ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Comments are available to all users of a board though webdav, but at least check for read permission to the board

Browse Source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
2020-03-10 12:13:32 +01:00
parent 08310406a1
commit 7e4b42a223
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/Service/CommentService.php
View File

@@ -26,6 +26,8 @@ namespace OCA\Deck\Service;
use OCA\Deck\AppInfo\Application;
use OCA\Deck\BadRequestException;
use OCA\Deck\Db\Acl;
use OCA\Deck\Db\CardMapper;
use OCA\Deck\NoPermissionException;
use OCA\Deck\NotFoundException;
use OCA\Deck\StatusException;
@@ -54,8 +56,10 @@ class CommentService {
private $logger;
private $userId;
public function __construct(ICommentsManager $commentsManager, IUserManager $userManager, ILogger $logger, $userId) {
public function __construct(ICommentsManager $commentsManager, PermissionService $permissionService, CardMapper $cardMapper, IUserManager $userManager, ILogger $logger, $userId) {
$this->commentsManager = $commentsManager;
$this->permissionService = $permissionService;
$this->cardMapper = $cardMapper;
$this->userManager = $userManager;
$this->logger = $logger;
$this->userId = $userId;
@@ -65,6 +69,7 @@ class CommentService {
if (!is_numeric($cardId)) {
throw new BadRequestException('A valid card id must be provided');
}
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
$comments = $this->commentsManager->getForObject(Application::COMMENT_ENTITY_TYPE, $cardId, $limit, $offset);
$result = [];
foreach ($comments as $comment) {
@@ -92,6 +97,7 @@ class CommentService {
if (!is_numeric($cardId)) {
throw new BadRequestException('A valid card id must be provided');
}
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
try {
$comment = $this->commentsManager->create('users', $this->userId, Application::COMMENT_ENTITY_TYPE, $cardId);
$comment->setMessage($message);
@@ -116,8 +122,10 @@ class CommentService {
if (!is_numeric($commentId)) {
throw new BadRequestException('A valid comment id must be provided');
}
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
try {
$comment = $this->commentsManager->get($commentId);
} catch (CommentNotFoundException $e) {
throw new NotFoundException('No comment found.');
}
@@ -136,6 +144,16 @@ class CommentService {
if (!is_numeric($commentId)) {
throw new BadRequestException('A valid comment id must be provided');
}
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
try {
$comment = $this->commentsManager->get($commentId);
} catch (CommentNotFoundException $e) {
throw new NotFoundException('No comment found.');
}
if ($comment->getActorType() !== 'users' || $comment->getActorId() !== $this->userId) {
throw new NoPermissionException('Only authors are allowed to edit their comment.');
}
$this->commentsManager->delete($commentId);
return new DataResponse([]);
}