// HandleUpdate responds to POST /comments/update
func HandleUpdate(context router.Context) error {
// Find the comment
comment, err := comments.Find(context.ParamInt("id"))
if err != nil {
return router.NotFoundError(err)
}
// Authorise update comment, check auth token
err = authorise.ResourceAndAuthenticity(context, comment)
if err != nil {
return router.NotAuthorizedError(err)
}
// Update the comment from params
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Clean params according to role
accepted := comments.AllowedParams()
if authorise.CurrentUser(context).Admin() {
accepted = comments.AllowedParamsAdmin()
}
cleanedParams := params.Clean(accepted)
err = comment.Update(cleanedParams)
if err != nil {
return router.InternalError(err)
}
// Redirect to comment
return router.Redirect(context, comment.URLShow())
}
// HandleCreate handles the POST of the create form for comments
func HandleCreate(context router.Context) error {
// Authorise csrf token
err := authorise.AuthenticityToken(context)
if err != nil {
return router.NotAuthorizedError(err)
}
// Check permissions - if not logged in and above 0 points, redirect
if !authorise.CurrentUser(context).CanComment() {
return router.NotAuthorizedError(nil, "Sorry", "You need to be registered and have more than 0 points to comment.")
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Find parent story - this must exist
story, err := stories.Find(params.GetInt("story_id"))
if err != nil {
return router.NotFoundError(err)
}
params.SetInt("story_id", story.Id)
params.Set("story_name", story.Name)
// Set a few params
user := authorise.CurrentUser(context)
params.SetInt("user_id", user.Id)
params.Set("user_name", user.Name)
params.SetInt("points", 1)
// Find the parent and set dotted id
// these are of the form xx.xx. with a trailing dot
// this saves us from saving twice on create
parentID := context.ParamInt("parent_id")
if parentID > 0 {
parent, err := comments.Find(parentID)
if err != nil {
return router.NotFoundError(err)
}
context.Logf("PARENT:%d - %s", parent.Id, parent.DottedIds)
params.Set("dotted_ids", fmt.Sprintf(parent.DottedIds+"."))
}
// Clean params allowing all through (since we have manually reset them above)
accepted := comments.AllowedParamsAdmin()
cleanedParams := params.Clean(accepted)
id, err := comments.Create(cleanedParams)
if err != nil {
return router.InternalError(err)
}
// Log creation
context.Logf("#info Created comment id,%d", id)
// Update the story comment count
storyParams := map[string]string{"comment_count": fmt.Sprintf("%d", story.CommentCount+1)}
err = story.Update(storyParams)
if err != nil {
return router.InternalError(err, "Error", "Could not update story.")
}
// Redirect to the new comment
m, err := comments.Find(id)
if err != nil {
return router.InternalError(err)
}
// Re-rank comments on this story
err = updateCommentsRank(m.StoryId)
if err != nil {
return err
}
return router.Redirect(context, m.URLStory())
}