diff --git a/app/Http/Controllers/SiteController.php b/app/Http/Controllers/SiteController.php index 78e7ac9..885166a 100644 --- a/app/Http/Controllers/SiteController.php +++ b/app/Http/Controllers/SiteController.php @@ -23,7 +23,7 @@ class SiteController extends Controller { } // Posts - public function getPosts(Request $request) { // /api/rpc/site/post/getposts + public function getPosts(Request $request) { // /api/rpc/site/post/get/all $check = $this->objAuth->checkLegit($request->username, $request->password); // Load group colours. @@ -138,7 +138,7 @@ class SiteController extends Controller { return $res; } - public function getUserPosts($id) { // /api/rpc/site/post/getuserposts/id + public function getUserPosts($id) { // /api/rpc/site/post/get/user/id $get = DB::table('blg_content') ->select('id', 'title', 'slug', 'post_date', 'publish_date', 'public_status', 'message') ->where('public_status', 0) @@ -169,7 +169,7 @@ class SiteController extends Controller { return $res; } - public function getPostSlug($id) { // /api/rpc/site/post/getpostslug/id + public function getPostSlug($id) { // /api/rpc/site/post/get/id/id $get = DB::table('blg_content') ->select('slug') ->where('public_status', 0) @@ -188,7 +188,7 @@ class SiteController extends Controller { return $res; } - public function getPost($slug, Request $request) { // /api/rpc/site/post/getpost/slug + public function getPost($slug, Request $request) { // /api/rpc/site/post/get/slug/slug $check = $this->objAuth->checkLegit($request->username, $request->password); $valid = $this->objAuth->getPermissions($request->username, $request->password); @@ -391,7 +391,7 @@ class SiteController extends Controller { } // Comments - public function getComments($id) { // /api/rpc/site/post/getcomments/id + public function getComments($id) { // /api/rpc/site/comment/get/all/id // Load group colours. $ucol = $this->objUser->getGroupColours(); @@ -476,7 +476,7 @@ class SiteController extends Controller { return $res; } - public function getComment($id) { // /api/rpc/site/post/getcomment/id + public function getComment($id) { // /api/rpc/site/comment/get/one/id // Load group colours. $ucol = $this->objUser->getGroupColours(); @@ -486,7 +486,7 @@ class SiteController extends Controller { ->join('usr_details', 'usr_details.user_id', '=', 'blg_comments.user_id') ->join('usr_profile', 'usr_profile.user_id', '=', 'blg_comments.user_id') ->join('usr_perm_id', 'usr_perm_id.user_id', '=', 'blg_comments.user_id') - ->where('blg_comments.id', $id) + ->where('blg_comments.content_id', $id) ->orderBy('post_date', 'asc') ->get(array( 'blg_comments.user_id', @@ -549,7 +549,7 @@ class SiteController extends Controller { 'isDeleted' => $i->isDeleted, 'message' => $i->message, 'ip_address' => $i->ip_address, - 'avatar' => $i->avatar, + 'avatar' => ($i->avatar ? $i->avatar : 'assets/avatars/haznoavaz.png'), 'showcol' => $showCol, 'showname' => $showName ]); @@ -559,71 +559,153 @@ class SiteController extends Controller { } public function newComment(Request $request) { // /api/rpc/site/comment/new - $add = DB::table('blg_comments') - ->insert([ - 'user_id' => $request->user_id, - 'content_id' => $request->content_id, - 'votes' => 0, - 'post_date' => time(), - 'last_date' => 0, - 'isDeleted' => 0, - 'message' => $request->message, - 'ip_address' => $request->ip_address - ]); + $check = $this->objAuth->checkLegit($request->username, $request->password); - return \Response::json($add); + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); + } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['blg_addcomment'] == 1) { + $add = DB::table('blg_comments') + ->insert([ + 'user_id' => $check, + 'content_id' => $request->content_id, + 'votes' => 0, + 'post_date' => time(), + 'last_date' => 0, + 'isDeleted' => 0, + 'message' => $request->message, + 'ip_address' => $request->ip_address + ]); + + return \Response::json($add); + } + else { + return \Response::json(array('error' => '不許可。')); + } + } } public function editComment(Request $request) { // /api/rpc/site/comment/edit - return DB::table('blg_comments') - ->where('id', $request->id) - ->update([ - 'last_date' => time(), - 'message' => $request->message - ]); + $check = $this->objAuth->checkLegit($request->username, $request->password); + + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); + } + else { + $owner = DB::table('blg_comments')->select('user_id')->where('id', $request->id)->where('user_id', $request->user)->get()->toArray(); + $valid = $this->objAuth->getPermissions($request->username, $request->password); + + if ($valid['blg_editcomment'] == 1) { + return DB::table('blg_comments') + ->where('id', $request->id) + ->update([ + 'last_date' => time(), + 'message' => $request->message + ]); + } + else if ($valid['blg_delcomment'] == 1 && $owner[0]->user_id == $check) { + return DB::table('blg_comments') + ->where('id', $request->id) + ->update([ + 'last_date' => time(), + 'message' => $request->message + ]); + } + else { + return \Response::json(array('error' => '不許可。')); + } + } } public function removeComment(Request $request) { // /api/rpc/site/comment/remove - $get = DB::table('blg_comments') - ->select('isDeleted') - ->where('id', $request->id) - ->get(); + $check = $this->objAuth->checkLegit($request->username, $request->password); - $mod = 0; - - foreach ($get as $i) { - if ($i->isDeleted == 1) $mod = 0; - else $mod = 1; + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); } + else { + $owner = DB::table('blg_comments')->select('user_id')->where('id', $request->id)->where('user_id', $request->user)->get()->toArray(); + $valid = $this->objAuth->getPermissions($request->username, $request->password); - return DB::table('blg_comments') - ->where('id', $request->id) - ->update([ - 'isDeleted' => $mod - ]); + if ($valid['blg_delcomment'] == 1) { + $get = DB::table('blg_comments') + ->select('isDeleted') + ->where('id', $request->id) + ->get(); + + $mod = 0; + + foreach ($get as $i) { + if ($i->isDeleted == 1) $mod = 0; + else $mod = 1; + } + + return DB::table('blg_comments') + ->where('id', $request->id) + ->update([ + 'isDeleted' => $mod + ]); + } + else if ($valid['blg_delowncomment'] == 1 && $owner[0]->user_id == $check) { + $get = DB::table('blg_comments') + ->select('isDeleted') + ->where('id', $request->id) + ->get(); + + foreach ($get as $i) { + if ($i->isDeleted == 1) return "不許可"; + } + + return DB::table('blg_comments') + ->where('id', $request->id) + ->update([ + 'isDeleted' => 1 + ]); + } + else { + return \Response::json(array('error' => '不許可。')); + } + } } public function voteComment(Request $request) { // /api/rpc/site/comment/vote - $get = DB::table('blg_comments') - ->select('votes') - ->where('id', $request->id) - ->get(); + $check = $this->objAuth->checkLegit($request->username, $request->password); - $mod = 0; - - foreach ($get as $i) { - $mod = $i->votes; + if ($check == 0) { + return \Response::json(array('error' => 'ログインされませんでした。')); } + else { + $valid = $this->objAuth->getPermissions($request->username, $request->password); - return DB::table('blg_comments') - ->where('id', $request->id) - ->update([ - 'votes' => $request->votemod - ]); + if ($valid['blg_addcomment'] == 1) { + $get = DB::table('blg_comments') + ->select('votes') + ->where('id', $request->id) + ->get(); + + $mod = 0; + + foreach ($get as $i) { + $mod = $i->votes; + } + + return DB::table('blg_comments') + ->where('id', $request->id) + ->update([ + 'votes' => $request->votemod + ]); + } + else { + return \Response::json(array('error' => '不許可。')); + } + } } // Pages - public function getPagesInMenu() { // /api/rpc/site/page/getpagesinmenu + public function getPagesInMenu() { // /api/rpc/site/page/get/menu $get = DB::table('blg_content') ->select('title', 'slug') ->where('public_status', 0) @@ -647,7 +729,7 @@ class SiteController extends Controller { return $res; } - public function getPages() { // /api/rpc/site/page/getpages + public function getPages() { // /api/rpc/site/page/all $get = DB::table('blg_content') ->select('id', 'title', 'slug', 'public_status', 'isMenu', 'message') ->where('public_status', 0) @@ -674,7 +756,7 @@ class SiteController extends Controller { return $res; } - public function getPageSlug($id) { // /api/rpc/site/page/getpageslug/id + public function getPageSlug($id) { // /api/rpc/site/page/get/id/id $get = DB::table('blg_content') ->select('slug') ->where('public_status', 0) @@ -693,7 +775,7 @@ class SiteController extends Controller { return $res; } - public function getPage($slug, Request $request) { // /api/rpc/site/page/getpage/slug + public function getPage($slug, Request $request) { // /api/rpc/site/page/get/slug/slug $valid = $this->objAuth->getPermissions($request->username, $request->password); $res = array(); diff --git a/routes/class/site.php b/routes/class/site.php index 8181037..582a0e3 100644 --- a/routes/class/site.php +++ b/routes/class/site.php @@ -10,27 +10,27 @@ */ // Posts -Route::get('/api/rpc/site/post/getposts', 'SiteController@getPosts'); -Route::get('/api/rpc/site/post/getuserposts/{id}', 'SiteController@getUserPosts'); -Route::get('/api/rpc/site/post/getpostslug/{id}', 'SiteController@getPostSlug'); -Route::get('/api/rpc/site/post/getpost/{slug}', 'SiteController@getPost'); +Route::get('/api/rpc/site/post/get/all', 'SiteController@getPosts'); +Route::get('/api/rpc/site/post/get/user/{id}', 'SiteController@getUserPosts'); +Route::get('/api/rpc/site/post/get/id/{id}', 'SiteController@getPostSlug'); +Route::get('/api/rpc/site/post/get/slug/{slug}', 'SiteController@getPost'); Route::post('/api/rpc/site/post/new', 'SiteController@newPost'); Route::post('/api/rpc/site/post/edit', 'SiteController@editPost'); Route::post('/api/rpc/site/post/delete', 'SiteController@deletePost'); // Comments -Route::get('/api/rpc/site/comment/getcomments/{id}', 'SiteController@getComments'); -Route::get('/api/rpc/site/comment/getcomment/{id}', 'SiteController@getComment'); +Route::get('/api/rpc/site/comment/get/all/{id}', 'SiteController@getComments'); +Route::get('/api/rpc/site/comment/get/one/{id}', 'SiteController@getComment'); Route::post('/api/rpc/site/comment/new', 'SiteController@newComment'); Route::post('/api/rpc/site/comment/edit', 'SiteController@editComment'); Route::post('/api/rpc/site/comment/remove', 'SiteController@removeComment'); Route::post('/api/rpc/site/comment/vote', 'SiteController@voteComment'); // Pages -Route::get('/api/rpc/site/page/getpagesinmenu', 'SiteController@getPagesInMenu'); -Route::get('/api/rpc/site/page/getpages', 'SiteController@getPages'); -Route::get('/api/rpc/site/page/getpageslug/{id}', 'SiteController@getPageSlug'); -Route::get('/api/rpc/site/page/getpage/{slug}', 'SiteController@getPage'); +Route::get('/api/rpc/site/page/get/menu', 'SiteController@getPagesInMenu'); +Route::get('/api/rpc/site/page/get/all', 'SiteController@getPages'); +Route::get('/api/rpc/site/page/get/id/{id}', 'SiteController@getPageSlug'); +Route::get('/api/rpc/site/page/get/slug/{slug}', 'SiteController@getPage'); Route::post('/api/rpc/site/page/new', 'SiteController@newPage'); Route::post('/api/rpc/site/page/edit', 'SiteController@editPage'); Route::post('/api/rpc/site/page/delete', 'SiteController@deletePage');