X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/70991fc1e54686fb0c50550df8aba2296a75ebb2..refs/pull/261/head:/app/Http/Controllers/CommentController.php diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php index de97169a8..e8d5eab30 100644 --- a/app/Http/Controllers/CommentController.php +++ b/app/Http/Controllers/CommentController.php @@ -1,33 +1,99 @@ -checkOwnablePermission('page-view', $page); + protected $entityRepo; + + public function __construct(EntityRepo $entityRepo, CommentRepo $commentRepo, Comment $comment) + { + $this->entityRepo = $entityRepo; + $this->commentRepo = $commentRepo; + $this->comment = $comment; + parent::__construct(); } - - public function update(Request $request, $id) { - // Check whether its an admin or the comment owner. - // $this->checkOwnablePermission('page-view', $page); + + public function save(Request $request, $pageId, $commentId = null) + { + $this->validate($request, [ + 'text' => 'required|string', + 'html' => 'required|string', + ]); + + try { + $page = $this->entityRepo->getById('page', $pageId, true); + } catch (ModelNotFoundException $e) { + return response('Not found', 404); + } + + if($page->draft) { + // cannot add comments to drafts. + return response()->json([ + 'status' => 'error', + 'message' => trans('errors.cannot_add_comment_to_draft'), + ], 400); + } + + $this->checkOwnablePermission('page-view', $page); + if (empty($commentId)) { + // create a new comment. + $this->checkPermission('comment-create-all'); + $comment = $this->commentRepo->create($page, $request->only(['text', 'html', 'parent_id'])); + $respMsg = trans('entities.comment_created'); + } else { + // update existing comment + // get comment by ID and check if this user has permission to update. + $comment = $this->comment->findOrFail($commentId); + $this->checkOwnablePermission('comment-update', $comment); + $this->commentRepo->update($comment, $request->all()); + $respMsg = trans('entities.comment_updated'); + } + + $comment = $this->commentRepo->getCommentById($comment->id); + + return response()->json([ + 'status' => 'success', + 'message' => $respMsg, + 'comment' => $comment + ]); + } - + public function destroy($id) { - // Check whether its an admin or the comment owner. - // $this->checkOwnablePermission('page-view', $page); - } - - public function getLastXComments($pageId) { - // $this->checkOwnablePermission('page-view', $page); + $comment = $this->comment->findOrFail($id); + $this->checkOwnablePermission('comment-delete', $comment); + $this->commentRepo->delete($comment); + $updatedComment = $this->commentRepo->getCommentById($comment->id); + + return response()->json([ + 'status' => 'success', + 'message' => trans('entities.comment_deleted'), + 'comment' => $updatedComment + ]); } - - public function getChildComments($pageId, $id) { - // $this->checkOwnablePermission('page-view', $page); + + + public function getPageComments($pageId) { + try { + $page = $this->entityRepo->getById('page', $pageId, true); + } catch (ModelNotFoundException $e) { + return response('Not found', 404); + } + + $this->checkOwnablePermission('page-view', $page); + + $comments = $this->commentRepo->getPageComments($pageId); + return response()->json(['status' => 'success', 'comments'=> $comments['comments'], + 'total' => $comments['total'], 'permissions' => [ + 'comment_create' => $this->currentUser->can('comment-create-all'), + 'comment_update_own' => $this->currentUser->can('comment-update-own'), + 'comment_update_all' => $this->currentUser->can('comment-update-all'), + 'comment_delete_all' => $this->currentUser->can('comment-delete-all'), + 'comment_delete_own' => $this->currentUser->can('comment-delete-own'), + ], 'user_id' => $this->currentUser->id]); } }