p90524618
/
answer
mirror of https://gitee.com/answerdev/answer.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(comment): fix admin can't update user's comment.

This commit is contained in:
LinkinStars 2023-09-04 18:09:08 +08:00
parent 50beae6104
commit a027376f4c
5 changed files with 53 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
internal/controller/comment_controller.go
View File

@ -157,20 +157,23 @@ func (cc *CommentController) UpdateComment(ctx *gin.Context) {
} }
req.UserID = middleware.GetLoginUserIDFromContext(ctx) req.UserID = middleware.GetLoginUserIDFromContext(ctx)
req.IsAdmin = middleware.GetIsAdminFromContext(ctx)
canList, err := cc.rankService.CheckOperationPermissions(ctx, req.UserID, []string{ canList, err := cc.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
permission.CommentAdd,
permission.CommentEdit, permission.CommentEdit,
permission.CommentDelete,
permission.LinkUrlLimit, permission.LinkUrlLimit,
}) })
if err != nil { if err != nil {
handler.HandleResponse(ctx, err, nil) handler.HandleResponse(ctx, err, nil)
return return
} }
linkUrlLimitUser := canList[3] req.CanEdit = canList[0] || cc.rankService.CheckOperationObjectOwner(ctx, req.UserID, req.CommentID)
req.IsAdmin = middleware.GetIsAdminFromContext(ctx) linkUrlLimitUser := canList[1]
isAdmin := middleware.GetUserIsAdminModerator(ctx) if !req.CanEdit {
if !isAdmin || !linkUrlLimitUser { handler.HandleResponse(ctx, errors.Forbidden(reason.RankFailToMeetTheCondition), nil)
return
}
if !req.IsAdmin || !linkUrlLimitUser {
captchaPass := cc.actionService.ActionRecordVerifyCaptcha(ctx, entity.CaptchaActionEdit, req.UserID, req.CaptchaID, req.CaptchaCode) captchaPass := cc.actionService.ActionRecordVerifyCaptcha(ctx, entity.CaptchaActionEdit, req.UserID, req.CaptchaID, req.CaptchaCode)
if !captchaPass { if !captchaPass {
errFields := append([]*validator.FormErrorField{}, &validator.FormErrorField{ errFields := append([]*validator.FormErrorField{}, &validator.FormErrorField{
@ -182,21 +185,8 @@ func (cc *CommentController) UpdateComment(ctx *gin.Context) {
} }
} }
req.CanAdd = canList[0]
req.CanEdit = canList[1]
req.CanDelete = canList[2]
can, err := cc.rankService.CheckOperationPermission(ctx, req.UserID, permission.CommentEdit, req.CommentID)
if err != nil {
handler.HandleResponse(ctx, err, nil)
return
}
if !can {
handler.HandleResponse(ctx, errors.Forbidden(reason.RankFailToMeetTheCondition), nil)
return
}
resp, err := cc.commentService.UpdateComment(ctx, req) resp, err := cc.commentService.UpdateComment(ctx, req)
if !isAdmin || !linkUrlLimitUser { if !req.IsAdmin || !linkUrlLimitUser {
cc.actionService.ActionRecordAdd(ctx, entity.CaptchaActionEdit, req.UserID) cc.actionService.ActionRecordAdd(ctx, entity.CaptchaActionEdit, req.UserID)
} }
handler.HandleResponse(ctx, err, resp) handler.HandleResponse(ctx, err, resp)

13
internal/repo/comment/comment_repo.go
View File

@ -58,9 +58,13 @@ func (cr *commentRepo) RemoveComment(ctx context.Context, commentID string) (err
return return
} }
// UpdateComment update comment // UpdateCommentContent update comment
func (cr *commentRepo) UpdateComment(ctx context.Context, comment *entity.Comment) (err error) { func (cr *commentRepo) UpdateCommentContent(
_, err = cr.data.DB.Context(ctx).ID(comment.ID).Where("user_id = ?", comment.UserID).Update(comment) ctx context.Context, commentID string, originalText string, parsedText string) (err error) {
_, err = cr.data.DB.Context(ctx).ID(commentID).Update(&entity.Comment{
OriginalText: originalText,
ParsedText: parsedText,
})
if err != nil { if err != nil {
err = errors.InternalServer(reason.DatabaseError).WithError(err).WithStack() err = errors.InternalServer(reason.DatabaseError).WithError(err).WithStack()
} }
@ -69,8 +73,7 @@ func (cr *commentRepo) UpdateComment(ctx context.Context, comment *entity.Commen
// GetComment get comment one // GetComment get comment one
func (cr *commentRepo) GetComment(ctx context.Context, commentID string) ( func (cr *commentRepo) GetComment(ctx context.Context, commentID string) (
comment *entity.Comment, exist bool, err error, comment *entity.Comment, exist bool, err error) {
) {
comment = &entity.Comment{} comment = &entity.Comment{}
exist, err = cr.data.DB.Context(ctx).ID(commentID).Get(comment) exist, err = cr.data.DB.Context(ctx).ID(commentID).Get(comment)
if err != nil { if err != nil {

2
internal/repo/repo_test/comment_repo_test.go
View File

@ -65,7 +65,7 @@ func Test_commentRepo_UpdateComment(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
testCommentEntity.ParsedText = "test" testCommentEntity.ParsedText = "test"
err = commentRepo.UpdateComment(context.TODO(), testCommentEntity) err = commentRepo.UpdateCommentContent(context.TODO(), testCommentEntity, "", "")
assert.NoError(t, err) assert.NoError(t, err)
newComment, exist, err := commonCommentRepo.GetComment(context.TODO(), testCommentEntity.ID) newComment, exist, err := commonCommentRepo.GetComment(context.TODO(), testCommentEntity.ID)

12
internal/schema/comment_schema.go
View File

@ -58,11 +58,10 @@ type UpdateCommentReq struct {
UserID string `json:"-"` UserID string `json:"-"`
IsAdmin bool `json:"-"` IsAdmin bool `json:"-"`
CanAdd bool `json:"-"`
// whether user can edit it // whether user can edit it
CanEdit bool `json:"-"` CanEdit bool `json:"-"`
// whether user can delete it // whether user can delete it
CanDelete bool `json:"-"`
CaptchaID string `json:"captcha_id"` // captcha_id CaptchaID string `json:"captcha_id"` // captcha_id
CaptchaCode string `json:"captcha_code"` CaptchaCode string `json:"captcha_code"`
} }
@ -72,6 +71,15 @@ func (req *UpdateCommentReq) Check() (errFields []*validator.FormErrorField, err
return nil, nil return nil, nil
} }
type UpdateCommentResp struct {
// comment id
CommentID string `json:"comment_id"`
// original comment content
OriginalText string `json:"original_text"`
// parsed comment content
ParsedText string `json:"parsed_text"`
}
// GetCommentListReq get comment list all request // GetCommentListReq get comment list all request
type GetCommentListReq struct { type GetCommentListReq struct {
// user id // user id

53
internal/service/comment/comment_service.go
View File

@ -29,7 +29,7 @@ import (
type CommentRepo interface { type CommentRepo interface {
AddComment(ctx context.Context, comment *entity.Comment) (err error) AddComment(ctx context.Context, comment *entity.Comment) (err error)
RemoveComment(ctx context.Context, commentID string) (err error) RemoveComment(ctx context.Context, commentID string) (err error)
UpdateComment(ctx context.Context, comment *entity.Comment) (err error) UpdateCommentContent(ctx context.Context, commentID string, original string, parsedText string) (err error)
GetComment(ctx context.Context, commentID string) (comment *entity.Comment, exist bool, err error) GetComment(ctx context.Context, commentID string) (comment *entity.Comment, exist bool, err error)
GetCommentPage(ctx context.Context, commentQuery *CommentQuery) ( GetCommentPage(ctx context.Context, commentQuery *CommentQuery) (
comments []*entity.Comment, total int64, err error) comments []*entity.Comment, total int64, err error)
@ -224,39 +224,34 @@ func (cs *CommentService) RemoveComment(ctx context.Context, req *schema.RemoveC
// UpdateComment update comment // UpdateComment update comment
func (cs *CommentService) UpdateComment(ctx context.Context, req *schema.UpdateCommentReq) ( func (cs *CommentService) UpdateComment(ctx context.Context, req *schema.UpdateCommentReq) (
resp *schema.GetCommentResp, err error) { resp *schema.UpdateCommentResp, err error) {
resp = &schema.GetCommentResp{}
old, exist, err := cs.commentCommonRepo.GetComment(ctx, req.CommentID) old, exist, err := cs.commentCommonRepo.GetComment(ctx, req.CommentID)
if err != nil {
return
}
if !exist {
return resp, errors.BadRequest(reason.CommentNotFound)
}
// user can edit the comment that was posted by himself before deadline.
if !req.IsAdmin && (time.Now().After(old.CreatedAt.Add(constant.CommentEditDeadline))) {
return resp, errors.BadRequest(reason.CommentCannotEditAfterDeadline)
}
comment := &entity.Comment{}
_ = copier.Copy(comment, req)
comment.ID = req.CommentID
resp.SetFromComment(comment)
resp.MemberActions = permission.GetCommentPermission(ctx, req.UserID, resp.UserID,
time.Now(), req.CanEdit, req.CanDelete)
userInfo, exist, err := cs.userCommon.GetUserBasicInfoByID(ctx, resp.UserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if exist { if !exist {
resp.Username = userInfo.Username return nil, errors.BadRequest(reason.CommentNotFound)
resp.UserDisplayName = userInfo.DisplayName
resp.UserAvatar = userInfo.Avatar
resp.UserStatus = userInfo.Status
} }
return resp, cs.commentRepo.UpdateComment(ctx, comment) // user can't edit the comment that was posted by others except admin
if !req.IsAdmin && req.UserID != old.UserID {
return nil, errors.BadRequest(reason.CommentNotFound)
}
// user can edit the comment that was posted by himself before deadline.
// admin can edit it at any time
if !req.IsAdmin && (time.Now().After(old.CreatedAt.Add(constant.CommentEditDeadline))) {
return nil, errors.BadRequest(reason.CommentCannotEditAfterDeadline)
}
if err = cs.commentRepo.UpdateCommentContent(ctx, old.ID, req.OriginalText, req.ParsedText); err != nil {
return nil, err
}
resp = &schema.UpdateCommentResp{
CommentID: old.ID,
OriginalText: req.OriginalText,
ParsedText: req.ParsedText,
}
return resp, nil
} }
// GetComment get comment one // GetComment get comment one