Support comment editing in the backend

Create two new actions, do_AddComment and do_EditComment. When editing
or deleting a comment, a timestamp is added.

Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

schema/aur-schema.sql

@@ -254,11 +254,14 @@ CREATE TABLE PackageComments (
 	UsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	Comments TEXT NOT NULL DEFAULT '',
 	CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
+	EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+	EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
 	PRIMARY KEY (ID),
 	INDEX (UsersID),
 	INDEX (PackageBaseID),
 	FOREIGN KEY (UsersID) REFERENCES Users(ID) ON DELETE SET NULL,
+	FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL,
 	FOREIGN KEY (DelUsersID) REFERENCES Users(ID) ON DELETE CASCADE,
 	FOREIGN KEY (PackageBaseID) REFERENCES PackageBases(ID) ON DELETE CASCADE
 ) ENGINE = InnoDB;

upgrading/4.1.0.txt

@@ -0,0 +1,9 @@
+1. Add a timestamp for comment editing/deletion and an ID of the last user
+who edited a comment:
+
+----
+ALTER TABLE PackageComments
+	ADD COLUMN EditedTS BIGINT UNSIGNED NULL DEFAULT NULL,
+	ADD COLUMN EditedUsersID INTEGER UNSIGNED NULL DEFAULT NULL,
+	ADD FOREIGN KEY (EditedUsersID) REFERENCES Users(ID) ON DELETE SET NULL;
+----

web/html/pkgbase.php

@@ -108,6 +108,8 @@ if (check_token()) {
 		$uid = uid_from_sid($_COOKIE["AURSID"]);
 		pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
 		$ret = true;
+	} elseif (current_action("do_EditComment")) {
+		list($ret, $output) = pkgbase_edit_comment($_REQUEST['comment']);
 	}
 
 	if ($ret) {

web/lib/pkgbasefuncs.inc.php

@@ -830,7 +830,8 @@ function pkgbase_delete_comment() {
 	$dbh = DB::connect();
 	if (can_delete_comment($comment_id)) {
 		$q = "UPDATE PackageComments ";
-		$q.= "SET DelUsersID = ".$uid." ";
+		$q.= "SET DelUsersID = ".$uid.", ";
+		$q.= "EditedTS = UNIX_TIMESTAMP() ";
 		$q.= "WHERE ID = ".intval($comment_id);
 		$dbh->exec($q);
 		return array(true, __("Comment has been deleted."));
@@ -839,6 +840,37 @@ function pkgbase_delete_comment() {
 	}
 }
 
+/**
+ * Edit a package comment
+ *
+ * @return array Tuple of success/failure indicator and error message
+ */
+function pkgbase_edit_comment($comment) {
+	$uid = uid_from_sid($_COOKIE["AURSID"]);
+	if (!$uid) {
+		return array(false, __("You must be logged in before you can edit package information."));
+	}
+
+	if (isset($_POST["comment_id"])) {
+		$comment_id = $_POST["comment_id"];
+	} else {
+		return array(false, __("Missing comment ID."));
+	}
+
+	$dbh = DB::connect();
+	if (can_edit_comment($comment_id)) {
+		$q = "UPDATE PackageComments ";
+		$q.= "SET EditedUsersID = ".$uid.", ";
+		$q.= "Comments = ".$dbh->quote($comment).", ";
+		$q.= "EditedTS = UNIX_TIMESTAMP() ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been edited."));
+	} else {
+		return array(false, __("You are not allowed to edit this comment."));
+	}
+}
+
 /**
  * Get a list of package base keywords
  *

web/lib/pkgfuncs.inc.php

@@ -42,6 +42,32 @@ function can_delete_comment_array($comment) {
 	return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID']));
 }
 
+/**
+ * Determine if the user can edit a specific package comment
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the backend side of comment editing.
+ *
+ * @param string $comment_id The comment ID in the database
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment($comment_id=0) {
+	$dbh = DB::connect();
+
+	$q = "SELECT UsersID FROM PackageComments ";
+	$q.= "WHERE ID = " . intval($comment_id);
+	$result = $dbh->query($q);
+
+	if (!$result) {
+		return false;
+	}
+
+	$uid = $result->fetch(PDO::FETCH_COLUMN, 0);
+
+	return has_credential(CRED_COMMENT_EDIT, array($uid));
+}
+
 /**
  * Determine if the user can edit a specific package comment using an array
  *