Only Developers and Trusted Users can undelete comments.
Signed-off-by: Marcel Korpel <marcel.kor...@gmail.com>
---
web/html/css/aurweb.css | 9 +++++++++
web/html/pkgbase.php | 5 +++++
web/lib/credentials.inc.php | 2 ++
web/lib/pkgbasefuncs.inc.php | 31 ++++++++++++++++++++++---------
web/lib/pkgfuncs.inc.php | 12 ++++++++++++
web/template/pkg_comments.php | 11 +++++++++++
6 files changed, 61 insertions(+), 9 deletions(-)
diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css
index 92ff898..fbec643 100644
--- a/web/html/css/aurweb.css
+++ b/web/html/css/aurweb.css
@@ -106,6 +106,15 @@
margin-left: 8px;
}
+.undelete-comment-form {
+ display: inline;
+ margin-left: 8px;
+}
+
+.undelete-comment {
+ font-size: 75%;
+}
+
.edit-comment {
height: 11px;
position: relative;
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 45b8084..11fdf74 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -99,6 +99,11 @@ if (check_token()) {
list($ret, $output) = pkgbase_notify($ids, false);
} elseif (current_action("do_DeleteComment")) {
list($ret, $output) = pkgbase_delete_comment();
+ } elseif (current_action("do_UndeleteComment")) {
+ list($ret, $output) = pkgbase_delete_comment(true);
+ if ($ret && isset($_POST["comment_id"])) {
+ $fragment = '#comment-' . intval($_POST["comment_id"]);
+ }
} elseif (current_action("do_PinComment")) {
list($ret, $output) = pkgbase_pin_comment();
} elseif (current_action("do_UnpinComment")) {
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index 71bf5ff..d8698a8 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -6,6 +6,7 @@ define("CRED_ACCOUNT_EDIT_DEV", 3);
define("CRED_ACCOUNT_LAST_LOGIN", 4);
define("CRED_ACCOUNT_SEARCH", 5);
define("CRED_COMMENT_DELETE", 6);
+define("CRED_COMMENT_UNDELETE", 27);
define("CRED_COMMENT_VIEW_DELETED", 22);
define("CRED_COMMENT_EDIT", 25);
define("CRED_COMMENT_PIN", 26);
@@ -59,6 +60,7 @@ function has_credential($credential, $approved_users=array())
{
case CRED_ACCOUNT_LAST_LOGIN:
case CRED_ACCOUNT_SEARCH:
case CRED_COMMENT_DELETE:
+ case CRED_COMMENT_UNDELETE:
case CRED_COMMENT_VIEW_DELETED:
case CRED_COMMENT_EDIT:
case CRED_COMMENT_PIN:
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 2b1201d..b0854d2 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -934,7 +934,7 @@ function pkgbase_notify ($base_ids, $action=true) {
*
* @return array Tuple of success/failure indicator and error message
*/
-function pkgbase_delete_comment() {
+function pkgbase_delete_comment($undelete=false) {
$uid = uid_from_sid($_COOKIE["AURSID"]);
if (!$uid) {
return array(false, __("You must be logged in before you can
edit package information."));
@@ -947,15 +947,28 @@ function pkgbase_delete_comment() {
}
$dbh = DB::connect();
- if (can_delete_comment($comment_id)) {
- $q = "UPDATE PackageComments ";
- $q.= "SET DelUsersID = ".$uid.", ";
- $q.= "DelTS = UNIX_TIMESTAMP() ";
- $q.= "WHERE ID = ".intval($comment_id);
- $dbh->exec($q);
- return array(true, __("Comment has been deleted."));
+ if ($undelete) {
+ if (can_undelete_comment()) {
+ $q = "UPDATE PackageComments ";
+ $q.= "SET DelUsersID = NULL, ";
+ $q.= "DelTS = NULL ";
+ $q.= "WHERE ID = ".intval($comment_id);
+ $dbh->exec($q);
+ return array(true, __("Comment has been undeleted."));
+ } else {
+ return array(false, __("You are not allowed to undelete
this comment."));
+ }
} else {
- return array(false, __("You are not allowed to delete this
comment."));
+ if (can_delete_comment($comment_id)) {
+ $q = "UPDATE PackageComments ";
+ $q.= "SET DelUsersID = ".$uid.", ";
+ $q.= "DelTS = UNIX_TIMESTAMP() ";
+ $q.= "WHERE ID = ".intval($comment_id);
+ $dbh->exec($q);
+ return array(true, __("Comment has been deleted."));
+ } else {
+ return array(false, __("You are not allowed to delete
this comment."));
+ }
}
}
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index c2bbe38..4438fc4 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,18 @@ function can_delete_comment_array($comment) {
}
/**
+ * Determine if the user can undelete a specific package comment
+ *
+ * Only Trusted Users and Developers can undelete comments.
+ * This function is used for both sides of comment undeletion.
+ *
+ * @return bool True if the user can undelete the comment, otherwise false
+ */
+function can_undelete_comment() {
+ return has_credential(CRED_COMMENT_UNDELETE);
+}
+
+/**
* Determine if the user can edit a specific package comment
*
* Only the comment submitter, Trusted Users, and Developers can edit
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index d05c512..679d571 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -53,6 +53,17 @@ if (!isset($count)) {
?>
<h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?>
class="comment-deleted"<?php endif; ?>>
<?= $heading ?>
+ <?php if ($is_deleted && can_undelete_comment()): ?>
+ <form class="undelete-comment-form"
method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name),
ENT_QUOTES); ?>">
+ <fieldset style="display:inline;">
+ <input type="hidden"
name="action" value="do_UndeleteComment" />
+ <input type="hidden"
name="comment_id" value="<?= $row['ID'] ?>" />
+ <input type="hidden"
name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+ <input type="submit"
class="undelete-comment" value="<?= __('Undelete') ?>" name="submit" />
+ </fieldset>
+ </form>
+ <?php endif;?>
+
<?php if (!$is_deleted &&
can_delete_comment_array($row)): ?>
<form class="delete-comment-form" method="post"
action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>">
<fieldset style="display:inline;">
--
2.7.0
