From bf15bdf4639c61d9855cc76b4e58463eabbd6760 Mon Sep 17 00:00:00 2001
From: Jonas Kohl
Date: Sun, 22 Dec 2024 12:45:07 +0100
Subject: Add missing 'editpost' action

---
 src/application/actions/editpost/post.php    | 58 ++++++++++++++++++++++++++++
 src/application/appdef.php                   |  2 +-
 src/application/templates/old/edit_post.twig | 25 ++++++++++++
 3 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 src/application/actions/editpost/post.php
 create mode 100644 src/application/templates/old/edit_post.twig

(limited to 'src')

diff --git a/src/application/actions/editpost/post.php b/src/application/actions/editpost/post.php
new file mode 100644
index 0000000..1ea83a7
--- /dev/null
+++ b/src/application/actions/editpost/post.php
@@ -0,0 +1,58 @@
+<?php
+
+use mystic\forum\orm\Post;
+use mystic\forum\orm\Topic;
+use mystic\forum\orm\User;
+use mystic\forum\orm\UserPermissions;
+use mystic\forum\utils\RequestUtils;
+
+if (!$currentUser) {
+    http_response_code(403);
+    msg_error(__("You need to be logged in to edit posts!"));
+    exit;
+}
+
+$formId = "editpost";
+$postId = RequestUtils::getRequiredField("post", $formId);
+
+$item = new Post();
+$item->id = $postId;
+
+if (!$db->fetch($item) || $item->deleted) {
+    http_response_code(404);
+    msg_error(__("No post exists with this id"));
+    exit;
+}
+
+$topicAuthor = new User();
+$topicAuthor->id = $item->authorId;
+
+if (!$db->fetch($topicAuthor))
+    $topicAuthor = null;
+
+$canEdit = ($currentUser->id === $topicAuthor?->id && $topicAuthor?->hasPermission(UserPermissions::EDIT_OWN_POST))
+          || ($currentUser->hasPermission(UserPermissions::EDIT_OTHER_POST));
+
+$topic = new Topic();
+$topic->id = $item->topicId;
+
+if (!$db->fetch($topic))
+    $topic = null;
+
+if ($topic->isLocked) {
+    http_response_code(403);
+    msg_error(__("This topic has been locked"));
+    exit;
+}
+
+if (!$canEdit) {
+    http_response_code(403);
+    msg_error(__("You don't have permission to edit this post"));
+    exit;
+}
+
+render("edit_post.twig", [
+    "post" => $item,
+    "topicAuthor" => $topicAuthor,
+    "topic" => $topic,
+]);
diff --git a/src/application/appdef.php b/src/application/appdef.php
index 33a0807..b08bf14 100644
--- a/src/application/appdef.php
+++ b/src/application/appdef.php
@@ -1,3 +1,3 @@
 <?php
 
-const MYSTICBB_VERSION = "0.6.2";
+const MYSTICBB_VERSION = "0.6.3";
diff --git a/src/application/templates/old/edit_post.twig b/src/application/templates/old/edit_post.twig
new file mode 100644
index 0000000..ba76850
--- /dev/null
+++ b/src/application/templates/old/edit_post.twig
@@ -0,0 +1,25 @@
+{% set title = __("Edit post") %}
+{% set formId = "editpost" %}
+{% set formError = getAndClearFormError(formId) %}
+
+{% extends "base.twig" %}
+
+{% block content %}
+<hr color="silver" noshade>
+
+<h1>{{ __("Edit post") }}</h1>
+
+{% if formError %}
+    {% include "components/alert_error.twig" with { message: formError } %}
+{% endif %}
+<form action="?_action=updatepost" method="post" enctype="multipart/form-data">
+    <input type="hidden" name="form_id" value="{{ formId }}">
+    <input type="hidden" name="post" value="{{ ctx.post.id }}">
+    <label for="i_message">{{ __("Message:") }}</label><br>
+    {% include "components/post_editor.twig" with { name: "message", id: "i_message", value: lastFormField(formId, "message")|default(ctx.post.content) } %}
+    <br>
+    <button type="submit"><b>{{ __("Edit post") }}</b></button>
+    <a href="?_action=viewtopic&amp;topic={{ ctx.topic.id|url_encode }}#post-{{ ctx.post.id }}">{{ __("Cancel") }}</a>
+</form>
+
+{% endblock %}
-- 
cgit v1.2.3