mdaniels5757 /
waca
@@ -21,72 +21,72 @@ |
||
| 21 | 21 | |
| 22 | 22 | class PageEditComment extends InternalPageBase |
| 23 | 23 | { |
| 24 | - /** |
|
| 25 | - * Main function for this page, when no specific actions are called. |
|
| 26 | - * @throws ApplicationLogicException |
|
| 27 | - * @throws Exception |
|
| 28 | - */ |
|
| 29 | - protected function main() |
|
| 30 | - { |
|
| 31 | - $commentId = WebRequest::getInt('id'); |
|
| 32 | - if ($commentId === null) { |
|
| 33 | - throw new ApplicationLogicException('Comment ID not specified'); |
|
| 34 | - } |
|
| 35 | - |
|
| 36 | - $database = $this->getDatabase(); |
|
| 37 | - |
|
| 38 | - /** @var Comment $comment */ |
|
| 39 | - $comment = Comment::getById($commentId, $database); |
|
| 40 | - if ($comment === false) { |
|
| 41 | - throw new ApplicationLogicException('Comment not found'); |
|
| 42 | - } |
|
| 43 | - |
|
| 44 | - $currentUser = User::getCurrent($database); |
|
| 45 | - if ($comment->getUser() !== $currentUser->getId() && !$this->barrierTest('editOthers', $currentUser)) { |
|
| 46 | - throw new AccessDeniedException($this->getSecurityManager()); |
|
| 47 | - } |
|
| 48 | - |
|
| 49 | - /** @var Request $request */ |
|
| 50 | - $request = Request::getById($comment->getRequest(), $database); |
|
| 51 | - |
|
| 52 | - if ($request === false) { |
|
| 53 | - throw new ApplicationLogicException('Request was not found.'); |
|
| 54 | - } |
|
| 55 | - |
|
| 56 | - if (WebRequest::wasPosted()) { |
|
| 57 | - $this->validateCSRFToken(); |
|
| 58 | - $newComment = WebRequest::postString('newcomment'); |
|
| 59 | - |
|
| 60 | - if ($comment->getVisibility() !== 'requester') { |
|
| 61 | - $visibility = WebRequest::postString('visibility'); |
|
| 62 | - |
|
| 63 | - if ($visibility !== 'user' && $visibility !== 'admin') { |
|
| 64 | - throw new ApplicationLogicException('Comment visibility is not valid'); |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - $comment->setVisibility($visibility); |
|
| 68 | - } |
|
| 69 | - |
|
| 70 | - // optimistically lock from the load of the edit comment form |
|
| 71 | - $updateVersion = WebRequest::postInt('updateversion'); |
|
| 72 | - $comment->setUpdateVersion($updateVersion); |
|
| 73 | - |
|
| 74 | - $comment->setComment($newComment); |
|
| 75 | - |
|
| 76 | - $comment->save(); |
|
| 77 | - |
|
| 78 | - Logger::editComment($database, $comment, $request); |
|
| 79 | - $this->getNotificationHelper()->commentEdited($comment, $request); |
|
| 80 | - SessionAlert::success("Comment has been saved successfully"); |
|
| 81 | - |
|
| 82 | - $this->redirect('viewRequest', null, array('id' => $comment->getRequest())); |
|
| 83 | - } |
|
| 84 | - else { |
|
| 85 | - $this->assignCSRFToken(); |
|
| 86 | - $this->assign('comment', $comment); |
|
| 87 | - $this->assign('request', $request); |
|
| 88 | - $this->assign('user', User::getById($comment->getUser(), $database)); |
|
| 89 | - $this->setTemplate('edit-comment.tpl'); |
|
| 90 | - } |
|
| 91 | - } |
|
| 24 | + /** |
|
| 25 | + * Main function for this page, when no specific actions are called. |
|
| 26 | + * @throws ApplicationLogicException |
|
| 27 | + * @throws Exception |
|
| 28 | + */ |
|
| 29 | + protected function main() |
|
| 30 | + { |
|
| 31 | + $commentId = WebRequest::getInt('id'); |
|
| 32 | + if ($commentId === null) { |
|
| 33 | + throw new ApplicationLogicException('Comment ID not specified'); |
|
| 34 | + } |
|
| 35 | + |
|
| 36 | + $database = $this->getDatabase(); |
|
| 37 | + |
|
| 38 | + /** @var Comment $comment */ |
|
| 39 | + $comment = Comment::getById($commentId, $database); |
|
| 40 | + if ($comment === false) { |
|
| 41 | + throw new ApplicationLogicException('Comment not found'); |
|
| 42 | + } |
|
| 43 | + |
|
| 44 | + $currentUser = User::getCurrent($database); |
|
| 45 | + if ($comment->getUser() !== $currentUser->getId() && !$this->barrierTest('editOthers', $currentUser)) { |
|
| 46 | + throw new AccessDeniedException($this->getSecurityManager()); |
|
| 47 | + } |
|
| 48 | + |
|
| 49 | + /** @var Request $request */ |
|
| 50 | + $request = Request::getById($comment->getRequest(), $database); |
|
| 51 | + |
|
| 52 | + if ($request === false) { |
|
| 53 | + throw new ApplicationLogicException('Request was not found.'); |
|
| 54 | + } |
|
| 55 | + |
|
| 56 | + if (WebRequest::wasPosted()) { |
|
| 57 | + $this->validateCSRFToken(); |
|
| 58 | + $newComment = WebRequest::postString('newcomment'); |
|
| 59 | + |
|
| 60 | + if ($comment->getVisibility() !== 'requester') { |
|
| 61 | + $visibility = WebRequest::postString('visibility'); |
|
| 62 | + |
|
| 63 | + if ($visibility !== 'user' && $visibility !== 'admin') { |
|
| 64 | + throw new ApplicationLogicException('Comment visibility is not valid'); |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + $comment->setVisibility($visibility); |
|
| 68 | + } |
|
| 69 | + |
|
| 70 | + // optimistically lock from the load of the edit comment form |
|
| 71 | + $updateVersion = WebRequest::postInt('updateversion'); |
|
| 72 | + $comment->setUpdateVersion($updateVersion); |
|
| 73 | + |
|
| 74 | + $comment->setComment($newComment); |
|
| 75 | + |
|
| 76 | + $comment->save(); |
|
| 77 | + |
|
| 78 | + Logger::editComment($database, $comment, $request); |
|
| 79 | + $this->getNotificationHelper()->commentEdited($comment, $request); |
|
| 80 | + SessionAlert::success("Comment has been saved successfully"); |
|
| 81 | + |
|
| 82 | + $this->redirect('viewRequest', null, array('id' => $comment->getRequest())); |
|
| 83 | + } |
|
| 84 | + else { |
|
| 85 | + $this->assignCSRFToken(); |
|
| 86 | + $this->assign('comment', $comment); |
|
| 87 | + $this->assign('request', $request); |
|
| 88 | + $this->assign('user', User::getById($comment->getUser(), $database)); |
|
| 89 | + $this->setTemplate('edit-comment.tpl'); |
|
| 90 | + } |
|
| 91 | + } |
|
| 92 | 92 | } |
