Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- Changes from v1: * General clean-up of code * Placed button at the same position as the delete/edit/pin icons * Added missing PHPDoc for parameter web/html/css/aurweb.css | 6 +++++- web/html/pkgbase.php | 5 +++++ web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 22 ++++++++++++++++++---- web/template/pkg_comments.php | 11 +++++++++++ 5 files changed, 41 insertions(+), 5 deletions(-) diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index 92ff898..526e876 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -101,11 +101,15 @@ color: #999; } -.delete-comment-form, .pin-comment-form, .edit-comment { +.delete-comment-form, .undelete-comment-form, .pin-comment-form, .edit-comment { float: right; margin-left: 8px; } +.undelete-comment { + font-size: 75%; +} + .edit-comment { height: 11px; position: relative; diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 45b8084..11fdf74 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -99,6 +99,11 @@ if (check_token()) { list($ret, $output) = pkgbase_notify($ids, false); } elseif (current_action("do_DeleteComment")) { list($ret, $output) = pkgbase_delete_comment(); + } elseif (current_action("do_UndeleteComment")) { + list($ret, $output) = pkgbase_delete_comment(true); + if ($ret && isset($_POST["comment_id"])) { + $fragment = '#comment-' . intval($_POST["comment_id"]); + } } elseif (current_action("do_PinComment")) { list($ret, $output) = pkgbase_pin_comment(); } elseif (current_action("do_UnpinComment")) { diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index 71bf5ff..d8698a8 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -6,6 +6,7 @@ define("CRED_ACCOUNT_EDIT_DEV", 3); define("CRED_ACCOUNT_LAST_LOGIN", 4); define("CRED_ACCOUNT_SEARCH", 5); define("CRED_COMMENT_DELETE", 6); +define("CRED_COMMENT_UNDELETE", 27); define("CRED_COMMENT_VIEW_DELETED", 22); define("CRED_COMMENT_EDIT", 25); define("CRED_COMMENT_PIN", 26); @@ -59,6 +60,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_LAST_LOGIN: case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: + case CRED_COMMENT_UNDELETE: case CRED_COMMENT_VIEW_DELETED: case CRED_COMMENT_EDIT: case CRED_COMMENT_PIN: diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 2b1201d..20f5bb4 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -932,9 +932,10 @@ function pkgbase_notify ($base_ids, $action=true) { /** * Delete a package comment * + * @param boolean $undelete True if undeleting rather than deleting * @return array Tuple of success/failure indicator and error message */ -function pkgbase_delete_comment() { +function pkgbase_delete_comment($undelete=false) { $uid = uid_from_sid($_COOKIE["AURSID"]); if (!$uid) { return array(false, __("You must be logged in before you can edit package information.")); @@ -947,15 +948,28 @@ function pkgbase_delete_comment() { } $dbh = DB::connect(); - if (can_delete_comment($comment_id)) { + if ($undelete) { + if (!has_credential(CRED_COMMENT_UNDELETE)) { + return array(false, __("You are not allowed to undelete this comment.")); + } + + $q = "UPDATE PackageComments "; + $q.= "SET DelUsersID = NULL, "; + $q.= "DelTS = NULL "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been undeleted.")); + } else { + if (!can_delete_comment($comment_id)) { + return array(false, __("You are not allowed to delete this comment.")); + } + $q = "UPDATE PackageComments "; $q.= "SET DelUsersID = ".$uid.", "; $q.= "DelTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); - } else { - return array(false, __("You are not allowed to delete this comment.")); } } diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index d05c512..3f1f728 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -53,6 +53,17 @@ if (!isset($count)) { ?> <h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?> class="comment-deleted"<?php endif; ?>> <?= $heading ?> + <?php if ($is_deleted && has_credential(CRED_COMMENT_UNDELETE)): ?> + <form class="undelete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> + <fieldset style="display:inline;"> + <input type="hidden" name="action" value="do_UndeleteComment" /> + <input type="hidden" name="comment_id" value="<?= $row['ID'] ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <input type="submit" class="undelete-comment" value="<?= __('Undelete') ?>" name="submit" /> + </fieldset> + </form> + <?php endif;?> + <?php if (!$is_deleted && can_delete_comment_array($row)): ?> <form class="delete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> <fieldset style="display:inline;"> -- 2.7.0