// Patch handles PATCH
func (ctl *CommentController) Patch(c *models.Context) {
_, itemTypeID, itemID, status, err := c.GetItemTypeAndItemID()
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
patches := []h.PatchType{}
err = c.Fill(&patches)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
status, err = h.TestPatch(patches)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start Authorisation
ac := models.MakeAuthorisationContext(c, 0, itemTypeID, itemID)
perms := models.GetPermission(ac)
if !perms.CanUpdate {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
// All patches are 'replace'
for _, patch := range patches {
status, err := patch.ScanRawValue()
if !patch.Bool.Valid {
c.RespondWithErrorDetail(err, status)
return
}
switch patch.Path {
case "/meta/flags/deleted":
// Only super users' can undelete, but super users' and owners can delete
if !patch.Bool.Valid {
c.RespondWithErrorMessage("/meta/flags/deleted requires a bool value", http.StatusBadRequest)
return
}
if (patch.Bool.Bool == false && !(perms.IsModerator || perms.IsOwner)) || !perms.IsModerator {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
case "/meta/flags/moderated":
if !perms.IsModerator {
c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden)
return
}
default:
c.RespondWithErrorMessage("Invalid patch operation path", http.StatusBadRequest)
return
}
}
// End Authorisation
m := models.CommentSummaryType{}
m.ID = itemID
status, err = m.Patch(c.Site.ID, ac, patches)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
audit.Update(
c.Site.ID,
h.ItemTypes[h.ItemTypeComment],
m.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
c.RespondWithOK()
}
// Create handles POST
func (ctl *CommentsController) Create(c *models.Context) {
m := models.CommentSummaryType{}
err := c.Fill(&m)
if err != nil {
c.RespondWithErrorMessage(
fmt.Sprintf("The post data is invalid: %v", err.Error()),
http.StatusBadRequest,
)
return
}
// Populate where applicable from auth and context
m.Meta.CreatedByID = c.Auth.ProfileID
m.Meta.Created = time.Now()
status, err := m.Validate(c.Site.ID, false)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
// Start : Authorisation
perms := models.GetPermission(
models.MakeAuthorisationContext(
c, 0, m.ItemTypeID, m.ItemID),
)
if !perms.CanCreate {
c.RespondWithErrorDetail(
e.New(
c.Site.ID,
c.Auth.ProfileID,
"comments.go::Create",
e.NoCreate,
"Not authorized to create comment: CanCreate false",
),
http.StatusForbidden,
)
return
}
// End : Authorisation
// Create
status, err = m.Insert(c.Site.ID)
if err != nil {
c.RespondWithErrorDetail(err, status)
return
}
go audit.Create(
c.Site.ID,
h.ItemTypes[h.ItemTypeComment],
m.ID,
c.Auth.ProfileID,
time.Now(),
c.IP,
)
// Send updates and register watcher
if m.ItemTypeID == h.ItemTypes[h.ItemTypeHuddle] {
models.RegisterWatcher(
c.Auth.ProfileID,
h.UpdateTypes[h.UpdateTypeNewCommentInHuddle],
m.ItemID,
m.ItemTypeID,
c.Site.ID,
)
go models.SendUpdatesForNewCommentInHuddle(c.Site.ID, m)
models.MarkAsRead(h.ItemTypes[h.ItemTypeHuddle], m.ItemID, c.Auth.ProfileID, time.Now())
models.UpdateUnreadHuddleCount(c.Auth.ProfileID)
} else {
models.RegisterWatcher(
c.Auth.ProfileID,
h.UpdateTypes[h.UpdateTypeNewComment],
m.ItemID,
m.ItemTypeID,
c.Site.ID,
)
go models.SendUpdatesForNewCommentInItem(c.Site.ID, m)
}
if m.InReplyTo > 0 {
go models.SendUpdatesForNewReplyToYourComment(c.Site.ID, m)
}
// Respond
c.RespondWithSeeOther(
fmt.Sprintf(
"%s/%d",
h.APITypeComment,
m.ID,
),
)
}
