Comment content can be updated.

2024-11-23 13:59:29 +00:00 · 2018-01-27 18:19:30 +01:00 · 2018-01-27 18:19:30 +01:00 · ddd0421592
commit ddd0421592
parent 00c61345d8
2 changed files with 70 additions and 0 deletions
--- a/RestControllers/commentsController.php
+++ b/RestControllers/commentsController.php
@ -7,6 +7,29 @@

 class commentsController {

+	/**
+	 * Edit a comment content
+	 * 
+	 * @url POST /comments/edit
+	 */
+	public function edit_comment(){
+
+		user_login_required();
+
+		//Get comment ID
+		$commentID = $this->getPostCommentIDWithFullAccess("commentID");
+
+		//Get comment content$
+		$new_content = $this->get_comment_content("content");
+
+		//Update comment content
+		if(!components()->comments->edit($commentID, $new_content))
+			Rest_fatal_error(500, "Could not update comment content !");
+		
+		//Success
+		return array("success" => "The comment has been updated !");
+	}
+
 	/**
 	 * Delete a comment
 	 * 
@ -47,4 +70,28 @@ class commentsController {
 		//Return comment ID
 		return $commentID;
 	}
+
+	/**
+	 * Get a comment content from $_POST field
+	 * 
+	 * @param string $name The name of post field containing the commment content
+	 * @return string The comment content, if it passed security checks
+	 */
+	private function get_comment_content(string $name) : string {
+
+		//Get comment content
+		if(!isset($_POST[$name]))
+			Rest_fatal_error(400, "Please specify the new content of the comment!");
+		$comment_content = (string) $_POST[$name];
+
+		//Perform security check
+		if(!check_string_before_insert($comment_content))
+			Rest_fatal_error(400, "Please check new comment content !");
+		
+		//Make the comment secure before insertion
+		$comment_content = removeHTMLnodes($comment_content);
+
+		//Return comment conent
+		return $comment_content;
+	}
 }
--- a/classes/components/comments.php
+++ b/classes/components/comments.php
@ -153,6 +153,29 @@ class Comments {

 	}

+	/**
+	 * Edit a comment content
+	 * 
+	 * @param int $commentID The ID of the comment to update
+	 * @param string $content The new content for the comment
+	 * @return bool TRUE for a success / FALSE else
+	 */
+	public function edit(int $commentID, string $content) : bool {
+
+		//Perform a request on the database
+		$newValues = array(
+			"commentaire" => $content
+		);
+
+		//Try to perform request
+		return CS::get()->db->updateDB(
+			$this::COMMENTS_TABLE, 
+			"ID = ?", 
+			$newValues, 
+			array($commentID));
+
+	}
+
 	/**
 	 * Get the ID of the post associated to a comment
 	 *