// Patch handles PATCH func (ctl *CommentController) Patch(c *models.Context) { _, itemTypeID, itemID, status, err := c.GetItemTypeAndItemID() if err != nil { c.RespondWithErrorDetail(err, status) return } patches := []h.PatchType{} err = c.Fill(&patches) if err != nil { c.RespondWithErrorMessage( fmt.Sprintf("The post data is invalid: %v", err.Error()), http.StatusBadRequest, ) return } status, err = h.TestPatch(patches) if err != nil { c.RespondWithErrorDetail(err, status) return } // Start Authorisation ac := models.MakeAuthorisationContext(c, 0, itemTypeID, itemID) perms := models.GetPermission(ac) if !perms.CanUpdate { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } // All patches are 'replace' for _, patch := range patches { status, err := patch.ScanRawValue() if !patch.Bool.Valid { c.RespondWithErrorDetail(err, status) return } switch patch.Path { case "/meta/flags/deleted": // Only super users' can undelete, but super users' and owners can delete if !patch.Bool.Valid { c.RespondWithErrorMessage("/meta/flags/deleted requires a bool value", http.StatusBadRequest) return } if (patch.Bool.Bool == false && !(perms.IsModerator || perms.IsOwner)) || !perms.IsModerator { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } case "/meta/flags/moderated": if !perms.IsModerator { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } default: c.RespondWithErrorMessage("Invalid patch operation path", http.StatusBadRequest) return } } // End Authorisation m := models.CommentSummaryType{} m.ID = itemID status, err = m.Patch(c.Site.ID, ac, patches) if err != nil { c.RespondWithErrorDetail(err, status) return } audit.Update( c.Site.ID, h.ItemTypes[h.ItemTypeComment], m.ID, c.Auth.ProfileID, time.Now(), c.IP, ) c.RespondWithOK() }
// Create handles POST func (ctl *CommentsController) Create(c *models.Context) { m := models.CommentSummaryType{} err := c.Fill(&m) if err != nil { c.RespondWithErrorMessage( fmt.Sprintf("The post data is invalid: %v", err.Error()), http.StatusBadRequest, ) return } // Populate where applicable from auth and context m.Meta.CreatedByID = c.Auth.ProfileID m.Meta.Created = time.Now() status, err := m.Validate(c.Site.ID, false) if err != nil { c.RespondWithErrorDetail(err, status) return } // Start : Authorisation perms := models.GetPermission( models.MakeAuthorisationContext( c, 0, m.ItemTypeID, m.ItemID), ) if !perms.CanCreate { c.RespondWithErrorDetail( e.New( c.Site.ID, c.Auth.ProfileID, "comments.go::Create", e.NoCreate, "Not authorized to create comment: CanCreate false", ), http.StatusForbidden, ) return } // End : Authorisation // Create status, err = m.Insert(c.Site.ID) if err != nil { c.RespondWithErrorDetail(err, status) return } go audit.Create( c.Site.ID, h.ItemTypes[h.ItemTypeComment], m.ID, c.Auth.ProfileID, time.Now(), c.IP, ) // Send updates and register watcher if m.ItemTypeID == h.ItemTypes[h.ItemTypeHuddle] { models.RegisterWatcher( c.Auth.ProfileID, h.UpdateTypes[h.UpdateTypeNewCommentInHuddle], m.ItemID, m.ItemTypeID, c.Site.ID, ) go models.SendUpdatesForNewCommentInHuddle(c.Site.ID, m) models.MarkAsRead(h.ItemTypes[h.ItemTypeHuddle], m.ItemID, c.Auth.ProfileID, time.Now()) models.UpdateUnreadHuddleCount(c.Auth.ProfileID) } else { models.RegisterWatcher( c.Auth.ProfileID, h.UpdateTypes[h.UpdateTypeNewComment], m.ItemID, m.ItemTypeID, c.Site.ID, ) go models.SendUpdatesForNewCommentInItem(c.Site.ID, m) } if m.InReplyTo > 0 { go models.SendUpdatesForNewReplyToYourComment(c.Site.ID, m) } // Respond c.RespondWithSeeOther( fmt.Sprintf( "%s/%d", h.APITypeComment, m.ID, ), ) }