ENHANCEMENT: dont allow comments to be displayed on fake pages such as security. BUGFIX: updated commentadmin tests to just work

This commit is contained in:
Will Rossiter 2010-12-11 18:33:21 +13:00
parent d9580ed600
commit 5dec31c84f
5 changed files with 200 additions and 162 deletions

View File

@ -27,7 +27,7 @@ class CommentAdmin extends LeftAndMain {
/** /**
* @var int The number of comments per page for the {@link CommentTable} in this admin. * @var int The number of comments per page for the {@link CommentTable} in this admin.
*/ */
static $comments_per_page = '20'; static $comments_per_page = 20;
public function init() { public function init() {
parent::init(); parent::init();
@ -78,18 +78,18 @@ class CommentAdmin extends LeftAndMain {
"Name" => _t('CommentAdmin.AUTHOR', 'Author'), "Name" => _t('CommentAdmin.AUTHOR', 'Author'),
"Comment" => _t('CommentAdmin.COMMENT', 'Comment'), "Comment" => _t('CommentAdmin.COMMENT', 'Comment'),
"Parent.Title" => _t('CommentAdmin.PAGE', 'Page'), "Parent.Title" => _t('CommentAdmin.PAGE', 'Page'),
"CommenterURL" => _t('CommentAdmin.COMMENTERURL', 'URL'), "URL" => _t('CommentAdmin.COMMENTERURL', 'URL'),
"Created" => _t('CommentAdmin.DATEPOSTED', 'Date Posted') "Created" => _t('CommentAdmin.DATEPOSTED', 'Date Posted')
); );
$popupFields = new FieldSet( $popupFields = new FieldSet(
new TextField('Name', _t('CommentAdmin.NAME', 'Name')), new TextField('Name', _t('CommentAdmin.NAME', 'Name')),
new TextField('CommenterURL', _t('CommentAdmin.COMMENTERURL', 'URL')), new TextField('URL', _t('CommentAdmin.URL', 'URL')),
new TextareaField('Comment', _t('CommentAdmin.COMMENT', 'Comment')) new TextareaField('Comment', _t('CommentAdmin.COMMENT', 'Comment'))
); );
$idField = new HiddenField('ID', '', $section); $idField = new HiddenField('ID', '', $section);
$table = new CommentTableField($this, "Comments", "PageComment", $section, $tableFields, $popupFields, array($filter), 'Created DESC'); $table = new CommentTableField($this, "Comments", "Comment", $section, $tableFields, $popupFields, array($filter), 'Created DESC');
$table->setParentClass(false); $table->setParentClass(false);
$table->setFieldCasting(array( $table->setFieldCasting(array(
@ -133,38 +133,40 @@ class CommentAdmin extends LeftAndMain {
} }
function deletemarked() { function deletemarked() {
$numComments = 0; $numComments = 0;
$folderID = 0; $folderID = 0;
$deleteList = ''; $deleteList = '';
if($_REQUEST['Comments']) { if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) { foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_by_id('PageComment', $commentid); $comment = DataObject::get_by_id('Comment', $commentid);
if($comment) { if($comment && $comment->canDelete()) {
$comment->delete(); $comment->delete();
$numComments++; $numComments++;
}
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
}
echo <<<JS echo <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("Deleted $numComments comments."); statusMessage("Deleted $numComments comments.");
JS; JS;
} }
function deleteall() { function deleteall() {
$numComments = 0; $numComments = 0;
$spam = DataObject::get('PageComment', '"PageComment"."IsSpam" = 1'); $spam = DataObject::get('Comment', "\"Comment\".\"IsSpam\" = '1'");
if($spam) { if($spam) {
$numComments = $spam->Count(); $numComments = $spam->Count();
foreach($spam as $comment) { foreach($spam as $comment) {
$comment->delete(); if($comment->canDelete()) {
$comment->delete();
}
} }
} }
@ -177,134 +179,118 @@ JS;
} }
function spammarked() { function spammarked() {
$numComments = 0; $numComments = 0;
$folderID = 0; $folderID = 0;
$deleteList = ''; $deleteList = '';
if($_REQUEST['Comments']) { if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) { foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_by_id('PageComment', $commentid); $comment = DataObject::get_by_id('Comment', $commentid);
if($comment) { if($comment) {
$comment->IsSpam = true; $comment->IsSpam = true;
$comment->NeedsModeration = false; $comment->Moderated = true;
$comment->write(); $comment->write();
if(SSAkismet::isEnabled()) { $numComments++;
try {
$akismet = new SSAkismet();
$akismet->setCommentAuthor($comment->getField('Name'));
$akismet->setCommentContent($comment->getField('Comment'));
$akismet->submitSpam();
} catch (Exception $e) {
// Akismet didn't work, most likely the service is down.
}
}
$numComments++;
}
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
}
$msg = sprintf(_t('CommentAdmin.MARKEDSPAM', 'Marked %s comments as spam.'), $numComments); $msg = sprintf(_t('CommentAdmin.MARKEDSPAM', 'Marked %s comments as spam.'), $numComments);
echo <<<JS echo <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("$msg"); statusMessage("$msg");
JS; JS;
} }
function hammarked() { function hammarked() {
$numComments = 0; $numComments = 0;
$folderID = 0; $folderID = 0;
$deleteList = ''; $deleteList = '';
if($_REQUEST['Comments']) { if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) { foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_by_id('PageComment', $commentid); $comment = DataObject::get_by_id('Comment', $commentid);
if($comment) {
$comment->IsSpam = false;
$comment->NeedsModeration = false;
$comment->write();
if(SSAkismet::isEnabled()) { if($comment) {
try { $comment->IsSpam = false;
$akismet = new SSAkismet(); $comment->Moderated = true;
$akismet->setCommentAuthor($comment->getField('Name')); $comment->write();
$akismet->setCommentContent($comment->getField('Comment'));
$akismet->submitSpam(); $numComments++;
} catch (Exception $e) {
// Akismet didn't work, most likely the service is down.
}
}
$numComments++;
}
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
}
$msg = sprintf(_t('CommentAdmin.MARKEDNOTSPAM', 'Marked %s comments as not spam.'), $numComments); $msg = sprintf(_t('CommentAdmin.MARKEDNOTSPAM', 'Marked %s comments as not spam.'), $numComments);
echo <<<JS echo <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("$msg"); statusMessage("$msg");
JS; JS;
} }
function acceptmarked() { function acceptmarked() {
$numComments = 0; $numComments = 0;
$folderID = 0; $folderID = 0;
$deleteList = ''; $deleteList = '';
if($_REQUEST['Comments']) { if($_REQUEST['Comments']) {
foreach($_REQUEST['Comments'] as $commentid) { foreach($_REQUEST['Comments'] as $commentid) {
$comment = DataObject::get_by_id('PageComment', $commentid); $comment = DataObject::get_by_id('Comment', $commentid);
if($comment) { if($comment) {
$comment->IsSpam = false; $comment->IsSpam = false;
$comment->NeedsModeration = false; $comment->Moderated = true;
$comment->write(); $comment->write();
$numComments++; $numComments++;
}
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
} }
} else {
user_error("No comments in $commentList could be found!", E_USER_ERROR);
}
$msg = sprintf(_t('CommentAdmin.APPROVED', 'Accepted %s comments.'), $numComments); $msg = sprintf(_t('CommentAdmin.APPROVED', 'Accepted %s comments.'), $numComments);
echo <<<JS echo <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("Accepted $numComments comments."); statusMessage("Accepted $numComments comments.");
JS; JS;
} }
/** /**
* Return the number of moderated comments * Return the number of moderated comments
*
* @return int
*/ */
function NumModerated() { function NumModerated() {
return DB::query("SELECT COUNT(*) FROM \"PageComment\" WHERE \"IsSpam\"=0 AND \"NeedsModeration\"=0")->value(); return DB::query("SELECT COUNT(*) FROM \"Comment\" WHERE \"Moderated\" = 1")->value();
} }
/** /**
* Return the number of unmoderated comments * Return the number of unmoderated comments
*
* @return int
*/ */
function NumUnmoderated() { function NumUnmoderated() {
return DB::query("SELECT COUNT(*) FROM \"PageComment\" WHERE \"IsSpam\"=0 AND \"NeedsModeration\"=1")->value(); return DB::query("SELECT COUNT(*) FROM \"Comment\" WHERE \"Moderated\" = 0")->value();
} }
/** /**
* Return the number of comments marked as spam * Return the number of comments marked as spam
*
* @return int
*/ */
function NumSpam() { function NumSpam() {
return DB::query("SELECT COUNT(*) FROM \"PageComment\" WHERE \"IsSpam\"=1")->value(); return DB::query("SELECT COUNT(*) FROM \"Comment\" WHERE \"IsSpam\" = 1")->value();
} }
/** /**
* @param $num int * @param int
*/ */
function set_comments_per_page($num){ function set_comments_per_page($num){
self::$comments_per_page = $num; self::$comments_per_page = $num;
@ -317,5 +303,3 @@ JS;
return self::$comments_per_page; return self::$comments_per_page;
} }
} }
?>

View File

@ -13,7 +13,8 @@ class Comment extends DataObject {
"Email" => "Varchar(200)", "Email" => "Varchar(200)",
"URL" => "Varchar(255)", "URL" => "Varchar(255)",
"BaseClass" => "Varchar(200)", "BaseClass" => "Varchar(200)",
"Moderated" => "Boolean" "Moderated" => "Boolean",
"IsSpam" => "Boolean"
); );
static $has_one = array( static $has_one = array(

View File

@ -76,6 +76,9 @@ class CommentsExtension extends DataObjectDecorator {
// trigger comments on / off via ProvideComments // trigger comments on / off via ProvideComments
$enabled = (!$this->attachedToSiteTree() || $this->owner->ProvideComments) ? true : false; $enabled = (!$this->attachedToSiteTree() || $this->owner->ProvideComments) ? true : false;
// do not include the comments on pages which don't have id's such as security pages
if($this->owner->ID < 0) return false;
$controller = new CommentingController(); $controller = new CommentingController();
// tad bit messy but needed to ensure all datas available // tad bit messy but needed to ensure all datas available
@ -85,6 +88,7 @@ class CommentsExtension extends DataObjectDecorator {
$form = ($enabled) ? $controller->CommentsForm() : false; $form = ($enabled) ? $controller->CommentsForm() : false;
Debug::show(Controller::curr()->ID);
// a little bit all over the show but to ensure a slightly easier upgrade for users // a little bit all over the show but to ensure a slightly easier upgrade for users
// return back the same variables as previously done in comments // return back the same variables as previously done in comments
return $interface->process(new ArrayData(array( return $interface->process(new ArrayData(array(

View File

@ -0,0 +1,39 @@
<?php
/**
* @package comments
*/
class CommentAdminTest extends FunctionalTest {
static $fixture_file = 'comments/tests/CommentsTest.yml';
function testNumModerated() {
$comm = new CommentAdmin();
$resp = $comm->NumModerated();
$this->assertEquals(4, $resp);
}
function testNumUnmoderated(){
$comm = new CommentAdmin();
$resp = $comm->NumUnmoderated();
$this->assertEquals(3, $resp);
}
function testNumSpam(){
$comm = new CommentAdmin();
$resp = $comm->NumSpam();
$this->assertEquals(2, $resp);
}
function testdeletemarked(){
$comm = $this->objFromFixture('Comment', 'firstComA');
$id = $comm->ID;
$this->logInWithPermission('CMS_ACCESS_CommentAdmin');
$result = $this->get("admin/comments/EditForm/field/Comments/item/$id/delete");
$checkComm = DataObject::get_by_id('Comment',$id);
$this->assertFalse($checkComm);
}
}

View File

@ -1,62 +1,72 @@
Member: Member:
commentadmin: commentadmin:
FirstName: admin FirstName: admin
visitor: visitor:
FirstName: visitor FirstName: visitor
Group: Group:
commentadmins: commentadmins:
Title: Admin Title: Admin
Members: =>Member.commentadmin Members: =>Member.commentadmin
Permission: Permission:
admin: admin:
Code: CMS_ACCESS_CommentAdmin Code: CMS_ACCESS_CommentAdmin
Group: =>Group.commentadmins Group: =>Group.commentadmins
Page: Page:
first: first:
Title: First page Title: First page
URLSegment: first-page URLSegment: first-page
ProvideComments: 1 ProvideComments: 1
second: second:
Title: Second page Title: Second page
URLSegment: second-page URLSegment: second-page
ProvideComments: 1 ProvideComments: 1
third: third:
Title: Third page Title: Third page
URLSegment:third-page URLSegment:third-page
ProvideComments: 1 ProvideComments: 1
pageNoComments: pageNoComments:
Title: No comments Title: No comments
URLSegment: no-comments URLSegment: no-comments
ProvideComments: 0 ProvideComments: 0
Comment: Comment:
firstComA: firstComA:
ParentID: =>Page.first ParentID: =>Page.first
Name: FA Name: FA
Comment: textFA Comment: textFA
secondComA: Moderated: 1
ParentID: =>Page.second secondComA:
Name: SA ParentID: =>Page.second
Comment: textSA Name: SA
secondComB: Comment: textSA
ParentID: =>Page.second Moderated: 1
Name: SB secondComB:
Comment: textSB ParentID: =>Page.second
thirdComA: Name: SB
ParentID: =>Page.third Comment: textSB
Name: TA Moderated: 1
Comment: textTA thirdComA:
thirdComB: ParentID: =>Page.third
ParentID: =>Page.third Name: TA
Name: TB Comment: textTA
Comment: textTB Moderated: 1
thirdComC: IsSpam: 1
ParentID: =>Page.third thirdComB:
Name: TC ParentID: =>Page.third
Comment: textTC Name: TB
disabledCom: Comment: textTB
ParentID: =>Page.pageNoComments Moderated: 0
Name: Disabled thirdComC:
ParentID: =>Page.third
Name: TC
Comment: textTC
Moderated: 0
disabledCom:
ParentID: =>Page.pageNoComments
Name: Disabled
Moderated: 0
IsSpam: 1