X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/397db0442853bcca281687fd2f97614e925d0dfd..refs/pull/3503/head:/app/Http/Controllers/CommentController.php

diff --git a/app/Http/Controllers/CommentController.php b/app/Http/Controllers/CommentController.php
index de97169a8..9804f6d39 100644
--- a/app/Http/Controllers/CommentController.php
+++ b/app/Http/Controllers/CommentController.php
@@ -2,32 +2,79 @@
 
 namespace BookStack\Http\Controllers;
 
+use BookStack\Actions\CommentRepo;
+use BookStack\Entities\Models\Page;
 use Illuminate\Http\Request;
-
-use BookStack\Http\Requests;
+use Illuminate\Validation\ValidationException;
 
 class CommentController extends Controller
 {
-    
-    public function add(Request $request, $pageId) {
-        // $this->checkOwnablePermission('page-view', $page);
-    }
-    
-    public function update(Request $request, $id) {
-        // Check whether its an admin or the comment owner.
-        // $this->checkOwnablePermission('page-view', $page);
+    protected $commentRepo;
+
+    public function __construct(CommentRepo $commentRepo)
+    {
+        $this->commentRepo = $commentRepo;
     }
-    
-    public function destroy($id) {
-        // Check whether its an admin or the comment owner.
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Save a new comment for a Page.
+     *
+     * @throws ValidationException
+     */
+    public function savePageComment(Request $request, int $pageId)
+    {
+        $this->validate($request, [
+            'text'      => ['required', 'string'],
+            'parent_id' => ['nullable', 'integer'],
+        ]);
+
+        $page = Page::visible()->find($pageId);
+        if ($page === null) {
+            return response('Not found', 404);
+        }
+
+        // Prevent adding comments to draft pages
+        if ($page->draft) {
+            return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400);
+        }
+
+        // Create a new comment.
+        $this->checkPermission('comment-create-all');
+        $comment = $this->commentRepo->create($page, $request->get('text'), $request->get('parent_id'));
+
+        return view('comments.comment', ['comment' => $comment]);
     }
-    
-    public function getLastXComments($pageId) {
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Update an existing comment.
+     *
+     * @throws ValidationException
+     */
+    public function update(Request $request, int $commentId)
+    {
+        $this->validate($request, [
+            'text' => ['required', 'string'],
+        ]);
+
+        $comment = $this->commentRepo->getById($commentId);
+        $this->checkOwnablePermission('page-view', $comment->entity);
+        $this->checkOwnablePermission('comment-update', $comment);
+
+        $comment = $this->commentRepo->update($comment, $request->get('text'));
+
+        return view('comments.comment', ['comment' => $comment]);
     }
-    
-    public function getChildComments($pageId, $id) {
-        // $this->checkOwnablePermission('page-view', $page);
+
+    /**
+     * Delete a comment from the system.
+     */
+    public function destroy(int $id)
+    {
+        $comment = $this->commentRepo->getById($id);
+        $this->checkOwnablePermission('comment-delete', $comment);
+
+        $this->commentRepo->delete($comment);
+
+        return response()->json(['message' => trans('entities.comment_deleted')]);
     }
 }