Docker: Fix permission with node service by adding node as user

[bookstack] / app / Http / Controllers / CommentController.php

diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php
index de97169a8791946a6bbfb9e43a68b1f270e93105..bf1a76f518f3ce70f2792bd1138bc309ca961d4d 100644 (file)
--- a/app/Http/Controllers/CommentController.php
+++ b/app/Http/Controllers/CommentController.php
@@ -1,33 +1,75 @@
-<?php
-
-namespace BookStack\Http\Controllers;
+<?php namespace BookStack\Http\Controllers;
 
+use Activity;
+use BookStack\Actions\ActivityType;
+use BookStack\Actions\CommentRepo;
+use BookStack\Entities\Models\Page;
 use Illuminate\Http\Request;
-
-use BookStack\Http\Requests;
+use Illuminate\Validation\ValidationException;
 
 class CommentController extends Controller
 {
-    
-    public function add(Request $request, $pageId) {
-        // $this->checkOwnablePermission('page-view', $page);
-    }
-    
-    public function update(Request $request, $id) {
-        // Check whether its an admin or the comment owner.
-        // $this->checkOwnablePermission('page-view', $page);
+    protected $commentRepo;
+
+    public function __construct(CommentRepo $commentRepo)
+    {
+        $this->commentRepo = $commentRepo;
     }
-    
-    public function destroy($id) {
-        // Check whether its an admin or the comment owner.
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Save a new comment for a Page
+     * @throws ValidationException
+     */
+    public function savePageComment(Request $request, int $pageId)
+    {
+        $this->validate($request, [
+            'text' => 'required|string',
+            'parent_id' => 'nullable|integer',
+        ]);
+
+        $page = Page::visible()->find($pageId);
+        if ($page === null) {
+            return response('Not found', 404);
+        }
+
+        // Prevent adding comments to draft pages
+        if ($page->draft) {
+            return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400);
+        }
+
+        // Create a new comment.
+        $this->checkPermission('comment-create-all');
+        $comment = $this->commentRepo->create($page, $request->get('text'), $request->get('parent_id'));
+        return view('comments.comment', ['comment' => $comment]);
     }
-    
-    public function getLastXComments($pageId) {
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Update an existing comment.
+     * @throws ValidationException
+     */
+    public function update(Request $request, int $commentId)
+    {
+        $this->validate($request, [
+            'text' => 'required|string',
+        ]);
+
+        $comment = $this->commentRepo->getById($commentId);
+        $this->checkOwnablePermission('page-view', $comment->entity);
+        $this->checkOwnablePermission('comment-update', $comment);
+
+        $comment = $this->commentRepo->update($comment, $request->get('text'));
+        return view('comments.comment', ['comment' => $comment]);
     }
-    
-    public function getChildComments($pageId, $id) {
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Delete a comment from the system.
+     */
+    public function destroy(int $id)
+    {
+        $comment = $this->commentRepo->getById($id);
+        $this->checkOwnablePermission('comment-delete', $comment);
+
+        $this->commentRepo->delete($comment);
+        return response()->json(['message' => trans('entities.comment_deleted')]);
     }
 }