Implement comment deletion

Author: carlbennett

src/controllers/Comment/Delete.php

@@ -0,0 +1,137 @@
+<?php
+
+namespace BNETDocs\Controllers\Comment;
+
+use \BNETDocs\Libraries\CSRF;
+use \BNETDocs\Libraries\Comment;
+use \BNETDocs\Libraries\Common;
+use \BNETDocs\Libraries\Controller;
+use \BNETDocs\Libraries\Exceptions\CommentNotFoundException;
+use \BNETDocs\Libraries\Exceptions\UnspecifiedViewException;
+use \BNETDocs\Libraries\Logger;
+use \BNETDocs\Libraries\Router;
+use \BNETDocs\Libraries\UserSession;
+use \BNETDocs\Models\Comment\Delete as CommentDeleteModel;
+use \BNETDocs\Views\Comment\DeleteHtml as CommentDeleteHtmlView;
+use \InvalidArgumentException;
+use \UnexpectedValueException;
+
+class Delete extends Controller {
+
+  public function run(Router &$router) {
+    switch ($router->getRequestPathExtension()) {
+      case "htm": case "html": case "":
+        $view = new CommentDeleteHtmlView();
+      break;
+      default:
+        throw new UnspecifiedViewException();
+    }
+
+    $data                = $router->getRequestQueryArray();
+    $model               = new CommentDeleteModel();
+    $model->comment      = null;
+    $model->csrf_id      = mt_rand();
+    $model->csrf_token   = CSRF::generate($model->csrf_id);
+    $model->error        = null;
+    $model->id           = (isset($data["id"]) ? $data["id"] : null);
+    $model->parent_id    = null;
+    $model->parent_type  = null;
+    $model->title        = null;
+    $model->user_session = UserSession::load($router);
+
+    try { $model->comment = new Comment($model->id); }
+    catch (CommentNotFoundException $e) { $model->comment = null; }
+    catch (InvalidArgumentException $e) { $model->comment = null; }
+
+    if ($model->comment === null) {
+      $model->error = "NOT_FOUND";
+    } else {
+      $model->content     = $model->comment->getContent(true);
+      $model->parent_type = $model->comment->getParentType();
+      $model->parent_id   = $model->comment->getParentId();
+
+      if ($router->getRequestMethod() == "POST") {
+        $this->tryDelete($router, $model);
+      }
+    }
+
+    ob_start();
+    $view->render($model);
+    $router->setResponseCode(200);
+    $router->setResponseTTL(0);
+    $router->setResponseHeader("Content-Type", $view->getMimeType());
+    $router->setResponseContent(ob_get_contents());
+    ob_end_clean();
+  }
+
+  protected function tryDelete(Router &$router, CommentDeleteModel &$model) {
+    if (!isset($model->user_session)) {
+      $model->error = "NOT_LOGGED_IN";
+      return;
+    }
+
+    $data       = $router->getRequestBodyArray();
+    $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
+    $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
+    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
+
+    if (!$csrf_valid) {
+      $model->error = "INVALID_CSRF";
+      return;
+    }
+    CSRF::invalidate($csrf_id);
+
+    $model->error = false;
+
+    $id           = (int) $model->id;
+    $parent_type  = (int) $model->parent_type;
+    $parent_id    = (int) $model->parent_id;
+    $user_id      = $model->user_session->user_id;
+
+    $log_key = "";
+    switch ($parent_type) {
+      case Comment::PARENT_TYPE_DOCUMENT:  $log_key = "_document"; break;
+      case Comment::PARENT_TYPE_COMMENT:   $log_key = "_comment";  break;
+      case Comment::PARENT_TYPE_NEWS_POST: $log_key = "_news";     break;
+      case Comment::PARENT_TYPE_PACKET:    $log_key = "_packet";   break;
+      case Comment::PARENT_TYPE_SERVER:    $log_key = "_server";   break;
+      case Comment::PARENT_TYPE_USER:      $log_key = "_user";     break;
+      default: throw new UnexpectedValueException(
+        "Parent type: " . $parent_type
+      );
+    }
+
+    try {
+
+      $success = Comment::delete($id, $parent_type, $parent_id);
+
+    } catch (QueryException $e) {
+
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException($e);
+
+      $success = false;
+
+    }
+
+    if (!$success) {
+      $model->error = "INTERNAL_ERROR";
+    } else {
+      $model->error = false;
+    }
+
+    Logger::logEvent(
+      "comment_deleted" . $log_key,
+      $user_id,
+      getenv("REMOTE_ADDR"),
+      json_encode([
+        "error"       => $model->error,
+        "comment_id"  => $id,
+        "parent_type" => $parent_type,
+        "parent_id"   => $parent_id
+      ])
+    );
+  }
+
+}

src/libraries/Comment.php

@@ -91,6 +91,31 @@ public static function create($parent_type, $parent_id, $user_id, $content) {
     }
   }
 
+  public static function delete($id, $parent_type, $parent_id) {
+    if (!isset(Common::$database)) {
+      Common::$database = DatabaseDriver::getDatabaseObject();
+    }
+    $successful = false;
+    try {
+      $stmt = Common::$database->prepare("
+        DELETE FROM `comments` WHERE `id` = :id LIMIT 1;
+      ");
+      $stmt->bindParam(":id", $id, PDO::PARAM_INT);
+      $successful = $stmt->execute();
+      $stmt->closeCursor();
+      if ($successful) {
+        Common::$cache->delete("bnetdocs-comment-" . (int) $id);
+        Common::$cache->delete(
+          "bnetdocs-comment-" . (int) $parent_type . "-" . (int) $parent_id
+        );
+      }
+    } catch (PDOException $e) {
+      throw new QueryException("Cannot delete comment", $e);
+    } finally {
+      return $successful;
+    }
+  }
+
   public static function getAll($parent_type, $parent_id) {
     $ck = "bnetdocs-comment-" . $parent_type . "-" . $parent_id;
     $cv = Common::$cache->get($ck);

src/libraries/Router.php

@@ -4,6 +4,7 @@
 
 use \BNETDocs\Controllers\Attachment\Download as AttachmentDownloadController;
 use \BNETDocs\Controllers\Comment\Create as CommentCreateController;
+use \BNETDocs\Controllers\Comment\Delete as CommentDeleteController;
 use \BNETDocs\Controllers\Credits as CreditsController;
 use \BNETDocs\Controllers\Document\Create as DocumentCreateController;
 use \BNETDocs\Controllers\Document\Delete as DocumentDeleteController;
@@ -275,6 +276,9 @@ public function route(Pair &$redirect = null) {
               case "create":
                 $controller = new CommentCreateController();
               break;
+              case "delete": case "delete.htm": case "delete.html":
+                $controller = new CommentDeleteController();
+              break;
               default:
                 throw new ControllerNotFoundException(
                   $path . "/" . $subpath

src/models/Comment/Delete.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace BNETDocs\Models\Comment;
+
+use \BNETDocs\Libraries\Model;
+
+class Delete extends Model {
+
+  public $acl_allowed;
+  public $comment;
+  public $csrf_id;
+  public $csrf_token;
+  public $error;
+  public $id;
+  public $parent_id;
+  public $parent_type;
+  public $title;
+  public $user;
+  public $user_session;
+
+  public function __construct() {
+    parent::__construct();
+    $this->acl_allowed  = null;
+    $this->comment      = null;
+    $this->csrf_id      = null;
+    $this->csrf_token   = null;
+    $this->error        = null;
+    $this->id           = null;
+    $this->parent_id    = null;
+    $this->parent_type  = null;
+    $this->title        = null;
+    $this->user         = null;
+    $this->user_session = null;
+  }
+
+}

src/templates/Comment/Delete.phtml

@@ -0,0 +1,76 @@
+<?php
+namespace BNETDocs\Templates;
+
+use \BNETDocs\Libraries\Pair;
+
+$title       = "Delete Comment";
+$description = "This form allows an individual to delete a comment.";
+
+$this->opengraph->attach(new Pair("url", "/comment/delete"));
+$this->opengraph->attach(new Pair("type", "article"));
+
+switch ($this->getContext()->error) {
+  case "ACL_NOT_SET":
+    $message = "You do not have the privilege to delete comments.";
+    break;
+  case "NOT_FOUND":
+    $message = "Cannot find comment by that id.";
+    break;
+  case "NOT_LOGGED_IN":
+    $message = "You must be logged in to delete comments.";
+    break;
+  case "INVALID_CSRF":
+    $message = "The Cross-Site Request Forgery token was invalid. Either the "
+      . "delete comment form expired, or this may have been a malicious "
+      . "attempt to delete a comment.";
+    break;
+  case "INTERNAL_ERROR":
+    $message = "An internal error occurred while processing your request. "
+      . "Our staff has been notified of the issue. Try again later.";
+    break;
+  default:
+    $message = $this->getContext()->error;
+}
+
+$c             = $this->getContext()->comment;
+$c_id          = $c->getId();
+$c_user        = $c->getUser();
+$c_user_id     = $c->getUserId();
+$c_user_name   = $c_user->getName();
+$c_user_url    = $c_user->getURI();
+$c_user_avatar = $c_user->getAvatarURI(22);
+
+$this->additional_css[] = "/a/comments.css";
+$this->additional_css[] = "/a/forms.css";
+require("./header.inc.phtml");
+?>
+      <article>
+<?php if (is_null($this->getContext()->error)) { ?>
+        <header>Delete Comment</header>
+        <form method="POST" action="?id=<?php echo $this->getContext()->id; ?>">
+          <input type="hidden" name="csrf_id" value="<?php echo $this->getContext()->csrf_id; ?>"/>
+          <input type="hidden" name="csrf_token" value="<?php echo $this->getContext()->csrf_token; ?>"/>
+          <section>
+            <p>Are you sure you wish to delete this comment?</p>
+            <hr/><table class="comments"><tbody>
+              <tr><td><a href="<?php echo $c_user_url; ?>"><img class="avatar" src="<?php echo $c_user_avatar; ?>"/> <?php echo filter_var($c_user_name, FILTER_SANITIZE_STRING); ?></a><br/><time class="comment_timestamp" datetime="<?php echo $c->getCreatedDateTime()->format("c"); ?>"><?php echo $c->getCreatedDateTime()->format("D M j, Y g:ia T"); ?></time></td><td><?php echo $c->getContent(true); ?></td></tr>
+            </tbody></table><hr/>
+            <p><input type="submit" value="Delete Comment" tabindex="1" autofocus="autofocus"/></p>
+          </section>
+        </form>
+<?php } else if ($this->getContext()->error === false) { ?>
+        <header class="green">Comment Deleted</header>
+        <section class="green">
+          <p>You have successfully deleted the comment!</p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } else { ?>
+        <header class="red">Delete Comment</header>
+        <section class="red">
+          <p>An error occurred while attempting to delete the comment.</p>
+          <p><?php echo $message; ?></p>
+          <p>Use the navigation to the left to move to another page.</p>
+        </section>
+<?php } ?>
+      </article>
+<?php require("./footer.inc.phtml"); ?>

src/views/Comment/DeleteHtml.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace BNETDocs\Views\Comment;
+
+use \BNETDocs\Libraries\Common;
+use \BNETDocs\Libraries\Exceptions\IncorrectModelException;
+use \BNETDocs\Libraries\Model;
+use \BNETDocs\Libraries\Template;
+use \BNETDocs\Libraries\View;
+use \BNETDocs\Models\Comment\Delete as CommentDeleteModel;
+
+class DeleteHtml extends View {
+
+  public function getMimeType() {
+    return "text/html;charset=utf-8";
+  }
+
+  public function render(Model &$model) {
+    if (!$model instanceof CommentDeleteModel) {
+      throw new IncorrectModelException();
+    }
+    (new Template($model, "Comment/Delete"))->render();
+  }
+
+}