diff --git a/src/controllers/CommentsController.ts b/src/controllers/CommentsController.ts index 9b337b7..61bc048 100644 --- a/src/controllers/CommentsController.ts +++ b/src/controllers/CommentsController.ts @@ -62,6 +62,20 @@ export class CommentsController { h.send(await this.CommentToAPI(h, comment)) } + /** + * Edit (update) a comment content + * + * @param h Request handler + */ + public static async Edit(h: RequestHandler) { + const commentID = await this.GetPostCommentIDWithFullAccess(h, "commentID"); + const newContent = this.GetCommentContent(h, "content", true); + + await CommentsHelper.Edit(commentID, newContent); + + h.success() + } + /** * Get the content of a comment included in a POST field * @@ -78,6 +92,21 @@ export class CommentsController { return content; } + /** + * Get a comment ID on which current user has full access + * + * @param h Request handler + * @param name The name of the POST field containing the comment ID + */ + private static async GetPostCommentIDWithFullAccess(h: RequestHandler, name: string) : Promise { + const commentID = h.postInt(name); + + if(!await CommentsHelper.IsOwner(h.getUserId(), commentID)) + h.error(401, "You are not the owner of this comment!"); + + return commentID; + } + /** * Turn a list of comment object into API entries diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts index ced674e..175858e 100644 --- a/src/controllers/Routes.ts +++ b/src/controllers/Routes.ts @@ -209,6 +209,8 @@ export const Routes : Route[] = [ {path: "/comments/get_single", cb: (h) => CommentsController.GetSingle(h)}, + {path: "/comments/edit", cb: (h) => CommentsController.Edit(h)}, + // Notifications controller {path: "/notifications/count_unread", cb: (h) => NotificationsController.CountUnread(h)}, diff --git a/src/helpers/CommentsHelper.ts b/src/helpers/CommentsHelper.ts index 488007a..f22eafd 100644 --- a/src/helpers/CommentsHelper.ts +++ b/src/helpers/CommentsHelper.ts @@ -30,6 +30,24 @@ export class CommentsHelper { }); } + /** + * Edit the content of a comment + * + * @param commentID Target comment + * @param newContent New content + */ + public static async Edit(commentID: number, newContent: string) { + await DatabaseHelper.UpdateRows({ + table: COMMENTS_TABLE, + where: { + ID: commentID + }, + set: { + commentaire: newContent + } + }) + } + /** * Get the comments of a POST * @@ -61,6 +79,21 @@ export class CommentsHelper { }) > 0; } + /** + * Check out whether a comment belongs to a user or not + * + * @param commentID Target comment ID + */ + public static async IsOwner(userID: number, commentID: number) : Promise { + return await DatabaseHelper.Count({ + table: COMMENTS_TABLE, + where: { + ID: commentID, + ID_personne: userID + } + }) > 0; + } + /** * Get information about a single comment *