diff options
Diffstat (limited to 'lib/Controller/CommentController.php')
| -rw-r--r-- | lib/Controller/CommentController.php | 69 |
1 files changed, 56 insertions, 13 deletions
diff --git a/lib/Controller/CommentController.php b/lib/Controller/CommentController.php index 071bbdc5..a2e864df 100644 --- a/lib/Controller/CommentController.php +++ b/lib/Controller/CommentController.php @@ -150,19 +150,29 @@ class CommentController extends Controller { return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } - $comment = new Comment(); - $comment->setPollId($pollId); - $comment->setUserId($userId); - $comment->setComment($message); - $comment->setDt(date('Y-m-d H:i:s')); + if (!$this->acl->getFoundByToken()) { + $this->acl->setPollId($pollId); + } + if ($this->acl->getAllowComment()) { + // code... + $comment = new Comment(); + $comment->setPollId($pollId); + $comment->setUserId($userId); + $comment->setComment($message); + $comment->setDt(date('Y-m-d H:i:s')); - try { - $comment = $this->mapper->insert($comment); - } catch (\Exception $e) { - return new DataResponse($e, Http::STATUS_CONFLICT); + + try { + $comment = $this->mapper->insert($comment); + } catch (\Exception $e) { + return new DataResponse($e, Http::STATUS_CONFLICT); + } + } else { + return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } + return new DataResponse($comment, Http::STATUS_OK); } @@ -181,11 +191,12 @@ class CommentController extends Controller { try { $this->acl->setToken($token); + return $this->write($this->acl->getPollId(), $this->acl->getUserId(), $message); + } catch (DoesNotExistException $e) { return new DataResponse($e, Http::STATUS_NOT_FOUND); } - return $this->write($this->acl->getPollId(), $this->acl->getUserId(), $message); } @@ -199,17 +210,49 @@ class CommentController extends Controller { * @return DataResponse */ public function delete($comment) { - if (\OC::$server->getUserSession()->isLoggedIn()) { + if (!\OC::$server->getUserSession()->isLoggedIn() && !$this->acl->getFoundByToken()) { return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } + if (!$this->acl->getFoundByToken()) { + $this->acl->setPollId($comment['pollId']); + } + try { - $comment = $this->mapper->delete($comment['id']); + if ( $comment['userId'] === $this->acl->getUserId() ) { + $comment = $this->mapper->find($comment['id']); + $comment = $this->mapper->delete($comment); + } } catch (\Exception $e) { return new DataResponse($e, Http::STATUS_CONFLICT); } - return new DataResponse($comment, Http::STATUS_OK); + return new DataResponse(['comment' => $comment], Http::STATUS_OK); } + + /** + * writeByToken + * @NoAdminRequired + * @PublicPage + * @NoCSRFRequired + * @param Array $option + * @param string $setTo + * @param string $token + * @return DataResponse + */ + public function deleteByToken($token, $comment) { + + try { + $this->acl->setToken($token); + return $this->delete($comment); + + } catch (DoesNotExistException $e) { + return new DataResponse($e, Http::STATUS_NOT_FOUND); + } + + + + } + } |