Skip to content

S
solo
Commit 4a28d673 authored by Liang Ding's avatar Liang Ding
Browse files
Options

Fix #341

parent 329ff577
Hide whitespace changes
Inline Side-by-side
Showing with 93 additions and 26 deletions
core/src/main/java/org/b3log/solo/processor/console/CommentConsole.java
View file @ 4a28d673
......@@ -43,7 +43,7 @@ import org.json.JSONObject;
* Comment console request processing.
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @version 1.0.0.0, Oct 28, 2011
* @version 1.0.0.1, Feb 28, 2014
* @since 0.4.0
*/
@RequestProcessor
......@@ -80,7 +80,7 @@ public class CommentConsole {
/**
* Removes a comment of an article by the specified request.
*
*
* <p>
* Renders the response with a json object, for example,
* <pre>
......@@ -108,28 +108,35 @@ public class CommentConsole {
context.setRenderer(renderer);
final JSONObject jsonObject = new JSONObject();
final JSONObject ret = new JSONObject();
renderer.setJSONObject(jsonObject);
renderer.setJSONObject(ret);
try {
final String commentId = request.getRequestURI().substring((Latkes.getContextPath() + "/console/page/comment/").length());
if (!commentQueryService.canAccessComment(commentId, request)) {
ret.put(Keys.STATUS_CODE, false);
ret.put(Keys.MSG, langPropsService.get("forbiddenLabel"));
return;
}
commentMgmtService.removePageComment(commentId);
jsonObject.put(Keys.STATUS_CODE, true);
jsonObject.put(Keys.MSG, langPropsService.get("removeSuccLabel"));
ret.put(Keys.STATUS_CODE, true);
ret.put(Keys.MSG, langPropsService.get("removeSuccLabel"));
} catch (final Exception e) {
LOGGER.log(Level.ERROR, e.getMessage(), e);
jsonObject.put(Keys.STATUS_CODE, false);
jsonObject.put(Keys.MSG, langPropsService.get("removeFailLabel"));
ret.put(Keys.STATUS_CODE, false);
ret.put(Keys.MSG, langPropsService.get("removeFailLabel"));
}
}
/**
* Removes a comment of an article by the specified request.
*
*
* <p>
* Renders the response with a json object, for example,
* <pre>
......@@ -157,34 +164,41 @@ public class CommentConsole {
context.setRenderer(renderer);
final JSONObject jsonObject = new JSONObject();
final JSONObject ret = new JSONObject();
renderer.setJSONObject(jsonObject);
renderer.setJSONObject(ret);
try {
final String commentId = request.getRequestURI().substring((Latkes.getContextPath() + "/console/article/comment/").length());
if (!commentQueryService.canAccessComment(commentId, request)) {
ret.put(Keys.STATUS_CODE, false);
ret.put(Keys.MSG, langPropsService.get("forbiddenLabel"));
return;
}
commentMgmtService.removeArticleComment(commentId);
jsonObject.put(Keys.STATUS_CODE, true);
jsonObject.put(Keys.MSG, langPropsService.get("removeSuccLabel"));
ret.put(Keys.STATUS_CODE, true);
ret.put(Keys.MSG, langPropsService.get("removeSuccLabel"));
} catch (final Exception e) {
LOGGER.log(Level.ERROR, e.getMessage(), e);
jsonObject.put(Keys.STATUS_CODE, false);
jsonObject.put(Keys.MSG, langPropsService.get("removeFailLabel"));
ret.put(Keys.STATUS_CODE, false);
ret.put(Keys.MSG, langPropsService.get("removeFailLabel"));
}
}
/**
* Gets comments by the specified request.
*
*
* <p>
* The request URI contains the pagination arguments. For example, the
* The request URI contains the pagination arguments. For example, the
* request URI is /console/comments/1/10/20, means the current page is 1, the
* page size is 10, and the window size is 20.
* </p>
*
*
* <p>
* Renders the response with a json object, for example,
* <pre>
......@@ -212,7 +226,7 @@ public class CommentConsole {
* @param request the specified http servlet request
* @param response the specified http servlet response
* @param context the specified http request context
* @throws Exception exception
* @throws Exception exception
*/
@RequestProcessing(value = "/console/comments/*/*/*"/* Requests.PAGINATION_PATH_PATTERN */,
method = HTTPRequestMethod.GET)
......@@ -250,7 +264,7 @@ public class CommentConsole {
/**
* Gets comments of an article specified by the article id for administrator.
*
*
* <p>
* Renders the response with a json object, for example,
* <pre>
......@@ -312,7 +326,7 @@ public class CommentConsole {
/**
* Gets comments of a page specified by the article id for administrator.
*
*
* <p>
* Renders the response with a json object, for example,
* <pre>
......
core/src/main/java/org/b3log/solo/service/CommentQueryService.java
View file @ 4a28d673
......@@ -20,11 +20,13 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import org.b3log.latke.Keys;
import org.b3log.latke.logging.Level;
import org.b3log.latke.logging.Logger;
import org.b3log.latke.model.Pagination;
import org.b3log.latke.model.User;
import org.b3log.latke.repository.Query;
import org.b3log.latke.repository.SortDirection;
import org.b3log.latke.service.ServiceException;
......@@ -47,7 +49,7 @@ import org.json.JSONObject;
* Comment query service.
*
* @author <a href="http://88250.b3log.org">Liang Ding</a>
* @version 1.0.0.4, Dec 20, 2011
* @version 1.0.0.5, Feb 28, 2014
* @since 0.3.5
*/
@Service
......@@ -58,6 +60,12 @@ public class CommentQueryService {
*/
private static final Logger LOGGER = Logger.getLogger(CommentQueryService.class.getName());
/**
* User service.
*/
@Inject
private UserQueryService userQueryService;
/**
* Comment repository.
*/
......@@ -76,9 +84,52 @@ public class CommentQueryService {
@Inject
private PageRepository pageRepository;
/**
* Can the current user access a comment specified by the given comment id?
*
* @param commentId the given comment id
* @param request the specified request
* @return {@code true} if the current user can access the comment, {@code false} otherwise
* @throws Exception exception
*/
public boolean canAccessComment(final String commentId, final HttpServletRequest request) throws Exception {
if (Strings.isEmptyOrNull(commentId)) {
return false;
}
if (userQueryService.isAdminLoggedIn(request)) {
return true;
}
// Here, you are not admin
final JSONObject comment = commentRepository.get(commentId);
if (null == comment) {
return false;
}
final String onId = comment.optString(Comment.COMMENT_ON_ID);
final String onType = comment.optString(Comment.COMMENT_ON_TYPE);
if (Page.PAGE.equals(onType)) {
return false; // Only admin can access page comment
}
final JSONObject article = articleRepository.get(onId);
if (null == article) {
return false;
}
final String currentUserEmail = userQueryService.getCurrentUser(request).getString(User.USER_EMAIL);
return article.getString(Article.ARTICLE_AUTHOR_EMAIL).equals(currentUserEmail);
}
/**
* Gets comments with the specified request json object, request and response.
*
*
* @param requestJSONObject the specified request json object, for example,
* <pre>
* {
......@@ -87,6 +138,7 @@ public class CommentQueryService {
* "paginationWindowSize": 10
* }, see {@link Pagination} for more details
* </pre>
*
* @return for example,
* <pre>
* {
......@@ -104,6 +156,7 @@ public class CommentQueryService {
* "sc": "GET_COMMENTS_SUCC"
* }
* </pre>
*
* @throws ServiceException service exception
* @see Pagination
*/
......@@ -207,7 +260,7 @@ public class CommentQueryService {
/**
* Sets the article repository with the specified article repository.
*
*
* @param articleRepository the specified article repository
*/
public void setArticleRepository(final ArticleRepository articleRepository) {
......@@ -216,7 +269,7 @@ public class CommentQueryService {
/**
* Set the page repository with the specified page repository.
*
*
* @param pageRepository the specified page repository
*/
public void setPageRepository(final PageRepository pageRepository) {
......@@ -225,7 +278,7 @@ public class CommentQueryService {
/**
* Sets the comment repository with the specified comment repository.
*
*
* @param commentRepository the specified comment repository
*/
public void setCommentRepository(final CommentRepository commentRepository) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment