diff options
-rw-r--r-- | schema/aur-schema.sql | 3 | ||||
-rw-r--r-- | upgrading/4.1.0.txt | 9 | ||||
-rw-r--r-- | web/html/pkgbase.php | 2 | ||||
-rw-r--r-- | web/lib/pkgbasefuncs.inc.php | 34 | ||||
-rw-r--r-- | web/lib/pkgfuncs.inc.php | 26 |
5 files changed, 73 insertions, 1 deletions
diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql index 594a804d..444cb5ed 100644 --- a/schema/aur-schema.sql +++ b/schema/aur-schema.sql @@ -254,11 +254,14 @@ CREATE TABLE PackageComments ( UsersID INTEGER UNSIGNED NULL DEFAULT NULL, Comments TEXT NOT NULL DEFAULT '', CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0, + EditedTS BIGINT UNSIGNED NULL DEFAULT NULL, + EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL, DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL, PRIMARY KEY (ID), INDEX (UsersID), INDEX (PackageBaseID), FOREIGN KEY (UsersID) REFERENCES Users(ID) ON DELETE SET NULL, + FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL, FOREIGN KEY (DelUsersID) REFERENCES Users(ID) ON DELETE CASCADE, FOREIGN KEY (PackageBaseID) REFERENCES PackageBases(ID) ON DELETE CASCADE ) ENGINE = InnoDB; diff --git a/upgrading/4.1.0.txt b/upgrading/4.1.0.txt new file mode 100644 index 00000000..78620304 --- /dev/null +++ b/upgrading/4.1.0.txt @@ -0,0 +1,9 @@ +1. Add a timestamp for comment editing/deletion and an ID of the last user +who edited a comment: + +---- +ALTER TABLE PackageComments + ADD COLUMN EditedTS BIGINT UNSIGNED NULL DEFAULT NULL, + ADD COLUMN EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL, + ADD FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL; +---- diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index f9080290..5886f714 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -108,6 +108,8 @@ if (check_token()) { $uid = uid_from_sid($_COOKIE["AURSID"]); pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); $ret = true; + } elseif (current_action("do_EditComment")) { + list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']); } if ($ret) { diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 5d191ebf..1ae31665 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -830,7 +830,8 @@ function pkgbase_delete_comment() { $dbh = DB::connect(); if (can_delete_comment($comment_id)) { $q = "UPDATE PackageComments "; - $q.= "SET DelUsersID = ".$uid." "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); @@ -840,6 +841,37 @@ function pkgbase_delete_comment() { } /** + * Edit a package comment + * + * @return array Tuple of success/failure indicator and error message + */ +function pkgbase_edit_comment($comment) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { + return array(false, __("You must be logged in before you can edit package information.")); + } + + if (isset($_POST["comment_id"])) { + $comment_id = $_POST["comment_id"]; + } else { + return array(false, __("Missing comment ID.")); + } + + $dbh = DB::connect(); + if (can_edit_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET EditedUsersID = ".$uid.", "; + $q.= "Comments = ".$dbh->quote($comment).", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been edited.")); + } else { + return array(false, __("You are not allowed to edit this comment.")); + } +} + +/** * Get a list of package base keywords * * @param int $base_id The package base ID to retrieve the keywords for diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 7cb2ffcf..de57c3e0 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,32 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can edit a specific package comment + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the backend side of comment editing. + * + * @param string $comment_id The comment ID in the database + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment($comment_id=0) { + $dbh = DB::connect(); + + $q = "SELECT UsersID FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); + $result = $dbh->query($q); + + if (!$result) { + return false; + } + + $uid = $result->fetch(PDO::FETCH_COLUMN, 0); + + return has_credential(CRED_COMMENT_EDIT, array($uid)); +} + +/** * Determine if the user can edit a specific package comment using an array * * Only the comment submitter, Trusted Users, and Developers can edit |