You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

90 lines
3.5 KiB

<?php
namespace App\Http\Controllers;
use App\Models\Task;
use App\Models\Comment;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
class CommentController extends Controller
{
public function index($business, $project, $task)
{
permit('projectAccess', ['project_id' => $project]);
$taskModel = Task::where([['project_id', $project ], ['id', $task]])->firstOrFail();
if (can('isDefiniteGuestInProject', ['project_id' => $project])){ // is guest in project (only guest)
return $taskModel->assignee_id == \auth()->id() ?
Comment::where([
['business_id', $business],
['project_id', $project],
['task_id', $task],
])->get():
abort(Response::HTTP_FORBIDDEN); // not allowed
} else {
return Comment::where([
['business_id', $business],
['project_id', $project],
['task_id', $task],
])->get();
}
}
public function store($business, $project, $task, Request $request)
{
permit('projectAccess', ['project_id' => $project]);
$taskModel = Task::where([['project_id', $project ], ['id', $task]])->firstOrFail();
if (can('isDefiniteGuestInProject', ['project_id' => $project])){ // is guest in project (only guest)
return $taskModel->assignee_id == \auth()->id() ?
Comment::create($request->merge([
'business_id' => $business,
'project_id' => $project,
'task_id' => $task,
'user_id' => \auth()->id(),
])->except('_business_info')) :
abort(Response::HTTP_FORBIDDEN); // not allowed
} else {
return Comment::create($request->merge([
'business_id' => $business,
'project_id' => $project,
'task_id' => $task,
'user_id' => \auth()->id(),
])->except('_business_info'));
}
}
public function show($business, $project, $task, $comment)
{
permit('projectAccess', ['project_id' => $project]);
$taskModel = Task::where([['project_id', $project ], ['id', $task]])->firstOrFail();
if (can('isDefiniteGuestInProject', ['project_id' => $project])){ // is guest in project (only guest)
return $taskModel->assignee_id == \auth()->id() ?
Comment::findOrFail($comment) :
abort(Response::HTTP_FORBIDDEN); // not allowed
} else {
return Comment::findOrFail($comment);
}
}
public function update($business, $project, $task, $comment, Request $request)
{
permit('projectAccess', ['project_id' => $project]);
$comment = Comment::findOrFail($comment);
if ($comment->user_id == \auth()->id()) {
$comment->update($request->except('_business_info'));
return $comment;
}
return abort(Response::HTTP_FORBIDDEN); // not allowed
}
public function destroy($business, $project, $task, $comment)
{
permit('projectAccess', ['project_id' => $project]);
$comment = Comment::findOrFail($comment);
if ($comment->user_id == \auth()->id()) {
$comment->delete();
return \response()->json(['message' => 'comment deleted successfully.'], Response::HTTP_OK);
}
return abort(Response::HTTP_FORBIDDEN); // not allowed
}
}