Implements FS#34690. Also, when deleting a comment, a timestamp is
added (so, in the future, the page could display something like:
"Edited/Deleted <TS> by <Name>").
---
schema/aur-schema.sql | 2 ++
web/html/pkgbase.php | 2 ++
web/lib/pkgbasefuncs.inc.php | 34 +++++++++++++++++++++++++++++++++-
web/lib/pkgfuncs.inc.php | 26 ++++++++++++++++++++++++++
4 files changed, 63 insertions(+), 1 deletion(-)
diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 594a804..3aef7a3 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -254,6 +254,8 @@ CREATE TABLE PackageComments (
UsersID INTEGER UNSIGNED NULL DEFAULT NULL,
Comments TEXT NOT NULL DEFAULT '',
CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
+ EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+ EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
PRIMARY KEY (ID),
INDEX (UsersID),
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 51eb4b1..018cfca 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -112,6 +112,8 @@ if (check_token()) {
} else {
$ret = false; /* Bogus input. This shouldn't happen,
unless the site is under attack. */
}
+ } elseif (current_action("do_EditComment")) {
+ list($ret, $output) =
pkgbase_edit_comment($_REQUEST['comment']);
}
if ($ret) {
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index cff25c4..b7bef2c 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -849,7 +849,8 @@ function pkgbase_delete_comment() {
$dbh = DB::connect();
if (can_delete_comment($comment_id)) {
$q = "UPDATE PackageComments ";
- $q.= "SET DelUsersID = ".$uid." ";
+ $q.= "SET DelUsersID = ".$uid.", ";
+ $q.= "EditedTS = UNIX_TIMESTAMP() ";
$q.= "WHERE ID = ".intval($comment_id);
$dbh->exec($q);
return array(true, __("Comment has been deleted."));
@@ -859,6 +860,37 @@ function pkgbase_delete_comment() {
}
/**
+ * Edit a package comment
+ *
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_edit_comment($comment) {
+ $uid = uid_from_sid($_COOKIE["AURSID"]);
+ if (!$uid) {
+ return array(false, __("You must be logged in before you can
edit package information."));
+ }
+
+ if (isset($_POST["comment_id"])) {
+ $comment_id = $_POST["comment_id"];
+ } else {
+ return array(false, __("Missing comment ID."));
+ }
+
+ $dbh = DB::connect();
+ if (can_edit_comment($comment_id)) {
+ $q = "UPDATE PackageComments ";
+ $q.= "SET EditedUsersID = ".$uid.", ";
+ $q.= "Comments = ".$dbh->quote($comment).", ";
+ $q.= "EditedTS = UNIX_TIMESTAMP() ";
+ $q.= "WHERE ID = ".intval($comment_id);
+ $dbh->exec($q);
+ return array(true, __("Comment has been edited."));
+ } else {
+ return array(false, __("You are not allowed to edit this
comment."));
+ }
+}
+
+/**
* Get a list of package base keywords
*
* @param int $base_id The package base ID to retrieve the keywords for
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 7cb2ffc..de57c3e 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -43,6 +43,32 @@ function can_delete_comment_array($comment) {
}
/**
+ * Determine if the user can edit a specific package comment
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the backend side of comment editing.
+ *
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment($comment_id=0) {
+ $dbh = DB::connect();
+
+ $q = "SELECT UsersID FROM PackageComments ";
+ $q.= "WHERE ID = " . intval($comment_id);
+ $result = $dbh->query($q);
+
+ if (!$result) {
+ return false;
+ }
+
+ $uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+ return has_credential(CRED_COMMENT_EDIT, array($uid));
+}
+
+/**
* Determine if the user can edit a specific package comment using an array
*
* Only the comment submitter, Trusted Users, and Developers can edit
--
2.4.5
