From e331ce273cab901726983e18249e0bb3455fc463 Mon Sep 17 00:00:00 2001 From: Marcel Korpel Date: Fri, 10 Jul 2015 18:47:32 +0200 Subject: Support comment editing in the backend Create two new actions, do_AddComment and do_EditComment. When editing or deleting a comment, a timestamp is added. Signed-off-by: Marcel Korpel Signed-off-by: Lukas Fleischer --- web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++- web/lib/pkgfuncs.inc.php | 26 ++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) (limited to 'web/lib') diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 5d191ebf..1ae31665 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -830,7 +830,8 @@ function pkgbase_delete_comment() { $dbh = DB::connect(); if (can_delete_comment($comment_id)) { $q = "UPDATE PackageComments "; - $q.= "SET DelUsersID = ".$uid." "; + $q.= "SET DelUsersID = ".$uid.", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; $q.= "WHERE ID = ".intval($comment_id); $dbh->exec($q); return array(true, __("Comment has been deleted.")); @@ -839,6 +840,37 @@ function pkgbase_delete_comment() { } } +/** + * Edit a package comment + * + * @return array Tuple of success/failure indicator and error message + */ +function pkgbase_edit_comment($comment) { + $uid = uid_from_sid($_COOKIE["AURSID"]); + if (!$uid) { + return array(false, __("You must be logged in before you can edit package information.")); + } + + if (isset($_POST["comment_id"])) { + $comment_id = $_POST["comment_id"]; + } else { + return array(false, __("Missing comment ID.")); + } + + $dbh = DB::connect(); + if (can_edit_comment($comment_id)) { + $q = "UPDATE PackageComments "; + $q.= "SET EditedUsersID = ".$uid.", "; + $q.= "Comments = ".$dbh->quote($comment).", "; + $q.= "EditedTS = UNIX_TIMESTAMP() "; + $q.= "WHERE ID = ".intval($comment_id); + $dbh->exec($q); + return array(true, __("Comment has been edited.")); + } else { + return array(false, __("You are not allowed to edit this comment.")); + } +} + /** * Get a list of package base keywords * diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 7cb2ffcf..de57c3e0 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -42,6 +42,32 @@ function can_delete_comment_array($comment) { return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID'])); } +/** + * Determine if the user can edit a specific package comment + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the backend side of comment editing. + * + * @param string $comment_id The comment ID in the database + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment($comment_id=0) { + $dbh = DB::connect(); + + $q = "SELECT UsersID FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); + $result = $dbh->query($q); + + if (!$result) { + return false; + } + + $uid = $result->fetch(PDO::FETCH_COLUMN, 0); + + return has_credential(CRED_COMMENT_EDIT, array($uid)); +} + /** * Determine if the user can edit a specific package comment using an array * -- cgit v1.2.3-24-g4f1b