You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

90 lines
3.5 KiB

  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Models\Comment;
  4. use App\Models\Task;
  5. use Illuminate\Http\Request;
  6. use Illuminate\Http\Response;
  7. class CommentController extends Controller
  8. {
  9. public function index($business, $project, $task)
  10. {
  11. permit('projectAccess', ['project_id' => $project]);
  12. $taskModel = Task::where([['project_id', $project ], ['id', $task]])->firstOrFail();
  13. if (can('isDefiniteGuestInProject', ['project_id' => $project])){ // is guest in project (only guest)
  14. return $taskModel->assignee_id == \auth()->id() ?
  15. Comment::where([
  16. ['business_id', $business],
  17. ['project_id', $project],
  18. ['task_id', $task],
  19. ])->get():
  20. abort(Response::HTTP_FORBIDDEN); // not allowed
  21. } else {
  22. return Comment::where([
  23. ['business_id', $business],
  24. ['project_id', $project],
  25. ['task_id', $task],
  26. ])->get();
  27. }
  28. }
  29. public function store($business, $project, $task, Request $request)
  30. {
  31. permit('projectAccess', ['project_id' => $project]);
  32. $taskModel = Task::where([['project_id', $project ], ['id', $task]])->firstOrFail();
  33. if (can('isDefiniteGuestInProject', ['project_id' => $project])){ // is guest in project (only guest)
  34. return $taskModel->assignee_id == \auth()->id() ?
  35. Comment::create($request->merge([
  36. 'business_id' => $business,
  37. 'project_id' => $project,
  38. 'task_id' => $task,
  39. 'user_id' => \auth()->id(),
  40. ])->except('_business_info')) :
  41. abort(Response::HTTP_FORBIDDEN); // not allowed
  42. } else {
  43. return Comment::create($request->merge([
  44. 'business_id' => $business,
  45. 'project_id' => $project,
  46. 'task_id' => $task,
  47. 'user_id' => \auth()->id(),
  48. ])->except('_business_info'));
  49. }
  50. }
  51. public function show($business, $project, $task, $comment)
  52. {
  53. permit('projectAccess', ['project_id' => $project]);
  54. $taskModel = Task::where([['project_id', $project ], ['id', $task]])->firstOrFail();
  55. if (can('isDefiniteGuestInProject', ['project_id' => $project])){ // is guest in project (only guest)
  56. return $taskModel->assignee_id == \auth()->id() ?
  57. Comment::findOrFail($comment) :
  58. abort(Response::HTTP_FORBIDDEN); // not allowed
  59. } else {
  60. return Comment::findOrFail($comment);
  61. }
  62. }
  63. public function update($business, $project, $task, $comment, Request $request)
  64. {
  65. permit('projectAccess', ['project_id' => $project]);
  66. $comment = Comment::findOrFail($comment);
  67. if ($comment->user_id == \auth()->id()) {
  68. $comment->update($request->except('_business_info'));
  69. return $comment;
  70. }
  71. return abort(Response::HTTP_FORBIDDEN); // not allowed
  72. }
  73. public function destroy($business, $project, $task, $comment)
  74. {
  75. permit('projectAccess', ['project_id' => $project]);
  76. $comment = Comment::findOrFail($comment);
  77. if ($comment->user_id == \auth()->id()) {
  78. $comment->delete();
  79. return \response()->json(['message' => 'comment deleted successfully.'], Response::HTTP_OK);
  80. }
  81. return abort(Response::HTTP_FORBIDDEN); // not allowed
  82. }
  83. }