mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-12-28 14:38:52 +00:00
Check user authorization to create posts
This commit is contained in:
parent
ddaa3a5a06
commit
ac601877bb
@ -1,7 +1,7 @@
|
||||
import { RequestHandler } from "../entities/RequestHandler";
|
||||
import { UserHelper } from "../helpers/UserHelper";
|
||||
import { PostsHelper } from "../helpers/PostsHelper";
|
||||
import { Post, PostVisibilityLevel, PostKind, PostAccessLevel } from "../entities/Post";
|
||||
import { Post, PostVisibilityLevel, PostKind, PostAccessLevel, PostPageKind } from "../entities/Post";
|
||||
import { MoviesController } from "./MoviesController";
|
||||
import { MoviesHelper } from "../helpers/MoviesHelper";
|
||||
import { SurveyHelper } from "../helpers/SurveyHelper";
|
||||
@ -10,6 +10,7 @@ import { LikesHelper, LikesType } from "../helpers/LikesHelper";
|
||||
import { CommentsHelper } from "../helpers/CommentsHelper";
|
||||
import { CommentsController } from "./CommentsController";
|
||||
import { GroupsAccessLevel } from "../entities/Group";
|
||||
import { GroupsHelper } from "../helpers/GroupsHelper";
|
||||
|
||||
/**
|
||||
* Posts controller
|
||||
@ -91,6 +92,47 @@ export class PostsController {
|
||||
h.send(await this.PostToAPI(h, post));
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a new post
|
||||
*
|
||||
* @param h Request handler
|
||||
*/
|
||||
public static async CreatePost(h: RequestHandler) {
|
||||
|
||||
// Determine the target for the new post
|
||||
let kindPage: PostPageKind;
|
||||
let pageID: number;
|
||||
switch(h.postString("kind-page")) {
|
||||
|
||||
// If the post is targetting a user
|
||||
case "user":
|
||||
kindPage = PostPageKind.PAGE_KIND_USER;
|
||||
pageID = await h.postUserId("kind-id");
|
||||
|
||||
if(!await UserHelper.CanCreatePosts(h.getUserId(), pageID))
|
||||
h.error(401, "You are not allowed to create posts on this page!");
|
||||
|
||||
break;
|
||||
|
||||
// For groups
|
||||
case "group":
|
||||
kindPage = PostPageKind.PAGE_KIND_GROUP;
|
||||
pageID = await h.postGroupIDWithAccess("kind-id", GroupsAccessLevel.MEMBER_ACCESS);
|
||||
|
||||
// Check if the user can create posts on this group
|
||||
if(!await GroupsHelper.CanUserCreatePosts(pageID, h.getUserId()))
|
||||
h.error(401, "You are not allowed to create posts on this group!");
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
h.error(500, "Unsupported kind of page!");
|
||||
|
||||
}
|
||||
|
||||
h.success("Go on.");
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Send multiple posts to the API
|
||||
|
@ -192,6 +192,8 @@ export const Routes : Route[] = [
|
||||
|
||||
{path: "/posts/get_single", cb: (h) => PostsController.GetSingle(h), needLogin: false},
|
||||
|
||||
{path: "/posts/create", cb: (h) => PostsController.CreatePost(h)},
|
||||
|
||||
|
||||
|
||||
// Notifications controller
|
||||
|
@ -1,5 +1,5 @@
|
||||
import { DatabaseHelper } from "./DatabaseHelper";
|
||||
import { GroupsAccessLevel, GroupVisibilityLevel, GroupInfo } from "../entities/Group";
|
||||
import { GroupsAccessLevel, GroupVisibilityLevel, GroupInfo, GroupPostsCreationLevel } from "../entities/Group";
|
||||
import { GroupMembershipLevels, GroupMember } from "../entities/GroupMember";
|
||||
import { NewGroup } from "../entities/NewGroup";
|
||||
import { time } from "../utils/DateUtils";
|
||||
@ -480,6 +480,29 @@ export class GroupsHelper {
|
||||
return groupID;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check out whether a user can create posts on a group or not
|
||||
*
|
||||
* @param groupID Target group ID
|
||||
* @param userID Target user ID
|
||||
*/
|
||||
public static async CanUserCreatePosts(groupID: number, userID: number) : Promise<boolean> {
|
||||
const membershipLevel = await this.GetMembershipLevel(groupID, userID);
|
||||
|
||||
// Moderators + administrators => can always create posts
|
||||
if(membershipLevel == GroupMembershipLevels.MODERATOR ||
|
||||
membershipLevel == GroupMembershipLevels.ADMINISTRATOR)
|
||||
return true;
|
||||
|
||||
// Simple members => check authorization
|
||||
if(membershipLevel == GroupMembershipLevels.MEMBER) {
|
||||
return (await this.GetInfo(groupID)).postsCreationLevel
|
||||
== GroupPostsCreationLevel.POSTS_LEVEL_ALL_MEMBERS;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Turn a database row into a {GroupInfo} object
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user