-<?php
-
-namespace BookStack\Http\Controllers;
+<?php namespace BookStack\Http\Controllers;
+use BookStack\Repos\CommentRepo;
+use BookStack\Repos\EntityRepo;
+use BookStack\Comment;
use Illuminate\Http\Request;
-use BookStack\Http\Requests;
-
class CommentController extends Controller
{
-
- public function add(Request $request, $pageId) {
- // $this->checkOwnablePermission('page-view', $page);
+ protected $entityRepo;
+
+ public function __construct(EntityRepo $entityRepo, CommentRepo $commentRepo, Comment $comment)
+ {
+ $this->entityRepo = $entityRepo;
+ $this->commentRepo = $commentRepo;
+ $this->comment = $comment;
+ parent::__construct();
}
-
- public function update(Request $request, $id) {
- // Check whether its an admin or the comment owner.
- // $this->checkOwnablePermission('page-view', $page);
+
+ public function save(Request $request, $pageId, $commentId = null)
+ {
+ $this->validate($request, [
+ 'text' => 'required|string',
+ 'html' => 'required|string',
+ ]);
+
+ try {
+ $page = $this->entityRepo->getById('page', $pageId, true);
+ } catch (ModelNotFoundException $e) {
+ return response('Not found', 404);
+ }
+
+ if($page->draft) {
+ // cannot add comments to drafts.
+ return response()->json([
+ 'status' => 'error',
+ 'message' => trans('errors.cannot_add_comment_to_draft'),
+ ], 400);
+ }
+
+ $this->checkOwnablePermission('page-view', $page);
+ if (empty($commentId)) {
+ // create a new comment.
+ $this->checkPermission('comment-create-all');
+ $comment = $this->commentRepo->create($page, $request->only(['text', 'html', 'parent_id']));
+ $respMsg = trans('entities.comment_created');
+ } else {
+ // update existing comment
+ // get comment by ID and check if this user has permission to update.
+ $comment = $this->comment->findOrFail($commentId);
+ $this->checkOwnablePermission('comment-update', $comment);
+ $this->commentRepo->update($comment, $request->all());
+ $respMsg = trans('entities.comment_updated');
+ }
+
+ $comment = $this->commentRepo->getCommentById($comment->id);
+
+ return response()->json([
+ 'status' => 'success',
+ 'message' => $respMsg,
+ 'comment' => $comment
+ ]);
+
}
-
+
public function destroy($id) {
- // Check whether its an admin or the comment owner.
- // $this->checkOwnablePermission('page-view', $page);
- }
-
- public function getLastXComments($pageId) {
- // $this->checkOwnablePermission('page-view', $page);
+ $comment = $this->comment->findOrFail($id);
+ $this->checkOwnablePermission('comment-delete', $comment);
+ $this->commentRepo->delete($comment);
+ $updatedComment = $this->commentRepo->getCommentById($comment->id);
+
+ return response()->json([
+ 'status' => 'success',
+ 'message' => trans('entities.comment_deleted'),
+ 'comment' => $updatedComment
+ ]);
}
-
- public function getChildComments($pageId, $id) {
- // $this->checkOwnablePermission('page-view', $page);
+
+
+ public function getPageComments($pageId) {
+ try {
+ $page = $this->entityRepo->getById('page', $pageId, true);
+ } catch (ModelNotFoundException $e) {
+ return response('Not found', 404);
+ }
+
+ $this->checkOwnablePermission('page-view', $page);
+
+ $comments = $this->commentRepo->getPageComments($pageId);
+ return response()->json(['status' => 'success', 'comments'=> $comments['comments'],
+ 'total' => $comments['total'], 'permissions' => [
+ 'comment_create' => $this->currentUser->can('comment-create-all'),
+ 'comment_update_own' => $this->currentUser->can('comment-update-own'),
+ 'comment_update_all' => $this->currentUser->can('comment-update-all'),
+ 'comment_delete_all' => $this->currentUser->can('comment-delete-all'),
+ 'comment_delete_own' => $this->currentUser->can('comment-delete-own'),
+ ], 'user_id' => $this->currentUser->id]);
}
}
projects / bookstack / blobdiff