From 75c47515a6b577b82af23cd92f8c90a14b3cc435 Mon Sep 17 00:00:00 2001 From: Luciano Dato Date: Sat, 11 Jun 2022 19:58:49 -0300 Subject: [PATCH 1/2] =?UTF-8?q?Se=20agrega=20servicio,=20controller=20y=20?= =?UTF-8?q?ruta,=20middleware=20para=20due=C3=B1o=20de=20Comment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- controllers/comments.controller.js | 44 +++++++++++++++++++++++++++++- middleware/checkCommentOwner.js | 30 ++++++++++++++++++++ routes/comments.js | 11 +++++++- services/comment.js | 21 ++++++++++++++ 4 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 middleware/checkCommentOwner.js diff --git a/controllers/comments.controller.js b/controllers/comments.controller.js index 6d07c10..4715d9d 100644 --- a/controllers/comments.controller.js +++ b/controllers/comments.controller.js @@ -1,5 +1,5 @@ const { request, response} = require('express'); -const { createComment } = require('../services/comment'); +const { createComment, findId, deleteOne } = require('../services/comment'); const getComments = ( req = request, res = response )=> { @@ -23,9 +23,51 @@ const newComment = async(req = request, res = response ) => { }; +const deleteComment = async (req, res) => { + + const id = parseInt(req.params.id) + + try { + + // const id = parseInt(req.params.id); + + const commentDb = await findId(id); + + if (commentDb === null) { + + return res.status(404).json({ + message: "Comment not found", + commentDb + }) + + } else { + + const deletedComment = await deleteOne(id); + + return res.status(200).json({ + message: "Deleted", + id: id + }) + + } + + + } catch (error) { + + console.log(error) + return res.status(500).json({ + error:true, + message: "An error has ocurred" + }) + + } + +} + module.exports = { getComments, newComment, + deleteComment } \ No newline at end of file diff --git a/middleware/checkCommentOwner.js b/middleware/checkCommentOwner.js new file mode 100644 index 0000000..64e62be --- /dev/null +++ b/middleware/checkCommentOwner.js @@ -0,0 +1,30 @@ +const getComment = require('../services/comment').findId; + +const checkCommentOwner = async (req, res, next) => { + + const id = req.params.id; + const userId = req.user.id; + const userRoleId = req.user.roleId; + + const comment = await getComment(id); + const commentUserId = comment.user_id; + + // console.log("userId:" + userId); + // console.log("userRoleId:" + userRoleId); + + if ((userId === commentUserId) || userRoleId === 1) { + + return next(); + + } else { + + return res.status(401).json({ + error: true, + message: "Insufficient permissions", + }); + } + + +} + +module.exports = checkCommentOwner; \ No newline at end of file diff --git a/routes/comments.js b/routes/comments.js index 9e4acab..a36e971 100644 --- a/routes/comments.js +++ b/routes/comments.js @@ -2,13 +2,22 @@ const { Router } = require('express'); const router = Router(); const verifyToken = require('../middleware/verifyToken'); +const checkOwnership = require('../middleware/checkOwnership') const validatorHandler = require('../middleware/validatorHandler'); const commentsFields = require('../helpers/checkCommentsFields'); -const { newComment } = require('../controllers/comments.controller'); +const { newComment, deleteComment } = require('../controllers/comments.controller'); +const checkCommentOwner = require('../middleware/checkCommentOwner'); router.post('/', verifyToken, validatorHandler(commentsFields), newComment ); +router.delete('/:id',verifyToken, +checkCommentOwner, +deleteComment +); + + + diff --git a/services/comment.js b/services/comment.js index b7d0c76..27b81c5 100644 --- a/services/comment.js +++ b/services/comment.js @@ -1,4 +1,5 @@ const { Comment:DB } = require('../models') +const db = require('../models'); const createComment = async( data ) => { @@ -10,6 +11,26 @@ const createComment = async( data ) => { }; +const findId = async (id) => { + + const comment = await db.Comment.findByPk(id); + + return comment; + +} + +const deleteOne = async (id) => { + + const comment = await db.Comment.destroy( {where: {id} }); + + return comment; + +} + + + module.exports = { createComment, + findId, + deleteOne } \ No newline at end of file From 12eadd790b2fd662a4fe8790482ffc8789e4bb70 Mon Sep 17 00:00:00 2001 From: Luciano Dato Date: Thu, 16 Jun 2022 20:49:09 -0300 Subject: [PATCH 2/2] =?UTF-8?q?Se=20agrega=20l=C3=B3gica=20de=20owner=20y?= =?UTF-8?q?=20admin=20en=20el=20servicio?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- controllers/comments.controller.js | 52 ++++++++++++++---------------- routes/comments.js | 6 +--- services/comment.js | 32 ++++++++++++------ 3 files changed, 49 insertions(+), 41 deletions(-) diff --git a/controllers/comments.controller.js b/controllers/comments.controller.js index 4715d9d..41f5abc 100644 --- a/controllers/comments.controller.js +++ b/controllers/comments.controller.js @@ -1,24 +1,24 @@ -const { request, response} = require('express'); +const { request, response } = require('express'); const { createComment, findId, deleteOne } = require('../services/comment'); -const getComments = ( req = request, res = response )=> { +const getComments = (req = request, res = response) => { - res.status(200).json({ msg: 'getComments'}); + res.status(200).json({ msg: 'getComments' }); } -const newComment = async(req = request, res = response ) => { - +const newComment = async (req = request, res = response) => { + const { post_id, user_id, body } = req.body; try { - const comment = await createComment({ post_id, user_id, body }) + const comment = await createComment({ post_id, user_id, body }) - res.json({ error: false, message: 'El comentario se ah creado exitosamente', comment}); + res.json({ error: false, message: 'El comentario se ah creado exitosamente', comment }); } catch (error) { - res.status(500).json({ error: true, message: 'Error en el servidor, Comuniquese con el administrador', comment: null}); + res.status(500).json({ error: true, message: 'Error en el servidor, Comuniquese con el administrador', comment: null }); } }; @@ -26,37 +26,35 @@ const newComment = async(req = request, res = response ) => { const deleteComment = async (req, res) => { const id = parseInt(req.params.id) + const user = req.user; try { - // const id = parseInt(req.params.id); - - const commentDb = await findId(id); + const deletedComment = await deleteOne(user, id); + console.log("DeletedComment: " + deletedComment); - if (commentDb === null) { - - return res.status(404).json({ - message: "Comment not found", - commentDb + if (deletedComment == null) { + return res.status(400).json({ + message: "No se encontro el comentario" }) + } - } else { - - const deletedComment = await deleteOne(id); - - return res.status(200).json({ - message: "Deleted", - id: id + if (deletedComment != 1) { + return res.status(400).json({ + message: deletedComment }) - } - + return res.status(200).json({ + message: "Deleted", + id: id + }) + } catch (error) { - + console.log(error) return res.status(500).json({ - error:true, + error: true, message: "An error has ocurred" }) diff --git a/routes/comments.js b/routes/comments.js index a36e971..ac5e134 100644 --- a/routes/comments.js +++ b/routes/comments.js @@ -6,15 +6,11 @@ const checkOwnership = require('../middleware/checkOwnership') const validatorHandler = require('../middleware/validatorHandler'); const commentsFields = require('../helpers/checkCommentsFields'); const { newComment, deleteComment } = require('../controllers/comments.controller'); -const checkCommentOwner = require('../middleware/checkCommentOwner'); router.post('/', verifyToken, validatorHandler(commentsFields), newComment ); -router.delete('/:id',verifyToken, -checkCommentOwner, -deleteComment -); +router.delete('/:id',verifyToken, deleteComment ); diff --git a/services/comment.js b/services/comment.js index 27b81c5..dd35c28 100644 --- a/services/comment.js +++ b/services/comment.js @@ -1,9 +1,9 @@ -const { Comment:DB } = require('../models') +const { Comment: DB } = require('../models') const db = require('../models'); -const createComment = async( data ) => { +const createComment = async (data) => { - const comment = new DB( data ); + const comment = new DB(data); await comment.save(); @@ -12,21 +12,35 @@ const createComment = async( data ) => { }; const findId = async (id) => { - + const comment = await db.Comment.findByPk(id); - + return comment; } -const deleteOne = async (id) => { +const deleteOne = async (user, id) => { - const comment = await db.Comment.destroy( {where: {id} }); + const commentUserId = await db.Comment.findByPk(id); - return comment; + if (commentUserId === null) { + return null; + } else { + console.log("Existe el comentario"); + console.log("idComment: " + commentUserId.dataValues.user_id) + console.log("idUser: " + user.roleId) -} + if (commentUserId.dataValues.user_id === user.id || user.roleId === 1) { + const comment = await db.Comment.destroy({ where: { id } }); + + return comment; + + } else { + return "No tiene permisos para eliminar este comentario"; + } +} +} module.exports = {