Docker: Fix permission with node service by adding node as user

[bookstack] / app / Http / Controllers / CommentController.php

diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php
index 8e7b1512aa07230a5672fac993605a088c45eacb..bf1a76f518f3ce70f2792bd1138bc309ca961d4d 100644 (file)
--- a/app/Http/Controllers/CommentController.php
+++ b/app/Http/Controllers/CommentController.php
@@ -1,95 +1,75 @@
 <?php namespace BookStack\Http\Controllers;
 
-use BookStack\Repos\CommentRepo;
-use BookStack\Repos\EntityRepo;
+use Activity;
+use BookStack\Actions\ActivityType;
+use BookStack\Actions\CommentRepo;
+use BookStack\Entities\Models\Page;
 use Illuminate\Http\Request;
-use Views;
+use Illuminate\Validation\ValidationException;
 
-// delete  -checkOwnablePermission \
 class CommentController extends Controller
 {
-    protected $entityRepo;
+    protected $commentRepo;
 
-    public function __construct(EntityRepo $entityRepo, CommentRepo $commentRepo)
+    public function __construct(CommentRepo $commentRepo)
     {
-        $this->entityRepo = $entityRepo;
         $this->commentRepo = $commentRepo;
-        parent::__construct();
     }
 
-    public function save(Request $request, $pageId, $commentId = null)
+    /**
+     * Save a new comment for a Page
+     * @throws ValidationException
+     */
+    public function savePageComment(Request $request, int $pageId)
     {
         $this->validate($request, [
             'text' => 'required|string',
-            'html' => 'required|string',
+            'parent_id' => 'nullable|integer',
         ]);
 
-        try {
-            $page = $this->entityRepo->getById('page', $pageId, true);
-        } catch (ModelNotFoundException $e) {
+        $page = Page::visible()->find($pageId);
+        if ($page === null) {
             return response('Not found', 404);
         }
 
-        if($page->draft) {
-            // cannot add comments to drafts.
-            return response()->json([
-                'status' => 'error',
-                'message' => trans('errors.cannot_add_comment_to_draft'),
-            ], 400);
+        // Prevent adding comments to draft pages
+        if ($page->draft) {
+            return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400);
         }
 
-        $this->checkOwnablePermission('page-view', $page);
-        if (empty($commentId)) {
-            // create a new comment.
-            $this->checkPermission('comment-create-all');
-            $comment = $this->commentRepo->create($page, $request->only(['text', 'html', 'parent_id']));
-            $respMsg = trans('entities.comment_created');            
-        } else {
-            // update existing comment
-            // get comment by ID and check if this user has permission to update.            
-            $comment = $this->comment->findOrFail($commentId);
-            $this->checkOwnablePermission('comment-update', $comment);
-            $this->commentRepo->update($comment, $request->all());
-            $respMsg = trans('entities.comment_updated');
-        }
+        // Create a new comment.
+        $this->checkPermission('comment-create-all');
+        $comment = $this->commentRepo->create($page, $request->get('text'), $request->get('parent_id'));
+        return view('comments.comment', ['comment' => $comment]);
+    }
 
-        return response()->json([
-            'status'    => 'success',
-            'message'   => $respMsg
+    /**
+     * Update an existing comment.
+     * @throws ValidationException
+     */
+    public function update(Request $request, int $commentId)
+    {
+        $this->validate($request, [
+            'text' => 'required|string',
         ]);
 
-    }
-    
-    public function destroy($id) {
-        $comment = $this->comment->findOrFail($id);
-        $this->checkOwnablePermission('comment-delete', $comment);
+        $comment = $this->commentRepo->getById($commentId);
+        $this->checkOwnablePermission('page-view', $comment->entity);
+        $this->checkOwnablePermission('comment-update', $comment);
 
-        //
+        $comment = $this->commentRepo->update($comment, $request->get('text'));
+        return view('comments.comment', ['comment' => $comment]);
     }
 
-    public function getComments($pageId, $commentId = null) {        
-        try {
-            $page = $this->entityRepo->getById('page', $pageId, true);
-        } catch (ModelNotFoundException $e) {
-            return response('Not found', 404);
-        }
-        
-        if($page->draft) {
-            // cannot add comments to drafts.
-            return response()->json([
-                'status' => 'error',
-                'message' => trans('errors.no_comments_for_draft'),
-            ], 400);
-        }
-        
-        $this->checkOwnablePermission('page-view', $page);
-        
-        $comments = $this->commentRepo->getCommentsForPage($pageId, $commentId);
-        if (empty($commentId)) {
-            // requesting for parent level comments, send the total count as well.
-            $totalComments = $this->commentRepo->getCommentCount($pageId);
-            return response()->json(array('success' => true, 'comments'=> $comments, 'total' => $totalComments));
-        }
-        return response()->json(array('success' => true, 'comments'=> $comments));
+    /**
+     * Delete a comment from the system.
+     */
+    public function destroy(int $id)
+    {
+        $comment = $this->commentRepo->getById($id);
+        $this->checkOwnablePermission('comment-delete', $comment);
+
+        $this->commentRepo->delete($comment);
+        return response()->json(['message' => trans('entities.comment_deleted')]);
     }
 }