From 8a5c541b554a042436a30202c9073c93017f5d3f Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sat, 22 Jul 2006 04:29:33 +0000
Subject: [PATCH] r931: - You can now delete bugs and comments - Added a
 Message_Reporter::confirm() method - Addend an extra candeletedata permission
 to make deletion its own separate bit

---
 admin/permission.php                |  3 +-
 admin/usergroup.php                 |  3 +-
 docs/changes.txt                    |  1 +
 editcomment.php                     | 41 +++++++++++++++++++++----
 editreport.php                      | 46 ++++++++++++++++++++++-------
 includes/class_message_reporter.php | 31 +++++++++++++++++++
 includes/permissions.php            |  3 +-
 showreport.php                      |  1 +
 templates/showreport.tpl            |  1 +
 templates/showreport_comment.tpl    |  1 +
 templates/std_message.tpl           | 24 +++++++++++++--
 11 files changed, 135 insertions(+), 20 deletions(-)

diff --git a/admin/permission.php b/admin/permission.php
index 5ed11c0..ccf7327 100755
--- a/admin/permission.php
+++ b/admin/permission.php
@@ -58,7 +58,8 @@ $permissions = array(
 		'caneditownreply' => $lang->string('Can Edit Own Comments'),
 		'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
 		'canassign' => $lang->string('Can Assign Bugs'),
-		'canchangestatus' => $lang->string('Can Change Status')
+		'canchangestatus' => $lang->string('Can Change Status'),
+		'candeletedata' => $lang->string('Can Delete Bugs and Comments')
 	)
 );
 
diff --git a/admin/usergroup.php b/admin/usergroup.php
index 68fe658..bdda866 100755
--- a/admin/usergroup.php
+++ b/admin/usergroup.php
@@ -60,7 +60,8 @@ $permissions = array(
 		'caneditownreply' => $lang->string('Can Edit Own Comments'),
 		'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
 		'canassign' => $lang->string('Can Assign Bugs'),
-		'canchangestatus' => $lang->string('Can Change Status')
+		'canchangestatus' => $lang->string('Can Change Status'),
+		'candeletedata' => $lang->string('Can Delete Bugs and Comments')
 	),
 	
 	$lang->string('Administrator Permissions') => array(
diff --git a/docs/changes.txt b/docs/changes.txt
index 3aca7ad..4b2ab4e 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -26,6 +26,7 @@
 	- Usergroup
 	- User help
 - Added support for DST observation (http://bugs.iris-studios.com/showreport.php?bugid=22)
+- Data (bugs and comments) can now be removed (http://bugs.iris-studios.com/showreport.php?bugid=16)
 
 1.0.2
 ==================
diff --git a/editcomment.php b/editcomment.php
index 40c41fa..0907b45 100644
--- a/editcomment.php
+++ b/editcomment.php
@@ -42,11 +42,6 @@ $comment =& $commentapi->objdata;
 
 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $comment[bugid]");
 
-if (!((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
-{
-	$message->error_permission();
-}
-
 if ($bug['hidden'] AND !can_perform('canviewhidden', $bug['productid']))
 {
 	$message->error_permissison();
@@ -61,8 +56,39 @@ if (empty($_REQUEST['do']))
 
 // ###################################################################
 
+if ($_POST['do'] == 'kill')
+{
+	if (!can_perform('candeletedata', $bug['productid']))
+	{
+		$message->error_permission();
+	}
+	
+	$commentapi->delete();
+	
+	$message->redirect($lang->string('The comment has been deleted. You will be redirected back to the bug.'), 'showreport.php?bugid=' . $bug['bugid']);
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'delete')
+{
+	if (!can_perform('candeletedata', $bug['productid']))
+	{
+		$message->error_permission();
+	}
+	
+	$message->confirm($lang->string('Are you sure you want to delete this comment? After you do so, the data <strong>will</strong> be lost forever. We recommend only deleting spam comments and nothing else.'), 'editcomment.php', 'kill', $lang->string('Delete Comment'), 'showreport.php?bugid=' . $bug['bugid'], array('commentid' => $comment['commentid']));
+}
+
+// ###################################################################
+
 if ($_POST['do'] == 'update')
 {
+	if (!((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
+	{
+		$message->error_permission();
+	}
+	
 	$commentapi->set('comment',	$bugsys->in['comment']);
 	$commentapi->set('hidden',	$bugsys->in['hidden']);
 	
@@ -118,6 +144,11 @@ if ($_POST['do'] == 'update')
 
 if ($_REQUEST['do'] == 'edit')
 {
+	if (!((can_perform('caneditownreply', $bug['productid']) AND $bugsys->userinfo['userid'] == $comment['userid']) OR (can_perform('caneditotherreply', $bug['productid']) AND $bugsys->userinfo['userid'] != $comment['userid'])))
+	{
+		$message->error_permission();
+	}
+	
 	$comment['posttime'] = $datef->format($bugsys->options['dateformat'], $comment['dateline']);
 	$comment['postby'] = construct_user_display($commentapi->relations['userid']->objdata);
 	$comment['comment'] = $bugsys->sanitize($comment['comment']);
diff --git a/editreport.php b/editreport.php
index 8edee83..4e991be 100644
--- a/editreport.php
+++ b/editreport.php
@@ -42,11 +42,6 @@ $bug = $db->query_first("
 	WHERE bug.bugid = " . $bugsys->input_clean('bugid', TYPE_UINT)
 );
 
-if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])) AND !can_perform('canpostcomments', $bug['productid']))
-{
-	$message->error_permission();
-}
-
 if (!$bug)
 {
 	$message->error($lang->getlex('error_invalid_id'));
@@ -79,15 +74,46 @@ $bugfields = array(
 
 $notif = new NotificationCenter;
 
+$bugapi = new BugAPI($bugsys);
+$bugapi->set('bugid',		$bugsys->in['bugid']);
+$bugapi->set_condition();
+$bugapi->dorelations = array();
+$bugapi->fetch();
+
+// ###################################################################
+
+if ($_POST['do'] == 'kill')
+{
+	if (!can_perform('candeletedata', $bug['productid']))
+	{
+		$message->error_permission();
+	}
+	
+	$bugapi->delete();
+	
+	$message->redirect($lang->string('The entire bug has been deleted.'), 'index.php');
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'delete')
+{
+	if (!can_perform('candeletedata', $bug['productid']))
+	{
+		$message->error_permission();
+	}
+	
+	$message->confirm($lang->string('Are you sure you want to delete this bug? Doing so will <strong>destroy</strong> all associated data, including comments, attachments, and votes. We strongly recommend only deleting span records and nothing else as users may wish to go back and look at any bug to check its status.'), 'editreport.php', 'kill', $lang->string('Delete Bug Permanently'), 'showreport.php?bugid=' . $bug['bugid'], array('bugid' => $bug['bugid']));
+}
+
 // ###################################################################
 
 if ($_POST['do'] == 'update')
 {
-	$bugapi = new BugAPI($bugsys);
-	$bugapi->set('bugid',		$bugsys->in['bugid']);
-	$bugapi->set_condition();
-	$bugapi->dorelations = array();
-	$bugapi->fetch();
+	if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])) AND !can_perform('canpostcomments', $bug['productid']))
+	{
+		$message->error_permission();
+	}
 	
 	$log->add_data(true, $bugapi->objdata, $bugfields);
 	
diff --git a/includes/class_message_reporter.php b/includes/class_message_reporter.php
index 7c7c5a3..c449c0a 100755
--- a/includes/class_message_reporter.php
+++ b/includes/class_message_reporter.php
@@ -153,6 +153,37 @@ class Message_Reporter
 		exit;
 	}
 	
+	// ###################################################################
+	/**
+	* Displays a standard message template with extra confirm data on it
+	*
+	* @access	public
+	*
+	* @param	string	Message to confirm to
+	* @param	string	Form action
+	* @param	string	Do branch
+	* @param	string	Button text
+	* @param	string	Cancel action
+	* @param	array	Extra hidden information
+	*/
+	function confirm($message, $action, $do, $button, $cancel, $arrextra)
+	{
+		global $bugsys;
+		global $doctype, $header, $headinclude, $footer, $focus, $show, $stylevar;
+		
+		$show['confirm'] = true;
+		
+		$this->process = $message;
+		
+		foreach ($arrextra AS $name => $value)
+		{
+			$extra .= '<input type="hidden" name="' . $name . '" value="' . $value . '" />' . "\n";
+		}
+		
+		eval('$bugsys->template->flush("' . $bugsys->template->fetch('std_message') . '");');
+		exit;
+	}
+	
 	/**
 	* Checks to make sure that there is some text in the processed variable
 	*/
diff --git a/includes/permissions.php b/includes/permissions.php
index 5783485..dbd17e4 100644
--- a/includes/permissions.php
+++ b/includes/permissions.php
@@ -43,7 +43,8 @@ $bugsys->permissions = array(
 	'canbeassignedto'	=> 1048576, // can be assigned bugs,
 	'caneditattach'		=> 2097152, // can edit attachments
 	'canviewhidden'		=> 4194304, // can see hidden bugs
-	'caneditotherreply'	=> 8388608 // can edit other peoples' comments
+	'caneditotherreply'	=> 8388608, // can edit other peoples' comments
+	'candeletedata'		=> 16777216 // can delete data (bugs, comments)
 );
 
 $bugsys->emailoptions = array(
diff --git a/showreport.php b/showreport.php
index a4f5ce0..ca59cf9 100644
--- a/showreport.php
+++ b/showreport.php
@@ -77,6 +77,7 @@ if (!can_perform('canviewbugs', $bug['productid']))
 }
 
 $show['edit'] = ((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid'] AND $bug['userid'] != 0) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid']));
+$show['delete'] = can_perform('candeletedata', $bug['productid']);
 
 if (!is_array($bug))
 {
diff --git a/templates/showreport.tpl b/templates/showreport.tpl
index 8985747..af839df 100644
--- a/templates/showreport.tpl
+++ b/templates/showreport.tpl
@@ -36,6 +36,7 @@ $header
 				
 				/ [<a href="showhistory.php?bugid=$bug[bugid]">{@"Show Bug History"}</a>]
 				<if condition="$show['subscribe']">/ [<a href="favourite.php?do=handle&amp;bugid=$bug[bugid]">$favouritetext</a>]</if>
+				<if condition="$show['delete']">/ [<a href="editreport.php?do=delete&amp;bugid=$bug[bugid]">{@"Delete"}</a>]</if>
 			</div>
 		</fieldset>
 		<!-- / bug id & hidden -->
diff --git a/templates/showreport_comment.tpl b/templates/showreport_comment.tpl
index 8b5080a..57f2457 100644
--- a/templates/showreport_comment.tpl
+++ b/templates/showreport_comment.tpl
@@ -13,6 +13,7 @@
 	<if condition="$show['editcomment']">
 	<div class="box-foot">
 		<span style="float: right">
+			<if condition="$show['delete']">[<a href="editcomment.php?do=delete&amp;commentid=$comment[commentid]">{@"Delete"}</a>]</if>
 			[<a href="editcomment.php?commentid=$comment[commentid]">{@"Edit Comment"}</a>]
 		</span>
 		<if condition="$comment['hidden']"><strong>{@"Hidden"}</strong><else />{@"Visible"}</if>
diff --git a/templates/std_message.tpl b/templates/std_message.tpl
index 4a5bdf8..7223228 100644
--- a/templates/std_message.tpl
+++ b/templates/std_message.tpl
@@ -3,21 +3,41 @@ $doctype
 <head>
 $headinclude
 	<link rel="stylesheet" href="templates/box.css" media="screen" />
-	<title>{$bugsys->options['trackertitle']} - {@"Notice"}</title>
+	<title>{$bugsys->options['trackertitle']} - <if condition="$show['confirm']">{@"Confirm"}<else />{@"Notice"}</if></title>
 </head>
 
 <body>
 
 $header
 
+<if condition="$show['confirm']">
+<form name="confirm" action="$action" method="post">
+<input type="hidden" name="do" value="$do" />
+$extra
+</if>
+
 <div align="center" style="margin-top: 10px">
 	<div class="box" style="width: $stylevar[alternate_width]">
-		<div class="box-head">{@"Notice"}</div>
+		<div class="box-head"><if condition="$show['confirm']">{@"Confirm"}<else />{@"Notice"}</if></div>
 		
 		<div class="box-mid + box-overpad">
 			{$this->process}
+			
+			<if condition="$show['confirm']">
+				<br />
+				<br />
+				
+				<div id="submitrow">
+					<input type="submit" name="submit" value="$button" /> 
+					<script type="text/javascript"> draw_cancel("$cancel"); </script>
+				</div>
+			</if>
 		</div>
 	</div>
 </div>
 
+<if condition="$show['confirm']">
+</form>
+</if>
+
 $footer
\ No newline at end of file
-- 
2.22.5