You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
overseerr/server/routes/issueComment.ts

130 lines
3.3 KiB

import { Router } from 'express';
import { getRepository } from 'typeorm';
import IssueComment from '../entity/IssueComment';
import { Permission } from '../lib/permissions';
import logger from '../logger';
import { isAuthenticated } from '../middleware/auth';
const issueCommentRoutes = Router();
issueCommentRoutes.get<{ commentId: string }, IssueComment>(
'/:commentId',
isAuthenticated(
[
Permission.MANAGE_ISSUES,
Permission.VIEW_ISSUES,
Permission.CREATE_ISSUES,
],
{
type: 'or',
}
),
async (req, res, next) => {
const issueCommentRepository = getRepository(IssueComment);
try {
const comment = await issueCommentRepository.findOneOrFail({
where: { id: Number(req.params.commentId) },
});
if (
!req.user?.hasPermission(
[Permission.MANAGE_ISSUES, Permission.VIEW_ISSUES],
{ type: 'or' }
) &&
comment.user.id !== req.user?.id
) {
return next({
status: 403,
message: 'You do not have permission to view this comment.',
});
}
return res.status(200).json(comment);
} catch (e) {
logger.debug('Request for unknown issue comment failed', {
label: 'API',
errorMessage: e.message,
});
next({ status: 404, message: 'Issue comment not found.' });
}
}
);
issueCommentRoutes.put<
{ commentId: string },
IssueComment,
{ message: string }
>(
'/:commentId',
isAuthenticated([Permission.MANAGE_ISSUES, Permission.CREATE_ISSUES], {
type: 'or',
}),
async (req, res, next) => {
const issueCommentRepository = getRepository(IssueComment);
try {
const comment = await issueCommentRepository.findOneOrFail({
where: { id: Number(req.params.commentId) },
});
if (comment.user.id !== req.user?.id) {
return next({
status: 403,
message: 'You can only edit your own comments.',
});
}
comment.message = req.body.message;
await issueCommentRepository.save(comment);
return res.status(200).json(comment);
} catch (e) {
logger.debug('Put request for issue comment failed', {
label: 'API',
errorMessage: e.message,
});
next({ status: 404, message: 'Issue comment not found.' });
}
}
);
issueCommentRoutes.delete<{ commentId: string }, IssueComment>(
'/:commentId',
isAuthenticated([Permission.MANAGE_ISSUES, Permission.CREATE_ISSUES], {
type: 'or',
}),
async (req, res, next) => {
const issueCommentRepository = getRepository(IssueComment);
try {
const comment = await issueCommentRepository.findOneOrFail({
where: { id: Number(req.params.commentId) },
});
if (
!req.user?.hasPermission([Permission.MANAGE_ISSUES], { type: 'or' }) &&
comment.user.id !== req.user?.id
) {
return next({
status: 403,
message: 'You do not have permission to delete this comment.',
});
}
await issueCommentRepository.remove(comment);
return res.status(204).send();
} catch (e) {
logger.debug('Delete request for issue comment failed', {
label: 'API',
errorMessage: e.message,
});
next({ status: 404, message: 'Issue comment not found.' });
}
}
);
export default issueCommentRoutes;