Implements FS#34690. Also, when deleting a comment, a timestamp is added (so, in the future, the page could display something like: "Edited/Deleted <TS> by <Name>"). --- schema/aur-schema.sql | 2 ++ web/html/pkgbase.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++- web/lib/pkgfuncs.inc.php | 26 ++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql index 594a804..3aef7a3 100644 --- a/schema/aur-schema.sql +++ b/schema/aur-schema.sql @@ -254,6 +254,8 @@ CREATE TABLE PackageComments ( UsersID INTEGER UNSIGNED NULL DEFAULT NULL, Comments TEXT NOT NULL DEFAULT '', CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0, + EditedTS BIGINT UNSIGNED NULL DEFAULT NULL, + EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL, DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL, PRIMARY KEY (ID), INDEX (UsersID), diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 51eb4b1..018cfca 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -112,6 +112,8 @@ if (check_token()) { } else { $ret = false; /* Bogus input. This shouldn't happen, unless the site is under attack. */ } + } elseif (current_action("do_EditComment")) { + list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']); } if ($ret) { diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index cff25c4..b7bef2c 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -849,7 +849,8 @@ function pkgbase_delete_comment() { $dbh = DB::connect(); if (can_delete_comment($comment_id)) { $q = "UPDATE PackageComments "; - $q.= "SET DelUsersID = ".$uid." "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); @@ -859,6 +860,37 @@ function pkgbase_delete_comment() { } /** + * Edit a package comment + * + * @return array Tuple of success/failure indicator and error message + */ +function pkgbase_edit_comment($comment) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { + return array(false, __("You must be logged in before you can edit package information.")); + } + + if (isset($_POST["comment_id"])) { + $comment_id = $_POST["comment_id"]; + } else { + return array(false, __("Missing comment ID.")); + } + + $dbh = DB::connect(); + if (can_edit_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET EditedUsersID = ".$uid.", "; + $q.= "Comments = ".$dbh->quote($comment).", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been edited.")); + } else { + return array(false, __("You are not allowed to edit this comment.")); + } +} + +/** * Get a list of package base keywords * * @param int $base_id The package base ID to retrieve the keywords for diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 7cb2ffc..de57c3e 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,32 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can edit a specific package comment + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the backend side of comment editing. + * + * @param string $comment_id The comment ID in the database + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment($comment_id=0) { + $dbh = DB::connect(); + + $q = "SELECT UsersID FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); + $result = $dbh->query($q); + + if (!$result) { + return false; + } + + $uid = $result->fetch(PDO::FETCH_COLUMN, 0); + + return has_credential(CRED_COMMENT_EDIT, array($uid)); +} + +/** * Determine if the user can edit a specific package comment using an array * * Only the comment submitter, Trusted Users, and Developers can edit -- 2.4.5