From 0cce11760b03f43a17cf2e0bded9b6e86a6e8efb Mon Sep 17 00:00:00 2001
From: Carson Full <carson_full@tsco.org>
Date: Tue, 8 Oct 2024 08:54:06 -0500
Subject: [PATCH] Expose CommentThread.comments.canCreate

---
 .../comments/comment-thread.resolver.ts        |  8 ++++++--
 src/components/comments/comment.service.ts     | 18 +++++++++++++++---
 .../comments/dto/list-comment.dto.ts           |  4 ++--
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/components/comments/comment-thread.resolver.ts b/src/components/comments/comment-thread.resolver.ts
index 643aedd4be..4fe41ea494 100644
--- a/src/components/comments/comment-thread.resolver.ts
+++ b/src/components/comments/comment-thread.resolver.ts
@@ -61,11 +61,15 @@ export class CommentThreadResolver {
   })
   async comments(
     @AnonSession() session: Session,
-    @Parent() { id }: CommentThread,
+    @Parent() thread: CommentThread,
     @ListArg(CommentListInput) input: CommentListInput,
     @Loader(CommentLoader) comments: LoaderOf<CommentLoader>,
   ): Promise<CommentList> {
-    const list = await this.service.listCommentsByThreadId(id, input, session);
+    const list = await this.service.listCommentsByThreadId(
+      thread,
+      input,
+      session,
+    );
     comments.primeAll(list.items);
     return list;
   }
diff --git a/src/components/comments/comment.service.ts b/src/components/comments/comment.service.ts
index 31c0ffc450..97c1f9ba5f 100644
--- a/src/components/comments/comment.service.ts
+++ b/src/components/comments/comment.service.ts
@@ -18,6 +18,7 @@ import { CommentRepository } from './comment.repository';
 import {
   Comment,
   Commentable,
+  CommentList,
   CommentListInput,
   CommentThread,
   CommentThreadList,
@@ -177,14 +178,25 @@ export class CommentService {
   }
 
   async listCommentsByThreadId(
-    thread: ID,
+    thread: CommentThread,
     input: CommentListInput,
     session: Session,
-  ) {
-    const results = await this.repo.list(thread, input, session);
+  ): Promise<CommentList> {
+    const perms = await this.getPermissionsFromResource(thread.parent, session);
+
+    // Do check here since we don't filter in the db query.
+    // Will need to be updated with DB switch.
+    if (!perms.can('read')) {
+      return SecuredList.Redacted;
+    }
+
+    const results = await this.repo.list(thread.id, input, session);
+
     return {
       ...results,
       items: results.items.map((dto) => this.secureComment(dto, session)),
+      canRead: true,
+      canCreate: perms.can('create'),
     };
   }
 }
diff --git a/src/components/comments/dto/list-comment.dto.ts b/src/components/comments/dto/list-comment.dto.ts
index 1b98d8e4d9..ef94d314b1 100644
--- a/src/components/comments/dto/list-comment.dto.ts
+++ b/src/components/comments/dto/list-comment.dto.ts
@@ -1,5 +1,5 @@
 import { InputType, ObjectType } from '@nestjs/graphql';
-import { Order, PaginatedList, SortablePaginationInput } from '~/common';
+import { Order, SecuredList, SortablePaginationInput } from '~/common';
 import { Comment } from './comment.dto';
 
 @InputType()
@@ -9,4 +9,4 @@ export class CommentListInput extends SortablePaginationInput<keyof Comment>({
 }) {}
 
 @ObjectType()
-export abstract class CommentList extends PaginatedList(Comment) {}
+export abstract class CommentList extends SecuredList(Comment) {}