Add support Windows Authentication via SAML

[bookstack] / app / Http / Controllers / CommentController.php

diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php
index de97169a8791946a6bbfb9e43a68b1f270e93105..068358d72d10af92de45327e0b207093c9c501fd 100644 (file)
--- a/app/Http/Controllers/CommentController.php
+++ b/app/Http/Controllers/CommentController.php
@@ -1,33 +1,82 @@
-<?php
-
-namespace BookStack\Http\Controllers;
+<?php namespace BookStack\Http\Controllers;
 
+use Activity;
+use BookStack\Actions\CommentRepo;
+use BookStack\Entities\Page;
 use Illuminate\Http\Request;
-
-use BookStack\Http\Requests;
+use Illuminate\Validation\ValidationException;
 
 class CommentController extends Controller
 {
-    
-    public function add(Request $request, $pageId) {
-        // $this->checkOwnablePermission('page-view', $page);
-    }
-    
-    public function update(Request $request, $id) {
-        // Check whether its an admin or the comment owner.
-        // $this->checkOwnablePermission('page-view', $page);
+    protected $commentRepo;
+
+    /**
+     * CommentController constructor.
+     */
+    public function __construct(CommentRepo $commentRepo)
+    {
+        $this->commentRepo = $commentRepo;
+        parent::__construct();
     }
-    
-    public function destroy($id) {
-        // Check whether its an admin or the comment owner.
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Save a new comment for a Page
+     * @throws ValidationException
+     */
+    public function savePageComment(Request $request, int $pageId, int $commentId = null)
+    {
+        $this->validate($request, [
+            'text' => 'required|string',
+            'html' => 'required|string',
+        ]);
+
+        $page = Page::visible()->find($pageId);
+        if ($page === null) {
+            return response('Not found', 404);
+        }
+
+        $this->checkOwnablePermission('page-view', $page);
+
+        // Prevent adding comments to draft pages
+        if ($page->draft) {
+            return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400);
+        }
+
+        // Create a new comment.
+        $this->checkPermission('comment-create-all');
+        $comment = $this->commentRepo->create($page, $request->only(['html', 'text', 'parent_id']));
+        Activity::add($page, 'commented_on', $page->book->id);
+        return view('comments.comment', ['comment' => $comment]);
     }
-    
-    public function getLastXComments($pageId) {
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Update an existing comment.
+     * @throws ValidationException
+     */
+    public function update(Request $request, int $commentId)
+    {
+        $this->validate($request, [
+            'text' => 'required|string',
+            'html' => 'required|string',
+        ]);
+
+        $comment = $this->commentRepo->getById($commentId);
+        $this->checkOwnablePermission('page-view', $comment->entity);
+        $this->checkOwnablePermission('comment-update', $comment);
+
+        $comment = $this->commentRepo->update($comment, $request->only(['html', 'text']));
+        return view('comments.comment', ['comment' => $comment]);
     }
-    
-    public function getChildComments($pageId, $id) {
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Delete a comment from the system.
+     */
+    public function destroy(int $id)
+    {
+        $comment = $this->commentRepo->getById($id);
+        $this->checkOwnablePermission('comment-delete', $comment);
+
+        $this->commentRepo->delete($comment);
+        return response()->json(['message' => trans('entities.comment_deleted')]);
     }
 }