@RequestMapping(
      value = "/{section}/{group}/{id}/comments",
      produces = "application/json; charset=UTF-8",
      method = RequestMethod.GET)
  @ResponseBody
  public Map<String, Object> getComments(
      @PathVariable("section") String sectionName,
      @PathVariable("group") String groupName,
      @PathVariable("id") int msgid,
      @RequestParam(value = "page", defaultValue = "0") int page,
      HttpServletRequest request)
      throws Exception {
    Topic topic = topicDao.getById(msgid);
    Group group = groupDao.getGroup(topic.getGroupId());
    Section section = sectionService.getSection(group.getSectionId());

    if (!section.getUrlName().equals(sectionName)
        || !group.getUrlName().equals(groupName)
        || page < 0) {
      throw new MessageNotFoundException(msgid);
    }

    permissionService.checkView(topic, AuthUtil.getCurrentUser());

    CommentList comments = commentService.getCommentList(topic, false);

    CommentFilter cv = new CommentFilter(comments);

    int messagesPerPage = AuthUtil.getProfile().getMessages();

    List<Comment> commentsFiltered =
        cv.getCommentsForPage(false, page, messagesPerPage, ImmutableSet.<Integer>of());

    List<PreparedComment> preparedComments =
        prepareService.prepareCommentList(
            comments, commentsFiltered, request.isSecure(), Template.getTemplate(request), topic);

    return ImmutableMap.of(
        "comments",
        preparedComments,
        "topic",
        new ApiCommentTopicInfo(
            topic.getId(),
            topic.getLink(),
            permissionService.isCommentsAllowed(topic, AuthUtil.getCurrentUser())));
  }
  @RequestMapping(value = "/addphoto.jsp", method = RequestMethod.POST)
  @PreAuthorize("hasRole('ROLE_ANONYMOUS')")
  public ModelAndView addPhoto(
      @RequestParam("file") MultipartFile file, HttpServletResponse response) throws Exception {

    if (file == null || file.isEmpty()) {
      return new ModelAndView("addphoto", "error", "изображение не задано");
    }

    try {
      File uploadedFile =
          File.createTempFile(
              "userpic", "", new File(siteConfig.getPathPrefix() + "/linux-storage/tmp/"));

      file.transferTo(uploadedFile);

      ImageParam param = userService.checkUserPic(uploadedFile);
      String extension = param.getExtension();

      Random random = new Random();

      String photoname;
      File photofile;

      do {
        photoname =
            Integer.toString(AuthUtil.getCurrentUser().getId())
                + ':'
                + random.nextInt()
                + '.'
                + extension;
        photofile = new File(siteConfig.getHTMLPathPrefix() + "/photos", photoname);
      } while (photofile.exists());

      if (!uploadedFile.renameTo(photofile)) {
        logger.warn("Can't move photo to " + photofile);
        throw new ScriptErrorException("Can't move photo: internal error");
      }

      userDao.setPhoto(AuthUtil.getCurrentUser(), photoname);

      logger.info("Установлена фотография пользователем " + AuthUtil.getCurrentUser().getNick());

      return new ModelAndView(
          new RedirectView(
              UriComponentsBuilder.fromUri(
                      PROFILE_NOCACHE_URI_TEMPLATE.expand(AuthUtil.getCurrentUser().getNick()))
                  .queryParam("nocache", Integer.toString(random.nextInt()) + '=')
                  .build()
                  .encode()
                  .toString()));
    } catch (IOException ex) {
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
      return new ModelAndView("addphoto", "error", ex.getMessage());
    } catch (BadImageException ex) {
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
      return new ModelAndView("addphoto", "error", ex.getMessage());
    } catch (UserErrorException ex) {
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
      return new ModelAndView("addphoto", "error", ex.getMessage());
    }
  }