[aur-dev] [PATCH 1/2] Add capability to pin comments above others

Sat Nov 28 00:44:26 UTC 2015

Adds functions and credential information to pin comments before others.

This needs two extra columns (PinnedTS and PinnedUsersID) to the
PackageComments table.

Signed-off-by: Mark Weiman <mark.weiman at markzz.com>
---
 web/html/pkgbase.php         |   4 ++
 web/lib/credentials.inc.php  |   2 +
 web/lib/pkgbasefuncs.inc.php | 123 ++++++++++++++++++++++++++++++++++++++++++-
 web/lib/pkgfuncs.inc.php     |  54 +++++++++++++++++++
 4 files changed, 182 insertions(+), 1 deletion(-)

diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index cbbf3cc..3ca6e55 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -99,6 +99,10 @@ if (check_token()) {
 		list($ret, $output) = pkgbase_notify($ids, false);
 	} elseif (current_action("do_DeleteComment")) {
 		list($ret, $output) = pkgbase_delete_comment();
+	} elseif (current_action("do_PinComment")) {
+		list($ret, $output) = pkgbase_pin_comment();
+	} elseif (current_action("do_UnpinComment")) {
+		list($ret, $output) = pkgbase_unpin_comment();
 	} elseif (current_action("do_SetKeywords")) {
 		list($ret, $output) = pkgbase_set_keywords($base_id, preg_split("/[\s,;]+/", $_POST['keywords'], -1, PREG_SPLIT_NO_EMPTY));
 	} elseif (current_action("do_FileRequest")) {
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index 648d78c..71bf5ff 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -8,6 +8,7 @@ define("CRED_ACCOUNT_SEARCH", 5);
 define("CRED_COMMENT_DELETE", 6);
 define("CRED_COMMENT_VIEW_DELETED", 22);
 define("CRED_COMMENT_EDIT", 25);
+define("CRED_COMMENT_PIN", 26);
 define("CRED_PKGBASE_ADOPT", 7);
 define("CRED_PKGBASE_SET_KEYWORDS", 8);
 define("CRED_PKGBASE_DELETE", 9);
@@ -60,6 +61,7 @@ function has_credential($credential, $approved_users=array()) {
 	case CRED_COMMENT_DELETE:
 	case CRED_COMMENT_VIEW_DELETED:
 	case CRED_COMMENT_EDIT:
+	case CRED_COMMENT_PIN:
 	case CRED_PKGBASE_ADOPT:
 	case CRED_PKGBASE_SET_KEYWORDS:
 	case CRED_PKGBASE_DELETE:
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index afccc7d..0a4176f 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -49,10 +49,12 @@ function pkgbase_comments($base_id, $limit, $include_deleted) {
 	$dbh = DB::connect();
 	$q = "SELECT PackageComments.ID, A.UserName AS UserName, UsersID, Comments, ";
 	$q.= "CommentTS, EditedTS, B.UserName AS EditUserName, ";
-	$q.= "DelUsersID, C.UserName AS DelUserName FROM PackageComments ";
+	$q.= "DelUsersID, C.UserName AS DelUserName, ";
+	$q.= "PinnedUsersID, D.UserName AS PinnedUserName FROM PackageComments ";
 	$q.= "LEFT JOIN Users A ON PackageComments.UsersID = A.ID ";
 	$q.= "LEFT JOIN Users B ON PackageComments.EditedUsersID = B.ID ";
 	$q.= "LEFT JOIN Users C ON PackageComments.DelUsersID = C.ID ";
+	$q.= "LEFT JOIN Users D ON PackageComments.PinnedUsersID = D.ID ";
 	$q.= "WHERE PackageBaseID = " . $base_id . " ";
 	if (!$include_deleted) {
 		$q.= "AND DelUsersID IS NULL ";
@@ -111,6 +113,65 @@ function pkgbase_add_comment($base_id, $uid, $comment) {
 }
 
 /**
+ * Get all pinned package comment information for a specific package base
+ *
+ * @param int $base_id The package base ID to get comments for
+ * @param int $limit Maximum number of comments to return (0 means unlimited)
+ * @param bool $include_deleted True if deleted comments should be included
+ *
+ * @return array Pinned package comment information for specific package base
+ */
+function pkgbase_pinned_comments($base_id, $limit, $include_deleted) {
+	$base_id = intval($base_id);
+	$limit = intval($limit);
+	if (!$base_id) {
+		return null;
+	}
+
+	$dbh = DB::connect();
+	$q = "SELECT PackageComments.ID, A.UserName AS UserName, UsersID, Comments, ";
+	$q.= "CommentTS, EditedTS, B.UserName AS EditUserName, ";
+	$q.= "DelUsersID, C.UserName AS DelUserName FROM PackageComments ";
+	$q.= "LEFT JOIN Users A ON PackageComments.UsersID = A.ID ";
+	$q.= "LEFT JOIN Users B ON PackageComments.EditedUsersID = B.ID ";
+	$q.= "LEFT JOIN Users C ON PackageComments.DelUsersID = C.ID ";
+	$q.= "WHERE PackageBaseID = " . $base_id . " ";
+	$q.= "AND PinnedUsersID IS NOT NULL ";
+	
+	if (!$include_deleted) {
+		$q.= "AND DelUsersID IS NULL ";
+	}
+	$q.= "ORDER BY CommentTS DESC";
+	if ($limit > 0) {
+		$q.=" LIMIT " . $limit;
+	}
+	$result = $dbh->query($q);
+	if (!$result) {
+		return null;
+	}
+
+	return $result->fetchAll();
+}
+
+/**
+ * Display pinned comments before the other comments on a package page
+ *
+ * @param string $base_id The package base ID to add the comment on
+ * @param string $uid The user ID of the individual who pinned the comment
+ * @param string $comment_id The comment id to be pinned
+ *
+ * @return void
+ */
+function pkgbase_disp_pin_comment($base_id, $uid, $comment_id) {
+	$dbh = DB::connect();
+	
+	$q = "UPDATE PackageComments ";
+	$q.= "SET PinnedTS = UNIXTIMESTAMP()), PinnedUsersID=" . $uid . " ";
+	$q.= "WHERE ID = " . intval($comment_id);
+	$dbh->exec($q);
+}
+
+/**
  * Get a list of all packages a logged-in user has voted for
  *
  * @param string $sid The session ID of the visitor
@@ -906,6 +967,66 @@ function pkgbase_edit_comment($comment) {
 }
 
 /**
+ * Pin a package comment
+ * 
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_pin_comment() {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
+		return array(false, __("You must be logged in before you can edit package information."));
+	}
+	
+	if (isset($_POST["comment_id"])) {
+		$comment_id = $_POST["comment_id"];
+	} else {
+		return array(false, __("Missing comment ID."));
+	}
+	
+	$dbh = DB::connect();
+	if (can_pin_comment($comment_id)) {
+		$q = "UPDATE PackageComments ";
+		$q.= "SET PinnedUsersID = ".$uid.", ";
+		$q.= "PinnedTS = UNIX_TIMESTAMP() ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been pinned."));
+	} else {
+		return array(false, __("You are not allowed to pin this comment."));
+	}
+}
+
+/**
+ * Unpin a package comment
+ * 
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_unpin_comment() {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
+		return array(false, __("You must be logged in before you can edit package information."));
+	}
+	
+	if (isset($_POST["comment_id"])) {
+		$comment_id = $_POST["comment_id"];
+	} else {
+		return array(false, __("Missing comment ID."));
+	}
+	
+	$dbh = DB::connect();
+	if (can_pin_comment($comment_id)) {
+		$q = "UPDATE PackageComments ";
+		$q.= "SET PinnedUsersID = NULL, ";
+		$q.= "PinnedTS = UNIX_TIMESTAMP() ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been unpinned."));
+	} else {
+		return array(false, __("You are not allowed to unpin this comment."));
+	}
+}
+
+/**
  * Get a list of package base keywords
  *
  * @param int $base_id The package base ID to retrieve the keywords for
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index cedc360..8e8f5d2 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -83,6 +83,60 @@ function can_edit_comment_array($comment) {
 }
 
 /**
+ * Determine if the user can pin a specific package comment
+ *
+ * Only the Package Maintainer, Trusted Users, and Developers can pin
+ * comments. This function is used for the backend side of comment pinning.
+ * 
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can pin the comment, otherwise false
+ */
+function can_pin_comment($comment_id=0) {
+    $dbh = DB::connect();
+    
+    $q = "SELECT MaintainerUID FROM PackageBases AS pb ";
+    $q.= "LEFT JOIN PackageComments AS pc ON pb.ID = pc.PackageBaseID ";
+    $q.= "WHERE pc.ID = " . intval($comment_id);
+    $result = $dbh->query($q);
+    
+    if (!$result) {
+        return false;
+    }
+    
+    $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+    
+    return has_credential(CRED_COMMENT_PIN, array($uid));
+}
+
+/**
+ * Determine if the user can edit a specific package comment using an array
+ *
+ * Only the Package Maintainer, Trusted Users, and Developers can pin
+ * comments. This function is used for the frontend side of comment pinning.
+ *
+ * @param array $comment All database information relating a specific comment
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_pin_comment_array($comment) {
+    $dbh = DB::connect();
+    
+    $q = "SELECT MaintainerUID FROM PackageBases AS pb ";
+    $q.= "LEFT JOIN PackageComments AS pc ON pb.ID = pc.PackageBaseID ";
+    $q.= "WHERE pc.ID = " . intval($comment['ID']);
+    $result = $dbh->query($q);
+    
+    if (!$result) {
+        return false;
+    }
+    
+    $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+    return has_credential(CRED_COMMENT_PIN, array($uid));
+}
+
+/**
  * Check to see if the package name already exists in the database
  *
  * @param string $name The package name to check
-- 
2.6.2
