提交评论时，判断文章是否存在。删除时判断是否有权限删除。

controllers/CommentController.go

@@ -4,8 +4,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/astaxie/beego"
-
 	"github.com/mindoc-org/mindoc/conf"
 	"github.com/mindoc-org/mindoc/models"
 	"github.com/mindoc-org/mindoc/utils/pagination"
@@ -19,10 +17,8 @@ func (c *CommentController) Lists() {
 	docid, _ := c.GetInt("docid", 0)
 	pageIndex, _ := c.GetInt("page", 1)
 
-	beego.Info("CommentController.Lists", docid, pageIndex)
-
 	// 获取评论、分页
-	comments, count, pageIndex := models.NewComment().QueryCommentByDocumentId(docid, pageIndex, conf.PageSize, c.Member.MemberId)
+	comments, count, pageIndex := models.NewComment().QueryCommentByDocumentId(docid, pageIndex, conf.PageSize, c.Member)
 	page := pagination.PageUtil(int(count), pageIndex, conf.PageSize, comments)
 
 	var data struct {
@@ -40,6 +36,11 @@ func (c *CommentController) Create() {
 	content := c.GetString("content")
 	id, _ := c.GetInt("doc_id")
 
+	_, err := models.NewDocument().Find(id)
+	if err != nil {
+		c.JsonResult(1, "文章不存在")
+	}
+
 	m := models.NewComment()
 	m.DocumentId = id
 	if len(c.Member.RealName) != 0 {
@@ -52,7 +53,6 @@ func (c *CommentController) Create() {
 	m.IPAddress = strings.Split(m.IPAddress, ":")[0]
 	m.CommentDate = time.Now()
 	m.Content = content
-	beego.Info(m)
 	m.Insert()
 
 	var data struct {
@@ -71,14 +71,27 @@ func (c *CommentController) Index() {
 func (c *CommentController) Delete() {
 	if c.Ctx.Input.IsPost() {
 		id, _ := c.GetInt("id", 0)
-		beego.Info("delete id=", id)
-		m := models.NewComment()
-		m.CommentId = id
-		err := m.Delete()
+		m, err := models.NewComment().Find(id)
 		if err != nil {
-			c.JsonResult(1, "删除错误")
+			c.JsonResult(1, "评论不存在")
+		}
+
+		doc, err := models.NewDocument().Find(m.DocumentId)
+		if err != nil {
+			c.JsonResult(1, "文章不存在")
+		}
+
+		// 判断是否有权限删除
+		bookRole, _ := models.NewRelationship().FindForRoleId(doc.BookId, c.Member.MemberId)
+		if m.CanDelete(c.Member.MemberId, bookRole) {
+			err := m.Delete()
+			if err != nil {
+				c.JsonResult(1, "删除错误")
+			} else {
+				c.JsonResult(0, "ok")
+			}
 		} else {
-			c.JsonResult(0, "ok")
+			c.JsonResult(1, "没有权限删除")
 		}
 	}
 }

controllers/DocumentController.go

@@ -70,7 +70,7 @@ func (c *DocumentController) Index() {
 			c.Data["DocumentId"] = doc.DocumentId
 
 			// 获取评论、分页
-			comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member.MemberId)
+			comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member)
 			page := pagination.PageUtil(int(count), 1, conf.PageSize, comments)
 			c.Data["Page"] = page
 		}
@@ -155,7 +155,7 @@ func (c *DocumentController) Read() {
 	c.Data["ViewCount"] = doc.ViewCount + 1
 
 	// 获取评论、分页
-	comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member.MemberId)
+	comments, count, _ := models.NewComment().QueryCommentByDocumentId(doc.DocumentId, 1, conf.PageSize, c.Member)
 	page := pagination.PageUtil(int(count), 1, conf.PageSize, comments)
 	c.Data["Page"] = page
 

models/CommentModel.go

@@ -55,18 +55,18 @@ func NewComment() *Comment {
 	return &Comment{}
 }
 
-func (m *Comment) Find(id int) (*Comment, error) {
-	if id <= 0 {
-		return m, ErrInvalidParameter
-	}
-	o := orm.NewOrm()
-	err := o.Read(m)
-
-	return m, err
+// 是否有权限删除
+func (m *Comment) CanDelete(user_memberid int, user_bookrole conf.BookRole) bool {
+	return user_memberid == m.MemberId || user_bookrole == conf.BookFounder || user_bookrole == conf.BookAdmin
 }
 
 // 根据文档id查询文档评论
-func (m *Comment) QueryCommentByDocumentId(doc_id, page, pagesize, userid int) (comments []Comment, count int64, ret_page int) {
+func (m *Comment) QueryCommentByDocumentId(doc_id, page, pagesize int, member *Member) (comments []Comment, count int64, ret_page int) {
+	doc, err := NewDocument().Find(doc_id)
+	if err != nil {
+		return
+	}
+
 	o := orm.NewOrm()
 	count, _ = o.QueryTable(m.TableNameWithPrefix()).Filter("document_id", doc_id).Count()
 	if -1 == page {     // 请求最后一页
@@ -80,9 +80,11 @@ func (m *Comment) QueryCommentByDocumentId(doc_id, page, pagesize, userid int) (
 	offset := (page - 1) * pagesize
 	ret_page = page
 	o.QueryTable(m.TableNameWithPrefix()).Filter("document_id", doc_id).OrderBy("comment_date").Offset(offset).Limit(pagesize).All(&comments)
+
+	bookRole, _ := NewRelationship().FindForRoleId(doc.BookId, member.MemberId)
 	for i := 0; i < len(comments); i++ {
 		comments[i].Index = (i + 1) + (page - 1) * pagesize
-		if userid == comments[i].MemberId {
+		if comments[i].CanDelete(member.MemberId, bookRole) {
 			comments[i].ShowDel = 1
 		}
 	}
@@ -168,4 +170,12 @@ func (m *Comment) Delete() error {
 	o := orm.NewOrm()
 	_, err := o.Delete(m)
 	return err
+}
+
+func (m *Comment) Find(id int, cols ...string) (*Comment, error) {
+	o := orm.NewOrm()
+	if err := o.QueryTable(m.TableNameWithPrefix()).Filter("comment_id", id).One(m, cols...); err != nil {
+		return m, err
+	}
+	return m, nil
 }

static/js/kancloud.js

@@ -46,22 +46,6 @@ function format($d) {
     return $d < 10 ? "0" + $d : "" + $d;
 }
 
-function showError($msg, $id) {
-    if (!$id) {
-        $id = "#form-error-message"
-    }
-    $($id).addClass("text-danger").removeClass("text-success").text($msg);
-    return false;
-}
-
-function showSuccess($msg, $id) {
-    if (!$id) {
-        $id = "#form-error-message"
-    }
-    $($id).addClass("text-success").removeClass("text-danger").text($msg);
-    return true;
-}
-
 function timeFormat($time) {
     var span = Date.parse($time)
     var date = new Date(span)
@@ -391,17 +375,17 @@ $(function () {
         },
         success : function (res) {
             if(res.errcode === 0){
-                showSuccess("保存成功")
+                layer.msg("保存成功");
             }else{
-                showError("保存失败")
+                layer.msg("保存失败");
             }
             $("#btnSubmitComment").button("reset");
             $("#commentContent").val("");
             pageClicked(-1, res.data.doc_id); // -1 表示请求最后一页
         },
         error : function () {
-            showError("服务错误");
-            $("#btnSaveBookInfo").button("reset");
+            layer.msg("服务错误");
+            $("#btnSubmitComment").button("reset");
         }
     });
 });

views/document/default_read.tpl

@@ -205,7 +205,6 @@
                                     <input type="hidden" name="doc_id" id="doc_id" value="{{.DocumentId}}">
                                 </label>
                                 <div class="pull-right">
-                                    <span id="form-error-message" class="error-message"></span>
                                     <button class="btn btn-success btn-sm" type="submit" id="btnSubmitComment" data-loading-text="提交中...">提交评论</button>
                                 </div>
                             </form>