added comment deletion, close #5

yiiext · Dec 22, 2011 · 303285e · 303285e
1 parent 02caa34
commit 303285e
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 7 deletions.
diff --git a/controllers/CommentController.php b/controllers/CommentController.php
@@ -129,17 +129,26 @@ public function actionUpdate($id)
 	 */
 	public function actionDelete($id)
 	{
+		// we only allow deletion via POST request
 		if(Yii::app()->request->isPostRequest)
 		{
-			// we only allow deletion via POST request
-			$this->loadModel($id)->delete();
-
-			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
-			if(!isset($_GET['ajax']))
-				$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
+			$comment = $this->loadModel($id);
+			if (!Yii::app()->user->isGuest && (Yii::app()->user->id == $comment->userId))
+			{
+				$comment->delete();
+
+				// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
+				if (!Yii::app()->request->isAjaxRequest) {
+					$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
+				}
+			}
+			else {
+				throw new CHttpException(403,'Only comment owner can delete his comment.');
+			}
 		}
-		else
+		else {
 			throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
+		}
 	}
 
 	/**

diff --git a/views/comment/_view.php b/views/comment/_view.php
@@ -25,6 +25,10 @@
 	span.ext-comment-head {
 		color: #aaa;
 	}
+	span.ext-comment-options {
+		float: right;
+		color: #aaa;
+	}
 	");
 ?>
 <div class="ext-comment">
@@ -50,6 +54,17 @@
 	        'title'=>CHtml::encode($data->userName)
 	    )
 	)); ?>
+	<span class="ext-comment-options">
+	<?php if (!Yii::app()->user->isGuest && (Yii::app()->user->id == $data->userId)) {
+	    echo CHtml::ajaxLink('delete', array('/comment/comment/delete', 'id'=>$data->id), array(
+			'success'=>'function(){ $("#delete-comment-'.$data->id.'").parent().parent().remove(); }',
+		    'type'=>'POST',
+	    ), array(
+		    'id'=>'delete-comment-'.$data->id,
+		    'confirm'=>'Are you sure you want to delete this item?',
+	    ));
+	} ?>
+	</span>
 	<p><?php echo nl2br(CHtml::encode($data->message)); ?></p>
 	<br style="clear: both;"/>
 </div>