[aur-dev] [PATCH] Add comment undeletion functionality
Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- web/html/css/aurweb.css | 9 +++++++++ web/html/pkgbase.php | 5 +++++ web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 31 ++++++++++++++++++++++--------- web/lib/pkgfuncs.inc.php | 12 ++++++++++++ web/template/pkg_comments.php | 11 +++++++++++ 6 files changed, 61 insertions(+), 9 deletions(-) diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index 92ff898..fbec643 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -106,6 +106,15 @@ margin-left: 8px; } +.undelete-comment-form { + display: inline; + margin-left: 8px; +} + +.undelete-comment { + font-size: 75%; +} + .edit-comment { height: 11px; position: relative; diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 45b8084..11fdf74 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -99,6 +99,11 @@ if (check_token()) { list($ret, $output) = pkgbase_notify($ids, false); } elseif (current_action("do_DeleteComment")) { list($ret, $output) = pkgbase_delete_comment(); + } elseif (current_action("do_UndeleteComment")) { + list($ret, $output) = pkgbase_delete_comment(true); + if ($ret && isset($_POST["comment_id"])) { + $fragment = '#comment-' . intval($_POST["comment_id"]); + } } elseif (current_action("do_PinComment")) { list($ret, $output) = pkgbase_pin_comment(); } elseif (current_action("do_UnpinComment")) { diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index 71bf5ff..d8698a8 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -6,6 +6,7 @@ define("CRED_ACCOUNT_EDIT_DEV", 3); define("CRED_ACCOUNT_LAST_LOGIN", 4); define("CRED_ACCOUNT_SEARCH", 5); define("CRED_COMMENT_DELETE", 6); +define("CRED_COMMENT_UNDELETE", 27); define("CRED_COMMENT_VIEW_DELETED", 22); define("CRED_COMMENT_EDIT", 25); define("CRED_COMMENT_PIN", 26); @@ -59,6 +60,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_LAST_LOGIN: case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: + case CRED_COMMENT_UNDELETE: case CRED_COMMENT_VIEW_DELETED: case CRED_COMMENT_EDIT: case CRED_COMMENT_PIN: diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 2b1201d..b0854d2 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -934,7 +934,7 @@ function pkgbase_notify ($base_ids, $action=true) { * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_delete_comment() { +function pkgbase_delete_comment($undelete=false) { $uid = uid_from_sid($_COOKIE["AURSID"]); if (!$uid) { return array(false, __("You must be logged in before you can edit package information.")); @@ -947,15 +947,28 @@ function pkgbase_delete_comment() { } $dbh = DB::connect(); - if (can_delete_comment($comment_id)) { - $q = "UPDATE PackageComments "; - $q.= "SET DelUsersID = ".$uid.", "; - $q.= "DelTS = UNIX_TIMESTAMP() "; - $q.= "WHERE ID = ".intval($comment_id); - $dbh->exec($q); - return array(true, __("Comment has been deleted.")); + if ($undelete) { + if (can_undelete_comment()) { + $q = "UPDATE PackageComments "; + $q.= "SET DelUsersID = NULL, "; + $q.= "DelTS = NULL "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been undeleted.")); + } else { + return array(false, __("You are not allowed to undelete this comment.")); + } } else { - return array(false, __("You are not allowed to delete this comment.")); + if (can_delete_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "DelTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been deleted.")); + } else { + return array(false, __("You are not allowed to delete this comment.")); + } } } diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index c2bbe38..4438fc4 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,18 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can undelete a specific package comment + * + * Only Trusted Users and Developers can undelete comments. + * This function is used for both sides of comment undeletion. + * + * @return bool True if the user can undelete the comment, otherwise false + */ +function can_undelete_comment() { + return has_credential(CRED_COMMENT_UNDELETE); +} + +/** * Determine if the user can edit a specific package comment * * Only the comment submitter, Trusted Users, and Developers can edit diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index d05c512..679d571 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -53,6 +53,17 @@ if (!isset($count)) { ?> <h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?> class="comment-deleted"<?php endif; ?>> <?= $heading ?> + <?php if ($is_deleted && can_undelete_comment()): ?> + <form class="undelete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> + <fieldset style="display:inline;"> + <input type="hidden" name="action" value="do_UndeleteComment" /> + <input type="hidden" name="comment_id" value="<?= $row['ID'] ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <input type="submit" class="undelete-comment" value="<?= __('Undelete') ?>" name="submit" /> + </fieldset> + </form> + <?php endif;?> + <?php if (!$is_deleted && can_delete_comment_array($row)): ?> <form class="delete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> <fieldset style="display:inline;"> -- 2.7.0
On Mon, 18 Jan 2016 at 00:00:10, Marcel Korpel wrote:
Only Developers and Trusted Users can undelete comments.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- web/html/css/aurweb.css | 9 +++++++++ web/html/pkgbase.php | 5 +++++ web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 31 ++++++++++++++++++++++--------- web/lib/pkgfuncs.inc.php | 12 ++++++++++++ web/template/pkg_comments.php | 11 +++++++++++ 6 files changed, 61 insertions(+), 9 deletions(-)
[...] diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 2b1201d..b0854d2 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -934,7 +934,7 @@ function pkgbase_notify ($base_ids, $action=true) { * * @return array Tuple of success/failure indicator and error message */ -function pkgbase_delete_comment() { +function pkgbase_delete_comment($undelete=false) {
Missing documentation for that new parameter?
[...] + if ($undelete) { + if (can_undelete_comment()) { + $q = "UPDATE PackageComments "; + $q.= "SET DelUsersID = NULL, "; + $q.= "DelTS = NULL "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been undeleted.")); + } else { + return array(false, __("You are not allowed to undelete this comment.")); + }
Reduce nesting: if (!can_undelete_comment()) { return array(false, __("You are not allowed to undelete this comment.")); } ... and then do not branch for the main logic.
} else { - return array(false, __("You are not allowed to delete this comment.")); + if (can_delete_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "DelTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been deleted.")); + } else { + return array(false, __("You are not allowed to delete this comment.")); + }
Same here.
} }
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index c2bbe38..4438fc4 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,18 @@ function can_delete_comment_array($comment) { }
/** + * Determine if the user can undelete a specific package comment + * + * Only Trusted Users and Developers can undelete comments. + * This function is used for both sides of comment undeletion. + * + * @return bool True if the user can undelete the comment, otherwise false + */ +function can_undelete_comment() { + return has_credential(CRED_COMMENT_UNDELETE); +}
Do we really need a new function for this? How about simply using has_credential(CRED_COMMENT_UNDELETE) at all call sites instead?
+ +/** * Determine if the user can edit a specific package comment * * Only the comment submitter, Trusted Users, and Developers can edit diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index d05c512..679d571 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -53,6 +53,17 @@ if (!isset($count)) { ?> <h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?> class="comment-deleted"<?php endif; ?>> <?= $heading ?> + <?php if ($is_deleted && can_undelete_comment()): ?> + <form class="undelete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> + <fieldset style="display:inline;"> + <input type="hidden" name="action" value="do_UndeleteComment" /> + <input type="hidden" name="comment_id" value="<?= $row['ID'] ?>" /> + <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <input type="submit" class="undelete-comment" value="<?= __('Undelete') ?>" name="submit" /> + </fieldset> + </form> + <?php endif;?> [...]
I wonder why this is not located next to the other comment action icons? Ideally, there should be a "undelete" icon at the location where we usually have the delete icon. On IRC, you mentioned that placing it there helps "prevent erroneously clicking" but I do not think it really does. In which way is the restore icon different to the delete icon? Patch looks good otherwise. Thank you for your work!
* Lukas Fleischer <lfleischer@archlinux.org> (Mon, 18 Jan 2016 19:16:06 +0100):
+function pkgbase_delete_comment($undelete=false) {
Missing documentation for that new parameter?
Correct.
Do we really need a new function for this? How about simply using has_credential(CRED_COMMENT_UNDELETE) at all call sites instead?
I thought it looks more logical/in line with the other function(s), but I see we use has_credential directly at other places in these files. I'll use that syntax here, too.
I wonder why this is not located next to the other comment action icons? Ideally, there should be a "undelete" icon at the location where we usually have the delete icon. On IRC, you mentioned that placing it there helps "prevent erroneously clicking" but I do not think it really does. In which way is the restore icon different to the delete icon?
You're right, and if a TU or dev erroneously clicks on the undelete button, they can simply deleted the comment again. Regards, Marcel
participants (2)
-
Lukas Fleischer
-
Marcel Korpel