When using the comment approval queue the workflow for approving comments is awful. You have to click administer->comments->approval queue to get a list of comments awaiting approval. Then you have to click edit on one of the comments, click the collabsible field-set for the publishing controls, click to published and save the comment. Then repeat the process for the next comment.
I'd say that this workflow is a significant deterrent to anyone using this functionality.
To make it better, there would be checkboxes next to each comment in the table on the approval queue page, and a set of operators analogous to the content overview page. Better yet would be if each comment in the table was an AJAX link to the comment's body and info which would expand right there in the table itself, since it is usually impossible just from the comment title to know whether to publish or not. If one could click the various comments open, right there in the table, then mass publish or delete, we'd have a real approval queue. Perhaps the spam module could tie into the actions that can be taken on comments so a mass "mark as spam" could be done too.
Comment | File | Size | Author |
---|---|---|---|
#16 | drupal-head-comment-28595_0.diff | 2.64 KB | Cvbge |
#14 | comment.module_37.patch | 9.56 KB | Jeremy |
#12 | comment.module_36.patch | 9.14 KB | Jeremy |
#11 | comment.module_34.patch | 9.61 KB | Jeremy |
#10 | comment.module_33.patch | 9.67 KB | Jeremy |
Comments
Comment #1
mrowe CreditAttribution: mrowe commentedHere's a patch (against HEAD) that gives you the cheap-and-dirty approach (checkboxes that allow bulk approval/unapproval of comments).
I'll leave the gold-plated AJAX solution to someone with more time. :)
Comment #2
Dries CreditAttribution: Dries commented- Don't use tabs.
- SQL queries might be vularnable to SQL injection attacks. Use db_query()'s %s and %d directives.
Comment #3
mrowe CreditAttribution: mrowe commentedOk, I think I got rid of all the tabs this time...
I've had to use db_escape_string, rather than the sprintf params to db_query, but it should have the same effect.
Comment #4
moshe weitzman CreditAttribution: moshe weitzman commentedminor nits:
we use an extra line in our else clauses. this should be two lines:
} else {
also, you can almost always avoid using db_escape_string() directly. you will need to do a str_repeat('%d, ', count($unpublish)) in the SQL(for unpublish query) and then pass a an array as the last argument to db_query. This is the seldom used 'pass all values in an array' feature of db_query: http://drupaldocs.org/api/head/function/db_query
Comment #5
mrowe CreditAttribution: mrowe commentedOh, so you're saying I should have read the style guide... ;)
I've fixed the brace position, and I've redone the db_query as you suggested.
Thanks!
Comment #6
Dries CreditAttribution: Dries commentedCode needs more small style fixes. Haven't tried the patch, nor did I try to look at the big picture. However, I agree that the comment approval workflow sucks. How do other systems deal with this? What does their UI and interaction design look like?
Comment #7
Uwe Hermann CreditAttribution: Uwe Hermann commentedRerolled patch and fixed a few issues: Using ' instead of " now where possible, made "Save changes" translatable, use %d more often, indent code using 2 spaces (not 4). The functionality works as expected and is quite an improvement over the current stuff.
+1 from me.
Comment #8
moshe weitzman CreditAttribution: moshe weitzman commentedi read this through and looks good from a style and functionality perspective. I didn't get a chance to test though.
Comment #9
Jeremy CreditAttribution: Jeremy commentedIn the recent Drupal administration user experience survey, 86% of respondants said their most common Drupal task was administering comments and other content. This patch aims to improve this common user experience by adding support for bulk operations on comments (publish/unpublish/delete). The code is very much modeled after the bulk operations that are provided by the node module, making the two interfaces much more similar.
I am aiming to get this patch merged before the Drupal 4.7 release.
Comment #10
Jeremy CreditAttribution: Jeremy commentedCleaned the patch up based on a recent cleanup of the node module.
Comment #11
Jeremy CreditAttribution: Jeremy commentedChanges:
Comment #12
Jeremy CreditAttribution: Jeremy commentedChanged:
Comment #13
Dries CreditAttribution: Dries commentedfunction comment_multiple_delete_confirm()
uses$_POST['edit']
. With the new forms API using $_POST should be avoided, as it is not validated and possibly vulnerable to form injection attacks. Maybe the other mass deletion forms use this too; haven't checked but I figured I'd point this out.comment_operations()
usesstatus = 0
). We have defines for these now.comment_load()
be a private function?Comment #14
Jeremy CreditAttribution: Jeremy commentedComment #15
Dries CreditAttribution: Dries commentedCommitted to HEAD. Thanks.
Comment #16
Cvbge CreditAttribution: Cvbge commentedAttached patch fixes:
1. unnecesary db_escape_string($status). $status is an integer.
2. PHP constans are not resolved in strings, I believe current code won't work as expected.
Patch not tested.
Comment #17
Dries CreditAttribution: Dries commentedCommitted to HEAD. Thanks.
Comment #18
(not verified) CreditAttribution: commented