Skip to content

Commit

Permalink
Delete & Put comment endpoints no longer need user. Closes #27
Browse files Browse the repository at this point in the history
  • Loading branch information
@MKHenson
MKHenson committed Jul 12, 2016
1 parent 322eae3 commit e26daeb
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 32 deletions.
49 changes: 35 additions & 14 deletions src/controllers/comments-controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ export default class CommentsController extends Controller
router.get("/comments/:id", <any>[hasId("id", "ID"), getUser, this.getComment.bind(this)]);
router.get("/nested-comments/:parentId", <any>[hasId("parentId", "parent ID"), getUser, this.getComments.bind(this)]);
router.get("/users/:user/comments", <any>[userExists, getUser, this.getComments.bind(this)]);
router.delete("/users/:user/comments/:id", <any>[canEdit, hasId("id", "ID"), this.remove.bind(this)]);
router.put("/users/:user/comments/:id", <any>[canEdit, hasId("id", "ID"), this.update.bind(this)]);
router.delete("/comments/:id", <any>[getUser, hasId("id", "ID"), this.remove.bind(this)]);
router.put("/comments/:id", <any>[getUser, hasId("id", "ID"), this.update.bind(this)]);
router.post("/posts/:postId/comments/:parent?", <any>[canEdit, hasId("postId", "parent ID"), hasId("parent", "Parent ID", true), this.create.bind(this)]);

// Register the path
Expand Down Expand Up @@ -87,7 +87,7 @@ export default class CommentsController extends Controller
var users = UsersService.getSingleton();

// Only admins are allowed to see private comments
if ( !user || ( ( visibility == "all" || visibility == "private" ) && users.hasPermission(user, 2) == false ) )
if ( !user || ( ( visibility == "all" || visibility == "private" ) && users.isAdmin(user) == false ) )
visibility = "public";

// Add the or conditions for visibility
Expand Down Expand Up @@ -175,7 +175,7 @@ export default class CommentsController extends Controller
var isPublic = await instances[0].schema.getByName("public").getValue()

// Only admins are allowed to see private comments
if ( !isPublic && (!user || users.hasPermission(user, 2) == false ) )
if ( !isPublic && (!user || users.isAdmin(user) == false ) )
throw new Error("That comment is marked private");

var jsons : Array<Promise<mp.IComment>> = [];
Expand Down Expand Up @@ -210,18 +210,28 @@ export default class CommentsController extends Controller
{
var comments = this.getModel("comments");
var findToken : mp.IComment = {
_id: new mongodb.ObjectID(req.params.id),
author: req._user.username
_id: new mongodb.ObjectID(req.params.id)
}

try
{
// Attempt to delete the instances
var numRemoved = await comments.deleteInstances(findToken);
var user = req._user;
var users = UsersService.getSingleton();
var instances = await comments.findInstances<mp.IComment>(findToken, [], 0, 1);

if (numRemoved == 0)
if (instances.length == 0)
throw new Error("Could not find a comment with that ID");
else
{
var author = await instances[0].schema.getByName("author").getValue();

// Only admins are allowed to see private comments
if ( !user || ( !users.isAdmin(user) && user.username != author ) )
throw new Error("You do not have permission");
}

// Attempt to delete the instances
var numRemoved = await comments.deleteInstances(findToken);
okJson<mp.IResponse>( {
error: false,
message: "Comment has been successfully removed"
Expand All @@ -243,20 +253,31 @@ export default class CommentsController extends Controller
var token: mp.IComment = req.body;
var comments = this.getModel("comments");
var findToken : mp.IComment = {
_id: new mongodb.ObjectID(req.params.id),
author: req._user.username
_id: new mongodb.ObjectID(req.params.id)
}

try
{
var user = req._user;
var users = UsersService.getSingleton();
var instances = await comments.findInstances<mp.IComment>(findToken, [], 0, 1);

if (instances.length == 0)
throw new Error("Could not find comment with that id");
else
{
var author = await instances[0].schema.getByName("author").getValue();

// Only admins are allowed to see private comments
if ( !user || ( !users.isAdmin(user) && user.username != author ) )
throw new Error("You do not have permission");
}

var instance = await comments.update(findToken, token);

if (instance.error)
throw new Error(<string>instance.tokens[0].error);

if ( instance.tokens.length == 0 )
throw new Error("Could not find comment with that id");

okJson<mp.IResponse>( {
error: false,
message: "Comment Updated"
Expand Down
22 changes: 4 additions & 18 deletions test/tests/comments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,7 +386,7 @@ describe('Testing all comment related endpoints', function() {

it('cannot delete a comment with a bad id', function(done){
header.modepressAgent
.delete(`/api/users/${header.uconfig.adminUser.username}/comments/abc`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.delete(`/api/comments/abc`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.set('Cookie', header.adminCookie)
.end(function(err, res) {
if (err)
Expand All @@ -400,7 +400,7 @@ describe('Testing all comment related endpoints', function() {

it('cannot delete a comment with a valid id but doesn\'t exist', function(done){
header.modepressAgent
.delete(`/api/users/${header.uconfig.adminUser.username}/comments/123456789012345678901234`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.delete(`/api/comments/123456789012345678901234`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.set('Cookie', header.adminCookie)
.end(function(err, res) {
if (err)
Expand All @@ -412,23 +412,9 @@ describe('Testing all comment related endpoints', function() {
});
})

it('cannot delete a comment with an invalid user', function(done){
header.modepressAgent
.delete(`/api/users/BADUSER/comments/123456789012345678901234`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.set('Cookie', header.adminCookie)
.end(function(err, res) {
if (err)
return done(err);

test.string(res.body.message).is("User BADUSER does not exist")
test.bool(res.body.error).isTrue()
done();
});
})

it('Can delete the fourth comment', function(done) {
header.modepressAgent
.delete(`/api/users/${header.uconfig.adminUser.username}/comments/${comment4._id}`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.delete(`/api/comments/${comment4._id}`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.set('Cookie', header.adminCookie)
.end(function(err, res) {
if (err)
Expand Down Expand Up @@ -459,7 +445,7 @@ describe('Testing all comment related endpoints', function() {

it('Can delete an existing comment', function(done) {
header.modepressAgent
.delete(`/api/users/${header.uconfig.adminUser.username}/comments/${comment._id}`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.delete(`/api/comments/${comment._id}`).set('Accept', 'application/json').expect(200).expect('Content-Type', /json/)
.set('Cookie', header.adminCookie)
.end(function(err, res) {
if (err)
Expand Down

0 comments on commit e26daeb

Please sign in to comment.