提交评论时,判断文章是否存在。删除时判断是否有权限删除。

pull/678/head
wangbin05 2021-04-04 16:44:14 +08:00
parent 3d12583eba
commit 27dea7b8bd
5 changed files with 51 additions and 45 deletions

View File

@ -4,8 +4,6 @@ import (
"strings"
"time"
"github.com/astaxie/beego"
"github.com/mindoc-org/mindoc/conf"
"github.com/mindoc-org/mindoc/models"
"github.com/mindoc-org/mindoc/utils/pagination"
@ -19,10 +17,8 @@ func (c *CommentController) Lists() {
docid, _ := c.GetInt("docid", 0)
pageIndex, _ := c.GetInt("page", 1)
beego.Info("CommentController.Lists", docid, pageIndex)
// 获取评论、分页
comments, count, pageIndex := models.NewComment().QueryCommentByDocumentId(docid, pageIndex, conf.PageSize, c.Member.MemberId)
comments, count, pageIndex := models.NewComment().QueryCommentByDocumentId(docid, pageIndex, conf.PageSize, c.Member)
page := pagination.PageUtil(int(count), pageIndex, conf.PageSize, comments)
var data struct {
@ -40,6 +36,11 @@ func (c *CommentController) Create() {
content := c.GetString("content")
id, _ := c.GetInt("doc_id")
_, err := models.NewDocument().Find(id)
if err != nil {
c.JsonResult(1, "文章不存在")
}
m := models.NewComment()
m.DocumentId = id
if len(c.Member.RealName) != 0 {
@ -52,7 +53,6 @@ func (c *CommentController) Create() {
m.IPAddress = strings.Split(m.IPAddress, ":")[0]
m.CommentDate = time.Now()
m.Content = content
beego.Info(m)
m.Insert()
var data struct {
@ -71,14 +71,27 @@ func (c *CommentController) Index() {
func (c *CommentController) Delete() {
if c.Ctx.Input.IsPost() {
id, _ := c.GetInt("id", 0)
beego.Info("delete id=", id)
m := models.NewComment()
m.CommentId = id
err := m.Delete()
m, err := models.NewComment().Find(id)
if err != nil {
c.JsonResult(1, "删除错误")
c.JsonResult(1, "评论不存在")
}
doc, err := models.NewDocument().Find(m.DocumentId)
if err != nil {
c.JsonResult(1, "文章不存在")
}
// 判断是否有权限删除
bookRole, _ := models.NewRelationship().FindForRoleId(doc.BookId, c.Member.MemberId)
if m.CanDelete(c.Member.MemberId, bookRole) {
err := m.Delete()
if err != nil {
c.JsonResult(1, "删除错误")
} else {
c.JsonResult(0, "ok")
}
} else {
c.JsonResult(0, "ok")
c.JsonResult(1, "没有权限删除")
}
}
}

View File

@ -70,7 +70,7 @@ func (c *DocumentController) Index() {
c.Data["DocumentId"] = doc.DocumentId
// 获取评论、分页
comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member.MemberId)
comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member)
page := pagination.PageUtil(int(count), 1, conf.PageSize, comments)
c.Data["Page"] = page
}
@ -155,7 +155,7 @@ func (c *DocumentController) Read() {
c.Data["ViewCount"] = doc.ViewCount + 1
// 获取评论、分页
comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member.MemberId)
comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member)
page := pagination.PageUtil(int(count), 1, conf.PageSize, comments)
c.Data["Page"] = page

View File

@ -55,18 +55,18 @@ func NewComment() *Comment {
return &Comment{}
}
func (m *Comment) Find(id int) (*Comment, error) {
if id <= 0 {
return m, ErrInvalidParameter
}
o := orm.NewOrm()
err := o.Read(m)
return m, err
// 是否有权限删除
func (m *Comment) CanDelete(user_memberid int, user_bookrole conf.BookRole) bool {
return user_memberid == m.MemberId || user_bookrole == conf.BookFounder || user_bookrole == conf.BookAdmin
}
// 根据文档id查询文档评论
func (m *Comment) QueryCommentByDocumentId(doc_id, page, pagesize, userid int) (comments []Comment, count int64, ret_page int) {
func (m *Comment) QueryCommentByDocumentId(doc_id, page, pagesize int, member *Member) (comments []Comment, count int64, ret_page int) {
doc, err := NewDocument().Find(doc_id)
if err != nil {
return
}
o := orm.NewOrm()
count, _ = o.QueryTable(m.TableNameWithPrefix()).Filter("document_id", doc_id).Count()
if -1 == page { // 请求最后一页
@ -80,9 +80,11 @@ func (m *Comment) QueryCommentByDocumentId(doc_id, page, pagesize, userid int) (
offset := (page - 1) * pagesize
ret_page = page
o.QueryTable(m.TableNameWithPrefix()).Filter("document_id", doc_id).OrderBy("comment_date").Offset(offset).Limit(pagesize).All(&comments)
bookRole, _ := NewRelationship().FindForRoleId(doc.BookId, member.MemberId)
for i := 0; i < len(comments); i++ {
comments[i].Index = (i + 1) + (page - 1) * pagesize
if userid == comments[i].MemberId {
if comments[i].CanDelete(member.MemberId, bookRole) {
comments[i].ShowDel = 1
}
}
@ -168,4 +170,12 @@ func (m *Comment) Delete() error {
o := orm.NewOrm()
_, err := o.Delete(m)
return err
}
func (m *Comment) Find(id int, cols ...string) (*Comment, error) {
o := orm.NewOrm()
if err := o.QueryTable(m.TableNameWithPrefix()).Filter("comment_id", id).One(m, cols...); err != nil {
return m, err
}
return m, nil
}

View File

@ -46,22 +46,6 @@ function format($d) {
return $d < 10 ? "0" + $d : "" + $d;
}
function showError($msg, $id) {
if (!$id) {
$id = "#form-error-message"
}
$($id).addClass("text-danger").removeClass("text-success").text($msg);
return false;
}
function showSuccess($msg, $id) {
if (!$id) {
$id = "#form-error-message"
}
$($id).addClass("text-success").removeClass("text-danger").text($msg);
return true;
}
function timeFormat($time) {
var span = Date.parse($time)
var date = new Date(span)
@ -391,17 +375,17 @@ $(function () {
},
success : function (res) {
if(res.errcode === 0){
showSuccess("保存成功")
layer.msg("保存成功");
}else{
showError("保存失败")
layer.msg("保存失败");
}
$("#btnSubmitComment").button("reset");
$("#commentContent").val("");
pageClicked(-1, res.data.doc_id); // -1 表示请求最后一页
},
error : function () {
showError("服务错误");
$("#btnSaveBookInfo").button("reset");
layer.msg("服务错误");
$("#btnSubmitComment").button("reset");
}
});
});

View File

@ -205,7 +205,6 @@
<input type="hidden" name="doc_id" id="doc_id" value="{{.DocumentId}}">
</label>
<div class="pull-right">
<span id="form-error-message" class="error-message"></span>
<button class="btn btn-success btn-sm" type="submit" id="btnSubmitComment" data-loading-text="提交中...">提交评论</button>
</div>
</form>