mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-11-22 13:29:22 +00:00
Can check the right to access a comment
This commit is contained in:
parent
aa0c9f4f6a
commit
16ac9fae15
@ -50,6 +50,17 @@ export class CommentsController {
|
|||||||
h.send({success: true, commentID: commentID});
|
h.send({success: true, commentID: commentID});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get information about a single comment
|
||||||
|
*
|
||||||
|
* @param h Request handler
|
||||||
|
*/
|
||||||
|
public static async GetSingle(h: RequestHandler) {
|
||||||
|
const commentID = h.postCommentIDWithAccess("commentID");
|
||||||
|
|
||||||
|
console.log("Comment ID: " + commentID);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the content of a comment included in a POST field
|
* Get the content of a comment included in a POST field
|
||||||
*
|
*
|
||||||
|
@ -207,6 +207,8 @@ export const Routes : Route[] = [
|
|||||||
// Comments controller
|
// Comments controller
|
||||||
{path: "/comments/create", cb: (h) => CommentsController.Create(h)},
|
{path: "/comments/create", cb: (h) => CommentsController.Create(h)},
|
||||||
|
|
||||||
|
{path: "/comments/get_single", cb: (h) => CommentsController.GetSingle(h)},
|
||||||
|
|
||||||
|
|
||||||
// Notifications controller
|
// Notifications controller
|
||||||
{path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)},
|
{path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)},
|
||||||
|
@ -14,6 +14,7 @@ import { FriendsHelper } from "../helpers/FriendsHelper";
|
|||||||
import { PostsHelper } from "../helpers/PostsHelper";
|
import { PostsHelper } from "../helpers/PostsHelper";
|
||||||
import { PostAccessLevel } from "./Post";
|
import { PostAccessLevel } from "./Post";
|
||||||
import { writeFileSync } from "fs";
|
import { writeFileSync } from "fs";
|
||||||
|
import { CommentsHelper } from "../helpers/CommentsHelper";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Response to a request
|
* Response to a request
|
||||||
@ -323,6 +324,26 @@ export class RequestHandler {
|
|||||||
return postID;
|
return postID;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the ID of a comment that the user is allowed to access
|
||||||
|
*
|
||||||
|
* @param name The name of the comment field
|
||||||
|
*/
|
||||||
|
public async postCommentIDWithAccess(name: string) : Promise<number> {
|
||||||
|
const commentID = this.postInt(name);
|
||||||
|
|
||||||
|
if(!await CommentsHelper.Exists(commentID))
|
||||||
|
this.error(404, "Specified comment not found!");
|
||||||
|
|
||||||
|
const postID = await CommentsHelper.GetAssociatedPost(commentID);
|
||||||
|
const post = await PostsHelper.GetSingle(postID);
|
||||||
|
|
||||||
|
if(await PostsHelper.GetAccessLevel(this.getUserId(), post) == PostAccessLevel.NO_ACCESS)
|
||||||
|
this.error(401, "You are not allowed to acess this post information!");
|
||||||
|
|
||||||
|
return commentID;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a virtual directory included in a POST request
|
* Get a virtual directory included in a POST request
|
||||||
*
|
*
|
||||||
|
@ -47,6 +47,50 @@ export class CommentsHelper {
|
|||||||
return results.map(this.DbToComment);
|
return results.map(this.DbToComment);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check out whether a comment exists or not
|
||||||
|
*
|
||||||
|
* @param commentID Target comment ID
|
||||||
|
*/
|
||||||
|
public static async Exists(commentID: number) : Promise<boolean> {
|
||||||
|
return await DatabaseHelper.Count({
|
||||||
|
table: COMMENTS_TABLE,
|
||||||
|
where: {
|
||||||
|
ID: commentID
|
||||||
|
}
|
||||||
|
}) > 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get information about a single comment
|
||||||
|
*
|
||||||
|
* @param commentID Target comment ID
|
||||||
|
*/
|
||||||
|
public static async GetSingle(commentID: number) : Promise<Comment> {
|
||||||
|
const row = await DatabaseHelper.QueryRow({
|
||||||
|
table: COMMENTS_TABLE,
|
||||||
|
where: {
|
||||||
|
ID: commentID
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
if(row == null)
|
||||||
|
throw new Error("Comment " + commentID + " not found!");
|
||||||
|
|
||||||
|
return this.DbToComment(row);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the ID of the post associated to a comment
|
||||||
|
*
|
||||||
|
* @param commentID Target comment ID
|
||||||
|
*/
|
||||||
|
public static async GetAssociatedPost(commentID: number) : Promise<number> {
|
||||||
|
const comment = await this.GetSingle(commentID);
|
||||||
|
|
||||||
|
return comment.postID;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Permanently delete a comment
|
* Permanently delete a comment
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user