[aur-dev] [PATCH/RFC 0/3] Add comment edit functionality
Implements FS#34690. Marcel Korpel (3): Add comment edit icon and form Edit a comment in the backend Show dateline when a comment is edited or deleted schema/aur-schema.sql | 2 ++ web/html/commentedit.php | 21 +++++++++++++ web/html/css/aurweb.css | 10 ++++++ web/html/images/pencil.png | Bin 0 -> 429 bytes web/html/index.php | 4 +++ web/html/pkgbase.php | 14 ++++++--- web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 62 +++++++++++++++++++++++++++++++++++--- web/lib/pkgfuncs.inc.php | 40 ++++++++++++++++++++++++ web/template/pkg_comment_form.php | 10 ++++-- web/template/pkg_comments.php | 30 ++++++++++++++++-- 11 files changed, 180 insertions(+), 15 deletions(-) create mode 100644 web/html/commentedit.php create mode 100644 web/html/images/pencil.png -- 2.4.5
Shows a link next to the comment deletion icon, which leads to a comment edit form. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- web/html/commentedit.php | 21 +++++++++++++++++++++ web/html/css/aurweb.css | 4 ++++ web/html/images/pencil.png | Bin 0 -> 429 bytes web/html/index.php | 4 ++++ web/html/pkgbase.php | 12 +++++++----- web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 19 +++++++++++++++++++ web/lib/pkgfuncs.inc.php | 14 ++++++++++++++ web/template/pkg_comment_form.php | 10 +++++++--- web/template/pkg_comments.php | 3 +++ 10 files changed, 81 insertions(+), 8 deletions(-) create mode 100644 web/html/commentedit.php create mode 100644 web/html/images/pencil.png diff --git a/web/html/commentedit.php b/web/html/commentedit.php new file mode 100644 index 0000000..a8b1819 --- /dev/null +++ b/web/html/commentedit.php @@ -0,0 +1,21 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgbasefuncs.inc.php"); + +set_lang(); +check_sid(); + +$comment_id = intval($_REQUEST['comment_id']); +$comment = pkgbase_get_comment($comment_id); + +if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array(pkgbase_maintainer_uid($base_id))) || is_null($comment)) { + header('Location: /'); + exit(); +} + +html_header(__("Edit comment")); +include('pkg_comment_form.php'); +html_footer(AURWEB_VERSION); diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index d67877a..47166d3 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -96,6 +96,10 @@ color: #999; } +.edit-comment { + float: left; +} + legend { padding: 1em 0; } diff --git a/web/html/images/pencil.png b/web/html/images/pencil.png new file mode 100644 index 0000000000000000000000000000000000000000..4f0377684842064b2f990663d6de73313c8227e9 GIT binary patch literal 429 zcmV;e0aE^nP)<h;3K|Lk000e1NJLTq000vJ000sQ0{{R3j?xud0002JP)t-s<hn23 zq&1jhAi9e?!h$i<oiE#}Ps@{2$&gRVlTcVd6IntMUP2X<Z62IyC8}T+w011DeKfg= zCcls;!HY=3XBESlF~@^6$dFFRsb|TNPs)`-&zwroomteJUD%~+*^fKfs8HO*ZQZML z-L7om%dq6SFXpse=$Jt4s$uNUsq*2-^5(wt&u{e4rS#ON^wvc6&!+X+X!YD+_uIYq z;mP>n#rWc=_~Xm??Zf%w%lYHX`sdO5?vDKQvqhM@VE_OC0d!JMQvg8b*k%9#00Cl4 zM??UK1szBL000SaNLh0L01FcU01FcV0GgZ_00007bV*G`2j2$=023iC&9OfK003!8 zL_t&-(_>(u7GUF)U_}#BlsC1IW<e2B(>JrWHsL@KvNTuG(=%a55wbJVl~tBP6*4xk zRad|-B#bE}q=PA>Dv2({t8F7FrX(Yd>@Z#{O$||g0TlOh%Nc5kpb9Z?@$d;S69^pu XUcC;B&HZ$A00000NkvXXu0mjfYBaqK literal 0 HcmV?d00001 diff --git a/web/html/index.php b/web/html/index.php index 27d897c..58e425c 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -89,6 +89,9 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "comaintainers": include('comaintainers.php'); return; + case "edit-comment": + include('commentedit.php'); + return; default: header("HTTP/1.0 404 Not Found"); include "./404.php"; @@ -169,6 +172,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "/images/favicon.ico": case "/images/feed-icon-14x14.png": case "/images/titlelogo.png": + case "/images/pencil.png": case "/images/x.png": header("Content-Type: image/png"); readfile("./$path"); diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 5179d0c..51eb4b1 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -104,12 +104,14 @@ if (check_token()) { list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']); } elseif (current_action("do_EditComaintainers")) { list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users'])); - } - - if (isset($_REQUEST['comment'])) { + } elseif (current_action("do_AddComment")) { $uid = uid_from_sid($_COOKIE["AURSID"]); - pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); - $ret = true; + if (isset($_REQUEST['comment'])) { + pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); + $ret = true; + } else { + $ret = false; /* Bogus input. This shouldn't happen, unless the site is under attack. */ + } } if ($ret) { diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index cf1fcca..648d78c 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -7,6 +7,7 @@ define("CRED_ACCOUNT_LAST_LOGIN", 4); define("CRED_ACCOUNT_SEARCH", 5); define("CRED_COMMENT_DELETE", 6); define("CRED_COMMENT_VIEW_DELETED", 22); +define("CRED_COMMENT_EDIT", 25); define("CRED_PKGBASE_ADOPT", 7); define("CRED_PKGBASE_SET_KEYWORDS", 8); define("CRED_PKGBASE_DELETE", 9); @@ -58,6 +59,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: case CRED_COMMENT_VIEW_DELETED: + case CRED_COMMENT_EDIT: case CRED_PKGBASE_ADOPT: case CRED_PKGBASE_SET_KEYWORDS: case CRED_PKGBASE_DELETE: diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 5d191eb..cff25c4 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -67,6 +67,25 @@ function pkgbase_comments($base_id, $limit, $include_deleted) { } /** + * Get a package comment + * + * @param int $comment_id The ID of the comment + * + * @return string The comment + */ +function pkgbase_get_comment($comment_id) { + $dbh = DB::connect(); + $q = "SELECT Comments FROM PackageComments "; + $q.= "WHERE ID = " . $comment_id; + $result = $dbh->query($q); + if (!$result) { + return null; + } + + return $result->fetchColumn(0); +} + +/** * Add a comment to a package page and send out appropriate notifications * * @param string $base_id The package base ID to add the comment on diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 110290b..7cb2ffc 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,20 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can edit a specific package comment using an array + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the frontend side of comment editing. + * + * @param array $comment All database information relating a specific comment + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment_array($comment) { + return has_credential(CRED_COMMENT_EDIT, array($comment['UsersID'])); +} + +/** * Check to see if the package name already exists in the database * * @param string $name The package name to check diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 8a74dc1..16a92b1 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -1,5 +1,5 @@ <div id="generic-form" class="box"> - <h2><?= __("Add Comment"); ?></h2> + <h2><?= (isset($comment_id)) ? __('Edit comment for: %s', htmlspecialchars($pkgbase_name)) : __("Add Comment"); ?></h2> <form action="<?= get_pkgbase_uri($pkgbase_name) ?>" method="post"> <fieldset> <?php @@ -8,14 +8,18 @@ if (isset($_REQUEST['comment']) && check_token()) { } ?> <div> + <input type="hidden" name="action" value="<?= (isset($comment_id)) ? "do_EditComment" : "do_AddComment" ?>" /> <input type="hidden" name="ID" value="<?= intval($base_id) ?>" /> + <?php if (isset($comment_id)): ?> + <input type="hidden" name="comment_id" value="<?= $comment_id ?>" /> + <?php endif; ?> <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> <p> - <textarea id="id_comment" name="comment" cols="80" rows="10"></textarea> + <textarea id="id_comment" name="comment" cols="80" rows="10"><?= (isset($comment_id)) ? htmlspecialchars($comment) : "" ?></textarea> </p> <p> - <input type="submit" value="<?= __("Add Comment") ?>" /> + <input type="submit" value="<?= (isset($comment_id)) ? __("Save") : __("Add Comment") ?>" /> </p> </fieldset> </form> diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 3e99d9b..938f620 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -21,6 +21,9 @@ $count = pkgbase_comments_count($base_id, $include_deleted); endif; ?> <h4<?php if ($row['DelUsersID']): ?> class="comment-deleted"<?php endif; ?>> <?php if (!$row['DelUsersID'] && can_delete_comment_array($row)): ?> + <?php if (can_edit_comment_array($row)): ?> + <a href="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name) . 'edit-comment/?comment_id=' . $row['ID'], ENT_QUOTES) ?>" class="edit-comment" title="<?= __('Edit comment') ?>"><img src="/images/pencil.png" alt="<?= __('Edit comment') ?>" width="19" height="18"></a> + <?php endif; ?> <form method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> <fieldset style="display:inline;"> <input type="hidden" name="action" value="do_DeleteComment" /> -- 2.4.5
In the backend I created two new actions, do_AddComment and do_EditComment. When editing or deleting a comment, a timestamp is added. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- schema/aur-schema.sql | 2 ++ web/html/pkgbase.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++- web/lib/pkgfuncs.inc.php | 26 ++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql index 594a804..3aef7a3 100644 --- a/schema/aur-schema.sql +++ b/schema/aur-schema.sql @@ -254,6 +254,8 @@ CREATE TABLE PackageComments ( UsersID INTEGER UNSIGNED NULL DEFAULT NULL, Comments TEXT NOT NULL DEFAULT '', CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0, + EditedTS BIGINT UNSIGNED NULL DEFAULT NULL, + EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL, DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL, PRIMARY KEY (ID), INDEX (UsersID), diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 51eb4b1..018cfca 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -112,6 +112,8 @@ if (check_token()) { } else { $ret = false; /* Bogus input. This shouldn't happen, unless the site is under attack. */ } + } elseif (current_action("do_EditComment")) { + list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']); } if ($ret) { diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index cff25c4..b7bef2c 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -849,7 +849,8 @@ function pkgbase_delete_comment() { $dbh = DB::connect(); if (can_delete_comment($comment_id)) { $q = "UPDATE PackageComments "; - $q.= "SET DelUsersID = ".$uid." "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); @@ -859,6 +860,37 @@ function pkgbase_delete_comment() { } /** + * Edit a package comment + * + * @return array Tuple of success/failure indicator and error message + */ +function pkgbase_edit_comment($comment) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { + return array(false, __("You must be logged in before you can edit package information.")); + } + + if (isset($_POST["comment_id"])) { + $comment_id = $_POST["comment_id"]; + } else { + return array(false, __("Missing comment ID.")); + } + + $dbh = DB::connect(); + if (can_edit_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET EditedUsersID = ".$uid.", "; + $q.= "Comments = ".$dbh->quote($comment).", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been edited.")); + } else { + return array(false, __("You are not allowed to edit this comment.")); + } +} + +/** * Get a list of package base keywords * * @param int $base_id The package base ID to retrieve the keywords for diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 7cb2ffc..de57c3e 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,32 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can edit a specific package comment + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the backend side of comment editing. + * + * @param string $comment_id The comment ID in the database + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment($comment_id=0) { + $dbh = DB::connect(); + + $q = "SELECT UsersID FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); + $result = $dbh->query($q); + + if (!$result) { + return false; + } + + $uid = $result->fetch(PDO::FETCH_COLUMN, 0); + + return has_credential(CRED_COMMENT_EDIT, array($uid)); +} + +/** * Determine if the user can edit a specific package comment using an array * * Only the comment submitter, Trusted Users, and Developers can edit -- 2.4.5
Also, in pkg_comments.php, always use htmlspecialchars when outputting user names. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- web/html/css/aurweb.css | 6 ++++++ web/lib/pkgbasefuncs.inc.php | 9 ++++++--- web/template/pkg_comments.php | 27 ++++++++++++++++++++++++--- 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index 47166d3..a9f1514 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -100,6 +100,12 @@ float: left; } +.edited { + font-size: 0.9em; + font-style: italic; + color: #666; +} + legend { padding: 1em 0; } diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index b7bef2c..01f5ace 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -47,9 +47,12 @@ function pkgbase_comments($base_id, $limit, $include_deleted) { } $dbh = DB::connect(); - $q = "SELECT PackageComments.ID, UserName, UsersID, Comments, "; - $q.= "CommentTS, DelUsersID FROM PackageComments LEFT JOIN Users "; - $q.= "ON PackageComments.UsersID = Users.ID "; + $q = "SELECT PackageComments.ID, A.UserName AS UserName, UsersID, Comments, "; + $q.= "CommentTS, EditedTS, B.UserName AS EditUserName, "; + $q.= "DelUsersID, C.UserName AS DelUserName FROM PackageComments "; + $q.= "LEFT JOIN Users A ON PackageComments.UsersID = A.ID "; + $q.= "LEFT JOIN Users B ON PackageComments.EditedUsersID = B.ID "; + $q.= "LEFT JOIN Users C ON PackageComments.DelUsersID = C.ID "; $q.= "WHERE PackageBaseID = " . $base_id . " "; if (!$include_deleted) { $q.= "AND DelUsersID IS NULL "; diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 938f620..e0d8dd1 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -16,9 +16,21 @@ $count = pkgbase_comments_count($base_id, $include_deleted); </h3> <?php while (list($indx, $row) = each($comments)): ?> - <?php if ($row['UserName'] && $SID): - $row['UserName'] = "<a href=\"" . get_user_uri($row['UserName']) . "\">{$row['UserName']}</a>"; - endif; ?> + <?php if ($row['UserName'] && $SID) { + $row['UserName'] = '<a href="' . get_user_uri($row['UserName']) . '">' . htmlspecialchars($row['UserName']) . '</a>'; + } else { + $row['UserName'] = htmlspecialchars($row['UserName']); + } + if ($row['DelUserName'] && $SID) { + $row['DelUserName'] = '<a href="' . get_user_uri($row['DelUserName']) . '">' . htmlspecialchars($row['DelUserName']) . '</a>'; + } else { + $row['DelUserName'] = htmlspecialchars($row['DelUserName']); + } + if ($row['EditUserName'] && $SID) { + $row['EditUserName'] = '<a href="' . get_user_uri($row['EditUserName']) . '">' . htmlspecialchars($row['EditUserName']) . '</a>'; + } else { + $row['EditUserName'] = htmlspecialchars($row['EditUserName']); + } ?> <h4<?php if ($row['DelUsersID']): ?> class="comment-deleted"<?php endif; ?>> <?php if (!$row['DelUsersID'] && can_delete_comment_array($row)): ?> <?php if (can_edit_comment_array($row)): ?> @@ -53,6 +65,15 @@ $count = pkgbase_comments_count($base_id, $include_deleted); <p> <?= parse_comment($row['Comments']) ?> </p> + <?php if ($row['EditedTS']): ?> + <p class="edited"> + <?php if ($row['DelUsersID']) { + echo __('Deleted %s by %s', gmdate('Y-m-d H:i', $row['EditedTS']), $row['DelUserName']); + } else { + echo __('Last edited %s by %s', gmdate('Y-m-d H:i', $row['EditedTS']), $row['EditUserName']); + }?> + </p> + <?php endif; ?> </div> <?php endwhile; ?> </div> -- 2.4.5
participants (1)
-
Marcel Korpel