1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
package VNWeb::Discussions::PostEdit;
# Also used for editing review comments, which follow the exact same format.
use VNWeb::Prelude;
use VNWeb::Discussions::Lib;
my $FORM = {
id => { vndbid => ['t','w'] },
num => { id => 1 },
can_mod => { anybool => 1, _when => 'out' },
hidden => { anybool => 1 }, # When can_mod
nolastmod => { anybool => 1, _when => 'in' }, # When can_mod
delete => { anybool => 1 }, # When can_mod
msg => { maxlength => 32768 },
};
my $FORM_OUT = form_compile out => $FORM;
my $FORM_IN = form_compile in => $FORM;
sub _info {
my($id,$num) = @_;
tuwf->dbRowi('
SELECT t.id, tp.num, tp.hidden, tp.msg, tp.uid AS user_id,', sql_totime('tp.date'), 'AS date
FROM threads t
JOIN threads_posts tp ON tp.tid = t.id AND tp.num =', \$num, '
WHERE t.id =', \$id, 'AND', sql_visible_threads(),'
UNION ALL
SELECT id, num, hidden, msg, uid AS user_id,', sql_totime('date'), 'AS date
FROM reviews_posts WHERE id =', \$id, 'AND num =', \$num
);
}
elm_api DiscussionsPostEdit => $FORM_OUT, $FORM_IN, sub {
my($data) = @_;
my $id = $data->{id};
my $num = $data->{num};
my $t = _info $id, $num;
return tuwf->resNotFound if !$t->{id};
return elm_Unauth if !can_edit t => $t;
if($data->{delete} && auth->permBoardmod) {
auth->audit($t->{user_id}, 'post delete', "deleted $id.$num");
tuwf->dbExeci('DELETE FROM threads_posts WHERE tid =', \$id, 'AND num =', \$num);
tuwf->dbExeci('DELETE FROM reviews_posts WHERE id =', \$id, 'AND num =', \$num);
tuwf->dbExeci(q{DELETE FROM notifications WHERE iid =}, \$id, 'AND num =', \$num);
return elm_Redirect "/$id";
}
auth->audit($t->{user_id}, 'post edit', "edited $id.$num") if $t->{user_id} != auth->uid;
my $post = {
tid => $id,
num => $num,
msg => bb_subst_links($data->{msg}),
auth->permBoardmod ? (hidden => $data->{hidden}) : (),
(auth->permBoardmod && $data->{nolastmod}) ? () : (edited => sql 'NOW()')
};
tuwf->dbExeci('UPDATE threads_posts SET', $post, 'WHERE', { tid => $id, num => $num });
$post->{id} = delete $post->{tid};
tuwf->dbExeci('UPDATE reviews_posts SET', $post, 'WHERE', { id => $id, num => $num });
elm_Redirect "/$id.$num";
};
TUWF::get qr{/(?:$RE{tid}|$RE{wid})\.$RE{num}/edit}, sub {
my($id, $num) = (tuwf->capture('id'), tuwf->capture('num'));
tuwf->pass if $id =~ /^t/ && $num == 1; # t#.1 goes to Discussions::Edit.
my $t = _info $id, $num;
return tuwf->resNotFound if $id && !$t->{id};
return tuwf->resDenied if !can_edit t => $t;
$t->{can_mod} = auth->permBoardmod;
$t->{delete} = 0;
framework_ title => 'Edit post', sub {
elm_ 'Discussions.PostEdit' => $FORM_OUT, $t;
};
};
1;
|