1
0
mirror of https://gitlab.com/comunic/comunicapiv2 synced 2024-12-29 06:58:51 +00:00

Can check the right to access a comment

This commit is contained in:
Pierre HUBERT 2020-03-21 11:49:52 +01:00
parent aa0c9f4f6a
commit 16ac9fae15
4 changed files with 78 additions and 0 deletions

View File

@ -50,6 +50,17 @@ export class CommentsController {
h.send({success: true, commentID: commentID});
}
/**
* Get information about a single comment
*
* @param h Request handler
*/
public static async GetSingle(h: RequestHandler) {
const commentID = h.postCommentIDWithAccess("commentID");
console.log("Comment ID: " + commentID);
}
/**
* Get the content of a comment included in a POST field
*

View File

@ -207,6 +207,8 @@ export const Routes : Route[] = [
// Comments controller
{path: "/comments/create", cb: (h) => CommentsController.Create(h)},
{path: "/comments/get_single", cb: (h) => CommentsController.GetSingle(h)},
// Notifications controller
{path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)},

View File

@ -14,6 +14,7 @@ import { FriendsHelper } from "../helpers/FriendsHelper";
import { PostsHelper } from "../helpers/PostsHelper";
import { PostAccessLevel } from "./Post";
import { writeFileSync } from "fs";
import { CommentsHelper } from "../helpers/CommentsHelper";
/**
* Response to a request
@ -323,6 +324,26 @@ export class RequestHandler {
return postID;
}
/**
* Get the ID of a comment that the user is allowed to access
*
* @param name The name of the comment field
*/
public async postCommentIDWithAccess(name: string) : Promise<number> {
const commentID = this.postInt(name);
if(!await CommentsHelper.Exists(commentID))
this.error(404, "Specified comment not found!");
const postID = await CommentsHelper.GetAssociatedPost(commentID);
const post = await PostsHelper.GetSingle(postID);
if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS)
this.error(401, "You are not allowed to acess this post information!");
return commentID;
}
/**
* Get a virtual directory included in a POST request
*

View File

@ -47,6 +47,50 @@ export class CommentsHelper {
return results.map(this.DbToComment);
}
/**
* Check out whether a comment exists or not
*
* @param commentID Target comment ID
*/
public static async Exists(commentID: number) : Promise<boolean> {
return await DatabaseHelper.Count({
table: COMMENTS_TABLE,
where: {
ID: commentID
}
}) > 0;
}
/**
* Get information about a single comment
*
* @param commentID Target comment ID
*/
public static async GetSingle(commentID: number) : Promise<Comment> {
const row = await DatabaseHelper.QueryRow({
table: COMMENTS_TABLE,
where: {
ID: commentID
}
});
if(row == null)
throw new Error("Comment " + commentID + " not found!");
return this.DbToComment(row);
}
/**
* Get the ID of the post associated to a comment
*
* @param commentID Target comment ID
*/
public static async GetAssociatedPost(commentID: number) : Promise<number> {
const comment = await this.GetSingle(commentID);
return comment.postID;
}
/**
* Permanently delete a comment
*