BookStack/app/Activity/Controllers/CommentApiController.php at a949900570c80c9c46c140a57c17e2d42738232e · BookStackApp/BookStack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php

declare(strict_types=1);

namespace BookStack\Activity\Controllers;

use BookStack\Activity\CommentRepo;
use BookStack\Activity\Models\Comment;
use BookStack\Entities\Queries\PageQueries;
use BookStack\Http\ApiController;
use BookStack\Permissions\Permission;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;

/**
 * The comment data model has a 'local_id' property, which is a unique integer ID
 * scoped to the page which the comment is on. The 'parent_id' is used for replies
 * and refers to the 'local_id' of the parent comment on the same page, not the main
 * globally unique 'id'.
 *
 * If you want to get all comments for a page in a tree-like structure, as reflected in
 * the UI, then that is provided on pages-read API responses.
 */
class CommentApiController extends ApiController
{
    protected array $rules = [
        'create' => [
            'page_id' => ['required', 'integer'],
            'reply_to' => ['nullable', 'integer'],
            'html' => ['required', 'string'],
            'content_ref' => ['string'],
        ],
        'update' => [
            'html' => ['string'],
            'archived' => ['boolean'],
        ]
    ];

    public function __construct(
        protected CommentRepo $commentRepo,
        protected PageQueries $pageQueries,
    ) {
    }

    /**
     * Get a listing of comments visible to the user.
     */
    public function list(): JsonResponse
    {
        $query = $this->commentRepo->getQueryForVisible();

        return $this->apiListingResponse($query, [
            'id', 'commentable_id', 'commentable_type', 'parent_id', 'local_id', 'content_ref', 'created_by', 'updated_by', 'created_at', 'updated_at'
        ]);
    }

    /**
     * Create a new comment on a page.
     * If commenting as a reply to an existing comment, the 'reply_to' parameter
     * should be provided, set to the 'local_id' of the comment being replied to.
     */
    public function create(Request $request): JsonResponse
    {
        $this->checkPermission(Permission::CommentCreateAll);

        $input = $this->validate($request, $this->rules()['create']);
        $page = $this->pageQueries->findVisibleByIdOrFail($input['page_id']);

        $comment = $this->commentRepo->create(
            $page,
            $input['html'],
            $input['reply_to'] ?? null,
            $input['content_ref'] ?? '',
        );

        return response()->json($comment);
    }

    /**
     * Read the details of a single comment, along with its direct replies.
     */
    public function read(string $id): JsonResponse
    {
        $comment = $this->commentRepo->getVisibleById(intval($id));
        $comment->load('createdBy', 'updatedBy');

        $replies = $this->commentRepo->getQueryForVisible()
            ->where('parent_id', '=', $comment->local_id)
            ->where('commentable_id', '=', $comment->commentable_id)
            ->where('commentable_type', '=', $comment->commentable_type)
            ->get();

        /** @var Comment[] $toProcess */
        $toProcess = [$comment, ...$replies];
        foreach ($toProcess as $commentToProcess) {
            $commentToProcess->setAttribute('html', $commentToProcess->safeHtml());
            $commentToProcess->makeVisible('html');
        }

        $comment->setRelation('replies', $replies);

        return response()->json($comment);
    }


    /**
     * Update the content or archived status of an existing comment.
     *
     * Only provide a new archived status if needing to actively change the archive state.
     * Only top-level comments (non-replies) can be archived or unarchived.
     */
    public function update(Request $request, string $id): JsonResponse
    {
        $comment = $this->commentRepo->getVisibleById(intval($id));
        $this->checkOwnablePermission(Permission::CommentUpdate, $comment);

        $input = $this->validate($request, $this->rules()['update']);
        $hasHtml = isset($input['html']);

        if (isset($input['archived'])) {
            if ($input['archived']) {
                $this->commentRepo->archive($comment, !$hasHtml);
            } else {
                $this->commentRepo->unarchive($comment, !$hasHtml);
            }
        }

        if ($hasHtml) {
            $comment = $this->commentRepo->update($comment, $input['html']);
        }

        return response()->json($comment);
    }

    /**
     * Delete a single comment from the system.
     */
    public function delete(string $id): Response
    {
        $comment = $this->commentRepo->getVisibleById(intval($id));
        $this->checkOwnablePermission(Permission::CommentDelete, $comment);

        $this->commentRepo->delete($comment);

        return response('', 204);
    }
}