Adding /api/v1/json/comment/:id endpoint (#13)

* Add `/api/v1/json/comment/:id` endpoint

* Add controller for `/api/v1/json/comment/:id`

Add controller for `/api/v1/json/comment/:id` endpoint

* Fixes permissions

Now will show `403 forbidden` if a comment on a deleted image is requested.

* Fixed endpoint schema

Now conforms to endpoint schema

* Permission adjustment

Will prevent `user_id` and `author` from leaking in the event the image is `hidden_from_users`

* Permission lockout

Lockout of all data if destroyed.

* Lockout on destroyed_content

Return 404 when `comment.destroyed_content`

* Refactored for neatness

lib/philomena_web/comment_json.ex

@@ -1,13 +1,37 @@
 defmodule PhilomenaWeb.CommentJson do
   alias PhilomenaWeb.UserAttributionView
 
+  def as_json(%{destroyed_content: true}) do
+    nil
+  end
+
+  def as_json(%{image: %{hidden_from_users: true}} = comment) do
+    %{
+      id: comment.id,
+      image_id: comment.image_id,
+      user_id: nil,
+      author: nil,
+      body: nil
+    }
+  end
+
+  def as_json(%{hidden_from_users: true} = comment) do
+    %{
+      id: comment.id,
+      image_id: comment.image_id,
+      user_id: if(not comment.anonymous, do: comment.user_id),
+      author: if(comment.anonymous or is_nil(comment.user), do: UserAttributionView.anonymous_name(comment), else: comment.user.name),
+      body: nil
+    }
+  end
+
   def as_json(comment) do
     %{
       id: comment.id,
       image_id: comment.image_id,
       user_id: if(not comment.anonymous, do: comment.user_id),
       author: if(comment.anonymous or is_nil(comment.user), do: UserAttributionView.anonymous_name(comment), else: comment.user.name),
-      body: if(not comment.image.hidden_from_users and not comment.hidden_from_users, do: comment.body)
+      body: comment.body
     }
   end
-end
+end

lib/philomena_web/controllers/api/json/comment_controller.ex

@@ -0,0 +1,32 @@
+defmodule PhilomenaWeb.Api.Json.CommentController do
+  use PhilomenaWeb, :controller
+
+  alias PhilomenaWeb.CommentJson
+  alias Philomena.Comments.Comment
+  alias Philomena.Repo
+  import Ecto.Query
+
+  def show(conn, %{"id" => id}) do
+    comment = 
+      Comment
+      |> where(id: ^id)
+      |> preload([:image, :user])
+      |> Repo.one()
+
+    cond do
+      is_nil(comment) or comment.destroyed_content ->
+        conn
+        |> put_status(:not_found)
+        |> text("")
+
+      comment.image.hidden_from_users ->
+        conn
+        |> put_status(:forbidden)
+        |> text("")
+
+      true ->
+        json(conn, %{comment: CommentJson.as_json(comment)})
+
+    end
+  end
+end

lib/philomena_web/router.ex

@@ -111,6 +111,7 @@ defmodule PhilomenaWeb.Router do
 
     resources "/oembed", OembedController, only: [:index]
     resources "/tags", TagController, only: [:show]
+    resources "/comments", CommentController, only: [:show]
   end
 
   scope "/", PhilomenaWeb do