v3: added a roles/permissions system, added user management tab on user profile
All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 42s
All checks were successful
Build and Publish Docker Image / build-and-push (push) Successful in 42s
This commit is contained in:
@@ -91,7 +91,7 @@ export function updateComment(
|
||||
commentId: string,
|
||||
body: string,
|
||||
requestingUserId: string,
|
||||
isAdmin: boolean,
|
||||
canModerate: boolean,
|
||||
): { comment: Comment; dumpId: string; isPrivate: boolean } {
|
||||
const row = db.prepare(
|
||||
`SELECT c.dump_id, d.is_private FROM comments c JOIN dumps d ON c.dump_id = d.id WHERE c.id = ?;`,
|
||||
@@ -107,7 +107,7 @@ export function updateComment(
|
||||
"Cannot edit a deleted comment",
|
||||
);
|
||||
}
|
||||
if (existing.userId !== requestingUserId && !isAdmin) {
|
||||
if (existing.userId !== requestingUserId && !canModerate) {
|
||||
throw new APIException(
|
||||
APIErrorCode.UNAUTHORIZED,
|
||||
401,
|
||||
@@ -143,7 +143,7 @@ export function updateComment(
|
||||
export function deleteComment(
|
||||
commentId: string,
|
||||
requestingUserId: string,
|
||||
isAdmin: boolean,
|
||||
canModerate: boolean,
|
||||
): { dumpId: string; isPrivate: boolean } {
|
||||
const row = db.prepare(
|
||||
`SELECT c.dump_id, d.is_private FROM comments c JOIN dumps d ON c.dump_id = d.id WHERE c.id = ?;`,
|
||||
@@ -152,7 +152,7 @@ export function deleteComment(
|
||||
throw new APIException(APIErrorCode.NOT_FOUND, 404, "Comment not found");
|
||||
}
|
||||
const comment = fetchComment(commentId);
|
||||
if (comment.userId !== requestingUserId && !isAdmin) {
|
||||
if (comment.userId !== requestingUserId && !canModerate) {
|
||||
throw new APIException(
|
||||
APIErrorCode.UNAUTHORIZED,
|
||||
401,
|
||||
|
||||
Reference in New Issue
Block a user