BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/CommentController.php

-<?php

-

-namespace BookStack\Http\Controllers;

+<?php namespace BookStack\Http\Controllers;

+use BookStack\Repos\CommentRepo;

+use BookStack\Repos\EntityRepo;

+use BookStack\Comment;

use Illuminate\Http\Request;

-use BookStack\Http\Requests;

-

class CommentController extends Controller

{

class CommentController extends Controller

{

-

- public function add(Request $request, $pageId) {

- // $this->checkOwnablePermission('page-view', $page);

+ protected $entityRepo;

+

+ public function __construct(EntityRepo $entityRepo, CommentRepo $commentRepo, Comment $comment)

+ {

+ $this->entityRepo = $entityRepo;

+ $this->commentRepo = $commentRepo;

+ $this->comment = $comment;

+ parent::__construct();

}

-

- public function update(Request $request, $id) {

- // Check whether its an admin or the comment owner.

- // $this->checkOwnablePermission('page-view', $page);

+

+ public function save(Request $request, $pageId, $commentId = null)

+ {

+ $this->validate($request, [

+ 'text' => 'required|string',

+ 'html' => 'required|string',

+ ]);

+

+ try {

+ $page = $this->entityRepo->getById('page', $pageId, true);

+ } catch (ModelNotFoundException $e) {

+ return response('Not found', 404);

+ }

+

+ if($page->draft) {

+ // cannot add comments to drafts.

+ return response()->json([

+ 'status' => 'error',

+ 'message' => trans('errors.cannot_add_comment_to_draft'),

+ ], 400);

+ }

+

+ $this->checkOwnablePermission('page-view', $page);

+ if (empty($commentId)) {

+ // create a new comment.

+ $this->checkPermission('comment-create-all');

+ $comment = $this->commentRepo->create($page, $request->only(['text', 'html', 'parent_id']));

+ $respMsg = trans('entities.comment_created');

+ } else {

+ // update existing comment

+ // get comment by ID and check if this user has permission to update.

+ $comment = $this->comment->findOrFail($commentId);

+ $this->checkOwnablePermission('comment-update', $comment);

+ $this->commentRepo->update($comment, $request->all());

+ $respMsg = trans('entities.comment_updated');

+ }

+

+ $comment = $this->commentRepo->getCommentById($comment->id);

+

+ return response()->json([

+ 'status' => 'success',

+ 'message' => $respMsg,

+ 'comment' => $comment

+ ]);

+

}

-

+

public function destroy($id) {

- // Check whether its an admin or the comment owner.

- // $this->checkOwnablePermission('page-view', $page);

- }

-

- public function getLastXComments($pageId) {

- // $this->checkOwnablePermission('page-view', $page);

+ $comment = $this->comment->findOrFail($id);

+ $this->checkOwnablePermission('comment-delete', $comment);

+ $this->commentRepo->delete($comment);

+ $updatedComment = $this->commentRepo->getCommentById($comment->id);

+

+ return response()->json([

+ 'status' => 'success',

+ 'message' => trans('entities.comment_deleted'),

+ 'comment' => $updatedComment

+ ]);

}

-

- public function getChildComments($pageId, $id) {

- // $this->checkOwnablePermission('page-view', $page);

+

+ public function getPageComments($pageId) {

+ try {

+ $page = $this->entityRepo->getById('page', $pageId, true);

+ } catch (ModelNotFoundException $e) {

+ return response('Not found', 404);

+ }

+

+ $this->checkOwnablePermission('page-view', $page);

+

+ $comments = $this->commentRepo->getPageComments($pageId);

+ return response()->json(['status' => 'success', 'comments'=> $comments['comments'],

+ 'total' => $comments['total'], 'permissions' => [

+ 'comment_create' => $this->currentUser->can('comment-create-all'),

+ 'comment_update_own' => $this->currentUser->can('comment-update-own'),

+ 'comment_update_all' => $this->currentUser->can('comment-update-all'),

+ 'comment_delete_all' => $this->currentUser->can('comment-delete-all'),

+ 'comment_delete_own' => $this->currentUser->can('comment-delete-own'),

+ ], 'user_id' => $this->currentUser->id]);

}