mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-27 21:47:59 +01:00
9b22d2719a
* Add `/api/v1/json/comment/:id` endpoint * Add controller for `/api/v1/json/comment/:id` Add controller for `/api/v1/json/comment/:id` endpoint * Fixes permissions Now will show `403 forbidden` if a comment on a deleted image is requested. * Fixed endpoint schema Now conforms to endpoint schema * Permission adjustment Will prevent `user_id` and `author` from leaking in the event the image is `hidden_from_users` * Permission lockout Lockout of all data if destroyed. * Lockout on destroyed_content Return 404 when `comment.destroyed_content` * Refactored for neatness
32 lines
678 B
Elixir
32 lines
678 B
Elixir
defmodule PhilomenaWeb.Api.Json.CommentController do
|
|
use PhilomenaWeb, :controller
|
|
|
|
alias PhilomenaWeb.CommentJson
|
|
alias Philomena.Comments.Comment
|
|
alias Philomena.Repo
|
|
import Ecto.Query
|
|
|
|
def show(conn, %{"id" => id}) do
|
|
comment =
|
|
Comment
|
|
|> where(id: ^id)
|
|
|> preload([:image, :user])
|
|
|> Repo.one()
|
|
|
|
cond do
|
|
is_nil(comment) or comment.destroyed_content ->
|
|
conn
|
|
|> put_status(:not_found)
|
|
|> text("")
|
|
|
|
comment.image.hidden_from_users ->
|
|
conn
|
|
|> put_status(:forbidden)
|
|
|> text("")
|
|
|
|
true ->
|
|
json(conn, %{comment: CommentJson.as_json(comment)})
|
|
|
|
end
|
|
end
|
|
end
|