json( [ 'message' => 'here are your comments of the poll', 'data' => $poll->getComments(), ], 200 ); } /** * add a comment on a poll * @Post( * path = "/poll/{id}/comment", * name = "new_comment", * requirements = {"content"="\w+", "poll_id"="\d+"} * ) */ public function newCommentAction( Poll $poll, Request $request ) { if ( ! $poll ) { return $this->json( [ 'message' => 'poll not found' ], 404 ); } $data = $request->getContent(); $serializer = SerializerBuilder::create()->build(); $comment = $serializer->deserialize( $data, 'App\Entity\Comment', 'json' ); $em = $this->getDoctrine()->getRepository( Owner::class ); $data = json_decode( $data, true ); $foundOwner = $em->findOneByEmail( $data[ 'email' ] ); // manage existing or new Owner if ( ! $foundOwner ) { $foundOwner = new Owner(); $foundOwner->setPseudo( $data[ 'owner' ][ 'email' ] ) ->setEmail( $data[ 'owner' ][ 'email' ] ) ->setModifierToken( uniqid( '', true ) ); } // anti flood $seconds_limit_lastpost = 5; $emComment = $this->getDoctrine()->getRepository( Comment::class ); $lastCommentOfOwner = $emComment->findBy( [ 'owner' => $foundOwner ], [ 'id' => 'desc' ] ); // TODO anti flood by session / IP if ( $lastCommentOfOwner ) { // check time of last comment $now = new DateTime(); $now = $now->format( 'Y-m-d H:i:s' ); $date_first = strtotime( $lastCommentOfOwner[ 0 ]->getCreatedAt()->format( 'Y-m-d H:i:s' ) ); $date_second = strtotime( $now ); if ( ( $date_second - $date_first ) < $seconds_limit_lastpost ) { return $this->json( [ 'message' => 'anti flood déclenché', 'details' => 'votre deriner commentaire a été envoyé il y a moins de ' . $seconds_limit_lastpost . ' secondes', ], 403 ); } // check similar text content if ( $lastCommentOfOwner[ 0 ]->getText() == $comment->getText() ) { return $this->json( [ 'message' => 'anti flood déclenché', 'details' => 'votre deriner commentaire a exactement le même contenu que celui ci, il n\'a donc pas été créé', ], 403 ); } } $comment->setOwner( $foundOwner ) ->setCreatedAt( new DateTime() ) ->setPoll( $poll ); $foundOwner->addComment( $comment ); $em = $this->getDoctrine()->getManager(); $em->persist( $foundOwner ); $em->persist( $comment ); $em->flush(); $this->mail_service->sendCommentNotification($comment); return $this->json( [ 'message' => 'you created a comment', 'data' => [ 'your_comment' => $comment->display(), ], ], 201 ); } /** * Erase all comments of a poll * @Delete( * path = "/poll/{id}/comments", * name = "poll_comments_delete", * requirements = {"accessToken"="\w+", "poll_id"="\d+"} * ) * * @param Poll $poll * @param $accessToken * * @return JsonResponse */ public function deletePollCommentsAction( Poll $poll, $accessToken ) { if ( $accessToken == $poll->getAdminKey() ) { $em = $this->getDoctrine()->getManager(); $length = count( $poll->getComments() ); $em->remove( $poll->getComments() ); $em->flush(); return $this->json( [ 'message' => 'boom! les ' . $length . ' commentaires du sondage ont été supprimés', ] ); } else { return $this->json( [ 'message' => 'le token d\'autorisation est invalide, vous ne pouvez pas modifier ce sondage', ] ); } } }