments ";
$q.= "WHERE ID = " . intval($comment_id);
$result = $dbh->query($q);
if (!$result) {
return false;
}
$uid = $result->fetch(PDO::FETCH_COLUMN, 0);
return has_credential(CRED_COMMENT_EDIT, array($uid));
}
/**
* Determine if the user can edit a specific package comment using an array
*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment