From 444c0a0e017824fb4ce526281a22c4abe0a13c50 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 14 May 2020 16:56:15 +0200 Subject: Add ability to bulk delete comments --- server/middlewares/validators/blocklist.ts | 12 +++------ server/middlewares/validators/bulk.ts | 41 ++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 8 deletions(-) create mode 100644 server/middlewares/validators/bulk.ts (limited to 'server/middlewares') diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts index 27224ff9b..c24fa9609 100644 --- a/server/middlewares/validators/blocklist.ts +++ b/server/middlewares/validators/blocklist.ts @@ -24,8 +24,7 @@ const blockAccountValidator = [ if (user.Account.id === accountToBlock.id) { res.status(409) - .send({ error: 'You cannot block yourself.' }) - .end() + .json({ error: 'You cannot block yourself.' }) return } @@ -80,8 +79,7 @@ const blockServerValidator = [ if (host === WEBSERVER.HOST) { return res.status(409) - .send({ error: 'You cannot block your own server.' }) - .end() + .json({ error: 'You cannot block your own server.' }) } const server = await ServerModel.loadOrCreateByHost(host) @@ -139,8 +137,7 @@ async function doesUnblockAccountExist (accountId: number, targetAccountId: numb const accountBlock = await AccountBlocklistModel.loadByAccountAndTarget(accountId, targetAccountId) if (!accountBlock) { res.status(404) - .send({ error: 'Account block entry not found.' }) - .end() + .json({ error: 'Account block entry not found.' }) return false } @@ -154,8 +151,7 @@ async function doesUnblockServerExist (accountId: number, host: string, res: exp const serverBlock = await ServerBlocklistModel.loadByAccountAndHost(accountId, host) if (!serverBlock) { res.status(404) - .send({ error: 'Server block entry not found.' }) - .end() + .json({ error: 'Server block entry not found.' }) return false } diff --git a/server/middlewares/validators/bulk.ts b/server/middlewares/validators/bulk.ts new file mode 100644 index 000000000..f9b0f565a --- /dev/null +++ b/server/middlewares/validators/bulk.ts @@ -0,0 +1,41 @@ +import * as express from 'express' +import { body } from 'express-validator' +import { isBulkRemoveCommentsOfScopeValid } from '@server/helpers/custom-validators/bulk' +import { doesAccountNameWithHostExist } from '@server/helpers/middlewares' +import { UserRight } from '@shared/models' +import { BulkRemoveCommentsOfBody } from '@shared/models/bulk/bulk-remove-comments-of-body.model' +import { logger } from '../../helpers/logger' +import { areValidationErrors } from './utils' + +const bulkRemoveCommentsOfValidator = [ + body('accountName').exists().withMessage('Should have an account name with host'), + body('scope') + .custom(isBulkRemoveCommentsOfScopeValid).withMessage('Should have a valid scope'), + + async (req: express.Request, res: express.Response, next: express.NextFunction) => { + logger.debug('Checking bulkRemoveCommentsOfValidator parameters', { parameters: req.body }) + + if (areValidationErrors(req, res)) return + if (!await doesAccountNameWithHostExist(req.body.accountName, res)) return + + const user = res.locals.oauth.token.User + const body = req.body as BulkRemoveCommentsOfBody + + if (body.scope === 'instance' && user.hasRight(UserRight.REMOVE_ANY_VIDEO_COMMENT) !== true) { + return res.status(403) + .json({ + error: 'User cannot remove any comments of this instance.' + }) + } + + return next() + } +] + +// --------------------------------------------------------------------------- + +export { + bulkRemoveCommentsOfValidator +} + +// --------------------------------------------------------------------------- -- cgit v1.2.3