|
9 | 9 | use \BNETDocs\Libraries\Exceptions\CommentNotFoundException; |
10 | 10 | use \BNETDocs\Libraries\Logger; |
11 | 11 | use \BNETDocs\Libraries\User; |
| 12 | + |
12 | 13 | use \BNETDocs\Models\Comment\Edit as CommentEditModel; |
13 | 14 |
|
14 | 15 | use \CarlBennett\MVC\Libraries\Common; |
15 | 16 | use \CarlBennett\MVC\Libraries\Controller; |
| 17 | +use \CarlBennett\MVC\Libraries\Exceptions\QueryException; |
16 | 18 | use \CarlBennett\MVC\Libraries\Router; |
17 | 19 | use \CarlBennett\MVC\Libraries\View; |
18 | 20 |
|
| 21 | +use \DateTime; |
| 22 | +use \DateTimeZone; |
19 | 23 | use \InvalidArgumentException; |
20 | 24 | use \UnexpectedValueException; |
21 | 25 |
|
22 | 26 | class Edit extends Controller { |
| 27 | + public function &run( Router &$router, View &$view, array &$args ) { |
| 28 | + |
| 29 | + $query_data = $router->getRequestQueryArray(); |
| 30 | + $post_data = $router->getRequestBodyArray(); |
| 31 | + |
| 32 | + $model = new CommentEditModel(); |
| 33 | + |
| 34 | + $model->csrf_id = mt_rand(); |
| 35 | + $model->csrf_token = CSRF::generate( $model->csrf_id ); |
| 36 | + $model->user = Authentication::$user; |
| 37 | + |
| 38 | + $model->id = ( |
| 39 | + isset( $query_data[ 'id' ]) ? $query_data[ 'id' ] : null |
| 40 | + ); |
| 41 | + $model->content = ( |
| 42 | + isset( $post_data[ 'content' ]) ? $post_data[ 'content' ] : null |
| 43 | + ); |
| 44 | + |
| 45 | + try { $model->comment = new Comment( $model->id ); } |
| 46 | + catch ( CommentNotFoundException $e ) { $model->comment = null; } |
| 47 | + catch ( InvalidArgumentException $e ) { $model->comment = null; } |
23 | 48 |
|
24 | | - public function &run(Router &$router, View &$view, array &$args) { |
25 | | - |
26 | | - $data = $router->getRequestQueryArray(); |
27 | | - $model = new CommentEditModel(); |
28 | | - $model->comment = null; |
29 | | - $model->csrf_id = mt_rand(); |
30 | | - $model->csrf_token = CSRF::generate($model->csrf_id); |
31 | | - $model->error = null; |
32 | | - $model->id = (isset($data["id"]) ? $data["id"] : null); |
33 | | - $model->parent_id = null; |
34 | | - $model->parent_type = null; |
35 | | - $model->user = Authentication::$user; |
36 | | - |
37 | | - try { $model->comment = new Comment($model->id); } |
38 | | - catch (CommentNotFoundException $e) { $model->comment = null; } |
39 | | - catch (InvalidArgumentException $e) { $model->comment = null; } |
40 | | - |
41 | | - $model->acl_allowed = ($model->user && ( |
42 | | - $model->user->getAcl(User::OPTION_ACL_COMMENT_DELETE) || |
| 49 | + $model->acl_allowed = ( $model->user && ( |
| 50 | + $model->user->getAcl( User::OPTION_ACL_COMMENT_MODIFY ) || |
43 | 51 | $model->user->getId() == $model->comment->getUserId() |
44 | 52 | )); |
45 | 53 |
|
46 | | - if ($model->comment === null) { |
47 | | - $model->error = "NOT_FOUND"; |
| 54 | + if ( is_null( $model->comment )) { |
| 55 | + $model->error = 'NOT_FOUND'; |
48 | 56 | } else { |
49 | | - $model->content = $model->comment->getContent(true); |
| 57 | + if ( is_null( $model->content )) { |
| 58 | + $model->content = $model->comment->getContent( false ); |
| 59 | + } |
| 60 | + |
50 | 61 | $model->parent_type = $model->comment->getParentType(); |
51 | 62 | $model->parent_id = $model->comment->getParentId(); |
52 | 63 |
|
53 | | - if ($router->getRequestMethod() == "POST") { |
54 | | - $this->tryDelete($router, $model); |
| 64 | + switch ( $model->parent_type ) { |
| 65 | + case Comment::PARENT_TYPE_DOCUMENT: |
| 66 | + $model->return_url = '/document/' . $model->parent_id; break; |
| 67 | + case Comment::PARENT_TYPE_COMMENT: |
| 68 | + $model->return_url = '/comment/' . $model->parent_id; break; |
| 69 | + case Comment::PARENT_TYPE_NEWS_POST: |
| 70 | + $model->return_url = '/news/' . $model->parent_id; break; |
| 71 | + case Comment::PARENT_TYPE_PACKET: |
| 72 | + $model->return_url = '/packet/' . $model->parent_id; break; |
| 73 | + case Comment::PARENT_TYPE_SERVER: |
| 74 | + $model->return_url = '/server/' . $model->parent_id; break; |
| 75 | + case Comment::PARENT_TYPE_USER: |
| 76 | + $model->return_url = '/user/' . $model->parent_id; break; |
| 77 | + default: throw new UnexpectedValueException( |
| 78 | + 'Parent type: ' . $model->parent_type |
| 79 | + ); |
| 80 | + } |
| 81 | + $model->return_url = Common::relativeUrlToAbsolute( $model->return_url ); |
| 82 | + |
| 83 | + if ( $router->getRequestMethod() == 'POST' ) { |
| 84 | + $this->tryModify( $router, $model ); |
55 | 85 | } |
56 | 86 | } |
57 | 87 |
|
58 | | - $view->render($model); |
| 88 | + $view->render( $model ); |
59 | 89 |
|
60 | | - $model->_responseCode = ($model->acl_allowed ? 200 : 403); |
61 | | - $model->_responseHeaders["Content-Type"] = $view->getMimeType(); |
| 90 | + $model->_responseCode = ( $model->acl_allowed ? 200 : 403 ); |
| 91 | + $model->_responseHeaders[ 'Content-Type' ] = $view->getMimeType(); |
62 | 92 | $model->_responseTTL = 0; |
63 | 93 |
|
64 | 94 | return $model; |
65 | 95 | } |
66 | 96 |
|
67 | | - protected function tryDelete(Router &$router, CommentDeleteModel &$model) { |
68 | | - if (!isset($model->user)) { |
69 | | - $model->error = "NOT_LOGGED_IN"; |
| 97 | + protected function tryModify( Router &$router, CommentEditModel &$model ) { |
| 98 | + if ( !isset( $model->user )) { |
| 99 | + $model->error = 'NOT_LOGGED_IN'; |
70 | 100 | return; |
71 | 101 | } |
72 | | - if (!$model->acl_allowed) { |
73 | | - $model->error = "ACL_NOT_SET"; |
| 102 | + if ( !$model->acl_allowed ) { |
| 103 | + $model->error = 'ACL_NOT_SET'; |
74 | 104 | return; |
75 | 105 | } |
76 | 106 |
|
77 | | - $data = $router->getRequestBodyArray(); |
78 | | - $csrf_id = (isset($data["csrf_id" ]) ? $data["csrf_id" ] : null); |
79 | | - $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null); |
80 | | - $csrf_valid = CSRF::validate($csrf_id, $csrf_token); |
| 107 | + $post_data = $router->getRequestBodyArray(); |
| 108 | + |
| 109 | + $csrf_id = ( |
| 110 | + isset( $post_data[ 'csrf_id' ]) ? $post_data[ 'csrf_id' ] : null |
| 111 | + ); |
| 112 | + $csrf_token = ( |
| 113 | + isset( $post_data[ 'csrf_token' ]) ? $post_data[ 'csrf_token' ] : null |
| 114 | + ); |
| 115 | + $csrf_valid = CSRF::validate( $csrf_id, $csrf_token ); |
81 | 116 |
|
82 | | - if (!$csrf_valid) { |
83 | | - $model->error = "INVALID_CSRF"; |
| 117 | + if ( !$csrf_valid ) { |
| 118 | + $model->error = 'INVALID_CSRF'; |
84 | 119 | return; |
85 | 120 | } |
86 | | - CSRF::invalidate($csrf_id); |
| 121 | + |
| 122 | + CSRF::invalidate( $csrf_id ); |
87 | 123 |
|
88 | 124 | $model->error = false; |
89 | 125 |
|
90 | | - $id = (int) $model->id; |
91 | | - $parent_type = (int) $model->parent_type; |
92 | | - $parent_id = (int) $model->parent_id; |
93 | | - $user_id = $model->user->getId(); |
| 126 | + $id = (int) $model->id; |
| 127 | + $parent_type = (int) $model->parent_type; |
| 128 | + $parent_id = (int) $model->parent_id; |
| 129 | + $user_id = $model->user->getId(); |
94 | 130 |
|
95 | 131 | $log_key = null; |
96 | | - switch ($parent_type) { |
| 132 | + switch ( $parent_type ) { |
97 | 133 | case Comment::PARENT_TYPE_DOCUMENT: |
98 | | - $log_key = EventTypes::COMMENT_DELETED_DOCUMENT; break; |
| 134 | + $log_key = EventTypes::COMMENT_EDITED_DOCUMENT; break; |
99 | 135 | case Comment::PARENT_TYPE_COMMENT: |
100 | | - $log_key = EventTypes::COMMENT_DELETED_COMMENT; break; |
| 136 | + $log_key = EventTypes::COMMENT_EDITED_COMMENT; break; |
101 | 137 | case Comment::PARENT_TYPE_NEWS_POST: |
102 | | - $log_key = EventTypes::COMMENT_DELETED_NEWS; break; |
| 138 | + $log_key = EventTypes::COMMENT_EDITED_NEWS; break; |
103 | 139 | case Comment::PARENT_TYPE_PACKET: |
104 | | - $log_key = EventTypes::COMMENT_DELETED_PACKET; break; |
| 140 | + $log_key = EventTypes::COMMENT_EDITED_PACKET; break; |
105 | 141 | case Comment::PARENT_TYPE_SERVER: |
106 | | - $log_key = EventTypes::COMMENT_DELETED_SERVER; break; |
| 142 | + $log_key = EventTypes::COMMENT_EDITED_SERVER; break; |
107 | 143 | case Comment::PARENT_TYPE_USER: |
108 | | - $log_key = EventTypes::COMMENT_DELETED_USER; break; |
| 144 | + $log_key = EventTypes::COMMENT_EDITED_USER; break; |
109 | 145 | default: throw new UnexpectedValueException( |
110 | 146 | 'Parent type: ' . $parent_type |
111 | 147 | ); |
112 | 148 | } |
113 | 149 |
|
114 | 150 | try { |
115 | 151 |
|
116 | | - $success = Comment::delete($id, $parent_type, $parent_id); |
| 152 | + $model->comment->setContent( $model->content ); |
| 153 | + $model->comment->setEditedCount( $model->comment->getEditedCount() + 1 ); |
| 154 | + $model->comment->setEditedDateTime( |
| 155 | + new DateTime( 'now', new DateTimeZone( 'Etc/UTC' )) |
| 156 | + ); |
| 157 | + |
| 158 | + $success = $model->comment->save(); |
117 | 159 |
|
118 | | - } catch (QueryException $e) { |
| 160 | + } catch ( QueryException $e ) { |
119 | 161 |
|
120 | 162 | // SQL error occurred. We can show a friendly message to the user while |
121 | 163 | // also notifying this problem to staff. |
122 | | - Logger::logException($e); |
| 164 | + Logger::logException( $e ); |
123 | 165 |
|
124 | 166 | $success = false; |
125 | 167 |
|
126 | 168 | } |
127 | 169 |
|
128 | | - if (!$success) { |
129 | | - $model->error = "INTERNAL_ERROR"; |
| 170 | + if ( !$success ) { |
| 171 | + $model->error = 'INTERNAL_ERROR'; |
130 | 172 | } else { |
131 | 173 | $model->error = false; |
132 | 174 | } |
133 | 175 |
|
134 | 176 | Logger::logEvent( |
135 | 177 | $log_key, |
136 | 178 | $user_id, |
137 | | - getenv("REMOTE_ADDR"), |
| 179 | + getenv( 'REMOTE_ADDR' ), |
138 | 180 | json_encode([ |
139 | | - "error" => $model->error, |
140 | | - "comment_id" => $id, |
141 | | - "parent_type" => $parent_type, |
142 | | - "parent_id" => $parent_id |
| 181 | + 'error' => $model->error, |
| 182 | + 'comment_id' => $id, |
| 183 | + 'content' => $model->content, |
| 184 | + 'parent_type' => $parent_type, |
| 185 | + 'parent_id' => $parent_id |
143 | 186 | ]) |
144 | 187 | ); |
145 | 188 | } |
146 | | - |
147 | 189 | } |
0 commit comments