Add comment undeletion functionality

Only Developers and Trusted Users can undelete comments.

Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

8 files changed, 75 insertions, 7 deletions

diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css
index 92ff898..4c3fbe5 100644
--- a/web/html/css/aurweb.css
+++ b/web/html/css/aurweb.css
@@ -101,7 +101,7 @@
 	color: #999;
 }
 
-.delete-comment-form, .pin-comment-form, .edit-comment {
+.delete-comment-form, .undelete-comment-form, .pin-comment-form, .edit-comment {
 	float: right;
 	margin-left: 8px;
 }
@@ -112,13 +112,13 @@
 	top: 1px;
 }
 
-.delete-comment, .edit-comment, .pin-comment {
+.delete-comment, .undelete-comment, .edit-comment, .pin-comment {
 	-webkit-filter: grayscale(100%);
 	filter: grayscale(100%);
 	opacity: 0.6;
 }
 
-.delete-comment:hover, .edit-comment:hover, .pin-comment:hover {
+.delete-comment:hover, .undelete-comment:hover, .edit-comment:hover, .pin-comment:hover {
 	-webkit-filter: none;
 	filter: none;
 	opacity: 1;
diff --git a/web/html/images/action-undo.min.svg b/web/html/images/action-undo.min.svg
new file mode 100644
index 0000000..eb47bc4
--- /dev/null
+++ b/web/html/images/action-undo.min.svg
@@ -0,0 +1,3 @@
+<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="8" width="8" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" viewBox="0 0 8 8">
+<path d="m4.5 0c-1.93 0-3.5 1.57-3.5 3.5v0.5h-1l2 2 2-2h-1v-0.5c0-1.38 1.12-2.5 2.5-2.5s2.5 1.12 2.5 2.5c0-1.93-1.57-3.5-3.5-3.5z" transform="translate(0 1)" fill="#36a"/>
+</svg>
diff --git a/web/html/images/action-undo.svg b/web/html/images/action-undo.svg
new file mode 100644
index 0000000..b93ebb7
--- /dev/null
+++ b/web/html/images/action-undo.svg
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.1"
+   id="svg2"
+   viewBox="0 0 8 8"
+   height="8"
+   width="8">
+  <metadata
+     id="metadata10">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <defs
+     id="defs8" />
+  <path
+     style="fill:#3366aa;fill-opacity:1"
+     id="path4"
+     transform="translate(0 1)"
+     d="M4.5 0c-1.93 0-3.5 1.57-3.5 3.5v.5h-1l2 2 2-2h-1v-.5c0-1.38 1.12-2.5 2.5-2.5s2.5 1.12 2.5 2.5c0-1.93-1.57-3.5-3.5-3.5z" />
+</svg>
diff --git a/web/html/index.php b/web/html/index.php
index 0a9fd05..3787d4e 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -180,6 +180,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 		readfile("./$path");
 		break;
 	case "/images/x.min.svg":
+	case "/images/action-undo.min.svg":
 	case "/images/pencil.min.svg":
 	case "/images/pin.min.svg":
 	case "/images/unpin.min.svg":
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 45b8084..11fdf74 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -99,6 +99,11 @@ if (check_token()) {
 		list($ret, $output) = pkgbase_notify($ids, false);
 	} elseif (current_action("do_DeleteComment")) {
 		list($ret, $output) = pkgbase_delete_comment();
+	} elseif (current_action("do_UndeleteComment")) {
+		list($ret, $output) = pkgbase_delete_comment(true);
+		if ($ret && isset($_POST["comment_id"])) {
+			$fragment = '#comment-' . intval($_POST["comment_id"]);
+		}
 	} elseif (current_action("do_PinComment")) {
 		list($ret, $output) = pkgbase_pin_comment();
 	} elseif (current_action("do_UnpinComment")) {
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index 71bf5ff..d8698a8 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -6,6 +6,7 @@ define("CRED_ACCOUNT_EDIT_DEV", 3);
 define("CRED_ACCOUNT_LAST_LOGIN", 4);
 define("CRED_ACCOUNT_SEARCH", 5);
 define("CRED_COMMENT_DELETE", 6);
+define("CRED_COMMENT_UNDELETE", 27);
 define("CRED_COMMENT_VIEW_DELETED", 22);
 define("CRED_COMMENT_EDIT", 25);
 define("CRED_COMMENT_PIN", 26);
@@ -59,6 +60,7 @@ function has_credential($credential, $approved_users=array()) {
 	case CRED_ACCOUNT_LAST_LOGIN:
 	case CRED_ACCOUNT_SEARCH:
 	case CRED_COMMENT_DELETE:
+	case CRED_COMMENT_UNDELETE:
 	case CRED_COMMENT_VIEW_DELETED:
 	case CRED_COMMENT_EDIT:
 	case CRED_COMMENT_PIN:
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 2b1201d..20f5bb4 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -932,9 +932,10 @@ function pkgbase_notify ($base_ids, $action=true) {
 /**
  * Delete a package comment
  *
+ * @param  boolean $undelete True if undeleting rather than deleting
  * @return array Tuple of success/failure indicator and error message
  */
-function pkgbase_delete_comment() {
+function pkgbase_delete_comment($undelete=false) {
 	$uid = uid_from_sid($_COOKIE["AURSID"]);
 	if (!$uid) {
 		return array(false, __("You must be logged in before you can edit package information."));
@@ -947,15 +948,28 @@ function pkgbase_delete_comment() {
 	}
 
 	$dbh = DB::connect();
-	if (can_delete_comment($comment_id)) {
+	if ($undelete) {
+		if (!has_credential(CRED_COMMENT_UNDELETE)) {
+			return array(false, __("You are not allowed to undelete this comment."));
+		}
+
+		$q = "UPDATE PackageComments ";
+		$q.= "SET DelUsersID = NULL, ";
+		$q.= "DelTS = NULL ";
+		$q.= "WHERE ID = ".intval($comment_id);
+		$dbh->exec($q);
+		return array(true, __("Comment has been undeleted."));
+	} else {
+		if (!can_delete_comment($comment_id)) {
+			return array(false, __("You are not allowed to delete this comment."));
+		}
+
 		$q = "UPDATE PackageComments ";
 		$q.= "SET DelUsersID = ".$uid.", ";
 		$q.= "DelTS = UNIX_TIMESTAMP() ";
 		$q.= "WHERE ID = ".intval($comment_id);
 		$dbh->exec($q);
 		return array(true, __("Comment has been deleted."));
-	} else {
-		return array(false, __("You are not allowed to delete this comment."));
 	}
 }
 
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index d05c512..c45e45b 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -53,6 +53,17 @@ if (!isset($count)) {
 		?>
 		<h4 id="comment-<?= $row['ID'] ?>"<?php if ($is_deleted): ?> class="comment-deleted"<?php endif; ?>>
 			<?= $heading ?>
+			<?php if ($is_deleted && has_credential(CRED_COMMENT_UNDELETE)): ?>
+				<form class="undelete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>">
+					<fieldset style="display:inline;">
+						<input type="hidden" name="action" value="do_UndeleteComment" />
+						<input type="hidden" name="comment_id" value="<?= $row['ID'] ?>" />
+						<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+						<input type="image" class="undelete-comment" src="/images/action-undo.min.svg" width="11" height="11" alt="<?= __('Undelete comment') ?>" title="<?= __('Undelete comment') ?>" name="submit" value="1" />
+					</fieldset>
+				</form>
+			<?php endif;?>
+
 			<?php if (!$is_deleted && can_delete_comment_array($row)): ?>
 				<form class="delete-comment-form" method="post" action="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name), ENT_QUOTES); ?>">
 					<fieldset style="display:inline;">