Can check the right to access a comment

2025-10-31 09:34:44 +00:00 · 2020-03-21 11:49:52 +01:00
parent aa0c9f4f6a
commit 16ac9fae15
4 changed files with 78 additions and 0 deletions
--- a/src/controllers/CommentsController.ts
+++ b/src/controllers/CommentsController.ts
@@ -50,6 +50,17 @@ export class CommentsController {
 		h.send({success: true, commentID: commentID});
 	}

+	/**
+	 * Get information about a single comment
+	 * 
+	 * @param h Request handler
+	 */
+	public static async GetSingle(h: RequestHandler) {
+		const commentID = h.postCommentIDWithAccess("commentID");
+
+		console.log("Comment ID: " + commentID);
+	}
+
 	/**
 	 * Get the content of a comment included in a POST field
 	 * 
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@@ -207,6 +207,8 @@ export const Routes : Route[] = [
 	// Comments controller
 	{path: "/comments/create", cb: (h) => CommentsController.Create(h)},

+	{path: "/comments/get_single", cb: (h) => CommentsController.GetSingle(h)},
+

 	// Notifications controller
 	{path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)},
--- a/src/entities/RequestHandler.ts
+++ b/src/entities/RequestHandler.ts
@@ -14,6 +14,7 @@ import { FriendsHelper } from "../helpers/FriendsHelper";
 import { PostsHelper } from "../helpers/PostsHelper";
 import { PostAccessLevel } from "./Post";
 import { writeFileSync } from "fs";
+import { CommentsHelper } from "../helpers/CommentsHelper";

 /**
 * Response to a request
@@ -323,6 +324,26 @@ export class RequestHandler {
 		return postID;
 	}

+	/**
+	 * Get the ID of a comment that the user is allowed to access
+	 * 
+	 * @param name The name of the comment field
+	 */
+	public async postCommentIDWithAccess(name: string) : Promise<number> {
+		const commentID = this.postInt(name);
+
+		if(!await CommentsHelper.Exists(commentID))
+			this.error(404, "Specified comment not found!");
+		
+		const postID = await CommentsHelper.GetAssociatedPost(commentID);
+		const post = await PostsHelper.GetSingle(postID);
+
+		if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS)
+			this.error(401, "You are not allowed to acess this post information!");
+		
+		return commentID;
+	}
+
 	/**
 	 * Get a virtual directory included in a POST request
 	 * 
--- a/src/helpers/CommentsHelper.ts
+++ b/src/helpers/CommentsHelper.ts
@@ -47,6 +47,50 @@ export class CommentsHelper {
 		return results.map(this.DbToComment);
 	}

+	/**
+	 * Check out whether a comment exists or not
+	 * 
+	 * @param commentID Target comment ID
+	 */
+	public static async Exists(commentID: number) : Promise<boolean> {
+		return await DatabaseHelper.Count({
+			table: COMMENTS_TABLE,
+			where: {
+				ID: commentID
+			}
+		}) > 0;
+	}
+
+	/**
+	 * Get information about a single comment
+	 * 
+	 * @param commentID Target comment ID
+	 */
+	public static async GetSingle(commentID: number) : Promise<Comment> {
+		const row = await DatabaseHelper.QueryRow({
+			table: COMMENTS_TABLE,
+			where: {
+				ID: commentID
+			}
+		});
+
+		if(row == null)
+			throw new Error("Comment " + commentID + " not found!");
+		
+		return this.DbToComment(row);
+	}
+
+	/**
+	 * Get the ID of the post associated to a comment
+	 * 
+	 * @param commentID Target comment ID
+	 */
+	public static async GetAssociatedPost(commentID: number) : Promise<number> {
+		const comment = await this.GetSingle(commentID);
+
+		return comment.postID;
+	}
+
 	/**
 	 * Permanently delete a comment
 	 *