feat: Access to code comment from api (OD-2212)

server-core/src/main/java/io/onedev/server/rest/resource/CodeCommentResource.java

@@ -0,0 +1,50 @@
+package io.onedev.server.rest.resource;
+
+import io.onedev.server.entitymanager.CodeCommentManager;
+import io.onedev.server.model.CodeComment;
+import io.onedev.server.rest.annotation.Api;
+import io.onedev.server.security.SecurityUtils;
+import org.apache.shiro.authz.UnauthorizedException;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import javax.ws.rs.*;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+@Api(order=4700)
+@Path("/code-comments")
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+@Singleton
+public class CodeCommentResource {
+
+	private final CodeCommentManager commentManager;
+
+	@Inject
+	public CodeCommentResource(CodeCommentManager commentManager) {
+		this.commentManager = commentManager;
+	}
+
+	@Api(order=100)
+	@Path("/{commentId}")
+	@GET
+	public CodeComment get(@PathParam("commentId") Long commentId) {
+		var comment = commentManager.load(commentId);
+    	if (!SecurityUtils.canReadCode(comment.getProject()))  
+			throw new UnauthorizedException();
+    	return comment;
+	}
+
+	@Api(order=200)
+	@Path("/{commentId}")
+	@DELETE
+	public Response delete(@PathParam("commentId") Long commentId) {
+		var comment = commentManager.load(commentId);
+    	if (!SecurityUtils.canModifyOrDelete(comment)) 
+			throw new UnauthorizedException();
+		commentManager.delete(comment);
+		return Response.ok().build();
+	}
+
+}