Check user authorization to create posts

2025-06-20 16:45:16 +00:00 · 2020-01-04 15:07:24 +01:00
parent ddaa3a5a06
commit ac601877bb
3 changed files with 69 additions and 2 deletions
--- a/src/controllers/PostsController.ts
+++ b/src/controllers/PostsController.ts
@ -1,7 +1,7 @@
 import { RequestHandler } from "../entities/RequestHandler";
 import { UserHelper } from "../helpers/UserHelper";
 import { PostsHelper } from "../helpers/PostsHelper";
-import { Post, PostVisibilityLevel, PostKind, PostAccessLevel } from "../entities/Post";
+import { Post, PostVisibilityLevel, PostKind, PostAccessLevel, PostPageKind } from "../entities/Post";
 import { MoviesController } from "./MoviesController";
 import { MoviesHelper } from "../helpers/MoviesHelper";
 import { SurveyHelper } from "../helpers/SurveyHelper";
@ -10,6 +10,7 @@ import { LikesHelper, LikesType } from "../helpers/LikesHelper";
 import { CommentsHelper } from "../helpers/CommentsHelper";
 import { CommentsController } from "./CommentsController";
 import { GroupsAccessLevel } from "../entities/Group";
+import { GroupsHelper } from "../helpers/GroupsHelper";

 /**
 * Posts controller
@ -91,6 +92,47 @@ export class PostsController {
 		h.send(await this.PostToAPI(h, post));
 	}

+	/**
+	 * Create a new post
+	 * 
+	 * @param h Request handler
+	 */
+	public static async CreatePost(h: RequestHandler) {
+
+		// Determine the target for the new post
+		let kindPage: PostPageKind;
+		let pageID: number;
+		switch(h.postString("kind-page")) {
+
+			// If the post is targetting a user
+			case "user":
+				kindPage = PostPageKind.PAGE_KIND_USER;
+				pageID = await h.postUserId("kind-id");
+
+				if(!await UserHelper.CanCreatePosts(h.getUserId(), pageID))
+					h.error(401, "You are not allowed to create posts on this page!");
+				
+				break;
+			
+			// For groups
+			case "group":
+				kindPage = PostPageKind.PAGE_KIND_GROUP;
+				pageID = await h.postGroupIDWithAccess("kind-id", GroupsAccessLevel.MEMBER_ACCESS);
+
+				// Check if the user can create posts on this group
+				if(!await GroupsHelper.CanUserCreatePosts(pageID, h.getUserId()))
+					h.error(401, "You are not allowed to create posts on this group!");
+				
+				break;
+			
+			default:
+				h.error(500, "Unsupported kind of page!");
+
+		}
+
+		h.success("Go on.");
+	}
+

 	/**
 	 * Send multiple posts to the API
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@ -192,6 +192,8 @@ export const Routes : Route[] = [

 	{path: "/posts/get_single", cb: (h) => PostsController.GetSingle(h), needLogin: false},

+	{path: "/posts/create", cb: (h) => PostsController.CreatePost(h)},
+


 	// Notifications controller