Add comment edit icon and form

Show an icon next to the comment deletion icon, which leads to a
comment edit form.

Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

web/html/commentedit.php

@@ -0,0 +1,21 @@
+<?php
+
+set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
+
+include_once("aur.inc.php");
+include_once("pkgbasefuncs.inc.php");
+
+set_lang();
+check_sid();
+
+$comment_id = intval($_REQUEST['comment_id']);
+list($user_id, $comment) = comment_by_id($comment_id);
+
+if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array($user_id)) || is_null($comment)) {
+	header('Location: /');
+	exit();
+}
+
+html_header(__("Edit comment"));
+include('pkg_comment_form.php');
+html_footer(AURWEB_VERSION);

web/html/css/aurweb.css

@@ -96,17 +96,24 @@
 	color: #999;
 }
 
-.delete-comment-form {
+.delete-comment-form, .edit-comment {
 	float: right;
+	margin-left: 8px;
 }
 
-.delete-comment {
+.edit-comment {
+	height: 11px;
+	position: relative;
+	top: 1px;
+}
+
+.delete-comment, .edit-comment {
 	-webkit-filter: grayscale(100%);
 	filter: grayscale(100%);
 	opacity: 0.6;
 }
 
-.delete-comment:hover {
+.delete-comment:hover, .edit-comment:hover {
 	-webkit-filter: none;
 	filter: none;
 	opacity: 1;

web/html/images/pencil.min.svg

@@ -0,0 +1,3 @@
+<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="8" width="8" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" viewBox="0 0 8 8">
+<path fill="#36a" d="m6 0l-1 1 2 2 1-1-2-2zm-2 2l-4 4v2h2l4-4-2-2z"/>
+</svg>

web/html/images/pencil.svg

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="8"
+   height="8"
+   viewBox="0 0 8 8"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="pencil-arch.svg">
+  <metadata
+     id="metadata10">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <defs
+     id="defs8" />
+  <sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="659"
+     inkscape:window-height="480"
+     id="namedview6"
+     showgrid="false"
+     inkscape:zoom="29.5"
+     inkscape:cx="4"
+     inkscape:cy="4"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="svg2" />
+  <path
+     d="M6 0l-1 1 2 2 1-1-2-2zm-2 2l-4 4v2h2l4-4-2-2z"
+     id="path4"
+     style="fill:#3366aa;fill-opacity:1" />
+</svg>

web/html/index.php

@@ -89,6 +89,9 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 			case "comaintainers":
 				include('comaintainers.php');
 				return;
+			case "edit-comment":
+				include('commentedit.php');
+				return;
 			default:
 				header("HTTP/1.0 404 Not Found");
 				include "./404.php";
@@ -174,6 +177,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 		readfile("./$path");
 		break;
 	case "/images/x.min.svg":
+	case "/images/pencil.min.svg":
 		header("Content-Type: image/svg+xml");
 		readfile("./$path");
 		break;

web/html/pkgbase.php

@@ -104,9 +104,7 @@ if (check_token()) {
 		list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']);
 	} elseif (current_action("do_EditComaintainers")) {
 		list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users']));
-	}
+	} elseif (current_action("do_AddComment")) {
-
-	if (isset($_REQUEST['comment'])) {
 		$uid = uid_from_sid($_COOKIE["AURSID"]);
 		pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']);
 		$ret = true;

web/lib/aur.inc.php

@@ -576,6 +576,25 @@ function salted_hash($passwd, $salt) {
 	return md5($salt . $passwd);
 }
 
+/**
+ * Get a package comment
+ *
+ * @param  int $comment_id The ID of the comment
+ *
+ * @return array The user ID and comment OR null, null in case of an error
+ */
+function comment_by_id($comment_id) {
+	$dbh = DB::connect();
+	$q = "SELECT UsersID, Comments FROM PackageComments ";
+	$q.= "WHERE ID = " . intval($comment_id);
+	$result = $dbh->query($q);
+	if (!$result) {
+		return array(null, null);
+	}
+
+	return $result->fetch(PDO::FETCH_NUM);
+}
+
 /**
  * Process submitted comments so any links can be followed
  *

web/lib/credentials.inc.php

@@ -7,6 +7,7 @@ define("CRED_ACCOUNT_LAST_LOGIN", 4);
 define("CRED_ACCOUNT_SEARCH", 5);
 define("CRED_COMMENT_DELETE", 6);
 define("CRED_COMMENT_VIEW_DELETED", 22);
+define("CRED_COMMENT_EDIT", 25);
 define("CRED_PKGBASE_ADOPT", 7);
 define("CRED_PKGBASE_SET_KEYWORDS", 8);
 define("CRED_PKGBASE_DELETE", 9);
@@ -58,6 +59,7 @@ function has_credential($credential, $approved_users=array()) {
 	case CRED_ACCOUNT_SEARCH:
 	case CRED_COMMENT_DELETE:
 	case CRED_COMMENT_VIEW_DELETED:
+	case CRED_COMMENT_EDIT:
 	case CRED_PKGBASE_ADOPT:
 	case CRED_PKGBASE_SET_KEYWORDS:
 	case CRED_PKGBASE_DELETE:

web/lib/pkgfuncs.inc.php

@@ -42,6 +42,20 @@ function can_delete_comment_array($comment) {
 	return has_credential(CRED_COMMENT_DELETE, array($comment['UsersID']));
 }
 
+/**
+ * Determine if the user can edit a specific package comment using an array
+ *
+ * Only the comment submitter, Trusted Users, and Developers can edit
+ * comments. This function is used for the frontend side of comment editing.
+ *
+ * @param array $comment All database information relating a specific comment
+ *
+ * @return bool True if the user can edit the comment, otherwise false
+ */
+function can_edit_comment_array($comment) {
+	return has_credential(CRED_COMMENT_EDIT, array($comment['UsersID']));
+}
+
 /**
  * Check to see if the package name already exists in the database
  *

web/template/pkg_comment_form.php

@@ -1,5 +1,5 @@
 <div id="generic-form" class="box">
-	<h2><?= __("Add Comment"); ?></h2>
+	<h2><?= (isset($comment_id)) ? __('Edit comment for: %s', htmlspecialchars($pkgbase_name)) : __("Add Comment"); ?></h2>
 	<form action="<?= get_pkgbase_uri($pkgbase_name) ?>" method="post">
 		<fieldset>
 <?php
@@ -8,14 +8,18 @@ if (isset($_REQUEST['comment']) && check_token()) {
 }
 ?>
 			<div>
+				<input type="hidden" name="action" value="<?= (isset($comment_id)) ? "do_EditComment" : "do_AddComment" ?>" />
 				<input type="hidden" name="ID" value="<?= intval($base_id) ?>" />
+				<?php if (isset($comment_id)): ?>
+				<input type="hidden" name="comment_id" value="<?= $comment_id ?>" />
+				<?php endif; ?>
 				<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
 			</div>
 			<p>
-				<textarea id="id_comment" name="comment" cols="80" rows="10"></textarea>
+				<textarea id="id_comment" name="comment" cols="80" rows="10"><?= (isset($comment_id)) ? htmlspecialchars($comment) : "" ?></textarea>
 			</p>
 			<p>
-				<input type="submit" value="<?= __("Add Comment") ?>" />
+				<input type="submit" value="<?= (isset($comment_id)) ? __("Save") : __("Add Comment") ?>" />
 			</p>
 		</fieldset>
 	</form>

web/template/pkg_comments.php

@@ -39,6 +39,9 @@ $count = pkgbase_comments_count($base_id, $include_deleted);
 					</fieldset>
 				</form>
 			<?php endif; ?>
+			<?php if (!$row['DelUsersID'] && can_edit_comment_array($row)): ?>
+			<a href="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name) . 'edit-comment/?comment_id=' . $row['ID'], ENT_QUOTES) ?>" class="edit-comment" title="<?= __('Edit comment') ?>"><img src="/images/pencil.min.svg" alt="<?= __('Edit comment') ?>" width="11" height="11"></a>
+			<?php endif; ?>
 		</h4>
 		<div class="article-content<?php if ($row['DelUsersID']): ?> comment-deleted<?php endif; ?>">
 			<p>