diff options
Diffstat (limited to 'modules/comment')
| -rw-r--r-- | modules/comment/helpers/comment.php | 2 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_installer.php | 15 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_rss.php | 51 | ||||
| -rw-r--r-- | modules/comment/helpers/comment_theme.php | 2 | ||||
| -rw-r--r-- | modules/comment/js/comment.js | 10 | ||||
| -rw-r--r-- | modules/comment/models/comment.php | 10 | ||||
| -rw-r--r-- | modules/comment/tests/Comment_Model_Test.php | 40 | ||||
| -rw-r--r-- | modules/comment/views/admin_comments.html.php | 2 | ||||
| -rw-r--r-- | modules/comment/views/comments.html.php | 10 |
9 files changed, 103 insertions, 39 deletions
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 3d743325..f74a8644 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -35,7 +35,7 @@ class comment_Core { * @return Comment_Model */ static function create($item, $author, $text, $guest_name=null, - $guest_email=ull, $guest_url=null) { + $guest_email=null, $guest_url=null) { $comment = ORM::factory("comment"); $comment->author_id = $author->id; $comment->guest_email = $guest_email; diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index f54913c3..80594c16 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -44,7 +44,7 @@ class comment_installer { `text` text, `updated` int(9) NOT NULL, PRIMARY KEY (`id`)) - ENGINE=InnoDB DEFAULT CHARSET=utf8;"); + DEFAULT CHARSET=utf8;"); block_manager::add("dashboard_center", "comment", "recent_comments"); module::set_var("comment", "spam_caught", 0); @@ -52,8 +52,8 @@ class comment_installer { } static function upgrade($version) { + $db = Database::instance(); if ($version == 1) { - $db = Database::instance(); $db->query("ALTER TABLE {comments} CHANGE `state` `state` varchar(15) default 'unpublished'"); module::set_version("comment", 2); } @@ -61,9 +61,16 @@ class comment_installer { static function uninstall() { $db = Database::instance(); - $sql = "SELECT `item_id` FROM {comments}"; - module::event("item_related_update_batch", $sql); + // Notify listeners that we're deleting some data. This is probably going to be very + // inefficient for large uninstalls, and we could make it better by doing things like passing + // a SQL fragment through so that the listeners could use subselects. But by using a single, + // simple event API we lighten the load on module developers. + foreach (ORM::factory("item") + ->join("comments", "items.id", "comments.item_id") + ->find_all() as $item) { + module::event("item_related_update", $item); + } $db->query("DROP TABLE IF EXISTS {comments};"); } } diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index d0f15010..4151dcd0 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -34,41 +34,36 @@ class comment_rss_Core { } $comments = ORM::factory("comment") - ->where("state", "published") - ->orderby("created", "DESC"); - $all_comments = ORM::factory("comment") + ->viewable() ->where("state", "published") ->orderby("created", "DESC"); if ($feed_id == "item") { $comments->where("item_id", $id); - $all_comments->where("item_id", $id); } - if (!empty($comments)) { - $feed->view = "comment.mrss"; - $comments = $comments->find_all($limit, $offset); - $feed->children = array(); - foreach ($comments as $comment) { - $item = $comment->item(); - $feed->children[] = new ArrayObject( - array("pub_date" => date("D, d M Y H:i:s T", $comment->created), - "text" => nl2br(SafeString::purify($comment->text)), - "thumb_url" => $item->thumb_url(), - "thumb_height" => $item->thumb_height, - "thumb_width" => $item->thumb_width, - "item_uri" => url::abs_site("{$item->type}s/$item->id"), - "title" => SafeString::purify($item->title), - "author" => SafeString::of($comment->author_name())), - ArrayObject::ARRAY_AS_PROPS); - } + $comments = $comments->find_all($limit, $offset); + $feed->view = "comment.mrss"; + $feed->children = array(); + foreach ($comments as $comment) { + $item = $comment->item(); + $feed->children[] = new ArrayObject( + array("pub_date" => date("D, d M Y H:i:s T", $comment->created), + "text" => nl2br(SafeString::purify($comment->text)), + "thumb_url" => $item->thumb_url(), + "thumb_height" => $item->thumb_height, + "thumb_width" => $item->thumb_width, + "item_uri" => url::abs_site("{$item->type}s/$item->id"), + "title" => SafeString::purify($item->title), + "author" => SafeString::of($comment->author_name())), + ArrayObject::ARRAY_AS_PROPS); + } - $feed->max_pages = ceil($all_comments->find_all()->count() / $limit); - $feed->title = htmlspecialchars(t("Recent Comments")); - $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); - $feed->description = t("Recent Comments"); + $feed->max_pages = ceil($comments->count_all() / $limit); + $feed->title = htmlspecialchars(t("Recent Comments")); + $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); + $feed->description = t("Recent Comments"); - return $feed; - } + return $feed; } -}
\ No newline at end of file +} diff --git a/modules/comment/helpers/comment_theme.php b/modules/comment/helpers/comment_theme.php index b807e2cf..38a00b5c 100644 --- a/modules/comment/helpers/comment_theme.php +++ b/modules/comment/helpers/comment_theme.php @@ -26,7 +26,6 @@ class comment_theme_Core { static function photo_bottom($theme) { $block = new Block; $block->css_id = "gComments"; - $block->anchor = t("comments"); $block->title = t("Comments"); $view = new View("comments.html"); @@ -37,7 +36,6 @@ class comment_theme_Core { ->find_all(); $block->content = $view; - $block->content .= comment::get_add_form($theme->item())->render("form.html"); return $block; } }
\ No newline at end of file diff --git a/modules/comment/js/comment.js b/modules/comment/js/comment.js index 00fc6027..9fd63c1a 100644 --- a/modules/comment/js/comment.js +++ b/modules/comment/js/comment.js @@ -1,5 +1,13 @@ $("document").ready(function() { - ajaxify_comment_form(); + $("#gAddCommentButton").click(function(event) { + event.preventDefault(); + $.get($(this).attr("href"), + {}, + function(data) { + $("#gCommentDetail").append(data); + ajaxify_comment_form(); + }); + }); }); function ajaxify_comment_form() { diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 83d0888a..de9b0cd6 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -80,4 +80,14 @@ class Comment_Model extends ORM { return $this; } + + /** + * Add a set of restrictions to any following queries to restrict access only to items + * viewable by the active user. + * @chainable + */ + public function viewable() { + $this->join("items", "items.id", "comments.item_id"); + return item::viewable($this); + } } diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php new file mode 100644 index 00000000..f4c68b15 --- /dev/null +++ b/modules/comment/tests/Comment_Model_Test.php @@ -0,0 +1,40 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Comment_Model_Test extends Unit_Test_Case { + + public function cant_view_comments_for_unviewable_items_test() { + $root = ORM::factory("item", 1); + $album = album::create($root, rand(), rand(), rand()); + $comment = comment::create($album, user::guest(), "text", "name", "email", "url"); + user::set_active(user::guest()); + + // We can see the comment when permissions are granted on the album + access::allow(group::everybody(), "view", $album); + $this->assert_equal( + 1, + ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all()); + + // We can't see the comment when permissions are denied on the album + access::deny(group::everybody(), "view", $album); + $this->assert_equal( + 0, + ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all()); + } +} diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index b27e3166..8b0b4c29 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -103,7 +103,7 @@ </th> </tr> <? foreach ($comments as $i => $comment): ?> - <tr id="gComment-<?= $comment->id ?>" class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> + <tr id="gComment-<?= $comment->id ?>" class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>"> <td> <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 7941b7da..9eac0502 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -1,11 +1,17 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> + <a href="<?= url::site("form/add/comments/{$item->id})") ?>" id="gAddCommentButton" + class="gButtonLink ui-corner-all ui-icon-left ui-state-default right"> + <span class="ui-icon ui-icon-comment"></span> + <?= t("Add a comment") ?> +</a> +<div id="gCommentDetail"> <? if (!$comments->count()): ?> <p id="gNoCommentsYet"> <?= t("No comments yet. Be the first to <a %attrs>comment</a>!", array("attrs" => "href=\"#add_comment_form\" class=\"showCommentForm\"")) ?> </p> <? endif ?> -<ul id="gComments"> +<ul> <? foreach ($comments as $comment): ?> <li id="gComment-<?= $comment->id ?>"> <p class="gAuthor"> @@ -26,4 +32,4 @@ </li> <? endforeach ?> </ul> -<a name="add_comment_form"></a> +</div> |