def add_comment(request, project_id, issue_id):
form = CommentForm(**json.loads(request.body))
if not form.validate():
raise Http400
project = ProjectModel.get_by_id(long(project_id))
if project is None:
raise Http404
if request.user.permission != UserPermission.root and request.user.key().id() not in project.member_ids:
raise Http403
issue = IssueModel.get_by_id(long(issue_id))
if issue is None:
raise Http404
if issue.project.key() != project.key():
raise Http403
comment = CommentModel(
comment=bleach.clean(
form.comment.data,
tags=utils.get_bleach_allow_tags(),
attributes=utils.get_bleach_allow_attributes(),
styles=utils.get_bleach_allow_styles(),
),
author=request.user,
issue=issue,
)
comment.put()
return JsonResponse(comment)
def get_comments(request, project_id, issue_id):
project = ProjectModel.get_by_id(long(project_id))
if project is None:
raise Http404
if request.user.permission != UserPermission.root and request.user.key().id() not in project.member_ids:
raise Http403
issue = IssueModel.get_by_id(long(issue_id))
if issue is None:
raise Http404
if issue.project.key() != project.key():
raise Http403
comments = CommentModel.all().filter("issue =", issue.key()).order("create_time").fetch(1000)
return JsonResponse([x.dict() for x in comments])