[aur-dev] [RFC v3] Add comment edit icon and form
Partly implements FS#34690. --- Changes from v1: * The same template pkg_comment_form.php is now used for adding new comments and editing existing comments (I don't know I like it this way). * In pkg_comments.php a missing test has been added to check the user's credentials (it assumes someone cannot edit a comment who is not allowed to delete the same). Changes from v2: * Always use 'ID' as pkgbase ID request parameter. * Add an extra parameter 'action'. * Let backend process comment adding upon action parameter. web/html/commentedit.php | 21 +++++++++++++++++++++ web/html/css/aurweb.css | 4 ++++ web/html/images/pencil.png | Bin 0 -> 429 bytes web/html/index.php | 4 ++++ web/html/pkgbase.php | 12 +++++++----- web/lib/credentials.inc.php | 2 ++ web/lib/pkgbasefuncs.inc.php | 19 +++++++++++++++++++ web/lib/pkgfuncs.inc.php | 14 ++++++++++++++ web/template/pkg_comment_form.php | 10 +++++++--- web/template/pkg_comments.php | 3 +++ 10 files changed, 81 insertions(+), 8 deletions(-) create mode 100644 web/html/commentedit.php create mode 100644 web/html/images/pencil.png diff --git a/web/html/commentedit.php b/web/html/commentedit.php new file mode 100644 index 0000000..a8b1819 --- /dev/null +++ b/web/html/commentedit.php @@ -0,0 +1,21 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgbasefuncs.inc.php"); + +set_lang(); +check_sid(); + +$comment_id = intval($_REQUEST['comment_id']); +$comment = pkgbase_get_comment($comment_id); + +if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array(pkgbase_maintainer_uid($base_id))) || is_null($comment)) { + header('Location: /'); + exit(); +} + +html_header(__("Edit comment")); +include('pkg_comment_form.php'); +html_footer(AURWEB_VERSION); diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index d67877a..47166d3 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -96,6 +96,10 @@ color: #999; } +.edit-comment { + float: left; +} + legend { padding: 1em 0; } diff --git a/web/html/images/pencil.png b/web/html/images/pencil.png new file mode 100644 index 0000000000000000000000000000000000000000..4f0377684842064b2f990663d6de73313c8227e9 GIT binary patch literal 429 zcmV;e0aE^nP)<h;3K|Lk000e1NJLTq000vJ000sQ0{{R3j?xud0002JP)t-s<hn23 zq&1jhAi9e?!h$i<oiE#}Ps@{2$&gRVlTcVd6IntMUP2X<Z62IyC8}T+w011DeKfg= zCcls;!HY=3XBESlF~@^6$dFFRsb|TNPs)`-&zwroomteJUD%~+*^fKfs8HO*ZQZML z-L7om%dq6SFXpse=$Jt4s$uNUsq*2-^5(wt&u{e4rS#ON^wvc6&!+X+X!YD+_uIYq z;mP>n#rWc=_~Xm??Zf%w%lYHX`sdO5?vDKQvqhM@VE_OC0d!JMQvg8b*k%9#00Cl4 zM??UK1szBL000SaNLh0L01FcU01FcV0GgZ_00007bV*G`2j2$=023iC&9OfK003!8 zL_t&-(_>(u7GUF)U_}#BlsC1IW<e2B(>JrWHsL@KvNTuG(=%a55wbJVl~tBP6*4xk zRad|-B#bE}q=PA>Dv2({t8F7FrX(Yd>@Z#{O$||g0TlOh%Nc5kpb9Z?@$d;S69^pu XUcC;B&HZ$A00000NkvXXu0mjfYBaqK literal 0 HcmV?d00001 diff --git a/web/html/index.php b/web/html/index.php index 27d897c..58e425c 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -89,6 +89,9 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "comaintainers": include('comaintainers.php'); return; + case "edit-comment": + include('commentedit.php'); + return; default: header("HTTP/1.0 404 Not Found"); include "./404.php"; @@ -169,6 +172,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "/images/favicon.ico": case "/images/feed-icon-14x14.png": case "/images/titlelogo.png": + case "/images/pencil.png": case "/images/x.png": header("Content-Type: image/png"); readfile("./$path"); diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 5179d0c..51eb4b1 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -104,12 +104,14 @@ if (check_token()) { list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']); } elseif (current_action("do_EditComaintainers")) { list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users'])); - } - - if (isset($_REQUEST['comment'])) { + } elseif (current_action("do_AddComment")) { $uid = uid_from_sid($_COOKIE["AURSID"]); - pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); - $ret = true; + if (isset($_REQUEST['comment'])) { + pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); + $ret = true; + } else { + $ret = false; /* Bogus input. This shouldn't happen, unless the site is under attack. */ + } } if ($ret) { diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index cf1fcca..648d78c 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -7,6 +7,7 @@ define("CRED_ACCOUNT_LAST_LOGIN", 4); define("CRED_ACCOUNT_SEARCH", 5); define("CRED_COMMENT_DELETE", 6); define("CRED_COMMENT_VIEW_DELETED", 22); +define("CRED_COMMENT_EDIT", 25); define("CRED_PKGBASE_ADOPT", 7); define("CRED_PKGBASE_SET_KEYWORDS", 8); define("CRED_PKGBASE_DELETE", 9); @@ -58,6 +59,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: case CRED_COMMENT_VIEW_DELETED: + case CRED_COMMENT_EDIT: case CRED_PKGBASE_ADOPT: case CRED_PKGBASE_SET_KEYWORDS: case CRED_PKGBASE_DELETE: diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 5d191eb..cff25c4 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -67,6 +67,25 @@ function pkgbase_comments($base_id, $limit, $include_deleted) { } /** + * Get a package comment + * + * @param int $comment_id The ID of the comment + * + * @return string The comment + */ +function pkgbase_get_comment($comment_id) { + $dbh = DB::connect(); + $q = "SELECT Comments FROM PackageComments "; + $q.= "WHERE ID = " . $comment_id; + $result = $dbh->query($q); + if (!$result) { + return null; + } + + return $result->fetchColumn(0); +} + +/** * Add a comment to a package page and send out appropriate notifications * * @param string $base_id The package base ID to add the comment on diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 110290b..7cb2ffc 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,20 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can edit a specific package comment using an array + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the frontend side of comment editing. + * + * @param array $comment All database information relating a specific comment + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment_array($comment) { + return has_credential(CRED_COMMENT_EDIT, array($comment['UsersID'])); +} + +/** * Check to see if the package name already exists in the database * * @param string $name The package name to check diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 8a74dc1..16a92b1 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -1,5 +1,5 @@ <div id="generic-form" class="box"> - <h2><?= __("Add Comment"); ?></h2> + <h2><?= (isset($comment_id)) ? __('Edit comment for: %s', htmlspecialchars($pkgbase_name)) : __("Add Comment"); ?></h2> <form action="<?= get_pkgbase_uri($pkgbase_name) ?>" method="post"> <fieldset> <?php @@ -8,14 +8,18 @@ if (isset($_REQUEST['comment']) && check_token()) { } ?> <div> + <input type="hidden" name="action" value="<?= (isset($comment_id)) ? "do_EditComment" : "do_AddComment" ?>" /> <input type="hidden" name="ID" value="<?= intval($base_id) ?>" /> + <?php if (isset($comment_id)): ?> + <input type="hidden" name="comment_id" value="<?= $comment_id ?>" /> + <?php endif; ?> <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> <p> - <textarea id="id_comment" name="comment" cols="80" rows="10"></textarea> + <textarea id="id_comment" name="comment" cols="80" rows="10"><?= (isset($comment_id)) ? htmlspecialchars($comment) : "" ?></textarea> </p> <p> - <input type="submit" value="<?= __("Add Comment") ?>" /> + <input type="submit" value="<?= (isset($comment_id)) ? __("Save") : __("Add Comment") ?>" /> </p> </fieldset> </form> diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 3e99d9b..938f620 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -21,6 +21,9 @@ $count = pkgbase_comments_count($base_id, $include_deleted); endif; ?> <h4<?php if ($row['DelUsersID']): ?> class="comment-deleted"<?php endif; ?>> <?php if (!$row['DelUsersID'] && can_delete_comment_array($row)): ?> + <?php if (can_edit_comment_array($row)): ?> + <a href="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name) . 'edit-comment/?comment_id=' . $row['ID'], ENT_QUOTES) ?>" class="edit-comment" title="<?= __('Edit comment') ?>"><img src="/images/pencil.png" alt="<?= __('Edit comment') ?>" width="19" height="18"></a> + <?php endif; ?> <form method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>"> <fieldset style="display:inline;"> <input type="hidden" name="action" value="do_DeleteComment" /> -- 2.4.5
On Wed 08 Jul 2015 01:36 +0200, Marcel Korpel wrote:
Partly implements FS#34690.
Oh Lord. Please no more icons or javascripts.
* Loui Chang <louipc.ist@gmail.com> (Tue, 7 Jul 2015 22:09:54 -0400):
Oh Lord. Please no more icons or javascripts.
Why? Would a link labeled 'Edit' suffice? Should we also get rid of the comment deletion icon? Or should the icons be less distractive? And what's the problem with JavaScript? Maintainability? This would be a great feature to progressively enhance: just look at the comment edit feature of Stack Overflow and the like, if you're accustomed with it. I think it gives a great user experience. I also really like the type- ahead suggest we implemented on the front pages. Just my € 0,02, for what they're worth. Best, Marcel
On Wed, 08 Jul 2015 at 05:20:49, Marcel Korpel wrote:
* Loui Chang <louipc.ist@gmail.com> (Tue, 7 Jul 2015 22:09:54 -0400):
Oh Lord. Please no more icons or javascripts.
Why? Would a link labeled 'Edit' suffice? Should we also get rid of the comment deletion icon? Or should the icons be less distractive?
I am actually fine with the icons. Less distractive versions would be nice, though. Maybe something monochrome that fits to our color scheme? If we decide to do that, the deletion icons should be replaced first in a preparatory patch. Of course, we should also make use of the alt attribute, such that things work properly when images cannot be displayed.
And what's the problem with JavaScript? Maintainability? This would be a great feature to progressively enhance: just look at the comment edit feature of Stack Overflow and the like, if you're accustomed with it. I think it gives a great user experience. I also really like the type- ahead suggest we implemented on the front pages.
I am not against using JavaScript, as long as two rules are fulfilled: 1. Everything needs to work without JavaScript. User experience still needs to be "good" (although not necessarily as "good" as with JavaScript, of course). 2. The maintenance burden must be very low. No piles of JavaScript in our code base.
Just my € 0,02, for what they're worth.
Best, Marcel
On Wed 08 Jul 2015 05:20 +0200, Marcel Korpel wrote:
And what's the problem with JavaScript? Maintainability? This would be a great feature to progressively enhance
The proper feature to progressively enhance should be the backend AUR api, and whatever client you wish to use/develop. I wouldn't mind if you want to use a javascript web client if it were separate from the core AUR. The AUR should remain simple and work cleanly in a text browser, any extra bells and whistles should be done separately in a client. I would just hate to see the core get bloated and overcomplicated. Anyways, just expressing my concern, though not worth much. He who writes the last patch is he who has the last laugh. Thanks
participants (3)
-
Loui Chang
-
Lukas Fleischer
-
Marcel Korpel