Fossil SCM
Add notes for an interesting TODO in the hopes that someone else can propose a good solution for it.
Commit
5e2c49b4a7d43550e7a7a5598207845caca610884c0689d85c20992aa9e11e9c
Parent
6e8f6c23d3eb462…
2 files changed
+4
-4
+23
-2
+4
-4
| --- src/forum.c | ||
| +++ src/forum.c | ||
| @@ -199,11 +199,11 @@ | ||
| 199 | 199 | } |
| 200 | 200 | return i ? -rc : rc; |
| 201 | 201 | } |
| 202 | 202 | |
| 203 | 203 | /* True if moderation of forum posts performs the same operation |
| 204 | -** on its attachments. UNTESTED. */ | |
| 204 | +** on its attachments. */ | |
| 205 | 205 | #define FORUMPOST_MOD_ATTACHMENTS 1 |
| 206 | 206 | #if FORUMPOST_MOD_ATTACHMENTS |
| 207 | 207 | /* |
| 208 | 208 | ** Internal helper for moderation_forumpost_...(). |
| 209 | 209 | */ |
| @@ -226,11 +226,11 @@ | ||
| 226 | 226 | */ |
| 227 | 227 | static void moderation_forumpost_approve(int fpid){ |
| 228 | 228 | #if !FORUMPOST_MOD_ATTACHMENTS |
| 229 | 229 | moderation_approve('f', fpid); |
| 230 | 230 | #else |
| 231 | - /* UNTESTED! Also approve any pending attachments */ | |
| 231 | + /* Also approve any pending attachments */ | |
| 232 | 232 | Stmt q; |
| 233 | 233 | moderation_approve('f', fpid); |
| 234 | 234 | forumpost_prepare_attachids(&q, fpid); |
| 235 | 235 | while( SQLITE_ROW==db_step(&q) ){ |
| 236 | 236 | moderation_approve('a', db_column_int(&q, 0)); |
| @@ -241,11 +241,11 @@ | ||
| 241 | 241 | |
| 242 | 242 | static void moderation_forumpost_disapprove(int fpid){ |
| 243 | 243 | #if !FORUMPOST_MOD_ATTACHMENTS |
| 244 | 244 | moderation_disapprove(fpid); |
| 245 | 245 | #else |
| 246 | - /* UNTESTED! Also disapprove any pending attachments */ | |
| 246 | + /* Also disapprove any pending attachments */ | |
| 247 | 247 | Stmt q; |
| 248 | 248 | moderation_disapprove(fpid); |
| 249 | 249 | forumpost_prepare_attachids(&q, fpid); |
| 250 | 250 | while( SQLITE_ROW==db_step(&q) ){ |
| 251 | 251 | moderation_disapprove(db_column_int(&q, 0)); |
| @@ -2101,11 +2101,11 @@ | ||
| 2101 | 2101 | login_needed(g.anon.RdForum); |
| 2102 | 2102 | return; |
| 2103 | 2103 | } |
| 2104 | 2104 | cgi_check_for_malice(); |
| 2105 | 2105 | style_set_current_feature("forum"); |
| 2106 | - style_header("%s%s", db_get("forum-title","Forum"), | |
| 2106 | + style_header("%s%s", db_get("forum-title","Forum"), | |
| 2107 | 2107 | isSearch ? " Search Results" : ""); |
| 2108 | 2108 | style_submenu_element("Timeline", "%R/timeline?ss=v&y=f&vfx"); |
| 2109 | 2109 | if( g.perm.WrForum ){ |
| 2110 | 2110 | style_submenu_element("New Thread","%R/forumnew"); |
| 2111 | 2111 | }else{ |
| 2112 | 2112 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -199,11 +199,11 @@ | |
| 199 | } |
| 200 | return i ? -rc : rc; |
| 201 | } |
| 202 | |
| 203 | /* True if moderation of forum posts performs the same operation |
| 204 | ** on its attachments. UNTESTED. */ |
| 205 | #define FORUMPOST_MOD_ATTACHMENTS 1 |
| 206 | #if FORUMPOST_MOD_ATTACHMENTS |
| 207 | /* |
| 208 | ** Internal helper for moderation_forumpost_...(). |
| 209 | */ |
| @@ -226,11 +226,11 @@ | |
| 226 | */ |
| 227 | static void moderation_forumpost_approve(int fpid){ |
| 228 | #if !FORUMPOST_MOD_ATTACHMENTS |
| 229 | moderation_approve('f', fpid); |
| 230 | #else |
| 231 | /* UNTESTED! Also approve any pending attachments */ |
| 232 | Stmt q; |
| 233 | moderation_approve('f', fpid); |
| 234 | forumpost_prepare_attachids(&q, fpid); |
| 235 | while( SQLITE_ROW==db_step(&q) ){ |
| 236 | moderation_approve('a', db_column_int(&q, 0)); |
| @@ -241,11 +241,11 @@ | |
| 241 | |
| 242 | static void moderation_forumpost_disapprove(int fpid){ |
| 243 | #if !FORUMPOST_MOD_ATTACHMENTS |
| 244 | moderation_disapprove(fpid); |
| 245 | #else |
| 246 | /* UNTESTED! Also disapprove any pending attachments */ |
| 247 | Stmt q; |
| 248 | moderation_disapprove(fpid); |
| 249 | forumpost_prepare_attachids(&q, fpid); |
| 250 | while( SQLITE_ROW==db_step(&q) ){ |
| 251 | moderation_disapprove(db_column_int(&q, 0)); |
| @@ -2101,11 +2101,11 @@ | |
| 2101 | login_needed(g.anon.RdForum); |
| 2102 | return; |
| 2103 | } |
| 2104 | cgi_check_for_malice(); |
| 2105 | style_set_current_feature("forum"); |
| 2106 | style_header("%s%s", db_get("forum-title","Forum"), |
| 2107 | isSearch ? " Search Results" : ""); |
| 2108 | style_submenu_element("Timeline", "%R/timeline?ss=v&y=f&vfx"); |
| 2109 | if( g.perm.WrForum ){ |
| 2110 | style_submenu_element("New Thread","%R/forumnew"); |
| 2111 | }else{ |
| 2112 |
| --- src/forum.c | |
| +++ src/forum.c | |
| @@ -199,11 +199,11 @@ | |
| 199 | } |
| 200 | return i ? -rc : rc; |
| 201 | } |
| 202 | |
| 203 | /* True if moderation of forum posts performs the same operation |
| 204 | ** on its attachments. */ |
| 205 | #define FORUMPOST_MOD_ATTACHMENTS 1 |
| 206 | #if FORUMPOST_MOD_ATTACHMENTS |
| 207 | /* |
| 208 | ** Internal helper for moderation_forumpost_...(). |
| 209 | */ |
| @@ -226,11 +226,11 @@ | |
| 226 | */ |
| 227 | static void moderation_forumpost_approve(int fpid){ |
| 228 | #if !FORUMPOST_MOD_ATTACHMENTS |
| 229 | moderation_approve('f', fpid); |
| 230 | #else |
| 231 | /* Also approve any pending attachments */ |
| 232 | Stmt q; |
| 233 | moderation_approve('f', fpid); |
| 234 | forumpost_prepare_attachids(&q, fpid); |
| 235 | while( SQLITE_ROW==db_step(&q) ){ |
| 236 | moderation_approve('a', db_column_int(&q, 0)); |
| @@ -241,11 +241,11 @@ | |
| 241 | |
| 242 | static void moderation_forumpost_disapprove(int fpid){ |
| 243 | #if !FORUMPOST_MOD_ATTACHMENTS |
| 244 | moderation_disapprove(fpid); |
| 245 | #else |
| 246 | /* Also disapprove any pending attachments */ |
| 247 | Stmt q; |
| 248 | moderation_disapprove(fpid); |
| 249 | forumpost_prepare_attachids(&q, fpid); |
| 250 | while( SQLITE_ROW==db_step(&q) ){ |
| 251 | moderation_disapprove(db_column_int(&q, 0)); |
| @@ -2101,11 +2101,11 @@ | |
| 2101 | login_needed(g.anon.RdForum); |
| 2102 | return; |
| 2103 | } |
| 2104 | cgi_check_for_malice(); |
| 2105 | style_set_current_feature("forum"); |
| 2106 | style_header("%s%s", db_get("forum-title","Forum"), |
| 2107 | isSearch ? " Search Results" : ""); |
| 2108 | style_submenu_element("Timeline", "%R/timeline?ss=v&y=f&vfx"); |
| 2109 | if( g.perm.WrForum ){ |
| 2110 | style_submenu_element("New Thread","%R/forumnew"); |
| 2111 | }else{ |
| 2112 |
+23
-2
| --- src/moderate.c | ||
| +++ src/moderate.c | ||
| @@ -65,11 +65,25 @@ | ||
| 65 | 65 | ** false without generating any output. |
| 66 | 66 | */ |
| 67 | 67 | int moderation_pending_www(int rid){ |
| 68 | 68 | int pending = moderation_pending(rid); |
| 69 | 69 | if( pending ){ |
| 70 | - @ <span class="modpending">(Awaiting Moderator Approval)</span> | |
| 70 | +#if 0 | |
| 71 | + if( moderation_user_could(rid, 1, 0) ){ | |
| 72 | + /* It would be nice to emit a link to the appropriate page to | |
| 73 | + ** approve/reject the moderation, but for that we need | |
| 74 | + ** artifact-type-dependent info and links. That's complicated by | |
| 75 | + ** the fact that deriving whether rid refers to an attachment or | |
| 76 | + ** an attachment target is apparently tricky because of how | |
| 77 | + ** attachments are recorded in the event table. */ | |
| 78 | + @ <span class="modpending">(<a href="%R/WHAT_GOES_HERE?">\ | |
| 79 | + @Awaiting Moderator Approval</a>)</span> | |
| 80 | + }else | |
| 81 | +#endif | |
| 82 | + { | |
| 83 | + @ <span class="modpending">(Awaiting Moderator Approval)</span> | |
| 84 | + } | |
| 71 | 85 | } |
| 72 | 86 | return pending; |
| 73 | 87 | } |
| 74 | 88 | |
| 75 | 89 | |
| @@ -244,10 +258,16 @@ | ||
| 244 | 258 | ** zWho is an optional user name to consider for ownership of an |
| 245 | 259 | ** artifact, as compared to the artifact's matching event.(euser,user) |
| 246 | 260 | ** fields. If 0 then it defaults to login_name(). This is strictly a |
| 247 | 261 | ** name comparison - it does not inspect zWho's repo-level |
| 248 | 262 | ** permissions. |
| 263 | +** | |
| 264 | +** Design issue: since this gets its info from the event table, it | |
| 265 | +** cannot unambiguously distinguish between an attachment-capable | |
| 266 | +** artifact type and attachments to one. Attachment events are encoded | |
| 267 | +** with type=X, where X is the same as the artifact type to which the | |
| 268 | +** attachment was applied. | |
| 249 | 269 | ** |
| 250 | 270 | ** The moderation rules applied here are: |
| 251 | 271 | ** |
| 252 | 272 | ** - Admins may always moderate. This is a fast path which bypasses |
| 253 | 273 | ** artifact lookup. For non-admins, we look for a record in the |
| @@ -258,11 +278,12 @@ | ||
| 258 | 278 | ** not a moderator, may moderate it. i.e. a non-moderator owner can |
| 259 | 279 | ** reject their pending-moderation objects but they may not approve |
| 260 | 280 | ** them. |
| 261 | 281 | ** |
| 262 | 282 | ** - Returns 0 for all other artifact types except that it will always |
| 263 | -** return true for admins because that's | |
| 283 | +** return true for admins because that's that check skips looking at | |
| 284 | +** the db. | |
| 264 | 285 | ** |
| 265 | 286 | */ |
| 266 | 287 | int moderation_user_could(int rid, int bMayDeny, const char *zWho){ |
| 267 | 288 | static Stmt q; |
| 268 | 289 | int rc = 0; |
| 269 | 290 |
| --- src/moderate.c | |
| +++ src/moderate.c | |
| @@ -65,11 +65,25 @@ | |
| 65 | ** false without generating any output. |
| 66 | */ |
| 67 | int moderation_pending_www(int rid){ |
| 68 | int pending = moderation_pending(rid); |
| 69 | if( pending ){ |
| 70 | @ <span class="modpending">(Awaiting Moderator Approval)</span> |
| 71 | } |
| 72 | return pending; |
| 73 | } |
| 74 | |
| 75 | |
| @@ -244,10 +258,16 @@ | |
| 244 | ** zWho is an optional user name to consider for ownership of an |
| 245 | ** artifact, as compared to the artifact's matching event.(euser,user) |
| 246 | ** fields. If 0 then it defaults to login_name(). This is strictly a |
| 247 | ** name comparison - it does not inspect zWho's repo-level |
| 248 | ** permissions. |
| 249 | ** |
| 250 | ** The moderation rules applied here are: |
| 251 | ** |
| 252 | ** - Admins may always moderate. This is a fast path which bypasses |
| 253 | ** artifact lookup. For non-admins, we look for a record in the |
| @@ -258,11 +278,12 @@ | |
| 258 | ** not a moderator, may moderate it. i.e. a non-moderator owner can |
| 259 | ** reject their pending-moderation objects but they may not approve |
| 260 | ** them. |
| 261 | ** |
| 262 | ** - Returns 0 for all other artifact types except that it will always |
| 263 | ** return true for admins because that's |
| 264 | ** |
| 265 | */ |
| 266 | int moderation_user_could(int rid, int bMayDeny, const char *zWho){ |
| 267 | static Stmt q; |
| 268 | int rc = 0; |
| 269 |
| --- src/moderate.c | |
| +++ src/moderate.c | |
| @@ -65,11 +65,25 @@ | |
| 65 | ** false without generating any output. |
| 66 | */ |
| 67 | int moderation_pending_www(int rid){ |
| 68 | int pending = moderation_pending(rid); |
| 69 | if( pending ){ |
| 70 | #if 0 |
| 71 | if( moderation_user_could(rid, 1, 0) ){ |
| 72 | /* It would be nice to emit a link to the appropriate page to |
| 73 | ** approve/reject the moderation, but for that we need |
| 74 | ** artifact-type-dependent info and links. That's complicated by |
| 75 | ** the fact that deriving whether rid refers to an attachment or |
| 76 | ** an attachment target is apparently tricky because of how |
| 77 | ** attachments are recorded in the event table. */ |
| 78 | @ <span class="modpending">(<a href="%R/WHAT_GOES_HERE?">\ |
| 79 | @Awaiting Moderator Approval</a>)</span> |
| 80 | }else |
| 81 | #endif |
| 82 | { |
| 83 | @ <span class="modpending">(Awaiting Moderator Approval)</span> |
| 84 | } |
| 85 | } |
| 86 | return pending; |
| 87 | } |
| 88 | |
| 89 | |
| @@ -244,10 +258,16 @@ | |
| 258 | ** zWho is an optional user name to consider for ownership of an |
| 259 | ** artifact, as compared to the artifact's matching event.(euser,user) |
| 260 | ** fields. If 0 then it defaults to login_name(). This is strictly a |
| 261 | ** name comparison - it does not inspect zWho's repo-level |
| 262 | ** permissions. |
| 263 | ** |
| 264 | ** Design issue: since this gets its info from the event table, it |
| 265 | ** cannot unambiguously distinguish between an attachment-capable |
| 266 | ** artifact type and attachments to one. Attachment events are encoded |
| 267 | ** with type=X, where X is the same as the artifact type to which the |
| 268 | ** attachment was applied. |
| 269 | ** |
| 270 | ** The moderation rules applied here are: |
| 271 | ** |
| 272 | ** - Admins may always moderate. This is a fast path which bypasses |
| 273 | ** artifact lookup. For non-admins, we look for a record in the |
| @@ -258,11 +278,12 @@ | |
| 278 | ** not a moderator, may moderate it. i.e. a non-moderator owner can |
| 279 | ** reject their pending-moderation objects but they may not approve |
| 280 | ** them. |
| 281 | ** |
| 282 | ** - Returns 0 for all other artifact types except that it will always |
| 283 | ** return true for admins because that's that check skips looking at |
| 284 | ** the db. |
| 285 | ** |
| 286 | */ |
| 287 | int moderation_user_could(int rid, int bMayDeny, const char *zWho){ |
| 288 | static Stmt q; |
| 289 | int rc = 0; |
| 290 |