From ad0e7254eb6e6a763c9b4d0a7252dc5982a814be Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 14 May 2010 16:19:53 -0700 Subject: Require a well-formed email address for all comments. --- modules/comment/controllers/comments.php | 3 ++- modules/comment/helpers/comment.php | 10 +++++++-- modules/comment/models/comment.php | 15 +++++++++++++- modules/comment/tests/Comment_Event_Test.php | 1 + modules/comment/tests/Comment_Model_Test.php | 31 ++++++++++++++++++++++++++++ 5 files changed, 56 insertions(+), 4 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 9e0f86d2..465b1bcd 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -58,6 +58,7 @@ class Comments_Controller extends Controller { "view" => (string) $view, "form" => (string) comment::get_add_form($item))); } else { + $form = comment::prefill_add_form($form); print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -69,6 +70,6 @@ class Comments_Controller extends Controller { $item = ORM::factory("item", $item_id); access::required("view", $item); - print comment::get_add_form($item); + print comment::prefill_add_form(comment::get_add_form($item)); } } diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index e3486e83..94b14d0d 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -33,7 +33,9 @@ class comment_Core { ->error_messages("required", t("You must enter a name for yourself")); $group->input("email") ->label(t("Email (hidden)")) - ->id("g-email"); + ->id("g-email") + ->error_messages("required", t("You must enter a valid email address")) + ->error_messages("invalid", t("You must enter a valid email address")); $group->input("url") ->label(t("Website (hidden)")) ->id("g-url"); @@ -45,13 +47,17 @@ class comment_Core { module::event("comment_add_form", $form); $group->submit("")->value(t("Add"))->class("ui-state-default ui-corner-all"); + return $form; + } + + static function prefill_add_form($form) { $active = identity::active_user(); if (!$active->guest) { + $group = $form->add_comment; $group->inputs["name"]->value($active->full_name)->disabled("disabled"); $group->email->value($active->email)->disabled("disabled"); $group->url->value($active->url)->disabled("disabled"); } - return $form; } } diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 48084340..fb70c79a 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -61,7 +61,7 @@ class Comment_Model extends ORM { if (!$array) { $this->rules = array( "guest_name" => array("callbacks" => array(array($this, "valid_author"))), - "guest_email" => array("rules" => array("email")), + "guest_email" => array("callbacks" => array(array($this, "valid_email"))), "guest_url" => array("rules" => array("url")), "item_id" => array("callbacks" => array(array($this, "valid_item"))), "state" => array("rules" => array("Comment_Model::valid_state")), @@ -144,6 +144,19 @@ class Comment_Model extends ORM { } } + /** + * Make sure that the email address is legal. + */ + public function valid_email(Validation $v, $field) { + if ($this->author_id == identity::guest()->id) { + if (empty($v->guest_email)) { + $v->add_error("guest_email", "required"); + } else if (!valid::email($v->guest_email)) { + $v->add_error("guest_email", "invalid"); + } + } + } + /** * Make sure we have a valid associated item id. */ diff --git a/modules/comment/tests/Comment_Event_Test.php b/modules/comment/tests/Comment_Event_Test.php index 62ffec2f..7cae9297 100644 --- a/modules/comment/tests/Comment_Event_Test.php +++ b/modules/comment/tests/Comment_Event_Test.php @@ -25,6 +25,7 @@ class Comment_Event_Test extends Gallery_Unit_Test_Case { $comment->item_id = $album->id; $comment->author_id = identity::guest()->id; $comment->guest_name = "test"; + $comment->guest_email = "test@test.com"; $comment->text = "text"; $comment->save(); diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php index f4e944f0..ee4d3d3c 100644 --- a/modules/comment/tests/Comment_Model_Test.php +++ b/modules/comment/tests/Comment_Model_Test.php @@ -22,6 +22,37 @@ class Comment_Model_Test extends Gallery_Unit_Test_Case { identity::set_active_user(identity::admin_user()); } + public function guest_name_and_email_is_required_test() { + try { + $comment = ORM::factory("comment"); + $comment->item_id = item::root()->id; + $comment->author_id = identity::guest()->id; + $comment->text = "text"; + $comment->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("guest_name" => "required", + "guest_email" => "required"), + $e->validation->errors()); + return; + } + } + + public function guest_email_must_be_well_formed_test() { + try { + $comment = ORM::factory("comment"); + $comment->item_id = item::root()->id; + $comment->author_id = identity::guest()->id; + $comment->guest_name = "guest"; + $comment->guest_email = "bogus"; + $comment->text = "text"; + $comment->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("guest_email" => "invalid"), + $e->validation->errors()); + return; + } + } + public function cant_view_comments_for_unviewable_items_test() { $album = test::random_album(); -- cgit v1.2.3 From 2157285d9bc3373e9bd2f4d86f558a1b2554f412 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 16 May 2010 22:53:19 -0700 Subject: Rename admin/comments to admin/manage_comments to make room for admin/comments to be a settings page. --- modules/comment/controllers/admin_comments.php | 133 --------------------- .../comment/controllers/admin_manage_comments.php | 133 +++++++++++++++++++++ modules/comment/helpers/comment_event.php | 10 +- modules/comment/views/admin_comments.html.php | 8 +- 4 files changed, 146 insertions(+), 138 deletions(-) delete mode 100644 modules/comment/controllers/admin_comments.php create mode 100644 modules/comment/controllers/admin_manage_comments.php (limited to 'modules/comment') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php deleted file mode 100644 index 68794638..00000000 --- a/modules/comment/controllers/admin_comments.php +++ /dev/null @@ -1,133 +0,0 @@ -delete("comments") - ->where("state", "IN", array("deleted", "spam")) - ->where("updated", "<", "UNIX_TIMESTAMP() - 86400 * 7") - ->execute(); - - // Redirect to the appropriate queue - url::redirect("admin/comments/queue/unpublished"); - } - - public function menu_labels() { - $menu = $this->_menu($this->_counts()); - print json_encode(array((string) $menu->get("unpublished")->label, - (string) $menu->get("published")->label, - (string) $menu->get("spam")->label, - (string) $menu->get("deleted")->label)); - } - - public function queue($state) { - $page = max(Input::instance()->get("page"), 1); - - $view = new Admin_View("admin.html"); - $view->page_title = t("Manage comments"); - $view->content = new View("admin_comments.html"); - $view->content->counts = $this->_counts(); - $view->content->menu = $this->_menu($view->content->counts); - $view->content->state = $state; - $view->content->comments = ORM::factory("comment") - ->order_by("created", "DESC") - ->where("state", "=", $state) - ->limit(self::$items_per_page, ($page - 1) * self::$items_per_page) - ->find_all(); - $view->content->pager = new Pagination(); - $view->content->pager->initialize( - array("query_string" => "page", - "total_items" => $view->content->counts->$state, - "items_per_page" => self::$items_per_page, - "style" => "classic")); - - print $view; - } - - private function _menu($counts) { - return Menu::factory("root") - ->append(Menu::factory("link") - ->id("unpublished") - ->label(t2("Awaiting Moderation (%count)", - "Awaiting Moderation (%count)", - $counts->unpublished)) - ->url(url::site("admin/comments/queue/unpublished"))) - ->append(Menu::factory("link") - ->id("published") - ->label(t2("Approved (%count)", - "Approved (%count)", - $counts->published)) - ->url(url::site("admin/comments/queue/published"))) - ->append(Menu::factory("link") - ->id("spam") - ->label(t2("Spam (%count)", - "Spam (%count)", - $counts->spam)) - ->url(url::site("admin/comments/queue/spam"))) - ->append(Menu::factory("link") - ->id("deleted") - ->label(t2("Recently Deleted (%count)", - "Recently Deleted (%count)", - $counts->deleted)) - ->url(url::site("admin/comments/queue/deleted"))); - } - - private function _counts() { - $counts = new stdClass(); - $counts->unpublished = 0; - $counts->published = 0; - $counts->spam = 0; - $counts->deleted = 0; - foreach (db::build() - ->select("state") - ->select(array("c" => 'COUNT("*")')) - ->from("comments") - ->group_by("state") - ->execute() as $row) { - $counts->{$row->state} = $row->c; - } - return $counts; - } - - public function set_state($id, $state) { - access::verify_csrf(); - - $comment = ORM::factory("comment", $id); - $orig = clone $comment; - if ($comment->loaded()) { - $comment->state = $state; - $comment->save(); - } - } - - public function delete_all_spam() { - access::verify_csrf(); - - db::build() - ->delete("comments") - ->where("state", "=", "spam") - ->execute(); - url::redirect("admin/comments/queue/spam"); - } -} - diff --git a/modules/comment/controllers/admin_manage_comments.php b/modules/comment/controllers/admin_manage_comments.php new file mode 100644 index 00000000..338e4799 --- /dev/null +++ b/modules/comment/controllers/admin_manage_comments.php @@ -0,0 +1,133 @@ +delete("comments") + ->where("state", "IN", array("deleted", "spam")) + ->where("updated", "<", "UNIX_TIMESTAMP() - 86400 * 7") + ->execute(); + + // Redirect to the appropriate queue + url::redirect("admin/manage_comments/queue/unpublished"); + } + + public function menu_labels() { + $menu = $this->_menu($this->_counts()); + print json_encode(array((string) $menu->get("unpublished")->label, + (string) $menu->get("published")->label, + (string) $menu->get("spam")->label, + (string) $menu->get("deleted")->label)); + } + + public function queue($state) { + $page = max(Input::instance()->get("page"), 1); + + $view = new Admin_View("admin.html"); + $view->page_title = t("Manage comments"); + $view->content = new View("admin_comments.html"); + $view->content->counts = $this->_counts(); + $view->content->menu = $this->_menu($view->content->counts); + $view->content->state = $state; + $view->content->comments = ORM::factory("comment") + ->order_by("created", "DESC") + ->where("state", "=", $state) + ->limit(self::$items_per_page, ($page - 1) * self::$items_per_page) + ->find_all(); + $view->content->pager = new Pagination(); + $view->content->pager->initialize( + array("query_string" => "page", + "total_items" => $view->content->counts->$state, + "items_per_page" => self::$items_per_page, + "style" => "classic")); + + print $view; + } + + private function _menu($counts) { + return Menu::factory("root") + ->append(Menu::factory("link") + ->id("unpublished") + ->label(t2("Awaiting Moderation (%count)", + "Awaiting Moderation (%count)", + $counts->unpublished)) + ->url(url::site("admin/manage_comments/queue/unpublished"))) + ->append(Menu::factory("link") + ->id("published") + ->label(t2("Approved (%count)", + "Approved (%count)", + $counts->published)) + ->url(url::site("admin/manage_comments/queue/published"))) + ->append(Menu::factory("link") + ->id("spam") + ->label(t2("Spam (%count)", + "Spam (%count)", + $counts->spam)) + ->url(url::site("admin/manage_comments/queue/spam"))) + ->append(Menu::factory("link") + ->id("deleted") + ->label(t2("Recently Deleted (%count)", + "Recently Deleted (%count)", + $counts->deleted)) + ->url(url::site("admin/manage_comments/queue/deleted"))); + } + + private function _counts() { + $counts = new stdClass(); + $counts->unpublished = 0; + $counts->published = 0; + $counts->spam = 0; + $counts->deleted = 0; + foreach (db::build() + ->select("state") + ->select(array("c" => 'COUNT("*")')) + ->from("comments") + ->group_by("state") + ->execute() as $row) { + $counts->{$row->state} = $row->c; + } + return $counts; + } + + public function set_state($id, $state) { + access::verify_csrf(); + + $comment = ORM::factory("comment", $id); + $orig = clone $comment; + if ($comment->loaded()) { + $comment->state = $state; + $comment->save(); + } + } + + public function delete_all_spam() { + access::verify_csrf(); + + db::build() + ->delete("comments") + ->where("state", "=", "spam") + ->execute(); + url::redirect("admin/manage_comments/queue/spam"); + } +} + diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php index 51e663e6..25fd4171 100644 --- a/modules/comment/helpers/comment_event.php +++ b/modules/comment/helpers/comment_event.php @@ -51,11 +51,19 @@ class comment_event_Core { } static function admin_menu($menu, $theme) { + /* + $menu->get("settings_menu") + ->append(Menu::factory("link") + ->id("comment") + ->label(t("Comments")) + ->url(url::site("admin/comments"))); + */ + $menu->get("content_menu") ->append(Menu::factory("link") ->id("comments") ->label(t("Comments")) - ->url(url::site("admin/comments"))); + ->url(url::site("admin/manage_comments"))); } static function photo_menu($menu, $theme) { diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index f58267bd..34a28986 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -1,7 +1,7 @@ - -
-

- -
- -
- render() ?> -
- - -

- - - - - - - - - -

- - -
- - 0): ?> -

- -

- -

- spam): ?> - spam) ?> -

-

- "> - - - - - -

-
- - - -
-

- -

-
- - - - - - - - - - "> - - - - - -
- - - - - -
- - " - class="g-avatar" - alt="author_name()) ?>" - width="40" - height="40" /> - -

author_name()) ?>

- 		-
- item() ?> -
- - has_thumb()): ?> - <?= html::purify($item->title)->for_html_attr() ?>thumb_width, $item->thumb_height, 75) ?> - /> - - - - -
-
-

created) ?>

- text)) ?> - 		-
    - state != "unpublished"): ?> -
  • - - - - -
    • - - state != "published"): ?> -
  • - - - - -
    • - - state != "spam"): ?> -
  • - - - - -
    • - - -
  • - - - - -
    • -
-
- -
- -
- -
-
diff --git a/modules/comment/views/admin_manage_comments.html.php b/modules/comment/views/admin_manage_comments.html.php new file mode 100644 index 00000000..34a28986 --- /dev/null +++ b/modules/comment/views/admin_manage_comments.html.php @@ -0,0 +1,201 @@ + + + +
+

+ +
+ +
+ render() ?> +
+ + +

+ + + + + + + + + +

+ + +
+ + 0): ?> +

+ +

+ +

+ spam): ?> + spam) ?> +

+

+ "> + + + + + +

+
+ + + +
+

+ +

+
+ + + + + + + + + + "> + + + + + +
+ + + + + +
+ + " + class="g-avatar" + alt="author_name()) ?>" + width="40" + height="40" /> + +

author_name()) ?>

+ 		+
+ item() ?> +
+ + has_thumb()): ?> + <?= html::purify($item->title)->for_html_attr() ?>thumb_width, $item->thumb_height, 75) ?> + /> + + + + +
+
+

created) ?>

+ text)) ?> + 		+
    + state != "unpublished"): ?> +
  • + + + + +
    • + + state != "published"): ?> +
  • + + + + +
    • + + state != "spam"): ?> +
  • + + + + +
    • + + +
  • + + + + +
    • +
+
+ +
+ +
+ +
+
-- cgit v1.2.3 From 87fde3f360d557d48241d09cae4f25949e748d4f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 23:35:32 -0700 Subject: Create a UI under Admin > Settings > Comments where you can limit comments only to registered users. It's simplistic, but is better than adding a permission since generally this setting will be used Gallery-wide. Fixes ticket #1002 --- modules/comment/controllers/admin_comments.php | 52 ++++++++++++++++++++++++++ modules/comment/controllers/comments.php | 6 +++ modules/comment/helpers/comment.php | 5 +++ modules/comment/helpers/comment_event.php | 2 - modules/comment/helpers/comment_installer.php | 8 +++- modules/comment/module.info | 2 +- modules/comment/views/admin_comments.html.php | 7 ++++ modules/comment/views/comments.html.php | 5 ++- 8 files changed, 82 insertions(+), 5 deletions(-) create mode 100644 modules/comment/controllers/admin_comments.php create mode 100644 modules/comment/views/admin_comments.html.php (limited to 'modules/comment') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php new file mode 100644 index 00000000..fda3873c --- /dev/null +++ b/modules/comment/controllers/admin_comments.php @@ -0,0 +1,52 @@ +page_title = t("Comment settings"); + $view->content = new View("admin_comments.html"); + $view->content->form = $this->_get_admin_form(); + print $view; + } + + public function save() { + access::verify_csrf(); + $form = $this->_get_admin_form(); + $form->validate(); + module::set_var("comment", "access_permissions", + $form->comment_settings->access_permissions->value); + message::success(t("Comment settings updated")); + url::redirect("admin/comments"); + } + + private function _get_admin_form() { + $form = new Forge("admin/comments/save", "", "post", + array("id" => "g-comments-admin-form")); + $comment_settings = $form->group("comment_settings")->label(t("Permissions")); + $comment_settings->dropdown("access_permissions") + ->label(t("Who can leave comments?")) + ->options(array("everybody" => t("Everybody"), + "registered_users" => t("Only registered users"))) + ->selected(module::get_var("comment", "access_permissions")); + $comment_settings->submit("save")->value(t("Save")); + return $form; + } +} + diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 465b1bcd..c42ad24e 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -24,6 +24,9 @@ class Comments_Controller extends Controller { public function create($id) { $item = ORM::factory("item", $id); access::required("view", $item); + if (!comment::can_comment()) { + access::forbidden(); + } $form = comment::get_add_form($item); try { @@ -69,6 +72,9 @@ class Comments_Controller extends Controller { public function form_add($item_id) { $item = ORM::factory("item", $item_id); access::required("view", $item); + if (!comment::can_comment()) { + access::forbidden(); + } print comment::prefill_add_form(comment::get_add_form($item)); } diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 94b14d0d..92a286c7 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -60,5 +60,10 @@ class comment_Core { } return $form; } + + static function can_comment() { + return !identity::active_user()->guest || + module::get_var("comment", "access_permissions") == "everybody"; + } } diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php index 25fd4171..33d4cd05 100644 --- a/modules/comment/helpers/comment_event.php +++ b/modules/comment/helpers/comment_event.php @@ -51,13 +51,11 @@ class comment_event_Core { } static function admin_menu($menu, $theme) { - /* $menu->get("settings_menu") ->append(Menu::factory("link") ->id("comment") ->label(t("Comments")) ->url(url::site("admin/comments"))); - */ $menu->get("content_menu") ->append(Menu::factory("link") diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index 9ca47f1a..7a32bf67 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -47,7 +47,8 @@ class comment_installer { DEFAULT CHARSET=utf8;"); module::set_var("comment", "spam_caught", 0); - module::set_version("comment", 2); + module::set_var("comment", "access_permissions", "everybody"); + module::set_version("comment", 3); } static function upgrade($version) { @@ -56,6 +57,11 @@ class comment_installer { $db->query("ALTER TABLE {comments} CHANGE `state` `state` varchar(15) default 'unpublished'"); module::set_version("comment", 2); } + + if ($version == 2) { + module::set_var("comment", "access_permissions", "everybody"); + module::set_version("comment", 3); + } } static function uninstall() { diff --git a/modules/comment/module.info b/modules/comment/module.info index c371cf27..cd34f140 100644 --- a/modules/comment/module.info +++ b/modules/comment/module.info @@ -1,3 +1,3 @@ name = "Comments" description = "Allows users and guests to leave comments on photos and albums." -version = 2 +version = 3 diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php new file mode 100644 index 00000000..dc6985b2 --- /dev/null +++ b/modules/comment/views/admin_comments.html.php @@ -0,0 +1,7 @@ + +
+

+
+ +
+
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index e4322e08..9a608a43 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -1,9 +1,12 @@ - id}") ?>#comment-form" id="g-add-comment" + +id}") ?>#comment-form" id="g-add-comment" class="g-button ui-corner-all ui-icon-left ui-state-default"> + +
count()): ?>

-- cgit v1.2.3 From 94ada2361df1132d83fa5b14d1b6843725b29166 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Jun 2010 16:14:30 -0700 Subject: Fix a bug in the upgrader where we weren't bumping the version number during the upgrade path, so the 2nd stanza (version 2 to version 3) was never getting executed. --- modules/comment/helpers/comment_installer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index 7a32bf67..18d51758 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -55,12 +55,12 @@ class comment_installer { $db = Database::instance(); if ($version == 1) { $db->query("ALTER TABLE {comments} CHANGE `state` `state` varchar(15) default 'unpublished'"); - module::set_version("comment", 2); + module::set_version("comment", $version = 2); } if ($version == 2) { module::set_var("comment", "access_permissions", "everybody"); - module::set_version("comment", 3); + module::set_version("comment", $version = 3); } } -- cgit v1.2.3 From ea8653f9470ceb09a4d5ddca2aec023f2f7fe5a2 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 16 Jun 2010 08:39:09 -0700 Subject: Fix for ticket #1131. If the rss feed is for an item, then retrieve the item. Using the left and right pointers find all the comments for the child items. Thanks to jankoprowski for the initial investigation. --- modules/comment/helpers/comment_rss.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index eee6f750..a18beb9b 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -33,13 +33,20 @@ class comment_rss_Core { return; } + Kohana_Log::add("error", "feed($feed_id, $offset, $limit, $id)"); $comments = ORM::factory("comment") ->viewable() ->where("state", "=", "published") ->order_by("created", "DESC"); if ($feed_id == "item") { - $comments->where("item_id", "=", $id); + $item = ORM::factory("item", $id); + $subquery = db::select("id") + ->from("items") + ->where("left_ptr", ">=", $item->left_ptr) + ->where("right_ptr", "<=", $item->right_ptr); + $comments + ->where("item_id", "in", $subquery); } $feed = new stdClass(); -- cgit v1.2.3 From 8ee60e6b5d694a8117c94595a0f03090cd41cca8 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 16 Jun 2010 11:17:18 -0700 Subject: slap my wrist... i forgot a debugging statement --- modules/comment/helpers/comment_rss.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index a18beb9b..479023bd 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -33,7 +33,6 @@ class comment_rss_Core { return; } - Kohana_Log::add("error", "feed($feed_id, $offset, $limit, $id)"); $comments = ORM::factory("comment") ->viewable() ->where("state", "=", "published") -- cgit v1.2.3 From 1aeaa7daabf2c00df45088f4a90615b463fb9f90 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 16 Jun 2010 18:05:15 -0700 Subject: Add REST support for comments. You can view, add, edit and delete comments. --- modules/comment/helpers/comment_rest.php | 85 ++++++++++++++++++++++++++ modules/comment/helpers/comments_rest.php | 62 +++++++++++++++++++ modules/comment/helpers/item_comments_rest.php | 50 +++++++++++++++ modules/comment/models/comment.php | 16 +++++ 4 files changed, 213 insertions(+) create mode 100644 modules/comment/helpers/comment_rest.php create mode 100644 modules/comment/helpers/comments_rest.php create mode 100644 modules/comment/helpers/item_comments_rest.php (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rest.php b/modules/comment/helpers/comment_rest.php new file mode 100644 index 00000000..cfdf9fa3 --- /dev/null +++ b/modules/comment/helpers/comment_rest.php @@ -0,0 +1,85 @@ +url); + access::required("view", $comment->item()); + + return array( + "url" => $request->url, + "entity" => $comment->as_restful_array(), + "relationships" => rest::relationships("comment", $comment)); + } + + static function put($request) { + // Only admins can edit comments, for now + if (!identity::active_user()->admin) { + access::forbidden(); + } + + $comment = rest::resolve($request->url); + $comment = ORM::factory("comment"); + $comment->text = $request->params->text; + $comment->save(); + } + + static function post($request) { + $item = rest::resolve($request->url); + access::required("edit", $item); + + $entity = $request->params->entity; + $comment->text = $request->params->text; + $comment->save(); + + return array("url" => rest::url("comment", $comment)); + } + + static function delete($request) { + if (!identity::active_user()->admin) { + access::forbidden(); + } + + $comment = rest::resolve($request->url); + access::required("edit", $comment->item()); + + $comment->delete(); + } + + static function relationships($resource_type, $resource) { + switch ($resource_type) { + case "item": + return array( + "comments" => array( + "url" => rest::url("item_comments", $resource))); + } + } + + static function resolve($id) { + $comment = ORM::factory("comment", $id); + if (!access::can("view", $comment->item())) { + throw new Kohana_404_Exception(); + } + return $comment; + } + + static function url($comment) { + return url::abs_site("rest/comment/{$comment->id}"); + } +} diff --git a/modules/comment/helpers/comments_rest.php b/modules/comment/helpers/comments_rest.php new file mode 100644 index 00000000..1cedb80b --- /dev/null +++ b/modules/comment/helpers/comments_rest.php @@ -0,0 +1,62 @@ +params; + $num = isset($p->num) ? min((int)$p->num, 100) : 10; + $start = isset($p->start) ? (int)$p->start : 0; + + foreach (ORM::factory("comment")->viewable()->find_all($num, $start) as $comment) { + $comments[] = rest::url("comment", $comment); + } + return array("url" => rest::url("comments"), + "members" => $comments); + } + + + static function post($request) { + $entity = $request->params->entity; + + $item = rest::resolve($entity->item); + access::required("edit", $item); + + $comment = ORM::factory("comment"); + $comment->author_id = identity::active_user()->id; + $comment->item_id = $item->id; + $comment->text = $entity->text; + $comment->save(); + + return array("url" => rest::url("comment", $comment)); + } + + static function url() { + return url::abs_site("rest/comments"); + } +} diff --git a/modules/comment/helpers/item_comments_rest.php b/modules/comment/helpers/item_comments_rest.php new file mode 100644 index 00000000..1fe5c35f --- /dev/null +++ b/modules/comment/helpers/item_comments_rest.php @@ -0,0 +1,50 @@ +url); + access::required("view", $item); + + $comments = array(); + foreach (ORM::factory("comment") + ->viewable() + ->where("item_id", "=", $item->id) + ->order_by("created", "DESC") + ->find_all() as $comment) { + $comments[] = rest::url("comment", $comment); + } + + return array( + "url" => $request->url, + "members" => $comments); + } + + static function resolve($id) { + $item = ORM::factory("item", $id); + if (!access::can("view", $item)) { + throw new Kohana_404_Exception(); + } + return $item; + } + + static function url($item) { + return url::abs_site("rest/item_comments/{$item->id}"); + } +} diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index fb70c79a..772e8b60 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -175,4 +175,20 @@ class Comment_Model extends ORM { static function valid_state($value) { return in_array($value, array("published", "unpublished", "spam", "deleted")); } + + /** + * Same as ORM::as_array() but convert id fields into their RESTful form. + */ + public function as_restful_array() { + $data = array(); + foreach ($this->as_array() as $key => $value) { + if (strncmp($key, "server_", 7)) { + $data[$key] = $value; + } + } + $data["item"] = rest::url("item", $this->item()); + unset($data["item_id"]); + + return $data; + } } -- cgit v1.2.3 From a27189ce9f771251f89947e4264e503596f0b2dd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 16 Jun 2010 20:02:52 -0700 Subject: Remove comment_rest::post() -- that's in comments_rest now. --- modules/comment/helpers/comment_rest.php | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rest.php b/modules/comment/helpers/comment_rest.php index cfdf9fa3..bd3011cc 100644 --- a/modules/comment/helpers/comment_rest.php +++ b/modules/comment/helpers/comment_rest.php @@ -40,17 +40,6 @@ class comment_rest_Core { $comment->save(); } - static function post($request) { - $item = rest::resolve($request->url); - access::required("edit", $item); - - $entity = $request->params->entity; - $comment->text = $request->params->text; - $comment->save(); - - return array("url" => rest::url("comment", $comment)); - } - static function delete($request) { if (!identity::active_user()->admin) { access::forbidden(); -- cgit v1.2.3 From 70f56ba43aa77568d96fbc8003619007b01acf8e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Jun 2010 14:22:35 -0700 Subject: Fix for ticket #1163. Don't all guests to a comment when there are no comments and the comment access permission is register users. --- modules/comment/views/comments.html.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 9a608a43..1b9f8bbb 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -10,12 +10,16 @@

count()): ?>

+ comment!", array("attrs" => html::mark_clean("href=\"" . url::site("form/add/comments/{$item->id}") . "\" class=\"showCommentForm\""))) ?> + + +

  •  
- - count()): ?> + +
  • -- cgit v1.2.3 From f0a99ffc2764a64712a5c5c3abc9a4b3f3c09616 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 18 Jun 2010 14:31:04 -0700 Subject: Undo "else" clause -- we should keep the logic simple and easy to follow, even if it's redundant. Expand a
      to multiple lines. --- modules/comment/views/comments.html.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 1b9f8bbb..da45f57b 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -16,10 +16,13 @@ -

      -
      •  
      - +

      +
        +
      •  
        • +
      + + count()): ?>
      • -- cgit v1.2.3 From 75002732284c85dfd82934b04ef477fc5a274bfe Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 20 Jun 2010 10:55:10 -0700 Subject: Simplify the descendent logic. viewable() already joins with the items table so there's no need for a subquery. The subquery could generate way too many ids since it didn't pay attention to permissions. This isn't a security problem since we were restricting the item ids according to permissions in the outer query, but it's wasteful. --- modules/comment/helpers/comment_rss.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index 479023bd..2e8e564e 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -35,17 +35,14 @@ class comment_rss_Core { $comments = ORM::factory("comment") ->viewable() - ->where("state", "=", "published") - ->order_by("created", "DESC"); + ->where("comments.state", "=", "published") + ->order_by("comments.created", "DESC"); if ($feed_id == "item") { $item = ORM::factory("item", $id); - $subquery = db::select("id") - ->from("items") - ->where("left_ptr", ">=", $item->left_ptr) - ->where("right_ptr", "<=", $item->right_ptr); $comments - ->where("item_id", "in", $subquery); + ->where("items.left_ptr", ">=", $item->left_ptr) + ->where("items.right_ptr", "<=", $item->right_ptr); } $feed = new stdClass(); @@ -65,6 +62,8 @@ class comment_rss_Core { ArrayObject::ARRAY_AS_PROPS); } + Kohana_Log::add("error",print_r(Database::instance()->last_query(),1)); + $feed->max_pages = ceil($comments->count_all() / $limit); $feed->title = htmlspecialchars(t("Recent Comments")); $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); -- cgit v1.2.3 From 7938a57dbe1935731dccc945235b10bf5c002dd2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 20 Jun 2010 10:57:48 -0700 Subject: Oops. Remove debug line. --- modules/comment/helpers/comment_rss.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index 2e8e564e..545192e5 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -62,8 +62,6 @@ class comment_rss_Core { ArrayObject::ARRAY_AS_PROPS); } - Kohana_Log::add("error",print_r(Database::instance()->last_query(),1)); - $feed->max_pages = ceil($comments->count_all() / $limit); $feed->title = htmlspecialchars(t("Recent Comments")); $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); -- cgit v1.2.3 From 74e821b03ef149a43eb8704fd2350985699d3ded Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 20 Jun 2010 17:21:25 -0700 Subject: Rename the feed variable from "children" to "comments" since that makes more semantic sense. --- modules/comment/helpers/comment_rss.php | 4 ++-- modules/comment/views/comment.mrss.php | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) (limited to 'modules/comment') diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index 545192e5..26d98d21 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -47,10 +47,10 @@ class comment_rss_Core { $feed = new stdClass(); $feed->view = "comment.mrss"; - $feed->children = array(); + $feed->comments = array(); foreach ($comments->find_all($limit, $offset) as $comment) { $item = $comment->item(); - $feed->children[] = new ArrayObject( + $feed->comments[] = new ArrayObject( array("pub_date" => date("D, d M Y H:i:s T", $comment->created), "text" => nl2br(html::purify($comment->text)), "thumb_url" => $item->thumb_url(), diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index c2a4b538..809e7890 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -20,19 +20,19 @@ - children as $child): ?> + comments as $comment): ?> - <?= html::purify($child->title) ?> - item_uri) ?> - author) ?> - item_uri ?> - pub_date ?> + <?= html::purify($comment->title) ?> + item_uri) ?> + author) ?> + item_uri ?> + pub_date ?> text)) ?>

        +

        text)) ?>

        - +

        ]]> -- cgit v1.2.3