[aur-dev] [PATCH v2] Add comment undeletion functionality

Mon Jan 18 19:28:29 UTC 2016

Only Developers and Trusted Users can undelete comments.

Signed-off-by: Marcel Korpel <marcel.korpel at gmail.com>
---
Changes from v1:
* General clean-up of code
* Placed button at the same position as the delete/edit/pin icons
* Added missing PHPDoc for parameter

 web/html/css/aurweb.css       |  6 +++++-
 web/html/pkgbase.php          |  5 +++++
 web/lib/credentials.inc.php   |  2 ++
 web/lib/pkgbasefuncs.inc.php  | 22 ++++++++++++++++++----
 web/template/pkg_comments.php | 11 +++++++++++
 5 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css
index 92ff898..526e876 100644
--- a/web/html/css/aurweb.css
+++ b/web/html/css/aurweb.css
@@ -101,11 +101,15 @@
 	color: #999;
 }
 
-.delete-comment-form, .pin-comment-form, .edit-comment {
+.delete-comment-form, .undelete-comment-form, .pin-comment-form, .edit-comment {
 	float: right;
 	margin-left: 8px;
 }
 
+.undelete-comment {
+	font-size: 75%;
+}
+
 .edit-comment {
 	height: 11px;
 	position: relative;
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 45b8084..11fdf74 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -99,6 +99,11 @@ if (check_token()) {
 		list($ret, $output) = pkgbase_notify($ids, false);
 	} elseif (current_action("do_DeleteComment")) {
 		list($ret, $output) = pkgbase_delete_comment();
+	} elseif (current_action("do_UndeleteComment")) {
+		list($ret, $output) = pkgbase_delete_comment(true);
+		if ($ret && isset($_POST["comment_id"])) {
+			$fragment = '#comment-' . intval($_POST["comment_id"]);
+		}
 	} elseif (current_action("do_PinComment")) {
 		list($ret, $output) = pkgbase_pin_comment();
 	} elseif (current_action("do_UnpinComment")) {
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index 71bf5ff..d8698a8 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -6,6 +6,7 @@ define("CRED_ACCOUNT_EDIT_DEV", 3);
 define("CRED_ACCOUNT_LAST_LOGIN", 4);
 define("CRED_ACCOUNT_SEARCH", 5);
 define("CRED_COMMENT_DELETE", 6);
+define("CRED_COMMENT_UNDELETE", 27);
 define("CRED_COMMENT_VIEW_DELETED", 22);
 define("CRED_COMMENT_EDIT", 25);
 define("CRED_COMMENT_PIN", 26);
@@ -59,6 +60,7 @@ function has_credential($credential, $approved_users=array()) {
 	case CRED_ACCOUNT_LAST_LOGIN:
 	case CRED_ACCOUNT_SEARCH:
 	case CRED_COMMENT_DELETE:
+	case CRED_COMMENT_UNDELETE:
 	case CRED_COMMENT_VIEW_DELETED:
 	case CRED_COMMENT_EDIT:
 	case CRED_COMMENT_PIN:
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 2b1201d..20f5bb4 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -932,9 +932,10 @@ function pkgbase_notify ($base_ids, $action=true) {
 /**
  * Delete a package comment
  *
+ * @param  boolean $undelete True if undeleting rather than deleting
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_delete_comment() {
+function pkgbase_delete_comment($undelete=false) {
 	$uid = uid_from_sid($_COOKIE["AURSID"]);
 	if (!$uid) {
 		return array(false, __("You must be logged in before you can edit package information."));
@@ -947,15 +948,28 @@ function pkgbase_delete_comment() {
 	}
 
 	$dbh = DB::connect();
-	if (can_delete_comment($comment_id)) {
+	if ($undelete) {
+		if (!has_credential(CRED_COMMENT_UNDELETE)) {
+			return array(false, __("You are not allowed to undelete this comment."));
+		}
+
+		$q = "UPDATE PackageComments ";
+		$q.= "SET DelUsersID = NULL, ";
+		$q.= "DelTS = NULL ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been undeleted."));
+	} else {
+		if (!can_delete_comment($comment_id)) {
+			return array(false, __("You are not allowed to delete this comment."));
+		}
+
 		$q = "UPDATE PackageComments ";
 		$q.= "SET DelUsersID = ".$uid.", ";
 		$q.= "DelTS = UNIX_TIMESTAMP() ";
 		$q.= "WHERE ID = ".intval($comment_id);
 		$dbh->exec($q);
 		return array(true, __("Comment has been deleted."));
-	} else {
-		return array(false, __("You are not allowed to delete this comment."));
 	}
 }
 
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index d05c512..3f1f728 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -53,6 +53,17 @@ if (!isset($count)) {
 		?>
 		<h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?> class="comment-deleted"<?php endif; ?>>
 			<?= $heading ?>
+			<?php if ($is_deleted && has_credential(CRED_COMMENT_UNDELETE)): ?>
+				<form class="undelete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>">
+					<fieldset style="display:inline;">
+						<input type="hidden" name="action" value="do_UndeleteComment" />
+						<input type="hidden" name="comment_id" value="<?= $row['ID'] ?>" />
+						<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+						<input type="submit" class="undelete-comment" value="<?= __('Undelete') ?>" name="submit" />
+					</fieldset>
+				</form>
+			<?php endif;?>
+
 			<?php if (!$is_deleted && can_delete_comment_array($row)): ?>
 				<form class="delete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>">
 					<fieldset style="display:inline;">
-- 
2.7.0
