Passed
Pull Request — master (#1923)
by Struan
50:21 queued 14:35
created

COMMENT::delete()   A

Complexity

Conditions 3
Paths 3

Size

Total Lines 26
Code Lines 17

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 0
CRAP Score 12

Importance

Changes 0
Metric Value
cc 3
eloc 17
nc 3
nop 0
dl 0
loc 26
ccs 0
cts 0
cp 0
crap 12
rs 9.7
c 0
b 0
f 0
1
<?php
2
3
/* A class for doing things with single comments.
4
5
    To access stuff about an existing comment you can do something like:
6
        $COMMENT = new COMMENT(37);
7
        $COMMENT->display();
8
    Where '37' is the comment_id.
9
10
    To create a new comment you should get a $data array prepared of
11
    the key/value pairs needed to create a new comment and do:
12
        $COMMENT = new COMMENT;
13
        $COMMENT->create ($data);
14
15
    You can delete a comment by doing $COMMENT->delete() (it isn't actually
16
    deleted from the database, just set to invisible.
17
18
    You can also do $COMMENT->set_modflag() which happens when a user
19
    posts a report about a comment. The flag is unset when/if the report is
20
    rejected.
21
22
*/
23
24
25
26
class COMMENT {
27
    public $comment_id = '';
28
    public $user_id = '';
29
    public $epobject_id = '';
30
    public $body = '';
31
    public $posted = '';
32
    public $visible = false;
33
    public $modflagged = null;	// Is a datetime when set.
34
    public $firstname = '';	// Of the person who posted it.
35
    public $lastname = '';
36
    public $url = '';
37
38
    // So that after trying to init a comment, we can test for
39
    // if it exists in the DB.
40
    public $exists = false;
41
42
43
    public function __construct($comment_id = '') {
44 3
45
        $this->db = new ParlDB();
0 ignored issues
show
Bug Best Practice introduced by
The property db does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.
Loading history...
46 3
47
        // Set in init.php
48
        if (ALLOWCOMMENTS == true) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
introduced by
The condition ALLOWCOMMENTS == true is always true.
Loading history...
49 3
            $this->comments_enabled = true;
0 ignored issues
show
Bug Best Practice introduced by
The property comments_enabled does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.
Loading history...
50 3
        } else {
51
            $this->comments_enabled = false;
52
        }
53
54
55
        if (is_numeric($comment_id)) {
56 3
            // We're getting the data for an existing comment from the DB.
57
58
            $q = $this->db->query(
59 3
                "SELECT user_id,
60
                                    epobject_id,
61
                                    body,
62
                                    posted,
63
                                    visible,
64
                                    modflagged
65
                            FROM	comments
66
                            WHERE 	comment_id=:comment_id",
67 3
                [':comment_id' => $comment_id]
68
            )->first();
69 3
70
            if ($q) {
71 3
72 3
                $this->comment_id 	= $comment_id;
73 3
                $this->user_id		= $q['user_id'];
74 3
                $this->epobject_id	= $q['epobject_id'];
75 3
                $this->body			= $q['body'];
76 3
                $this->posted		= $q['posted'];
77 3
                $this->visible		= $q['visible'];
78
                $this->modflagged	= $q['modflagged'];
79
80 3
                // Sets the URL and username for this comment. Duh.
81 3
                $this->_set_url();
82
                $this->_set_username();
83 3
84
                $this->exists = true;
85
            } else {
86
                $this->exists = false;
87
            }
88 3
        }
89
    }
90
91
92
    // Use these for accessing the object's variables externally.
93
    public function comment_id() {
94
        return $this->comment_id;
95
    }
96
    public function user_id() {
97
        return $this->user_id;
98
    }
99
    public function epobject_id() {
100
        return $this->epobject_id;
101
    }
102
    public function body() {
103
        return $this->body;
104
    }
105
    public function posted() {
106
        return $this->posted;
107
    }
108
    public function visible() {
109
        return $this->visible;
110
    }
111
    public function modflagged() {
112
        return $this->modflagged;
113
    }
114
    public function exists() {
115
        return $this->exists;
116
    }
117
    public function firstname() {
118
        return $this->firstname;
119
    }
120
    public function lastname() {
121
        return $this->lastname;
122
    }
123
    public function url() {
124
        return $this->url;
125
    }
126
127
    public function comments_enabled() {
128
        return $this->comments_enabled;
129
    }
130
131
132
    public function create($data) {
133
        // Inserts data for this comment into the database.
134
        // $data has 'epobject_id' and 'body' elements.
135
        // Returns the new comment_id if successful, false otherwise.
136
137
        global $THEUSER, $PAGE;
138
139
        if ($this->comments_enabled() == false) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
140
            $PAGE->error_message("Sorry, the posting of annotations has been temporarily disabled.");
141
            return;
142
        }
143
144
        if (!$THEUSER->is_able_to('addcomment')) {
145
            $message = 	[
146
                'title' => 'Sorry',
147
                'text' => 'You are not allowed to post annotations.',
148
            ];
149
            $PAGE->error_message($message);
150
            return false;
151
        }
152
153
        if (!is_numeric($data['epobject_id'])) {
154
            $message = [
155
                'title' => 'Sorry',
156
                'text' => "We don't have an epobject id.",
157
            ];
158
            $PAGE->error_message($message);
159
            return false;
160
        }
161
162
        if ($data['body'] == '') {
163
            $message = [
164
                'title' => 'Whoops!',
165
                'text' => "You haven't entered an annotation!",
166
            ];
167
            $PAGE->error_message($message);
168
            return false;
169
        }
170
171
        // OK, let's get on with it...
172
173
        // Tidy up the HTML tags
174
        // (but we don't make URLs into links; only when displaying the comment).
175
        $body = filter_user_input($data['body'], 'comment'); // In utility.php
176
177
        $posted = date('Y-m-d H:i:s', time());
178
179
180
        $q_gid = $this->db->query("select gid from hansard where epobject_id = :epobject_id", [':epobject_id' => $data['epobject_id']]);
181
        $data['gid'] = $q_gid->field(0, 'gid');
182
183
        $q = $this->db->query(
184
            "INSERT INTO comments
185
            (user_id, epobject_id, body, posted, visible, original_gid)
186
            VALUES
187
            (
188
            :user_id,
189
            :epobject_id,
190
            :body,
191
            :posted,
192
            1,
193
            :gid
194
            )",
195
            [
196
                ':user_id' => $THEUSER->user_id(),
197
                ':epobject_id' => $data['epobject_id'],
198
                ':body' => $body,
199
                ':posted' => $posted,
200 3
                ':gid' => $data['gid'],
201 3
            ]
202
        );
203
204 3
        if ($q->success()) {
205
            // Set the object varibales up.
206 3
            $this->comment_id 	= $q->insert_id();
207
            $this->user_id	  	= $THEUSER->user_id();
208
            $this->epobject_id 	= $data['epobject_id'];
209
            $this->body			= $data['body'];
210 3
            $this->posted		= $posted;
211
            $this->visible		= 1;
212 3
213
            return $this->comment_id();
214
215
        } else {
216
            return false;
217
        }
218
    }
219
220
221
    public function display($format = 'html', $template = 'comments') {
222
        $data['comments'][0] =  [
0 ignored issues
show
Comprehensibility Best Practice introduced by
$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.
Loading history...
223
            'comment_id'	=> $this->comment_id,
224
            'user_id'		=> $this->user_id,
225
            'epobject_id'	=> $this->epobject_id,
226 3
            'body'			=> $this->body,
227
            'posted'		=> $this->posted,
228
            'modflagged'	=> $this->modflagged,
229
            'url'			=> $this->url,
230 3
            'firstname'		=> $this->firstname,
231
            'lastname'		=> $this->lastname,
232
            'visible'		=> $this->visible,
233 3
        ];
234 3
235
        // Use the same renderer as the COMMENTLIST class.
236
        $COMMENTLIST = new COMMENTLIST();
237
        $COMMENTLIST->render($data, $format, $template);
238 3
239
    }
240 3
241 3
242 3
    public function set_modflag($switch) {
243
        // $switch is either 'on' or 'off'.
244
        // The comment's modflag goes to on when someone reports the comment.
245 3
        // It goes to off when a commentreport has been resolved but the
246
        // comment HASN'T been deleted.
247
        global $PAGE;
248
249
        if ($switch == 'on') {
250
            $date = gmdate("Y-m-d H:i:s");
251
            $flag = "'$date'";
252
253
        } elseif ($switch == 'off') {
254
            $date = null;
255
            $flag = 'NULL';
256
257
        } else {
258
            $PAGE->error_message("Why are you trying to switch this comment's modflag to '" . _htmlentities($switch) . "'!");
259
        }
260
261
        $q = $this->db->query("UPDATE comments
262
                        SET		modflagged = $flag
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $flag does not seem to be defined for all execution paths leading up to this point.
Loading history...
263
                        WHERE 	comment_id = '" . $this->comment_id . "'
264
                        ");
265
266
        if ($q->success()) {
267
            $this->modflagged = $date;
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $date does not seem to be defined for all execution paths leading up to this point.
Loading history...
268
            return true;
269
        } else {
270
            $message =  [
271
                'title' => 'Sorry',
272
                'text' => "We couldn't update the annotation's modflag.",
273
            ];
274
            $PAGE->error_message($message);
275
            return false;
276
        }
277
278
    }
279
280
281
    public function delete() {
282
        // Mark the comment as invisible.
283
284
        global $THEUSER, $PAGE;
285
286
        if ($THEUSER->is_able_to('deletecomment')) {
287
            $q = $this->db->query("UPDATE comments SET visible = '0' WHERE comment_id = '" . $this->comment_id . "'");
288
289
            if ($q->success()) {
290
                return true;
291
            } else {
292
                $message =  [
293
                    'title' => 'Sorry',
294
                    'text' => "We were unable to delete the annotation.",
295
                ];
296
                $PAGE->error_message($message);
297
                return false;
298
            }
299
300
        } else {
301
            $message =  [
302
                'title' => 'Sorry',
303
                'text' => "You are not authorised to delete annotations.",
304
            ];
305
            $PAGE->error_message($message);
306
            return false;
307
        }
308
309
    }
310
311
312
313
    public function _set_url() {
314
        global $hansardmajors;
315
        // Creates and sets the URL for the comment.
316
317
        if ($this->url == '') {
318
319
            $q = $this->db->query(
320
                "SELECT major,
321
                                    gid
322
                            FROM	hansard
323
                            WHERE	epobject_id = :epobject_id",
324
                [':epobject_id' => $this->epobject_id]
325
            )->first();
326
327
            if ($q) {
328
                // If you change stuff here, you might have to change it in
329
                // $COMMENTLIST->_get_comment_data() too...
330
331
                $gid = fix_gid_from_db($q['gid']); // In includes/utility.php
332
333
                $major = $q['major'];
334
                $page = $hansardmajors[$major]['page'];
335
336
                $URL = new \MySociety\TheyWorkForYou\Url($page);
337
                $URL->insert(['id' => $gid]);
338
                $this->url = $URL->generate() . '#c' . $this->comment_id;
339
            }
340
        }
341
    }
342
343
344
345
    public function _set_username() {
346
        // Gets and sets the user's name who posted the comment.
347
348
        if ($this->firstname == '' && $this->lastname == '') {
349
            $q = $this->db->query(
350
                "SELECT firstname,
351
                                    lastname
352
                            FROM	users
353
                            WHERE	user_id = :user_id",
354
                [':user_id' => $this->user_id]
355
            )->first();
356
357
            if ($q) {
358
                $this->firstname = $q['firstname'];
359
                $this->lastname = $q['lastname'];
360
            }
361
        }
362
    }
363
364
365
366
367
}
368