public function createComment($request, $db)
{
$comment = array();
$comment['event_id'] = $this->getItemId($request);
if (empty($comment['event_id'])) {
throw new Exception("POST expects a comment representation sent to a specific event URL", 400);
}
// no anonymous comments over the API
if (!isset($request->user_id) || empty($request->user_id)) {
throw new Exception('You must log in to comment');
}
$user_mapper = new UserMapper($db, $request);
$users = $user_mapper->getUserById($request->user_id);
$thisUser = $users['users'][0];
$rating = $request->getParameter('rating', false);
if (false === $rating) {
throw new Exception('The field "rating" is required', 400);
} elseif (false === is_numeric($rating) || $rating > 5) {
throw new Exception('The field "rating" must be a number (1-5)', 400);
}
$commentText = $request->getParameter('comment');
if (empty($commentText)) {
throw new Exception('The field "comment" is required', 400);
}
// Get the API key reference to save against the comment
$oauth_model = $request->getOauthModel($db);
$consumer_name = $oauth_model->getConsumerName($request->getAccessToken());
$comment['user_id'] = $request->user_id;
$comment['comment'] = $commentText;
$comment['rating'] = $rating;
$comment['cname'] = $thisUser['full_name'];
$comment['source'] = $consumer_name;
// run it by akismet if we have it
if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) {
$spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']);
$isValid = $spamCheckService->isCommentAcceptable($comment, $request->getClientIP(), $request->getClientUserAgent());
if (!$isValid) {
throw new Exception("Comment failed spam check", 400);
}
}
$event_mapper = new EventMapper($db, $request);
$comment_mapper = new EventCommentMapper($db, $request);
// should rating be allowed?
if ($comment_mapper->hasUserRatedThisEvent($comment['user_id'], $comment['event_id'])) {
$comment['rating'] = 0;
}
if ($event_mapper->isUserAHostOn($comment['user_id'], $comment['event_id'])) {
// event hosts cannot rate their own event
$comment['rating'] = 0;
}
try {
$new_id = $comment_mapper->save($comment);
} catch (Exception $e) {
// just throw this again but with a 400 status code
throw new Exception($e->getMessage(), 400);
}
// Update the cache count for the number of event comments on this event
$event_mapper->cacheCommentCount($comment['event_id']);
$uri = $request->base . '/' . $request->version . '/event_comments/' . $new_id;
header("Location: " . $uri, null, 201);
exit;
}
