diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/CommentController.php | 69 | ||||
-rw-r--r-- | lib/Db/CommentMapper.php | 19 |
2 files changed, 75 insertions, 13 deletions
diff --git a/lib/Controller/CommentController.php b/lib/Controller/CommentController.php index 071bbdc5..a2e864df 100644 --- a/lib/Controller/CommentController.php +++ b/lib/Controller/CommentController.php @@ -150,19 +150,29 @@ class CommentController extends Controller { return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } - $comment = new Comment(); - $comment->setPollId($pollId); - $comment->setUserId($userId); - $comment->setComment($message); - $comment->setDt(date('Y-m-d H:i:s')); + if (!$this->acl->getFoundByToken()) { + $this->acl->setPollId($pollId); + } + if ($this->acl->getAllowComment()) { + // code... + $comment = new Comment(); + $comment->setPollId($pollId); + $comment->setUserId($userId); + $comment->setComment($message); + $comment->setDt(date('Y-m-d H:i:s')); - try { - $comment = $this->mapper->insert($comment); - } catch (\Exception $e) { - return new DataResponse($e, Http::STATUS_CONFLICT); + + try { + $comment = $this->mapper->insert($comment); + } catch (\Exception $e) { + return new DataResponse($e, Http::STATUS_CONFLICT); + } + } else { + return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } + return new DataResponse($comment, Http::STATUS_OK); } @@ -181,11 +191,12 @@ class CommentController extends Controller { try { $this->acl->setToken($token); + return $this->write($this->acl->getPollId(), $this->acl->getUserId(), $message); + } catch (DoesNotExistException $e) { return new DataResponse($e, Http::STATUS_NOT_FOUND); } - return $this->write($this->acl->getPollId(), $this->acl->getUserId(), $message); } @@ -199,17 +210,49 @@ class CommentController extends Controller { * @return DataResponse */ public function delete($comment) { - if (\OC::$server->getUserSession()->isLoggedIn()) { + if (!\OC::$server->getUserSession()->isLoggedIn() && !$this->acl->getFoundByToken()) { return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } + if (!$this->acl->getFoundByToken()) { + $this->acl->setPollId($comment['pollId']); + } + try { - $comment = $this->mapper->delete($comment['id']); + if ( $comment['userId'] === $this->acl->getUserId() ) { + $comment = $this->mapper->find($comment['id']); + $comment = $this->mapper->delete($comment); + } } catch (\Exception $e) { return new DataResponse($e, Http::STATUS_CONFLICT); } - return new DataResponse($comment, Http::STATUS_OK); + return new DataResponse(['comment' => $comment], Http::STATUS_OK); } + + /** + * writeByToken + * @NoAdminRequired + * @PublicPage + * @NoCSRFRequired + * @param Array $option + * @param string $setTo + * @param string $token + * @return DataResponse + */ + public function deleteByToken($token, $comment) { + + try { + $this->acl->setToken($token); + return $this->delete($comment); + + } catch (DoesNotExistException $e) { + return new DataResponse($e, Http::STATUS_NOT_FOUND); + } + + + + } + } diff --git a/lib/Db/CommentMapper.php b/lib/Db/CommentMapper.php index c6ac77d2..93da02ae 100644 --- a/lib/Db/CommentMapper.php +++ b/lib/Db/CommentMapper.php @@ -39,6 +39,25 @@ class CommentMapper extends QBMapper { } /** + * @param int $id + * @throws \OCP\AppFramework\Db\DoesNotExistException if not found + * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException if more than one result + * @return Comment + */ + + public function find($id) { + $qb = $this->db->getQueryBuilder(); + + $qb->select('*') + ->from($this->getTableName()) + ->where( + $qb->expr()->eq('id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)) + ); + + return $this->findEntity($qb); + } + + /** * @param int $pollId * @throws \OCP\AppFramework\Db\DoesNotExistException if not found * @return array |