mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-12-29 06:58:51 +00:00
Can check the right to access a comment
This commit is contained in:
parent
aa0c9f4f6a
commit
16ac9fae15
@ -50,6 +50,17 @@ export class CommentsController {
|
||||
h.send({success: true, commentID: commentID});
|
||||
}
|
||||
|
||||
/**
|
||||
* Get information about a single comment
|
||||
*
|
||||
* @param h Request handler
|
||||
*/
|
||||
public static async GetSingle(h: RequestHandler) {
|
||||
const commentID = h.postCommentIDWithAccess("commentID");
|
||||
|
||||
console.log("Comment ID: " + commentID);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the content of a comment included in a POST field
|
||||
*
|
||||
|
@ -207,6 +207,8 @@ export const Routes : Route[] = [
|
||||
// Comments controller
|
||||
{path: "/comments/create", cb: (h) => CommentsController.Create(h)},
|
||||
|
||||
{path: "/comments/get_single", cb: (h) => CommentsController.GetSingle(h)},
|
||||
|
||||
|
||||
// Notifications controller
|
||||
{path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)},
|
||||
|
@ -14,6 +14,7 @@ import { FriendsHelper } from "../helpers/FriendsHelper";
|
||||
import { PostsHelper } from "../helpers/PostsHelper";
|
||||
import { PostAccessLevel } from "./Post";
|
||||
import { writeFileSync } from "fs";
|
||||
import { CommentsHelper } from "../helpers/CommentsHelper";
|
||||
|
||||
/**
|
||||
* Response to a request
|
||||
@ -323,6 +324,26 @@ export class RequestHandler {
|
||||
return postID;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the ID of a comment that the user is allowed to access
|
||||
*
|
||||
* @param name The name of the comment field
|
||||
*/
|
||||
public async postCommentIDWithAccess(name: string) : Promise<number> {
|
||||
const commentID = this.postInt(name);
|
||||
|
||||
if(!await CommentsHelper.Exists(commentID))
|
||||
this.error(404, "Specified comment not found!");
|
||||
|
||||
const postID = await CommentsHelper.GetAssociatedPost(commentID);
|
||||
const post = await PostsHelper.GetSingle(postID);
|
||||
|
||||
if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS)
|
||||
this.error(401, "You are not allowed to acess this post information!");
|
||||
|
||||
return commentID;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a virtual directory included in a POST request
|
||||
*
|
||||
|
@ -47,6 +47,50 @@ export class CommentsHelper {
|
||||
return results.map(this.DbToComment);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check out whether a comment exists or not
|
||||
*
|
||||
* @param commentID Target comment ID
|
||||
*/
|
||||
public static async Exists(commentID: number) : Promise<boolean> {
|
||||
return await DatabaseHelper.Count({
|
||||
table: COMMENTS_TABLE,
|
||||
where: {
|
||||
ID: commentID
|
||||
}
|
||||
}) > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get information about a single comment
|
||||
*
|
||||
* @param commentID Target comment ID
|
||||
*/
|
||||
public static async GetSingle(commentID: number) : Promise<Comment> {
|
||||
const row = await DatabaseHelper.QueryRow({
|
||||
table: COMMENTS_TABLE,
|
||||
where: {
|
||||
ID: commentID
|
||||
}
|
||||
});
|
||||
|
||||
if(row == null)
|
||||
throw new Error("Comment " + commentID + " not found!");
|
||||
|
||||
return this.DbToComment(row);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the ID of the post associated to a comment
|
||||
*
|
||||
* @param commentID Target comment ID
|
||||
*/
|
||||
public static async GetAssociatedPost(commentID: number) : Promise<number> {
|
||||
const comment = await this.GetSingle(commentID);
|
||||
|
||||
return comment.postID;
|
||||
}
|
||||
|
||||
/**
|
||||
* Permanently delete a comment
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user