[aur-dev] [RFC v2] Add comment edit icon and form

Marcel Korpel marcel.korpel at gmail.com
Tue Jul 7 22:48:33 UTC 2015


Partly implements FS#34690.
---
Changes from v1:
* The same template pkg_comment_form.php is now used for adding new
  comments and editing existing comments (I don't know I like it this
  way).
* In pkg_comments.php a missing test has been added to check the
  user's credentials (it assumes someone cannot edit a comment who
  is not allowed to delete the same).

 web/html/commentedit.php          |  21 +++++++++++++++++++++
 web/html/css/aurweb.css           |   4 ++++
 web/html/images/pencil.png        | Bin 0 -> 429 bytes
 web/html/index.php                |   4 ++++
 web/lib/credentials.inc.php       |   2 ++
 web/lib/pkgbasefuncs.inc.php      |  19 +++++++++++++++++++
 web/lib/pkgfuncs.inc.php          |  14 ++++++++++++++
 web/template/pkg_comment_form.php |   8 ++++----
 web/template/pkg_comments.php     |   3 +++
 9 files changed, 71 insertions(+), 4 deletions(-)
 create mode 100644 web/html/commentedit.php
 create mode 100644 web/html/images/pencil.png

diff --git a/web/html/commentedit.php b/web/html/commentedit.php
new file mode 100644
index 0000000..a8b1819
--- /dev/null
+++ b/web/html/commentedit.php
@@ -0,0 +1,21 @@
+<?php
+
+set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
+
+include_once("aur.inc.php");
+include_once("pkgbasefuncs.inc.php");
+
+set_lang();
+check_sid();
+
+$comment_id = intval($_REQUEST['comment_id']);
+$comment = pkgbase_get_comment($comment_id);
+
+if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array(pkgbase_maintainer_uid($base_id))) || is_null($comment)) {
+	header('Location: /');
+	exit();
+}
+
+html_header(__("Edit comment"));
+include('pkg_comment_form.php');
+html_footer(AURWEB_VERSION);
diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css
index d67877a..47166d3 100644
--- a/web/html/css/aurweb.css
+++ b/web/html/css/aurweb.css
@@ -96,6 +96,10 @@
 	color: #999;
 }
 
+.edit-comment {
+	float: left;
+}
+
 legend {
 	padding: 1em 0;
 }
diff --git a/web/html/images/pencil.png b/web/html/images/pencil.png
new file mode 100644
index 0000000000000000000000000000000000000000..4f0377684842064b2f990663d6de73313c8227e9
GIT binary patch
literal 429
zcmV;e0aE^nP)<h;3K|Lk000e1NJLTq000vJ000sQ0{{R3j?xud0002JP)t-s<hn23
zq&1jhAi9e?!h$i<oiE#}Ps@{2$&gRVlTcVd6IntMUP2X<Z62IyC8}T+w011DeKfg=
zCcls;!HY=3XBESlF~@^6$dFFRsb|TNPs)`-&zwroomteJUD%~+*^fKfs8HO*ZQZML
z-L7om%dq6SFXpse=$Jt4s$uNUsq*2-^5(wt&u{e4rS#ON^wvc6&!+X+X!YD+_uIYq
z;mP>n#rWc=_~Xm??Zf%w%lYHX`sdO5?vDKQvqhM at VE_OC0d!JMQvg8b*k%9#00Cl4
zM??UK1szBL000SaNLh0L01FcU01FcV0GgZ_00007bV*G`2j2$=023iC&9OfK003!8
zL_t&-(_>(u7GUF)U_}#BlsC1IW<e2B(>JrWHsL at KvNTuG(=%a55wbJVl~tBP6*4xk
zRad|-B#bE}q=PA>Dv2({t8F7FrX(Yd>@Z#{O$||g0TlOh%Nc5kpb9Z?@$d;S69^pu
XUcC;B&HZ$A00000NkvXXu0mjfYBaqK

literal 0
HcmV?d00001

diff --git a/web/html/index.php b/web/html/index.php
index 27d897c..58e425c 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -89,6 +89,9 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 			case "comaintainers":
 				include('comaintainers.php');
 				return;
+			case "edit-comment":
+				include('commentedit.php');
+				return;
 			default:
 				header("HTTP/1.0 404 Not Found");
 				include "./404.php";
@@ -169,6 +172,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 	case "/images/favicon.ico":
 	case "/images/feed-icon-14x14.png":
 	case "/images/titlelogo.png":
+	case "/images/pencil.png":
 	case "/images/x.png":
 		header("Content-Type: image/png");
 		readfile("./$path");
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index cf1fcca..648d78c 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -7,6 +7,7 @@ define("CRED_ACCOUNT_LAST_LOGIN", 4);
 define("CRED_ACCOUNT_SEARCH", 5);
 define("CRED_COMMENT_DELETE", 6);
 define("CRED_COMMENT_VIEW_DELETED", 22);
+define("CRED_COMMENT_EDIT", 25);
 define("CRED_PKGBASE_ADOPT", 7);
 define("CRED_PKGBASE_SET_KEYWORDS", 8);
 define("CRED_PKGBASE_DELETE", 9);
@@ -58,6 +59,7 @@ function has_credential($credential, $approved_users=array()) {
 	case CRED_ACCOUNT_SEARCH:
 	case CRED_COMMENT_DELETE:
 	case CRED_COMMENT_VIEW_DELETED:
+	case CRED_COMMENT_EDIT:
 	case CRED_PKGBASE_ADOPT:
 	case CRED_PKGBASE_SET_KEYWORDS:
 	case CRED_PKGBASE_DELETE:
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 5d191eb..cff25c4 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -67,6 +67,25 @@ function pkgbase_comments($base_id, $limit, $include_deleted) {
 }
 
 /**
+ * Get a package comment
+ *
+ * @param  int $comment_id The ID of the comment
+ *
+ * @return string The comment
+ */
+function pkgbase_get_comment($comment_id) {
+	$dbh = DB::connect();
+	$q = "SELECT Comments FROM PackageComments ";
+	$q.= "WHERE ID = " . $comment_id;
+	$result = $dbh->query($q);
+	if (!$result) {
+		return null;
+	}
+
+	return $result->fetchColumn(0);
+}
+
+/**
  * Add a comment to a package page and send out appropriate notifications
  *
  * @param string $base_id The package base ID to add the comment on
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 110290b..7cb2ffc 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,20 @@ function can_delete_comment_array($comment) {
 }
 
 /**
+ * Determine if the user can edit a specific package comment using an array
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the frontend side of comment editing.
+ *
+ * @param array $comment All database information relating a specific comment
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment_array($comment) {
+	return has_credential(CRED_COMMENT_EDIT, array($comment['UsersID']));
+}
+
+/**
  * Check to see if the package name already exists in the database
  *
  * @param string $name The package name to check
diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php
index 8a74dc1..7eecd2c 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -1,5 +1,5 @@
 <div id="generic-form" class="box">
-	<h2><?= __("Add Comment"); ?></h2>
+	<h2><?= (isset($comment_id)) ? __('Edit comment for: %s', htmlspecialchars($pkgbase_name)) : __("Add Comment"); ?></h2>
 	<form action="<?= get_pkgbase_uri($pkgbase_name) ?>" method="post">
 		<fieldset>
 <?php
@@ -8,14 +8,14 @@ if (isset($_REQUEST['comment']) && check_token()) {
 }
 ?>
 			<div>
-				<input type="hidden" name="ID" value="<?= intval($base_id) ?>" />
+				<input type="hidden" name="ID" value="<?= (isset($comment_id)) ? $comment_id : intval($base_id) ?>" />
 				<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
 			</div>
 			<p>
-				<textarea id="id_comment" name="comment" cols="80" rows="10"></textarea>
+				<textarea id="id_comment" name="comment" cols="80" rows="10"><?= (isset($comment_id)) ? htmlspecialchars($comment) : "" ?></textarea>
 			</p>
 			<p>
-				<input type="submit" value="<?= __("Add Comment") ?>" />
+				<input type="submit" value="<?= (isset($comment_id)) ? __("Save") : __("Add Comment") ?>" />
 			</p>
 		</fieldset>
 	</form>
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index 3e99d9b..938f620 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -21,6 +21,9 @@ $count = pkgbase_comments_count($base_id, $include_deleted);
 		endif; ?>
 		<h4<?php if ($row['DelUsersID']): ?> class="comment-deleted"<?php endif; ?>>
 			<?php if (!$row['DelUsersID'] && can_delete_comment_array($row)): ?>
+				<?php if (can_edit_comment_array($row)): ?>
+				<a href="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name) . 'edit-comment/?comment_id=' . $row['ID'], ENT_QUOTES) ?>" class="edit-comment" title="<?= __('Edit comment') ?>"><img src="/images/pencil.png" alt="<?= __('Edit comment') ?>" width="19" height="18"></a>
+				<?php endif; ?>
 				<form method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>">
 					<fieldset style="display:inline;">
 						<input type="hidden" name="action" value="do_DeleteComment" />
-- 
2.4.5


More information about the aur-dev mailing list