From 9b22d2719a1d2cb5e5211c417dea3d4a622f1a07 Mon Sep 17 00:00:00 2001 From: SomewhatDamaged Date: Wed, 1 Jan 2020 10:25:11 +1100 Subject: [PATCH] Adding /api/v1/json/comment/:id endpoint (#13) * Add `/api/v1/json/comment/:id` endpoint * Add controller for `/api/v1/json/comment/:id` Add controller for `/api/v1/json/comment/:id` endpoint * Fixes permissions Now will show `403 forbidden` if a comment on a deleted image is requested. * Fixed endpoint schema Now conforms to endpoint schema * Permission adjustment Will prevent `user_id` and `author` from leaking in the event the image is `hidden_from_users` * Permission lockout Lockout of all data if destroyed. * Lockout on destroyed_content Return 404 when `comment.destroyed_content` * Refactored for neatness --- lib/philomena_web/comment_json.ex | 28 ++++++++++++++-- .../api/json/comment_controller.ex | 32 +++++++++++++++++++ lib/philomena_web/router.ex | 1 + 3 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 lib/philomena_web/controllers/api/json/comment_controller.ex diff --git a/lib/philomena_web/comment_json.ex b/lib/philomena_web/comment_json.ex index 6aae1e99..e5508aeb 100644 --- a/lib/philomena_web/comment_json.ex +++ b/lib/philomena_web/comment_json.ex @@ -1,13 +1,37 @@ defmodule PhilomenaWeb.CommentJson do alias PhilomenaWeb.UserAttributionView + def as_json(%{destroyed_content: true}) do + nil + end + + def as_json(%{image: %{hidden_from_users: true}} = comment) do + %{ + id: comment.id, + image_id: comment.image_id, + user_id: nil, + author: nil, + body: nil + } + end + + def as_json(%{hidden_from_users: true} = comment) do + %{ + id: comment.id, + image_id: comment.image_id, + user_id: if(not comment.anonymous, do: comment.user_id), + author: if(comment.anonymous or is_nil(comment.user), do: UserAttributionView.anonymous_name(comment), else: comment.user.name), + body: nil + } + end + def as_json(comment) do %{ id: comment.id, image_id: comment.image_id, user_id: if(not comment.anonymous, do: comment.user_id), author: if(comment.anonymous or is_nil(comment.user), do: UserAttributionView.anonymous_name(comment), else: comment.user.name), - body: if(not comment.image.hidden_from_users and not comment.hidden_from_users, do: comment.body) + body: comment.body } end -end \ No newline at end of file +end diff --git a/lib/philomena_web/controllers/api/json/comment_controller.ex b/lib/philomena_web/controllers/api/json/comment_controller.ex new file mode 100644 index 00000000..e87527ff --- /dev/null +++ b/lib/philomena_web/controllers/api/json/comment_controller.ex @@ -0,0 +1,32 @@ +defmodule PhilomenaWeb.Api.Json.CommentController do + use PhilomenaWeb, :controller + + alias PhilomenaWeb.CommentJson + alias Philomena.Comments.Comment + alias Philomena.Repo + import Ecto.Query + + def show(conn, %{"id" => id}) do + comment = + Comment + |> where(id: ^id) + |> preload([:image, :user]) + |> Repo.one() + + cond do + is_nil(comment) or comment.destroyed_content -> + conn + |> put_status(:not_found) + |> text("") + + comment.image.hidden_from_users -> + conn + |> put_status(:forbidden) + |> text("") + + true -> + json(conn, %{comment: CommentJson.as_json(comment)}) + + end + end +end diff --git a/lib/philomena_web/router.ex b/lib/philomena_web/router.ex index ce5c899a..b7766fda 100644 --- a/lib/philomena_web/router.ex +++ b/lib/philomena_web/router.ex @@ -111,6 +111,7 @@ defmodule PhilomenaWeb.Router do resources "/oembed", OembedController, only: [:index] resources "/tags", TagController, only: [:show] + resources "/comments", CommentController, only: [:show] end scope "/", PhilomenaWeb do