<?php

/**
 * @file
 * User page callbacks for the Comment module.
 */

use Drupal\Core\Entity\EntityInterface;
use Drupal\comment\Plugin\Core\Entity\Comment;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

/**
 * Form constructor for the comment reply form.
 *
 * There are several cases that have to be handled, including:
 *   - replies to comments
 *   - replies to nodes
 *   - attempts to reply to nodes that can no longer accept comments
 *   - respecting access permissions ('access comments', 'post comments', etc.)
 *
 * The node or comment that is being replied to must appear above the comment
 * form to provide the user context while authoring the comment.
 *
 * @param \Drupal\Core\Entity\EntityInterface $node
 *   Every comment belongs to a node. This is that node.
 * @param $pid
 *   (optional) Some comments are replies to other comments. In those cases,
 *   $pid is the parent comment's comment ID. Defaults to NULL.
 *
 * @return array
 *   An associative array containing:
 *   - An array for rendering the node or parent comment.
 *     - comment_node: If the comment is a reply to the node.
 *     - comment_parent: If the comment is a reply to another comment.
 *   - comment_form: The comment form as a renderable array.
 */
function comment_reply(EntityInterface $node, $pid = NULL) {
  // Set the breadcrumb trail.
  drupal_set_breadcrumb(array(l(t('Home'), NULL), l($node->label(), 'node/' . $node->nid)));
  $op = isset($_POST['op']) ? $_POST['op'] : '';
  $build = array();

  // The user is previewing a comment prior to submitting it.
  if ($op == t('Preview')) {
    if (user_access('post comments')) {
      $build['comment_form'] = comment_add($node, $pid);
    }
    else {
      drupal_set_message(t('You are not authorized to post comments.'), 'error');
      drupal_goto("node/$node->nid");
    }
  }
  else {
    // $pid indicates that this is a reply to a comment.
    if ($pid) {
      if (user_access('access comments')) {
        // Load the parent comment.
        $comment = comment_load($pid);
        if ($comment->status->value == COMMENT_PUBLISHED) {
          // If that comment exists, make sure that the current comment and the
          // parent comment both belong to the same parent node.
          if ($comment->nid->target_id != $node->nid) {
            // Attempting to reply to a comment not belonging to the current nid.
            drupal_set_message(t('The comment you are replying to does not exist.'), 'error');
            drupal_goto("node/$node->nid");
          }
          // Display the parent comment
          $build['comment_parent'] = comment_view($comment);
        }
        else {
          drupal_set_message(t('The comment you are replying to does not exist.'), 'error');
          drupal_goto("node/$node->nid");
        }
      }
      else {
        drupal_set_message(t('You are not authorized to view comments.'), 'error');
        drupal_goto("node/$node->nid");
      }
    }
    // This is the case where the comment is in response to a node. Display the node.
    elseif (user_access('access content')) {
      $build['comment_node'] = node_view($node);
    }

    // Should we show the reply box?
    if ($node->comment != COMMENT_NODE_OPEN) {
      drupal_set_message(t("This discussion is closed: you can't post new comments."), 'error');
      drupal_goto("node/$node->nid");
    }
    elseif (user_access('post comments')) {
      $build['comment_form'] = comment_add($node, $pid);
    }
    else {
      drupal_set_message(t('You are not authorized to post comments.'), 'error');
      drupal_goto("node/$node->nid");
    }
  }

  return $build;
}

/**
 * Page callback: Publishes the specified comment.
 *
 * @param \Drupal\comment\Plugin\Core\Entity\Comment $comment
 *   A comment entity.
 *
 * @see comment_menu()
 */
function comment_approve(Comment $comment) {
  // @todo CSRF tokens are validated in page callbacks rather than access
  //   callbacks, because access callbacks are also invoked during menu link
  //   generation. Add token support to routing: http://drupal.org/node/755584.
  $token = drupal_container()->get('request')->query->get('token');
  if (!isset($token) || !drupal_valid_token($token, 'comment/' . $comment->id() . '/approve')) {
    throw new AccessDeniedHttpException();
  }

  $comment->status->value = COMMENT_PUBLISHED;
  $comment->save();

  drupal_set_message(t('Comment approved.'));
  drupal_goto('node/' . $comment->nid->target_id);
}