From 77b86e4c02e0057a573594afdd84ba15c643a4fc Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Wed, 15 Jan 2003 14:48:12 +0000
Subject: Bug 184309: Adds an optional disabled state to quips, which allows
 quips to be moderated if the admin so chooses. Patch by Tobias Burnus
 <burnus@gmx.de> r=joel, a=justdave

---
 buglist.cgi                              |  2 +-
 checksetup.pl                            |  4 ++
 defparams.pl                             |  9 ++--
 quips.cgi                                | 44 +++++++++++++--
 template/en/default/list/quips.html.tmpl | 91 +++++++++++++++++++++++---------
 5 files changed, 115 insertions(+), 35 deletions(-)

diff --git a/buglist.cgi b/buglist.cgi
index 10e659a1f..3c693fa69 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -191,7 +191,7 @@ sub GetQuip {
 
     my $quip;
 
-    SendSQL("SELECT quip FROM quips ORDER BY RAND() LIMIT 1");
+    SendSQL("SELECT quip FROM quips WHERE approved = 1 ORDER BY RAND() LIMIT 1");
 
     if (MoreSQLData()) {
         ($quip) = FetchSQLData();
diff --git a/checksetup.pl b/checksetup.pl
index e4d610b53..59ebb1955 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -3844,6 +3844,10 @@ if ($sth->rows == 0) {
     }
 }
 
+# 2003-01-11, burnus@net-b.de, bug 184309
+# Support for quips approval
+AddField('quips', 'approved', 'tinyint(1) NOT NULL  DEFAULT 1');
+ 
 # 2002-11-XX Bug 180870 - remove manual shadowdb replication code
 if (TableExists('shadowlog')) {
     print "Removing shadowlog table\n";
diff --git a/defparams.pl b/defparams.pl
index 0d6c2a3c7..922a9dfe2 100644
--- a/defparams.pl
+++ b/defparams.pl
@@ -226,11 +226,12 @@ sub check_netmask {
    name => 'enablequips',
    desc => 'Controls the appearance of quips at the top of buglists.<ul> ' .
            '<li>on - Bugzilla will display a quip, and lets users add to ' .
-           'the list.</li><li>frozen - Bugzilla will display a quip but ' .
-           'not permit new additions.</li><li>off - Bugzilla will not ' .
-           'display quips.</li></ul>',
+           'the list.</li><li>approved - quips can be entered, but need ' .
+           'be approved before shown</li><li>frozen - Bugzilla will display ' .
+           'a quip but not permit new additions.</li><li>off - Bugzilla ' .
+           'will not display quips.</li></ul>',
    type => 's',
-   choices => ['on','frozen','off'],
+   choices => ['on', 'approved', 'frozen', 'off'],
    default => 'on',
    checker => \&check_multi
   },
diff --git a/quips.cgi b/quips.cgi
index d152234ac..51e9fc789 100755
--- a/quips.cgi
+++ b/quips.cgi
@@ -21,6 +21,7 @@
 # Contributor(s): Owen Taylor <otaylor@redhat.com>
 #                 Gervase Markham <gerv@gerv.net>
 #                 David Fallon <davef@tetsubo.com>
+#                 Tobias Burnus <burnus@net-b.de>
 
 use strict;
 
@@ -46,18 +47,20 @@ my $action = $::FORM{'action'} || "";
 
 if ($action eq "show") {
     # Read in the entire quip list
-    SendSQL("SELECT quipid,userid,quip FROM quips");
+    SendSQL("SELECT quipid, userid, quip, approved FROM quips");
 
     my $quips;
     my @quipids;
     while (MoreSQLData()) {
-        my ($quipid, $userid, $quip) = FetchSQLData();
-        $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip};
+        my ($quipid, $userid, $quip, $approved) = FetchSQLData();
+        $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip, 
+                             'approved' => $approved};
         push(@quipids, $quipid);
     }
 
     my $users;
     foreach my $quipid (@quipids) {
+        my $userid = $quips->{$quipid}{'userid'};
         if (not defined $users->{$userid}) {
             SendSQL("SELECT login_name FROM profiles WHERE userid = $userid");
             $users->{$userid} = FetchSQLData();
@@ -70,18 +73,49 @@ if ($action eq "show") {
 }
 
 if ($action eq "add") {
-    (Param('enablequips') eq "on") || ThrowUserError("no_new_quips");
+    (Param('enablequips') eq "on" or Param('enablequips') eq "approved")
+      || ThrowUserError("no_new_quips");
     
     # Add the quip 
+    my $approved = (Param('enablequips') eq "on") ? '1' : '0';
+    $approved = 1 if(UserInGroup('admin'));
     my $comment = $::FORM{"quip"};
     $comment || ThrowUserError("need_quip");
     $comment !~ m/</ || ThrowUserError("no_html_in_quips");
 
-    SendSQL("INSERT INTO quips (userid, quip) VALUES (". $userid . ", " . SqlQuote($comment) . ")");
+    SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
+           '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');
 
     $vars->{'added_quip'} = $comment;
 }
 
+if ($action eq 'approve') {
+    # Read in the entire quip list
+    SendSQL("SELECT quipid, approved FROM quips");
+ 
+    my %quips;
+    while (MoreSQLData()) {
+        my ($quipid, $approved) = FetchSQLData();
+        $quips{$quipid} = $approved;
+    }
+
+    my @approved;
+    my @unapproved;
+    foreach my $quipid (keys %quips) {
+       my $form = ($::FORM{'quipid_'.$quipid}) ? 1 : 0;
+       if($quips{$quipid} ne $form) {
+           if($form) { push(@approved, $quipid); }
+           else { push(@unapproved, $quipid); }
+       }
+    }
+    SendSQL("UPDATE quips SET approved = 1 WHERE quipid IN (" .
+            join(",", @approved) . ")") if($#approved > -1);
+    SendSQL("UPDATE quips SET approved = 0 WHERE quipid IN (" .
+            join(",", @unapproved) . ")") if($#unapproved > -1);
+    $vars->{ 'approved' }   = \@approved;
+    $vars->{ 'unapproved' } = \@unapproved;
+}
+
 if ($action eq "delete") {
     if (!UserInGroup('admin')) {
         ThrowUserError("quips_edit_denied");
diff --git a/template/en/default/list/quips.html.tmpl b/template/en/default/list/quips.html.tmpl
index c178c5838..4a6ef1ad5 100644
--- a/template/en/default/list/quips.html.tmpl
+++ b/template/en/default/list/quips.html.tmpl
@@ -35,6 +35,9 @@
   <p>
     <font color="red">
       Your quip '<tt>[% added_quip FILTER html %]</tt>' has been added.
+      [% IF Param("enablequips") == "approved" AND !UserInGroup('admin') %]
+        It will be used as soon as it gets approved.
+      [% END %]
     </font>
   </p>
 [% END %]
@@ -47,10 +50,17 @@
   </p>
 [% END %]
 
+[% IF approved or unapproved %]
+  <p>[% approved.size %] quips approved and [% unapproved.size %] quips unapproved</p>
+[% END %]
+
 <p>
   Bugzilla will pick a random quip for the headline on each bug list, and 
   you can extend the quip list. Type in something clever or funny or boring 
   (but not obscene or offensive, please) and bonk on the button.
+  [% IF Param("enablequips") == "approved" AND !UserInGroup('admin') %]
+    Note that your quip has to be approved before it is used.
+  [% END %]
 </p>
 
 <form method="post" action="quips.cgi">
@@ -67,35 +77,66 @@
       Existing quips:
     </h2>
     <ul>
-      [% FOREACH quip = quips %]
-        <li>[% quip FILTER html %]</li>
+      [% FOREACH quipid = quipids %]
+        [% NEXT IF NOT quips.$quipid.approved %]
+        <li>[% quips.$quipid.quip FILTER html %]</li>
       [% END %]
     </ul>
   [% ELSE %]
     <h2>Edit existing quips:</h2>
-    <table border="1">
-      <thead><tr>
-        <th>Quip</th>
-        <th>Author</th>
-        <th>Action</th>
-      </tr></thead><tbody>
-      [% FOREACH quipid = quipids %]
-        <tr>
-          <td>[% quips.$quipid.quip FILTER html %]</td>
-          <td>
-            [% userid = quips.$quipid.userid  %]
-            [% users.$userid FILTER html      %]
-            [% "Unknown" IF NOT users.$userid %]
-          </td>
-          <td>
-            <a href="quips.cgi?action=delete&amp;quipid=[% quipid FILTER uri%]">
-              Delete
-            </a>
-          </td>
-        </tr>
-      [% END %]
-      </tbody>
-    </table>
+    <p>
+      <strong>Note:</strong> Only approved quips will be shown.
+      If enablequips is set to <q>on</q>, entered quips are automatically
+      approved.
+    </p>
+    <form name="editform" method="post" action="quips.cgi">
+      <input type="hidden" name="action" value="approve">
+      <table border="1">
+        <thead><tr>
+          <th>Quip</th>
+          <th>Author</th>
+          <th>Action</th>
+          <th>Approved</th>
+        </tr></thead><tbody>
+        [% FOREACH quipid = quipids %]
+          <tr>
+            <td>[% quips.$quipid.quip FILTER html %]</td>
+            <td>
+              [% userid = quips.$quipid.userid  %]
+              [% users.$userid FILTER html      %]
+              [% "Unknown" IF NOT users.$userid %]
+            </td>
+            <td>
+              <a href="quips.cgi?action=delete&amp;quipid=[% quipid FILTER uri%]">
+                Delete
+              </a>
+            </td>
+            <td>
+              <input type="checkbox" name="quipid_[% quipid FILTER uri%]"
+                     id="quipid_[% quipid FILTER uri%]"
+                     [%- ' checked="checked"' IF quips.$quipid.approved %]>
+            </td>
+          </tr>
+        [% END %]
+        </tbody>
+      </table>
+      <script type="text/javascript" language="JavaScript"><!--
+        var numelements = document.forms.editform.elements.length;
+        function SetCheckboxes(value) {
+          var item;
+          for (var i=0 ; i<numelements ; i++) {
+            item = document.forms.editform.elements[i];
+            item.checked = value;
+          }
+        }
+        document.write(' <input type="button" name="uncheck_all" '
+                      +'value="Uncheck All" onclick="SetCheckboxes(false);">');
+        document.write(' <input type="button" name="check_all" '
+                      +'value="Check All" onclick="SetCheckboxes(true);">');
+        //--></script>
+
+      <input type="submit" value="Update">
+    </form>
     <br>
   [% END %]
 [% ELSE %]
-- 
cgit v1.2.1