From 16ac9fae15b80a510734d89a88125027d52d51a8 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Sat, 21 Mar 2020 11:49:52 +0100 Subject: [PATCH] Can check the right to access a comment --- src/controllers/CommentsController.ts | 11 +++++++ src/controllers/Routes.ts | 2 ++ src/entities/RequestHandler.ts | 21 +++++++++++++ src/helpers/CommentsHelper.ts | 44 +++++++++++++++++++++++++++ 4 files changed, 78 insertions(+) diff --git a/src/controllers/CommentsController.ts b/src/controllers/CommentsController.ts index 7cd6890..cbf465c 100644 --- a/src/controllers/CommentsController.ts +++ b/src/controllers/CommentsController.ts @@ -50,6 +50,17 @@ export class CommentsController { h.send({success: true, commentID: commentID}); } + /** + * Get information about a single comment + * + * @param h Request handler + */ + public static async GetSingle(h: RequestHandler) { + const commentID = h.postCommentIDWithAccess("commentID"); + + console.log("Comment ID: " + commentID); + } + /** * Get the content of a comment included in a POST field * diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts index d53288e..ced674e 100644 --- a/src/controllers/Routes.ts +++ b/src/controllers/Routes.ts @@ -207,6 +207,8 @@ export const Routes : Route[] = [ // Comments controller {path: "/comments/create", cb: (h) => CommentsController.Create(h)}, + {path: "/comments/get_single", cb: (h) => CommentsController.GetSingle(h)}, + // Notifications controller {path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)}, diff --git a/src/entities/RequestHandler.ts b/src/entities/RequestHandler.ts index 97b03d8..e9d3af2 100644 --- a/src/entities/RequestHandler.ts +++ b/src/entities/RequestHandler.ts @@ -14,6 +14,7 @@ import { FriendsHelper } from "../helpers/FriendsHelper"; import { PostsHelper } from "../helpers/PostsHelper"; import { PostAccessLevel } from "./Post"; import { writeFileSync } from "fs"; +import { CommentsHelper } from "../helpers/CommentsHelper"; /** * Response to a request @@ -323,6 +324,26 @@ export class RequestHandler { return postID; } + /** + * Get the ID of a comment that the user is allowed to access + * + * @param name The name of the comment field + */ + public async postCommentIDWithAccess(name: string) : Promise { + const commentID = this.postInt(name); + + if(!await CommentsHelper.Exists(commentID)) + this.error(404, "Specified comment not found!"); + + const postID = await CommentsHelper.GetAssociatedPost(commentID); + const post = await PostsHelper.GetSingle(postID); + + if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS) + this.error(401, "You are not allowed to acess this post information!"); + + return commentID; + } + /** * Get a virtual directory included in a POST request * diff --git a/src/helpers/CommentsHelper.ts b/src/helpers/CommentsHelper.ts index 6145a26..488007a 100644 --- a/src/helpers/CommentsHelper.ts +++ b/src/helpers/CommentsHelper.ts @@ -47,6 +47,50 @@ export class CommentsHelper { return results.map(this.DbToComment); } + /** + * Check out whether a comment exists or not + * + * @param commentID Target comment ID + */ + public static async Exists(commentID: number) : Promise { + return await DatabaseHelper.Count({ + table: COMMENTS_TABLE, + where: { + ID: commentID + } + }) > 0; + } + + /** + * Get information about a single comment + * + * @param commentID Target comment ID + */ + public static async GetSingle(commentID: number) : Promise { + const row = await DatabaseHelper.QueryRow({ + table: COMMENTS_TABLE, + where: { + ID: commentID + } + }); + + if(row == null) + throw new Error("Comment " + commentID + " not found!"); + + return this.DbToComment(row); + } + + /** + * Get the ID of the post associated to a comment + * + * @param commentID Target comment ID + */ + public static async GetAssociatedPost(commentID: number) : Promise { + const comment = await this.GetSingle(commentID); + + return comment.postID; + } + /** * Permanently delete a comment *