OpenACS

maltes
committed
oacs-5-2:maltes:20070406074723
on 06 Apr 07
Changed to use the procedure and allow deleting of comments for non admins (so the blog owner can delete the comments on his/her blogs witho… Show more
Changed to use the procedure and allow deleting of comments for non admins (so the blog owner can delete the comments on his/her blogs without the need to be admin of the general comments package

Show less

openacs-4/.../general-comments/www/comment-add-3.tcl (+12 -59)
17 17     { category "" }
18 18     { return_url "" }
19 19     { attach_p "f" }
20 20 }   
21 21
22 22 # This authentication actually is not necessary anymore due to the fact that we already check for the permission
23 23 # afterwards, so it should be enough to query the user_id from the connection to allow anonymous users who have
24 24 # create permissions to access the site.
25 25
26 26 # authenticate the user
27 27 # set user_id [auth::require_login]
28 28
29 29 set user_id [ad_conn user_id]
30 30
31 31 # check to see if the user can create comments on this object
32 32 ad_require_permission $object_id general_comments_create
33 33
34 34 # insert the comment into the database
35 35 set creation_ip [ad_conn peeraddr]
36 36 set is_live [ad_parameter AutoApproveCommentsP {general-comments} {t}]
37   db_transaction {
38       db_exec_plsql insert_comment {
39           begin
40               :1 := acs_message.new (
41                   message_id    => :comment_id,
42                   title         => :title,
43                   mime_type     => :comment_mime_type,
44                   data          => empty_blob(),
45                   context_id    => :context_id,
46                   creation_user => :user_id,
47                   creation_ip   => :creation_ip,
48                   is_live       => :is_live
49               );
50           end;
51       }
52 37
53       db_dml add_entry {
54           insert into general_comments
55               (comment_id,
56                object_id,
57                category)
58           values
59               (:comment_id,
60                :object_id,
61                :category)
62       }
  38 general_comment_new \
  39     -object_id $object_id \
  40     -comment_id $comment_id \
  41     -title $title \
  42     -comment_mime_type $comment_mime_type \
  43     -context_id $context_id \
  44     -user_id $user_id \
  45     -creation_ip $creation_ip \
  46     -is_live $is_live \
  47     -category $category \
  48     -content $content
63 49
64       db_1row get_revision {
65           select content_item.get_latest_revision(:comment_id) as revision_id
66           from dual
67       } 
68  
69       db_dml set_content {
70           update cr_revisions
71              set content = empty_blob()
72            where revision_id = :revision_id
73        returning content into :1
74       } -blobs [list $content]
75  
76       # Grant the user sufficient permissions to
77       # created comment. This is done here to ensure that
78       # a fail on permissions granting will not leave
79       # the comment with incorrect permissions.
80       db_exec_plsql grant_permission {
81           begin
82               acs_permission.grant_permission (
83                   object_id  => :comment_id,
84                   grantee_id => :user_id,
85                   privilege  => 'read'
86               );
87               acs_permission.grant_permission (
88                   object_id  => :comment_id,
89                   grantee_id => :user_id,
90                   privilege  => 'write'
91               );
92  
93           end;
94       }
95   }
96  
97 50 if { [string equal $attach_p "f"] && ![empty_string_p $return_url] } {
98 51     ad_returnredirect $return_url
99 52 } else {
100 53     ad_returnredirect "view-comment?[export_vars { comment_id return_url }]"
101 54 }