Merge branch 'develop' into phoenix

Author: carlbennett

src/controllers/Comment/Edit.php

@@ -0,0 +1,189 @@
+<?php
+
+namespace BNETDocs\Controllers\Comment;
+
+use \BNETDocs\Libraries\Authentication;
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Comment;
+use \BNETDocs\Libraries\EventTypes;
+use \BNETDocs\Libraries\Exceptions\CommentNotFoundException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\User;
+
+use \BNETDocs\Models\Comment\Edit as CommentEditModel;
+
+use \CarlBennett\MVC\Libraries\Common;
+use \CarlBennett\MVC\Libraries\Controller;
+use \CarlBennett\MVC\Libraries\Exceptions\QueryException;
+use \CarlBennett\MVC\Libraries\Router;
+use \CarlBennett\MVC\Libraries\View;
+
+use \DateTime;
+use \DateTimeZone;
+use \InvalidArgumentException;
+use \UnexpectedValueException;
+
+class Edit extends Controller {
+  public function &run( Router &$router, View &$view, array &$args ) {
+
+    $query_data = $router->getRequestQueryArray();
+    $post_data = $router->getRequestBodyArray();
+
+    $model = new CommentEditModel();
+
+    $model->csrf_id     = mt_rand();
+    $model->csrf_token  = CSRF::generate( $model->csrf_id );
+    $model->user        = Authentication::$user;
+
+    $model->id          = (
+      isset( $query_data[ 'id' ]) ? $query_data[ 'id' ] : null
+    );
+    $model->content = (
+      isset( $post_data[ 'content' ]) ? $post_data[ 'content' ] : null
+    );
+
+    try { $model->comment = new Comment( $model->id ); }
+    catch ( CommentNotFoundException $e ) { $model->comment = null; }
+    catch ( InvalidArgumentException $e ) { $model->comment = null; }
+
+    $model->acl_allowed = ( $model->user && (
+      $model->user->getAcl( User::OPTION_ACL_COMMENT_MODIFY ) ||
+      $model->user->getId() == $model->comment->getUserId()
+    ));
+
+    if ( is_null( $model->comment )) {
+      $model->error = 'NOT_FOUND';
+    } else {
+      if ( is_null( $model->content )) {
+        $model->content = $model->comment->getContent( false );
+      }
+
+      $model->parent_type = $model->comment->getParentType();
+      $model->parent_id   = $model->comment->getParentId();
+
+      switch ( $model->parent_type ) {
+        case Comment::PARENT_TYPE_DOCUMENT:
+          $model->return_url = '/document/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_COMMENT:
+          $model->return_url = '/comment/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_NEWS_POST:
+          $model->return_url = '/news/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_PACKET:
+          $model->return_url = '/packet/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_SERVER:
+          $model->return_url = '/server/' . $model->parent_id; break;
+        case Comment::PARENT_TYPE_USER:
+          $model->return_url = '/user/' . $model->parent_id; break;
+        default: throw new UnexpectedValueException(
+          'Parent type: ' . $model->parent_type
+        );
+      }
+      $model->return_url = Common::relativeUrlToAbsolute( $model->return_url );
+
+      if ( $router->getRequestMethod() == 'POST' ) {
+        $this->tryModify( $router, $model );
+      }
+    }
+
+    $view->render( $model );
+
+    $model->_responseCode = ( $model->acl_allowed ? 200 : 403 );
+    $model->_responseHeaders[ 'Content-Type' ] = $view->getMimeType();
+    $model->_responseTTL = 0;
+
+    return $model;
+  }
+
+  protected function tryModify( Router &$router, CommentEditModel &$model ) {
+    if ( !isset( $model->user )) {
+      $model->error = 'NOT_LOGGED_IN';
+      return;
+    }
+    if ( !$model->acl_allowed ) {
+      $model->error = 'ACL_NOT_SET';
+      return;
+    }
+
+    $post_data = $router->getRequestBodyArray();
+
+    $csrf_id = (
+      isset( $post_data[ 'csrf_id' ]) ? $post_data[ 'csrf_id' ] : null
+    );
+    $csrf_token = (
+      isset( $post_data[ 'csrf_token' ]) ? $post_data[ 'csrf_token' ] : null
+    );
+    $csrf_valid = CSRF::validate( $csrf_id, $csrf_token );
+
+    if ( !$csrf_valid ) {
+      $model->error = 'INVALID_CSRF';
+      return;
+    }
+
+    CSRF::invalidate( $csrf_id );
+
+    $model->error = false;
+
+    $id          = (int) $model->id;
+    $parent_type = (int) $model->parent_type;
+    $parent_id   = (int) $model->parent_id;
+    $user_id     = $model->user->getId();
+
+    $log_key = null;
+    switch ( $parent_type ) {
+      case Comment::PARENT_TYPE_DOCUMENT:
+        $log_key = EventTypes::COMMENT_EDITED_DOCUMENT; break;
+      case Comment::PARENT_TYPE_COMMENT:
+        $log_key = EventTypes::COMMENT_EDITED_COMMENT; break;
+      case Comment::PARENT_TYPE_NEWS_POST:
+        $log_key = EventTypes::COMMENT_EDITED_NEWS; break;
+      case Comment::PARENT_TYPE_PACKET:
+        $log_key = EventTypes::COMMENT_EDITED_PACKET; break;
+      case Comment::PARENT_TYPE_SERVER:
+        $log_key = EventTypes::COMMENT_EDITED_SERVER; break;
+      case Comment::PARENT_TYPE_USER:
+        $log_key = EventTypes::COMMENT_EDITED_USER; break;
+      default: throw new UnexpectedValueException(
+        'Parent type: ' . $parent_type
+      );
+    }
+
+    try {
+
+      $model->comment->setContent( $model->content );
+      $model->comment->setEditedCount( $model->comment->getEditedCount() + 1 );
+      $model->comment->setEditedDateTime(
+        new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ))
+      );
+
+      $success = $model->comment->save();
+
+    } catch ( QueryException $e ) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException( $e );
+
+      $success = false;
+
+    }
+
+    if ( !$success ) {
+      $model->error = 'INTERNAL_ERROR';
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      $log_key,
+      $user_id,
+      getenv( 'REMOTE_ADDR' ),
+      json_encode([
+        'error'       => $model->error,
+        'comment_id'  => $id,
+        'content'     => $model->content,
+        'parent_type' => $parent_type,
+        'parent_id'   => $parent_id
+      ])
+    );
+  }
+}

src/controllers/Document/Edit.php

@@ -121,7 +121,7 @@ protected function handlePost(Router &$router, DocumentEditModel &$model) {
         $model->document->getEditedCount() + 1
       );
       $model->document->setEditedDateTime(
-        new DateTime("now", new DateTimeZone("Etc/UTC"))
+        new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ))
       );
 
       $success = $model->document->save();

src/controllers/Document/Index.php

@@ -45,7 +45,7 @@ public function &run(Router &$router, View &$view, array &$args) {
 
     // Objectify for JSON
     if ($view instanceof DocumentIndexJSONView) {
-      $model->timestamp = new DateTime("now", new DateTimeZone("Etc/UTC"));
+      $model->timestamp = new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ));
       $documents = [];
       foreach ($model->documents as $document) {
         $documents[] = [

src/controllers/News/Edit.php

@@ -139,7 +139,7 @@ protected function handlePost(Router &$router, NewsEditModel &$model) {
         $model->news_post->getEditedCount() + 1
       );
       $model->news_post->setEditedDateTime(
-        new DateTime("now", new DateTimeZone("Etc/UTC"))
+        new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ))
       );
 
       $success = $model->news_post->save();

src/controllers/Packet/Edit.php

@@ -133,7 +133,7 @@ protected function handlePost(Router &$router, PacketEditModel &$model) {
         $model->packet->getEditedCount() + 1
       );
       $model->packet->setEditedDateTime(
-        new DateTime("now", new DateTimeZone("Etc/UTC"))
+        new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ))
       );
 
       $success = $model->packet->update();

src/controllers/User/View.php

@@ -95,7 +95,7 @@ protected function getUserInfo(UserViewModel &$model) {
     // How long have they been a member?
     $model->user_est = Common::intervalToString(
       $model->user->getCreatedDateTime()->diff(
-        new DateTime("now", new DateTimeZone("Etc/UTC"))
+        new DateTime( 'now', new DateTimeZone( 'Etc/UTC' ))
       )
     );
     $user_est_comma = strpos($model->user_est, ",");

src/libraries/Comment.php

@@ -19,6 +19,8 @@
 
 class Comment implements JsonSerializable {
 
+  const CACHE_TTL = 300;
+
   const PARENT_TYPE_DOCUMENT  = 0;
   const PARENT_TYPE_COMMENT   = 1;
   const PARENT_TYPE_NEWS_POST = 2;
@@ -160,11 +162,11 @@ public static function getAll($parent_type, $parent_id) {
         $ids[]     = (int) $row->id;
         $objects[] = new self($row);
         Common::$cache->set(
-          "bnetdocs-comment-" . $row->id, serialize($row), 300
+          "bnetdocs-comment-" . $row->id, serialize($row), self::CACHE_TTL
         );
       }
       $stmt->closeCursor();
-      Common::$cache->set($ck, implode(",", $ids), 300);
+      Common::$cache->set($ck, implode(",", $ids), self::CACHE_TTL);
       return $objects;
     } catch (PDOException $e) {
       throw new QueryException("Cannot refresh comment", $e);
@@ -184,7 +186,7 @@ public function getCreatedDateTime() {
     if (is_null($this->created_datetime)) {
       return $this->created_datetime;
     } else {
-      $tz = new DateTimeZone("UTC");
+      $tz = new DateTimeZone( 'Etc/UTC' );
       $dt = new DateTime($this->created_datetime);
       $dt->setTimezone($tz);
       return $dt;
@@ -199,7 +201,7 @@ public function getEditedDateTime() {
     if (is_null($this->edited_datetime)) {
       return $this->edited_datetime;
     } else {
-      $tz = new DateTimeZone("UTC");
+      $tz = new DateTimeZone( 'Etc/UTC' );
       $dt = new DateTime($this->edited_datetime);
       $dt->setTimezone($tz);
       return $dt;
@@ -314,12 +316,82 @@ public function refresh() {
       $this->parent_id        = $row->parent_id;
       $this->parent_type      = $row->parent_type;
       $this->user_id          = $row->user_id;
-      Common::$cache->set($ck, serialize($row), 300);
+      Common::$cache->set($ck, serialize($row), self::CACHE_TTL);
       return true;
     } catch (PDOException $e) {
       throw new QueryException("Cannot refresh comment", $e);
     }
     return false;
   }
 
+  public function save() {
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    try {
+      $stmt = Common::$database->prepare('
+        UPDATE
+          `comments`
+        SET
+          `content` = :content,
+          `created_datetime` = :created_dt,
+          `edited_count` = :edited_count,
+          `edited_datetime` = :edited_dt,
+          `parent_id` = :parent_id,
+          `parent_type` = :parent_type,
+          `user_id` = :user_id
+        WHERE
+          `id` = :id
+        LIMIT 1;
+      ');
+      $stmt->bindParam(':content', $this->content, PDO::PARAM_STR);
+      $stmt->bindParam(':created_dt', $this->created_datetime, PDO::PARAM_STR);
+      $stmt->bindParam(':edited_count', $this->edited_count, PDO::PARAM_INT);
+      $stmt->bindParam(':edited_dt', $this->edited_datetime, PDO::PARAM_STR);
+      $stmt->bindParam(':id', $this->id, PDO::PARAM_INT);
+      $stmt->bindParam(':parent_id', $this->parent_id, PDO::PARAM_INT);
+      $stmt->bindParam(':parent_type', $this->parent_type, PDO::PARAM_INT);
+      $stmt->bindParam(':user_id', $this->user_id, PDO::PARAM_INT);
+      if (!$stmt->execute()) {
+        throw new QueryException( 'Cannot save comment' );
+      }
+      $stmt->closeCursor();
+
+      $object                   = new StdClass();
+      $object->content          = $this->content;
+      $object->created_datetime = $this->created_datetime;
+      $object->edited_count     = $this->edited_count;
+      $object->edited_datetime  = $this->edited_datetime;
+      $object->id               = $this->id;
+      $object->parent_id        = $this->parent_id;
+      $object->parent_type      = $this->parent_type;
+      $object->user_id          = $this->user_id;
+
+      Common::$cache->set(
+        'bnetdocs-comment-' . $this->id, serialize( $object ), self::CACHE_TTL
+      );
+
+      Common::$cache->delete(
+        'bnetdocs-comment-' . $this->parent_type . '-' . $this->parent_id
+      );
+
+      return true;
+    } catch ( PDOException $e ) {
+      throw new QueryException( 'Cannot save comment', $e );
+    }
+    return false;
+  }
+
+  public function setContent( $value ) {
+    $this->content = $value;
+  }
+
+  public function setEditedCount( $value ) {
+    $this->edited_count = $value;
+  }
+
+  public function setEditedDateTime( \DateTime $value ) {
+    $this->edited_datetime = $value->format( 'Y-m-d H:i:s' );
+  }
+
 }

src/libraries/Document.php

@@ -176,7 +176,7 @@ public function getCreatedDateTime() {
     if (is_null($this->created_datetime)) {
       return $this->created_datetime;
     } else {
-      $tz = new DateTimeZone("UTC");
+      $tz = new DateTimeZone( 'Etc/UTC' );
       $dt = new DateTime($this->created_datetime);
       $dt->setTimezone($tz);
       return $dt;
@@ -229,7 +229,7 @@ public function getEditedDateTime() {
     if (is_null($this->edited_datetime)) {
       return $this->edited_datetime;
     } else {
-      $tz = new DateTimeZone("UTC");
+      $tz = new DateTimeZone( 'Etc/UTC' );
       $dt = new DateTime($this->edited_datetime);
       $dt->setTimezone($tz);
       return $dt;

src/libraries/Event.php

@@ -152,7 +152,7 @@ public function getEventDateTime() {
     if ( is_null( $this->event_datetime ) ) {
       return $this->event_datetime;
     } else {
-      $tz = new DateTimeZone( 'UTC' );
+      $tz = new DateTimeZone( 'Etc/UTC' );
       $dt = new DateTime( $this->event_datetime );
       $dt->setTimezone( $tz );
       return $dt;