From 01663e6cd773014010ca850da3697700f59a7018 Mon Sep 17 00:00:00 2001
From: Robin Shen <robin@onedev.io>
Date: Tue, 10 Dec 2024 08:57:23 +0800
Subject: [PATCH] feat: Access to code comment from api (OD-2212)

---
 .../rest/resource/CodeCommentResource.java    | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 server-core/src/main/java/io/onedev/server/rest/resource/CodeCommentResource.java

diff --git a/server-core/src/main/java/io/onedev/server/rest/resource/CodeCommentResource.java b/server-core/src/main/java/io/onedev/server/rest/resource/CodeCommentResource.java
new file mode 100644
index 0000000000..49043fc1db
--- /dev/null
+++ b/server-core/src/main/java/io/onedev/server/rest/resource/CodeCommentResource.java
@@ -0,0 +1,50 @@
+package io.onedev.server.rest.resource;
+
+import io.onedev.server.entitymanager.CodeCommentManager;
+import io.onedev.server.model.CodeComment;
+import io.onedev.server.rest.annotation.Api;
+import io.onedev.server.security.SecurityUtils;
+import org.apache.shiro.authz.UnauthorizedException;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import javax.ws.rs.*;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+@Api(order=4700)
+@Path("/code-comments")
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+@Singleton
+public class CodeCommentResource {
+
+	private final CodeCommentManager commentManager;
+
+	@Inject
+	public CodeCommentResource(CodeCommentManager commentManager) {
+		this.commentManager = commentManager;
+	}
+
+	@Api(order=100)
+	@Path("/{commentId}")
+	@GET
+	public CodeComment get(@PathParam("commentId") Long commentId) {
+		var comment = commentManager.load(commentId);
+    	if (!SecurityUtils.canReadCode(comment.getProject()))  
+			throw new UnauthorizedException();
+    	return comment;
+	}
+	
+	@Api(order=200)
+	@Path("/{commentId}")
+	@DELETE
+	public Response delete(@PathParam("commentId") Long commentId) {
+		var comment = commentManager.load(commentId);
+    	if (!SecurityUtils.canModifyOrDelete(comment)) 
+			throw new UnauthorizedException();
+		commentManager.delete(comment);
+		return Response.ok().build();
+	}
+	
+}