[aur-dev] [RFC] Edit a comment in the backend

Wed Jul 8 00:18:18 UTC 2015

Implements FS#34690. Also, when deleting a comment, a timestamp is
added (so, in the future, the page could display something like:
"Edited/Deleted <TS> by <Name>").
---
 schema/aur-schema.sql        |  2 ++
 web/html/pkgbase.php         |  2 ++
 web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++-
 web/lib/pkgfuncs.inc.php     | 26 ++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 594a804..3aef7a3 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -254,6 +254,8 @@ CREATE TABLE PackageComments (
 	UsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	Comments TEXT NOT NULL DEFAULT '',
 	CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
+	EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+	EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	PRIMARY KEY (ID),
 	INDEX (UsersID),
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 51eb4b1..018cfca 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -112,6 +112,8 @@ if (check_token()) {
 		} else {
 			$ret = false;  /* Bogus input. This shouldn't happen, unless the site is under attack. */
 		}
+	} elseif (current_action("do_EditComment")) {
+		list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
 	}
 
 	if ($ret) {
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index cff25c4..b7bef2c 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -849,7 +849,8 @@ function pkgbase_delete_comment() {
 	$dbh = DB::connect();
 	if (can_delete_comment($comment_id)) {
 		$q = "UPDATE PackageComments ";
-		$q.= "SET DelUsersID = ".$uid." ";
+		$q.= "SET DelUsersID = ".$uid.", ";
+		$q.= "EditedTS = UNIX_TIMESTAMP() ";
 		$q.= "WHERE ID = ".intval($comment_id);
 		$dbh->exec($q);
 		return array(true, __("Comment has been deleted."));
@@ -859,6 +860,37 @@ function pkgbase_delete_comment() {
 }
 
 /**
+ * Edit a package comment
+ *
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_edit_comment($comment) {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
+		return array(false, __("You must be logged in before you can edit package information."));
+	}
+
+	if (isset($_POST["comment_id"])) {
+		$comment_id = $_POST["comment_id"];
+	} else {
+		return array(false, __("Missing comment ID."));
+	}
+
+	$dbh = DB::connect();
+	if (can_edit_comment($comment_id)) {
+		$q = "UPDATE PackageComments ";
+		$q.= "SET EditedUsersID = ".$uid.", ";
+		$q.= "Comments = ".$dbh->quote($comment).", ";
+		$q.= "EditedTS = UNIX_TIMESTAMP() ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been edited."));
+	} else {
+		return array(false, __("You are not allowed to edit this comment."));
+	}
+}
+
+/**
  * Get a list of package base keywords
  *
  * @param int $base_id The package base ID to retrieve the keywords for
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 7cb2ffc..de57c3e 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,32 @@ function can_delete_comment_array($comment) {
 }
 
 /**
+ * Determine if the user can edit a specific package comment
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the backend side of comment editing.
+ *
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment($comment_id=0) {
+	$dbh = DB::connect();
+
+	$q = "SELECT UsersID FROM PackageComments ";
+	$q.= "WHERE ID = " . intval($comment_id);
+	$result = $dbh->query($q);
+
+	if (!$result) {
+		return false;
+	}
+
+	$uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+	return has_credential(CRED_COMMENT_EDIT, array($uid));
+}
+
+/**
  * Determine if the user can edit a specific package comment using an array
  *
  * Only the comment submitter, Trusted Users, and Developers can edit
-- 
2.4.5
