[aur-dev] [PATCH v2 2/6] Edit a comment in the backend
    Marcel Korpel 
    marcel.korpel at gmail.com
       
    Fri Jul 10 16:02:33 UTC 2015
    
    
  
Create two new actions, do_AddComment and do_EditComment. When editing
or deleting a comment, a timestamp is added.
Signed-off-by: Marcel Korpel <marcel.korpel at gmail.com>
---
 schema/aur-schema.sql        |  2 ++
 web/html/pkgbase.php         |  2 ++
 web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++-
 web/lib/pkgfuncs.inc.php     | 26 ++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 1 deletion(-)
diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 594a804..3aef7a3 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -254,6 +254,8 @@ CREATE TABLE PackageComments (
 	UsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	Comments TEXT NOT NULL DEFAULT '',
 	CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
+	EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+	EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	PRIMARY KEY (ID),
 	INDEX (UsersID),
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index f908029..5886f71 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -108,6 +108,8 @@ if (check_token()) {
 		$uid = uid_from_sid($_COOKIE["AURSID"]);
 		pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
 		$ret = true;
+	} elseif (current_action("do_EditComment")) {
+		list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
 	}
 
 	if ($ret) {
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 5d191eb..1ae3166 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -830,7 +830,8 @@ function pkgbase_delete_comment() {
 	$dbh = DB::connect();
 	if (can_delete_comment($comment_id)) {
 		$q = "UPDATE PackageComments ";
-		$q.= "SET DelUsersID = ".$uid." ";
+		$q.= "SET DelUsersID = ".$uid.", ";
+		$q.= "EditedTS = UNIX_TIMESTAMP() ";
 		$q.= "WHERE ID = ".intval($comment_id);
 		$dbh->exec($q);
 		return array(true, __("Comment has been deleted."));
@@ -840,6 +841,37 @@ function pkgbase_delete_comment() {
 }
 
 /**
+ * Edit a package comment
+ *
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_edit_comment($comment) {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
+		return array(false, __("You must be logged in before you can edit package information."));
+	}
+
+	if (isset($_POST["comment_id"])) {
+		$comment_id = $_POST["comment_id"];
+	} else {
+		return array(false, __("Missing comment ID."));
+	}
+
+	$dbh = DB::connect();
+	if (can_edit_comment($comment_id)) {
+		$q = "UPDATE PackageComments ";
+		$q.= "SET EditedUsersID = ".$uid.", ";
+		$q.= "Comments = ".$dbh->quote($comment).", ";
+		$q.= "EditedTS = UNIX_TIMESTAMP() ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been edited."));
+	} else {
+		return array(false, __("You are not allowed to edit this comment."));
+	}
+}
+
+/**
  * Get a list of package base keywords
  *
  * @param int $base_id The package base ID to retrieve the keywords for
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 7cb2ffc..de57c3e 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,32 @@ function can_delete_comment_array($comment) {
 }
 
 /**
+ * Determine if the user can edit a specific package comment
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the backend side of comment editing.
+ *
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment($comment_id=0) {
+	$dbh = DB::connect();
+
+	$q = "SELECT UsersID FROM PackageComments ";
+	$q.= "WHERE ID = " . intval($comment_id);
+	$result = $dbh->query($q);
+
+	if (!$result) {
+		return false;
+	}
+
+	$uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+	return has_credential(CRED_COMMENT_EDIT, array($uid));
+}
+
+/**
  * Determine if the user can edit a specific package comment using an array
  *
  * Only the comment submitter, Trusted Users, and Developers can edit
-- 
2.4.5
    
    
More information about the aur-dev
mailing list