From 51796dd6afbaaa2248481f11823ccf6592058592 Mon Sep 17 00:00:00 2001
From: Nafies Luthfi <nafiesl@gmail.com>
Date: Sun, 5 Aug 2018 12:12:44 +0800
Subject: [PATCH] Apply commenting policy to comment actions

---
 app/Http/Controllers/Projects/CommentsController.php        | 8 ++++++--
 resources/views/projects/comments.blade.php                 | 6 ++++++
 resources/views/projects/partials/comment-section.blade.php | 6 +++++-
 resources/views/projects/partials/nav-tabs.blade.php        | 2 ++
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Projects/CommentsController.php b/app/Http/Controllers/Projects/CommentsController.php
index 7fac242..dfe8a6c 100644
--- a/app/Http/Controllers/Projects/CommentsController.php
+++ b/app/Http/Controllers/Projects/CommentsController.php
@@ -17,8 +17,10 @@ class CommentsController extends Controller
      */
     public function index(Project $project)
     {
+        $this->authorize('view-comments', $project);
+
         $editableComment = null;
-        $comments = $project->comments()->latest()->paginate();
+        $comments = $project->comments()->with('creator')->latest()->paginate();
 
         if (request('action') == 'comment-edit' && request('comment_id') != null) {
             $editableComment = Comment::find(request('comment_id'));
@@ -36,7 +38,7 @@ class CommentsController extends Controller
      */
     public function store(Request $request, Project $project)
     {
-        $this->authorize('view', $project);
+        $this->authorize('comment-on', $project);
 
         $newComment = $request->validate([
             'body' => 'required|string|max:255',
@@ -62,6 +64,8 @@ class CommentsController extends Controller
      */
     public function update(Request $request, Project $project, Comment $comment)
     {
+        $this->authorize('update', $comment);
+
         $commentData = $request->validate([
             'body' => 'required|string|max:255',
         ]);
diff --git a/resources/views/projects/comments.blade.php b/resources/views/projects/comments.blade.php
index d2ebabe..991bead 100755
--- a/resources/views/projects/comments.blade.php
+++ b/resources/views/projects/comments.blade.php
@@ -36,6 +36,12 @@
 @endif
 @endsection
 
+@section('ext_css')
+<style>
+    ul.pagination { margin-top: 0px }
+</style>
+@endsection
+
 @section('script')
 <script>
 (function () {
diff --git a/resources/views/projects/partials/comment-section.blade.php b/resources/views/projects/partials/comment-section.blade.php
index a054336..0cfdad7 100644
--- a/resources/views/projects/partials/comment-section.blade.php
+++ b/resources/views/projects/partials/comment-section.blade.php
@@ -1,3 +1,4 @@
+@can('comment-on', $project)
 {{ Form::open(['route' => ['projects.comments.store', $project]]) }}
 <div class="row">
     <div class="col-md-9">{!! FormField::textarea('body', ['required' => true, 'label' => false, 'placeholder' => __('comment.create_text')]) !!}</div>
@@ -6,13 +7,16 @@
     </div>
 </div>
 {{ Form::close() }}
+@endcan
 @foreach($comments as $comment)
 <div class="alert alert-warning">
     <legend style="font-size: 14px;margin-bottom: 10px;">
         <span class="label label-default pull-right">{{ $comment->created_at }}</span>
         <strong>{{ $comment->creator->name }}</strong>
     </legend>
-    {{ link_to_route('projects.comments.index', __('app.edit'), [$project, 'action' => 'comment-edit', 'comment_id' => $comment->id], ['id' => 'edit-comment-'.$comment->id, 'class' => 'small pull-right', 'title' => __('comment.edit')]) }}
+    @can('update', $comment)
+        {{ link_to_route('projects.comments.index', __('app.edit'), [$project, 'action' => 'comment-edit', 'comment_id' => $comment->id], ['id' => 'edit-comment-'.$comment->id, 'class' => 'small pull-right', 'title' => __('comment.edit')]) }}
+    @endcan
     {!! nl2br($comment->body) !!}
 </div>
 @endforeach
diff --git a/resources/views/projects/partials/nav-tabs.blade.php b/resources/views/projects/partials/nav-tabs.blade.php
index ffe6549..ca809c1 100644
--- a/resources/views/projects/partials/nav-tabs.blade.php
+++ b/resources/views/projects/partials/nav-tabs.blade.php
@@ -8,9 +8,11 @@
         {!! link_to_route('projects.jobs.index', __('project.jobs').' ('.$project->jobs->count().')', $project) !!}
     </li>
     @endcan
+    @can('view-comments', $project)
     <li class="{{ Request::segment(3) == 'comments' ? 'active' : '' }}">
         {!! link_to_route('projects.comments.index', __('comment.list').' ('.$project->comments->count().')', $project) !!}
     </li>
+    @endcan
     @can('view-payments', $project)
     <li class="{{ Request::segment(3) == 'payments' ? 'active' : '' }}">
         {!! link_to_route('projects.payments', __('project.payments').' ('.$project->payments->count().')', $project) !!}