X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/397db0442853bcca281687fd2f97614e925d0dfd..refs/pull/1627/head:/app/Http/Controllers/CommentController.php diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php index de97169a8..860b50762 100644 --- a/app/Http/Controllers/CommentController.php +++ b/app/Http/Controllers/CommentController.php @@ -1,33 +1,93 @@ -checkOwnablePermission('page-view', $page); - } - - public function update(Request $request, $id) { - // Check whether its an admin or the comment owner. - // $this->checkOwnablePermission('page-view', $page); + protected $entityRepo; + protected $commentRepo; + + /** + * CommentController constructor. + * @param \BookStack\Entities\Repos\EntityRepo $entityRepo + * @param \BookStack\Actions\CommentRepo $commentRepo + */ + public function __construct(EntityRepo $entityRepo, CommentRepo $commentRepo) + { + $this->entityRepo = $entityRepo; + $this->commentRepo = $commentRepo; + parent::__construct(); } - - public function destroy($id) { - // Check whether its an admin or the comment owner. - // $this->checkOwnablePermission('page-view', $page); + + /** + * Save a new comment for a Page + * @param Request $request + * @param integer $pageId + * @param null|integer $commentId + * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response + */ + public function savePageComment(Request $request, $pageId, $commentId = null) + { + $this->validate($request, [ + 'text' => 'required|string', + 'html' => 'required|string', + ]); + + try { + $page = $this->entityRepo->getById('page', $pageId, true); + } catch (ModelNotFoundException $e) { + return response('Not found', 404); + } + + $this->checkOwnablePermission('page-view', $page); + + // Prevent adding comments to draft pages + if ($page->draft) { + return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400); + } + + // Create a new comment. + $this->checkPermission('comment-create-all'); + $comment = $this->commentRepo->create($page, $request->only(['html', 'text', 'parent_id'])); + Activity::add($page, 'commented_on', $page->book->id); + return view('comments.comment', ['comment' => $comment]); } - - public function getLastXComments($pageId) { - // $this->checkOwnablePermission('page-view', $page); + + /** + * Update an existing comment. + * @param Request $request + * @param integer $commentId + * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View + */ + public function update(Request $request, $commentId) + { + $this->validate($request, [ + 'text' => 'required|string', + 'html' => 'required|string', + ]); + + $comment = $this->commentRepo->getById($commentId); + $this->checkOwnablePermission('page-view', $comment->entity); + $this->checkOwnablePermission('comment-update', $comment); + + $comment = $this->commentRepo->update($comment, $request->only(['html', 'text'])); + return view('comments.comment', ['comment' => $comment]); } - - public function getChildComments($pageId, $id) { - // $this->checkOwnablePermission('page-view', $page); + + /** + * Delete a comment from the system. + * @param integer $id + * @return \Illuminate\Http\JsonResponse + */ + public function destroy($id) + { + $comment = $this->commentRepo->getById($id); + $this->checkOwnablePermission('comment-delete', $comment); + $this->commentRepo->delete($comment); + return response()->json(['message' => trans('entities.comment_deleted')]); } }