Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- Changes from v2: * Used icon instead of (textual) button web/html/css/aurweb.css | 6 +++--- web/html/images/action-undo.min.svg | 3 +++ web/html/images/action-undo.svg | 32 ++++++++++++++++++++++++++++++++ web/html/index.php | 1 + web/html/pkgbase.php | 5 +++++ web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 22 ++++++++++++++++++---- web/template/pkg_comments.php | 11 +++++++++++ 8 files changed, 75 insertions(+), 7 deletions(-) create mode 100644 web/html/images/action-undo.min.svg create mode 100644 web/html/images/action-undo.svg diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index 92ff898..4c3fbe5 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -101,7 +101,7 @@ color: #999; } -.delete-comment-form, .pin-comment-form, .edit-comment { +.delete-comment-form, .undelete-comment-form, .pin-comment-form, .edit-comment { float: right; margin-left: 8px; } @@ -112,13 +112,13 @@ top: 1px; } -.delete-comment, .edit-comment, .pin-comment { +.delete-comment, .undelete-comment, .edit-comment, .pin-comment { -webkit-filter: grayscale(100%); filter: grayscale(100%); opacity: 0.6; } -.delete-comment:hover, .edit-comment:hover, .pin-comment:hover { +.delete-comment:hover, .undelete-comment:hover, .edit-comment:hover, .pin-comment:hover { -webkit-filter: none; filter: none; opacity: 1; diff --git a/web/html/images/action-undo.min.svg b/web/html/images/action-undo.min.svg new file mode 100644 index 0000000..eb47bc4 --- /dev/null +++ b/web/html/images/action-undo.min.svg @@ -0,0 +1,3 @@ +<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="8" width="8" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" viewBox="0 0 8 8"> +<path d="m4.5 0c-1.93 0-3.5 1.57-3.5 3.5v0.5h-1l2 2 2-2h-1v-0.5c0-1.38 1.12-2.5 2.5-2.5s2.5 1.12 2.5 2.5c0-1.93-1.57-3.5-3.5-3.5z" transform="translate(0 1)" fill="#36a"/> +</svg> diff --git a/web/html/images/action-undo.svg b/web/html/images/action-undo.svg new file mode 100644 index 0000000..b93ebb7 --- /dev/null +++ b/web/html/images/action-undo.svg @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<svg + xmlns:dc="http://purl.org/dc/elements/1.1/" + xmlns:cc="http://creativecommons.org/ns#" + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" + xmlns:svg="http://www.w3.org/2000/svg" + xmlns="http://www.w3.org/2000/svg" + version="1.1" + id="svg2" + viewBox="0 0 8 8" + height="8" + width="8"> + <metadata + id="metadata10"> + <rdf:RDF> + <cc:Work + rdf:about=""> + <dc:format>image/svg+xml</dc:format> + <dc:type + rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> + <dc:title></dc:title> + </cc:Work> + </rdf:RDF> + </metadata> + <defs + id="defs8" /> + <path + style="fill:#3366aa;fill-opacity:1" + id="path4" + transform="translate(0 1)" + d="M4.5 0c-1.93 0-3.5 1.57-3.5 3.5v.5h-1l2 2 2-2h-1v-.5c0-1.38 1.12-2.5 2.5-2.5s2.5 1.12 2.5 2.5c0-1.93-1.57-3.5-3.5-3.5z" /> +</svg> diff --git a/web/html/index.php b/web/html/index.php index 0a9fd05..3787d4e 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -180,6 +180,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { readfile("./$path"); break; case "/images/x.min.svg": + case "/images/action-undo.min.svg": case "/images/pencil.min.svg": case "/images/pin.min.svg": case "/images/unpin.min.svg": diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 45b8084..11fdf74 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -99,6 +99,11 @@ if (check_token()) { list($ret, $output) = pkgbase_notify($ids, false); } elseif (current_action("do_DeleteComment")) { list($ret, $output) = pkgbase_delete_comment(); + } elseif (current_action("do_UndeleteComment")) { + list($ret, $output) = pkgbase_delete_comment(true); + if ($ret && isset($_POST["comment_id"])) { + $fragment = '#comment-' . intval($_POST["comment_id"]); + } } elseif (current_action("do_PinComment")) { list($ret, $output) = pkgbase_pin_comment(); } elseif (current_action("do_UnpinComment")) { diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index 71bf5ff..d8698a8 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -6,6 +6,7 @@ define("CRED_ACCOUNT_EDIT_DEV", 3); define("CRED_ACCOUNT_LAST_LOGIN", 4); define("CRED_ACCOUNT_SEARCH", 5); define("CRED_COMMENT_DELETE", 6); +define("CRED_COMMENT_UNDELETE", 27); define("CRED_COMMENT_VIEW_DELETED", 22); define("CRED_COMMENT_EDIT", 25); define("CRED_COMMENT_PIN", 26); @@ -59,6 +60,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_LAST_LOGIN: case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: + case CRED_COMMENT_UNDELETE: case CRED_COMMENT_VIEW_DELETED: case CRED_COMMENT_EDIT: case CRED_COMMENT_PIN: diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 2b1201d..20f5bb4 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -932,9 +932,10 @@ function pkgbase_notify ($base_ids, $action=true) { /** * Delete a package comment * + * @param boolean $undelete True if undeleting rather than deleting * @return array Tuple of success/failure indicator and error message */ -function pkgbase_delete_comment() { +function pkgbase_delete_comment($undelete=false) { $uid = uid_from_sid($_COOKIE["AURSID"]); if (!$uid) { return array(false, __("You must be logged in before you can edit package information.")); @@ -947,15 +948,28 @@ function pkgbase_delete_comment() { } $dbh = DB::connect(); - if (can_delete_comment($comment_id)) { + if ($undelete) { + if (!has_credential(CRED_COMMENT_UNDELETE)) { + return array(false, __("You are not allowed to undelete this comment.")); + } + + $q = "UPDATE PackageComments "; + $q.= "SET DelUsersID = NULL, "; + $q.= "DelTS = NULL "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been undeleted.")); + } else { + if (!can_delete_comment($comment_id)) { + return array(false, __("You are not allowed to delete this comment.")); + } + $q = "UPDATE PackageComments "; $q.= "SET DelUsersID = ".$uid.", "; $q.= "DelTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); - } else { - return array(false, __("You are not allowed to delete this comment.")); } } diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index d05c512..c45e45b 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -53,6 +53,17 @@ if (!isset($count)) { ?> <h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?> class="comment-deleted"<?php endif; ?>> <?= $heading ?> + <?php if ($is_deleted && has_credential(CRED_COMMENT_UNDELETE)): ?> + <form class="undelete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> + <fieldset style="display:inline;"> + <input type="hidden" name="action" value="do_UndeleteComment" /> + <input type="hidden" name="comment_id" value="<?= $row['ID'] ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <input type="image" class="undelete-comment" src="/images/action-undo.min.svg" width="11" height="11" alt="<?= __('Undelete comment') ?>" title="<?= __('Undelete comment') ?>" name="submit" value="1" /> + </fieldset> + </form> + <?php endif;?> + <?php if (!$is_deleted && can_delete_comment_array($row)): ?> <form class="delete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> <fieldset style="display:inline;"> -- 2.7.0