public function put($request) { /** * Updates the note. * * Only the text and view state of the note can be altered. * * @param $request - The request we're responding to */ $this->note_id = Bugnote::get_mantis_id_from_url($request->url); if (!bugnote_exists($this->note_id)) { throw new HTTPException(404, "No such bug note: {$this->note_id}"); } # Check if the current user is allowed to edit the bugnote # (This comes from Mantis's bugnote_update.php) $user_id = auth_get_current_user_id(); $reporter_id = bugnote_get_field($this->note_id, 'reporter_id'); $bug_id = bugnote_get_field($this->note_id, 'bug_id'); if ($user_id != $reporter_id || OFF == config_get('bugnote_allow_user_edit_delete')) { if (!access_has_bugnote_level(config_get('update_bugnote_threshold'), $this->note_id)) { throw new HTTPException(403, "Access denied"); } } if (bug_is_readonly($bug_id)) { throw new HTTPException(500, "Can't edit a note on a read-only bug"); } $this->populate_from_repr($request->body); bugnote_set_view_state($this->note_id, !!$this->_get_rsrc_attr('private')); bugnote_set_text($this->note_id, $this->_get_mantis_attr('note')); $resp = new Response(); $resp->status = 204; return $resp; }