Comment edit work in progress

carlbennett · carlbennett · commit 881f00cb3a66 · 2018-10-24T17:48:36.000Z
diff --git a/src/controllers/Comment/Edit.php b/src/controllers/Comment/Edit.php
@@ -0,0 +1,147 @@
+<?php
+
+namespace BNETDocs\Controllers\Comment;
+
+use \BNETDocs\Libraries\Authentication;
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Comment;
+use \BNETDocs\Libraries\EventTypes;
+use \BNETDocs\Libraries\Exceptions\CommentNotFoundException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\User;
+use \BNETDocs\Models\Comment\Edit as CommentEditModel;
+
+use \CarlBennett\MVC\Libraries\Common;
+use \CarlBennett\MVC\Libraries\Controller;
+use \CarlBennett\MVC\Libraries\Router;
+use \CarlBennett\MVC\Libraries\View;
+
+use \InvalidArgumentException;
+use \UnexpectedValueException;
+
+class Edit extends Controller {
+
+  public function &run(Router &$router, View &$view, array &$args) {
+
+    $data                = $router->getRequestQueryArray();
+    $model               = new CommentEditModel();
+    $model->comment      = null;
+    $model->csrf_id      = mt_rand();
+    $model->csrf_token   = CSRF::generate($model->csrf_id);
+    $model->error        = null;
+    $model->id           = (isset($data["id"]) ? $data["id"] : null);
+    $model->parent_id    = null;
+    $model->parent_type  = null;
+    $model->user         = Authentication::$user;
+
+    try { $model->comment = new Comment($model->id); }
+    catch (CommentNotFoundException $e) { $model->comment = null; }
+    catch (InvalidArgumentException $e) { $model->comment = null; }
+
+    $model->acl_allowed = ($model->user && (
+      $model->user->getAcl(User::OPTION_ACL_COMMENT_DELETE) ||
+      $model->user->getId() == $model->comment->getUserId()
+    ));
+
+    if ($model->comment === null) {
+      $model->error = "NOT_FOUND";
+    } else {
+      $model->content     = $model->comment->getContent(true);
+      $model->parent_type = $model->comment->getParentType();
+      $model->parent_id   = $model->comment->getParentId();
+
+      if ($router->getRequestMethod() == "POST") {
+        $this->tryDelete($router, $model);
+      }
+    }
+
+    $view->render($model);
+
+    $model->_responseCode = ($model->acl_allowed ? 200 : 403);
+    $model->_responseHeaders["Content-Type"] = $view->getMimeType();
+    $model->_responseTTL = 0;
+
+    return $model;
+  }
+
+  protected function tryDelete(Router &$router, CommentDeleteModel &$model) {
+    if (!isset($model->user)) {
+      $model->error = "NOT_LOGGED_IN";
+      return;
+    }
+    if (!$model->acl_allowed) {
+      $model->error = "ACL_NOT_SET";
+      return;
+    }
+
+    $data       = $router->getRequestBodyArray();
+    $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
+    $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
+    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
+
+    if (!$csrf_valid) {
+      $model->error = "INVALID_CSRF";
+      return;
+    }
+    CSRF::invalidate($csrf_id);
+
+    $model->error = false;
+
+    $id           = (int) $model->id;
+    $parent_type  = (int) $model->parent_type;
+    $parent_id    = (int) $model->parent_id;
+    $user_id      = $model->user->getId();
+
+    $log_key = null;
+    switch ($parent_type) {
+      case Comment::PARENT_TYPE_DOCUMENT:
+        $log_key = EventTypes::COMMENT_DELETED_DOCUMENT; break;
+      case Comment::PARENT_TYPE_COMMENT:
+        $log_key = EventTypes::COMMENT_DELETED_COMMENT; break;
+      case Comment::PARENT_TYPE_NEWS_POST:
+        $log_key = EventTypes::COMMENT_DELETED_NEWS; break;
+      case Comment::PARENT_TYPE_PACKET:
+        $log_key = EventTypes::COMMENT_DELETED_PACKET; break;
+      case Comment::PARENT_TYPE_SERVER:
+        $log_key = EventTypes::COMMENT_DELETED_SERVER; break;
+      case Comment::PARENT_TYPE_USER:
+        $log_key = EventTypes::COMMENT_DELETED_USER; break;
+      default: throw new UnexpectedValueException(
+        'Parent type: ' . $parent_type
+      );
+    }
+
+    try {
+
+      $success = Comment::delete($id, $parent_type, $parent_id);
+
+    } catch (QueryException $e) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException($e);
+
+      $success = false;
+
+    }
+
+    if (!$success) {
+      $model->error = "INTERNAL_ERROR";
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      $log_key,
+      $user_id,
+      getenv("REMOTE_ADDR"),
+      json_encode([
+        "error"       => $model->error,
+        "comment_id"  => $id,
+        "parent_type" => $parent_type,
+        "parent_id"   => $parent_id
+      ])
+    );
+  }
+
+}
diff --git a/src/models/Comment/Edit.php b/src/models/Comment/Edit.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace BNETDocs\Models\Comment;
+
+use \CarlBennett\MVC\Libraries\Model;
+
+class Edit extends Model {
+
+  public $acl_allowed;
+  public $comment;
+  public $csrf_id;
+  public $csrf_token;
+  public $error;
+  public $id;
+  public $parent_id;
+  public $parent_type;
+  public $user;
+
+}
diff --git a/src/templates/Comment/Edit.phtml b/src/templates/Comment/Edit.phtml
@@ -0,0 +1,87 @@
+<?php
+
+namespace BNETDocs\Templates\Comment;
+
+use \CarlBennett\MVC\Libraries\Pair;
+
+$title       = "Edit Comment";
+$description = "This form allows an individual to edit a comment.";
+
+$this->opengraph->attach(new Pair("url", "/comment/edit"));
+$this->opengraph->attach(new Pair("type", "article"));
+
+switch ($this->getContext()->error) {
+  case "ACL_NOT_SET":
+    $message = "You do not have the privilege to edit this comment.";
+    break;
+  case "NOT_FOUND":
+    $message = "Cannot find comment by that id.";
+    break;
+  case "NOT_LOGGED_IN":
+    $message = "You must be logged in to edit comments.";
+    break;
+  case "INVALID_CSRF":
+    $message = "The Cross-Site Request Forgery token was invalid. Either the "
+      . "edit comment form expired, or this may have been a malicious "
+      . "attempt to edit a comment.";
+    break;
+  case "INTERNAL_ERROR":
+    $message = "An internal error occurred while processing your request. "
+      . "Our staff has been notified of the issue. Try again later.";
+    break;
+  default:
+    $message = $this->getContext()->error;
+}
+
+$c = $this->getContext()->comment;
+if ($c) {
+  $c_id          = $c->getId();
+  $c_user        = $c->getUser();
+  $c_user_id     = $c->getUserId();
+  $c_user_name   = $c_user->getName();
+  $c_user_url    = $c_user->getURI();
+  $c_user_avatar = $c_user->getAvatarURI(22);
+}
+
+$this->additional_css[] = "/a/comments.css";
+$this->additional_css[] = "/a/forms.css";
+require("./header.inc.phtml");
+?>
+      <article>
+<?php if (is_null($this->getContext()->error) && !is_null($c)) { ?>
+        <header>Edit Comment</header>
+        <form method="POST">
+          <input type="hidden" name="comment_id" value="<?php echo $c_id; ?>"/>
+          <input type="hidden" name="csrf_id" value="<?php echo $this->getContext()->csrf_id; ?>"/>
+          <input type="hidden" name="csrf_token" value="<?php echo $this->getContext()->csrf_token; ?>"/>
+          <section>
+            <table class="comments"><tbody>
+              <tr><td><a href="<?php echo $c_user_url; ?>"><img class="avatar" src="<?php echo $c_user_avatar; ?>"/> <?php echo filter_var($c_user_name, FILTER_SANITIZE_STRING); ?></a><br/><time class="comment_timestamp" datetime="<?php echo $c->getCreatedDateTime()->format("c"); ?>"><?php echo $c->getCreatedDateTime()->format("D M j, Y g:ia T"); ?></time></td><td><textarea id="comment-content" name="content" cols="80" rows="5"><?php echo $c->getContent(false); ?></textarea></td></tr>
+            </tbody></table><hr/>
+            <p>
+              <input class="float-right bg-green" type="submit" value="Edit Comment" tabindex="2" autofocus="autofocus"/>
+              <a class="button button-bg-red" href="javascript:history.go(-1);" id="cancel-btn">Cancel</a>
+            </p>
+            <script type="text/javascript">
+              if (history.length == 1) {
+                document.getElementById('cancel-btn').className += ' button-disabled';
+              }
+            </script>
+          </section>
+        </form>
+<?php } else if ($this->getContext()->error === false) { ?>
+        <header class="green">Comment Edited</header>
+        <section class="green">
+          <p>You have successfully edited the comment!</p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } else { ?>
+        <header class="red">Edit Comment</header>
+        <section class="red">
+          <p>An error occurred while attempting to delete the comment.</p>
+          <p><?php echo $message; ?></p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } ?>
+      </article>
+<?php require("./footer.inc.phtml"); ?>
diff --git a/src/views/Comment/EditHtml.php b/src/views/Comment/EditHtml.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace BNETDocs\Views\Comment;
+
+use \BNETDocs\Models\Comment\Edit as CommentEditModel;
+
+use \CarlBennett\MVC\Libraries\Exceptions\IncorrectModelException;
+use \CarlBennett\MVC\Libraries\Model;
+use \CarlBennett\MVC\Libraries\Template;
+use \CarlBennett\MVC\Libraries\View;
+
+class EditHtml extends View {
+  public function getMimeType() {
+    return 'text/html;charset=utf-8';
+  }
+
+  public function render( Model &$model ) {
+    if ( !$model instanceof CommentEditModel ) {
+      throw new IncorrectModelException();
+    }
+    ( new Template( $model, 'Comment/Edit' ))->render();
+  }
+}
