// Patch handles PATCH func (ctl *CommentController) Patch(c *models.Context) { _, itemTypeID, itemID, status, err := c.GetItemTypeAndItemID() if err != nil { c.RespondWithErrorDetail(err, status) return } patches := []h.PatchType{} err = c.Fill(&patches) if err != nil { c.RespondWithErrorMessage( fmt.Sprintf("The post data is invalid: %v", err.Error()), http.StatusBadRequest, ) return } status, err = h.TestPatch(patches) if err != nil { c.RespondWithErrorDetail(err, status) return } // Start Authorisation ac := models.MakeAuthorisationContext(c, 0, itemTypeID, itemID) perms := models.GetPermission(ac) if !perms.CanUpdate { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } // All patches are 'replace' for _, patch := range patches { status, err := patch.ScanRawValue() if !patch.Bool.Valid { c.RespondWithErrorDetail(err, status) return } switch patch.Path { case "/meta/flags/deleted": // Only super users' can undelete, but super users' and owners can delete if !patch.Bool.Valid { c.RespondWithErrorMessage("/meta/flags/deleted requires a bool value", http.StatusBadRequest) return } if (patch.Bool.Bool == false && !(perms.IsModerator || perms.IsOwner)) || !perms.IsModerator { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } case "/meta/flags/moderated": if !perms.IsModerator { c.RespondWithErrorMessage(h.NoAuthMessage, http.StatusForbidden) return } default: c.RespondWithErrorMessage("Invalid patch operation path", http.StatusBadRequest) return } } // End Authorisation m := models.CommentSummaryType{} m.ID = itemID status, err = m.Patch(c.Site.ID, ac, patches) if err != nil { c.RespondWithErrorDetail(err, status) return } audit.Update( c.Site.ID, h.ItemTypes[h.ItemTypeComment], m.ID, c.Auth.ProfileID, time.Now(), c.IP, ) c.RespondWithOK() }