Merge branch 'feature/comment-edit' into develop

Author: carlbennett

src/controllers/Comment/Edit.php

@@ -0,0 +1,189 @@
+<?php
+
+namespace BNETDocs\Controllers\Comment;
+
+use \BNETDocs\Libraries\Authentication;
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Comment;
+use \BNETDocs\Libraries\EventTypes;
+use \BNETDocs\Libraries\Exceptions\CommentNotFoundException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\User;
+
+use \BNETDocs\Models\Comment\Edit as CommentEditModel;
+
+use \CarlBennett\MVC\Libraries\Common;
+use \CarlBennett\MVC\Libraries\Controller;
+use \CarlBennett\MVC\Libraries\Exceptions\QueryException;
+use \CarlBennett\MVC\Libraries\Router;
+use \CarlBennett\MVC\Libraries\View;
+
+use \DateTime;
+use \DateTimeZone;
+use \InvalidArgumentException;
+use \UnexpectedValueException;
+
+class Edit extends Controller {
+  public function &run( Router &$router, View &$view, array &$args ) {
+
+    $query_data = $router->getRequestQueryArray();
+    $post_data = $router->getRequestBodyArray();
+
+    $model = new CommentEditModel();
+
+    $model->csrf_id     = mt_rand();
+    $model->csrf_token  = CSRF::generate( $model->csrf_id );
+    $model->user        = Authentication::$user;
+
+    $model->id          = (
+      isset( $query_data[ 'id' ]) ? $query_data[ 'id' ] : null
+    );
+    $model->content = (
+      isset( $post_data[ 'content' ]) ? $post_data[ 'content' ] : null
+    );
+
+    try { $model->comment = new Comment( $model->id ); }
+    catch ( CommentNotFoundException $e ) { $model->comment = null; }
+    catch ( InvalidArgumentException $e ) { $model->comment = null; }
+
+    $model->acl_allowed = ( $model->user && (
+      $model->user->getAcl( User::OPTION_ACL_COMMENT_MODIFY ) ||
+      $model->user->getId() == $model->comment->getUserId()
+    ));
+
+    if ( is_null( $model->comment )) {
+      $model->error = 'NOT_FOUND';
+    } else {
+      if ( is_null( $model->content )) {
+        $model->content = $model->comment->getContent( false );
+      }
+
+      $model->parent_type = $model->comment->getParentType();
+      $model->parent_id   = $model->comment->getParentId();
+
+      switch ( $model->parent_type ) {
+        case Comment::PARENT_TYPE_DOCUMENT:
+          $model->return_url = '/document/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_COMMENT:
+          $model->return_url = '/comment/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_NEWS_POST:
+          $model->return_url = '/news/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_PACKET:
+          $model->return_url = '/packet/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_SERVER:
+          $model->return_url = '/server/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_USER:
+          $model->return_url = '/user/' . $model->parent_id; break;
+        default: throw new UnexpectedValueException(
+          'Parent type: ' . $model->parent_type
+        );
+      }
+      $model->return_url = Common::relativeUrlToAbsolute( $model->return_url );
+
+      if ( $router->getRequestMethod() == 'POST' ) {
+        $this->tryModify( $router, $model );
+      }
+    }
+
+    $view->render( $model );
+
+    $model->_responseCode = ( $model->acl_allowed ? 200 : 403 );
+    $model->_responseHeaders[ 'Content-Type' ] = $view->getMimeType();
+    $model->_responseTTL = 0;
+
+    return $model;
+  }
+
+  protected function tryModify( Router &$router, CommentEditModel &$model ) {
+    if ( !isset( $model->user )) {
+      $model->error = 'NOT_LOGGED_IN';
+      return;
+    }
+    if ( !$model->acl_allowed ) {
+      $model->error = 'ACL_NOT_SET';
+      return;
+    }
+
+    $post_data = $router->getRequestBodyArray();
+
+    $csrf_id = (
+      isset( $post_data[ 'csrf_id' ]) ? $post_data[ 'csrf_id' ] : null
+    );
+    $csrf_token = (
+      isset( $post_data[ 'csrf_token' ]) ? $post_data[ 'csrf_token' ] : null
+    );
+    $csrf_valid = CSRF::validate( $csrf_id, $csrf_token );
+
+    if ( !$csrf_valid ) {
+      $model->error = 'INVALID_CSRF';
+      return;
+    }
+
+    CSRF::invalidate( $csrf_id );
+
+    $model->error = false;
+
+    $id          = (int) $model->id;
+    $parent_type = (int) $model->parent_type;
+    $parent_id   = (int) $model->parent_id;
+    $user_id     = $model->user->getId();
+
+    $log_key = null;
+    switch ( $parent_type ) {
+      case Comment::PARENT_TYPE_DOCUMENT:
+        $log_key = EventTypes::COMMENT_EDITED_DOCUMENT; break;
+      case Comment::PARENT_TYPE_COMMENT:
+        $log_key = EventTypes::COMMENT_EDITED_COMMENT; break;
+      case Comment::PARENT_TYPE_NEWS_POST:
+        $log_key = EventTypes::COMMENT_EDITED_NEWS; break;
+      case Comment::PARENT_TYPE_PACKET:
+        $log_key = EventTypes::COMMENT_EDITED_PACKET; break;
+      case Comment::PARENT_TYPE_SERVER:
+        $log_key = EventTypes::COMMENT_EDITED_SERVER; break;
+      case Comment::PARENT_TYPE_USER:
+        $log_key = EventTypes::COMMENT_EDITED_USER; break;
+      default: throw new UnexpectedValueException(
+        'Parent type: ' . $parent_type
+      );
+    }
+
+    try {
+
+      $model->comment->setContent( $model->content );
+      $model->comment->setEditedCount( $model->comment->getEditedCount() + 1 );
+      $model->comment->setEditedDateTime(
+        new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ))
+      );
+
+      $success = $model->comment->save();
+
+    } catch ( QueryException $e ) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException( $e );
+
+      $success = false;
+
+    }
+
+    if ( !$success ) {
+      $model->error = 'INTERNAL_ERROR';
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      $log_key,
+      $user_id,
+      getenv( 'REMOTE_ADDR' ),
+      json_encode([
+        'error'       => $model->error,
+        'comment_id'  => $id,
+        'content'     => $model->content,
+        'parent_type' => $parent_type,
+        'parent_id'   => $parent_id
+      ])
+    );
+  }
+}

src/libraries/Comment.php

@@ -19,6 +19,8 @@
 
 class Comment implements JsonSerializable {
 
+  const CACHE_TTL = 300;
+
   const PARENT_TYPE_DOCUMENT  = 0;
   const PARENT_TYPE_COMMENT   = 1;
   const PARENT_TYPE_NEWS_POST = 2;
@@ -160,11 +162,11 @@ public static function getAll($parent_type, $parent_id) {
         $ids[]     = (int) $row->id;
         $objects[] = new self($row);
         Common::$cache->set(
-          "bnetdocs-comment-" . $row->id, serialize($row), 300
+          "bnetdocs-comment-" . $row->id, serialize($row), self::CACHE_TTL
         );
       }
       $stmt->closeCursor();
-      Common::$cache->set($ck, implode(",", $ids), 300);
+      Common::$cache->set($ck, implode(",", $ids), self::CACHE_TTL);
       return $objects;
     } catch (PDOException $e) {
       throw new QueryException("Cannot refresh comment", $e);
@@ -314,12 +316,82 @@ public function refresh() {
       $this->parent_id        = $row->parent_id;
       $this->parent_type      = $row->parent_type;
       $this->user_id          = $row->user_id;
-      Common::$cache->set($ck, serialize($row), 300);
+      Common::$cache->set($ck, serialize($row), self::CACHE_TTL);
       return true;
     } catch (PDOException $e) {
       throw new QueryException("Cannot refresh comment", $e);
     }
     return false;
   }
 
+  public function save() {
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    try {
+      $stmt = Common::$database->prepare('
+        UPDATE
+          `comments`
+        SET
+          `content` = :content,
+          `created_datetime` = :created_dt,
+          `edited_count` = :edited_count,
+          `edited_datetime` = :edited_dt,
+          `parent_id` = :parent_id,
+          `parent_type` = :parent_type,
+          `user_id` = :user_id
+        WHERE
+          `id` = :id
+        LIMIT 1;
+      ');
+      $stmt->bindParam(':content', $this->content, PDO::PARAM_STR);
+      $stmt->bindParam(':created_dt', $this->created_datetime, PDO::PARAM_STR);
+      $stmt->bindParam(':edited_count', $this->edited_count, PDO::PARAM_INT);
+      $stmt->bindParam(':edited_dt', $this->edited_datetime, PDO::PARAM_STR);
+      $stmt->bindParam(':id', $this->id, PDO::PARAM_INT);
+      $stmt->bindParam(':parent_id', $this->parent_id, PDO::PARAM_INT);
+      $stmt->bindParam(':parent_type', $this->parent_type, PDO::PARAM_INT);
+      $stmt->bindParam(':user_id', $this->user_id, PDO::PARAM_INT);
+      if (!$stmt->execute()) {
+        throw new QueryException( 'Cannot save comment' );
+      }
+      $stmt->closeCursor();
+
+      $object                   = new StdClass();
+      $object->content          = $this->content;
+      $object->created_datetime = $this->created_datetime;
+      $object->edited_count     = $this->edited_count;
+      $object->edited_datetime  = $this->edited_datetime;
+      $object->id               = $this->id;
+      $object->parent_id        = $this->parent_id;
+      $object->parent_type      = $this->parent_type;
+      $object->user_id          = $this->user_id;
+
+      Common::$cache->set(
+        'bnetdocs-comment-' . $this->id, serialize( $object ), self::CACHE_TTL
+      );
+
+      Common::$cache->delete(
+        'bnetdocs-comment-' . $this->parent_type . '-' . $this->parent_id
+      );
+
+      return true;
+    } catch ( PDOException $e ) {
+      throw new QueryException( 'Cannot save comment', $e );
+    }
+    return false;
+  }
+
+  public function setContent( $value ) {
+    $this->content = $value;
+  }
+
+  public function setEditedCount( $value ) {
+    $this->edited_count = $value;
+  }
+
+  public function setEditedDateTime( \DateTime $value ) {
+    $this->edited_datetime = $value->format( 'Y-m-d H:i:s' );
+  }
+
 }

src/main.php

@@ -90,6 +90,9 @@ function main() {
     $router->addRoute( // URL: /comment/delete
       "#^/comment/delete/?$#", "Comment\\Delete", "Comment\\DeleteHtml"
     );
+    $router->addRoute( // URL: /comment/edit
+      "#^/comment/edit/?$#", "Comment\\Edit", "Comment\\EditHtml"
+    );
     $router->addRoute( // URL: /credits
       "#^/credits/?$#", "Credits", "CreditsHtml"
     );

src/models/Comment/Edit.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace BNETDocs\Models\Comment;
+
+use \CarlBennett\MVC\Libraries\Model;
+
+class Edit extends Model {
+
+  public $acl_allowed;
+  public $comment;
+  public $csrf_id;
+  public $csrf_token;
+  public $error;
+  public $id;
+  public $parent_id;
+  public $parent_type;
+  public $return_url;
+  public $user;
+
+}