Merge pull request #3305 from SeedCompany/commentable-can-create

Expose canCreate flags for Comments
SeedCompany · Oct 9, 2024 · b7eba35 · b7eba35
2 parents 497393c + 0cce117
commit b7eba35
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 32 deletions.
diff --git a/src/components/comments/comment-thread.loader.ts b/src/components/comments/comment-thread.loader.ts
@@ -20,7 +20,7 @@ export class CommentThreadLoader extends OrderedNestDataLoader<CommentThread> {
       threads.map(async (thread) => {
         try {
           await this.service.verifyCanView(thread.parent, session);
-          return await this.service.secureThread(thread, session);
+          return this.service.secureThread(thread, session);
         } catch (error) {
           return { key: thread.id, error };
         }

diff --git a/src/components/comments/comment-thread.resolver.ts b/src/components/comments/comment-thread.resolver.ts
@@ -61,11 +61,15 @@ export class CommentThreadResolver {
   })
   async comments(
     @AnonSession() session: Session,
-    @Parent() { id }: CommentThread,
+    @Parent() thread: CommentThread,
     @ListArg(CommentListInput) input: CommentListInput,
     @Loader(CommentLoader) comments: LoaderOf<CommentLoader>,
   ): Promise<CommentList> {
-    const list = await this.service.listCommentsByThreadId(id, input, session);
+    const list = await this.service.listCommentsByThreadId(
+      thread,
+      input,
+      session,
+    );
     comments.primeAll(list.items);
     return list;
   }

diff --git a/src/components/comments/comment.service.ts b/src/components/comments/comment.service.ts
@@ -5,18 +5,20 @@ import {
   isIdLike,
   NotFoundException,
   Resource,
+  SecuredList,
   ServerException,
   Session,
   UnsecuredDto,
 } from '~/common';
 import { isAdmin } from '~/common/session';
-import { ILogger, Logger, ResourceLoader, ResourcesHost } from '~/core';
-import { BaseNode, isBaseNode, mapListResults } from '~/core/database/results';
+import { ResourceLoader, ResourcesHost } from '~/core';
+import { BaseNode, isBaseNode } from '~/core/database/results';
 import { Privileges } from '../authorization';
 import { CommentRepository } from './comment.repository';
 import {
   Comment,
   Commentable,
+  CommentList,
   CommentListInput,
   CommentThread,
   CommentThreadList,
@@ -34,7 +36,6 @@ export class CommentService {
     private readonly privileges: Privileges,
     private readonly resources: ResourceLoader,
     private readonly resourcesHost: ResourcesHost,
-    @Logger('comment:service') private readonly logger: ILogger,
   ) {}
 
   async create(input: CreateCommentInput, session: Session) {
@@ -102,32 +103,27 @@ export class CommentService {
 
   async readOne(id: ID, session: Session): Promise<Comment> {
     const dto = await this.repo.readOne(id);
-    return await this.secureComment(dto, session);
+    return this.secureComment(dto, session);
   }
 
   async readMany(ids: readonly ID[], session: Session) {
     const comments = await this.repo.readMany(ids);
-    return await Promise.all(
-      comments.map((dto) => this.secureComment(dto, session)),
-    );
+    return comments.map((dto) => this.secureComment(dto, session));
   }
 
-  async secureThread(
+  secureThread(
     thread: UnsecuredDto<CommentThread>,
     session: Session,
-  ): Promise<CommentThread> {
+  ): CommentThread {
     return {
       ...thread,
-      firstComment: await this.secureComment(thread.firstComment, session),
-      latestComment: await this.secureComment(thread.latestComment, session),
+      firstComment: this.secureComment(thread.firstComment, session),
+      latestComment: this.secureComment(thread.latestComment, session),
       canDelete: thread.creator === session.userId || isAdmin(session),
     };
   }
 
-  async secureComment(
-    dto: UnsecuredDto<Comment>,
-    session: Session,
-  ): Promise<Comment> {
+  secureComment(dto: UnsecuredDto<Comment>, session: Session): Comment {
     return this.privileges.for(session, Comment).secure(dto);
   }
 
@@ -162,27 +158,46 @@ export class CommentService {
     input: CommentThreadListInput,
     session: Session,
   ): Promise<CommentThreadList> {
-    await this.verifyCanView(parent, session);
+    const perms = await this.getPermissionsFromResource(parent, session);
+
+    // Do check here since we don't filter in the db query.
+    // Will need to be updated with DB switch.
+    if (!perms.can('read')) {
+      return { ...SecuredList.Redacted, parent };
+    }
 
     const results = await this.repo.threads.list(parent.id, input, session);
 
     return {
-      ...(await mapListResults(results, (dto) =>
-        this.secureThread(dto, session),
-      )),
+      ...results,
+      items: results.items.map((dto) => this.secureThread(dto, session)),
       parent,
+      canRead: true,
+      canCreate: perms.can('create'),
     };
   }
 
   async listCommentsByThreadId(
-    thread: ID,
+    thread: CommentThread,
     input: CommentListInput,
     session: Session,
-  ) {
-    const results = await this.repo.list(thread, input, session);
-    return await mapListResults(results, (dto) =>
-      this.secureComment(dto, session),
-    );
+  ): Promise<CommentList> {
+    const perms = await this.getPermissionsFromResource(thread.parent, session);
+
+    // Do check here since we don't filter in the db query.
+    // Will need to be updated with DB switch.
+    if (!perms.can('read')) {
+      return SecuredList.Redacted;
+    }
+
+    const results = await this.repo.list(thread.id, input, session);
+
+    return {
+      ...results,
+      items: results.items.map((dto) => this.secureComment(dto, session)),
+      canRead: true,
+      canCreate: perms.can('create'),
+    };
   }
 }
 

diff --git a/src/components/comments/dto/list-comment-thread.dto.ts b/src/components/comments/dto/list-comment-thread.dto.ts
@@ -1,5 +1,5 @@
 import { Field, InputType, ObjectType } from '@nestjs/graphql';
-import { Order, PaginatedList, SortablePaginationInput } from '~/common';
+import { Order, SecuredList, SortablePaginationInput } from '~/common';
 import { CommentThread } from './comment-thread.dto';
 import { Commentable } from './commentable.dto';
 
@@ -12,7 +12,7 @@ export class CommentThreadListInput extends SortablePaginationInput<
 }) {}
 
 @ObjectType()
-export class CommentThreadList extends PaginatedList(CommentThread) {
+export class CommentThreadList extends SecuredList(CommentThread) {
   @Field()
   readonly parent: Commentable;
 }
diff --git a/src/components/comments/dto/list-comment.dto.ts b/src/components/comments/dto/list-comment.dto.ts
@@ -1,5 +1,5 @@
 import { InputType, ObjectType } from '@nestjs/graphql';
-import { Order, PaginatedList, SortablePaginationInput } from '~/common';
+import { Order, SecuredList, SortablePaginationInput } from '~/common';
 import { Comment } from './comment.dto';
 
 @InputType()
@@ -9,4 +9,4 @@ export class CommentListInput extends SortablePaginationInput<keyof Comment>({
 }) {}
 
 @ObjectType()
-export abstract class CommentList extends PaginatedList(Comment) {}
+export abstract class CommentList extends SecuredList(Comment) {}