feat: issues (#2180)

2025-09-17 17:24:35 +02:00 · 2021-10-24 21:44:20 +09:00
parent 6565c7dd9b
commit e402c42aaa
45 changed files with 4260 additions and 937 deletions
--- a/server/routes/issueComment.ts
+++ b/server/routes/issueComment.ts
@@ -0,0 +1,132 @@
+import { Router } from 'express';
+import { getRepository } from 'typeorm';
+import IssueComment from '../entity/IssueComment';
+import { Permission } from '../lib/permissions';
+import logger from '../logger';
+import { isAuthenticated } from '../middleware/auth';
+
+const issueCommentRoutes = Router();
+
+issueCommentRoutes.get<{ commentId: string }, IssueComment>(
+  '/:commentId',
+  isAuthenticated(
+    [
+      Permission.MANAGE_ISSUES,
+      Permission.VIEW_ISSUES,
+      Permission.CREATE_ISSUES,
+    ],
+    {
+      type: 'or',
+    }
+  ),
+  async (req, res, next) => {
+    const issueCommentRepository = getRepository(IssueComment);
+
+    try {
+      const comment = await issueCommentRepository.findOneOrFail({
+        where: { id: Number(req.params.commentId) },
+      });
+
+      if (
+        !req.user?.hasPermission(
+          [Permission.MANAGE_ISSUES, Permission.VIEW_ISSUES],
+          { type: 'or' }
+        ) &&
+        comment.user.id !== req.user?.id
+      ) {
+        return next({
+          status: 403,
+          message: 'You do not have permission to view this comment.',
+        });
+      }
+
+      return res.status(200).json(comment);
+    } catch (e) {
+      logger.debug('Request for unknown issue comment failed', {
+        label: 'API',
+        errorMessage: e.message,
+      });
+      next({ status: 404, message: 'Issue comment not found.' });
+    }
+  }
+);
+
+issueCommentRoutes.put<
+  { commentId: string },
+  IssueComment,
+  { message: string }
+>(
+  '/:commentId',
+  isAuthenticated([Permission.MANAGE_ISSUES, Permission.CREATE_ISSUES], {
+    type: 'or',
+  }),
+  async (req, res, next) => {
+    const issueCommentRepository = getRepository(IssueComment);
+
+    try {
+      const comment = await issueCommentRepository.findOneOrFail({
+        where: { id: Number(req.params.commentId) },
+      });
+
+      if (
+        !req.user?.hasPermission([Permission.MANAGE_ISSUES], { type: 'or' }) &&
+        comment.user.id !== req.user?.id
+      ) {
+        return next({
+          status: 403,
+          message: 'You do not have permission to edit this comment.',
+        });
+      }
+
+      comment.message = req.body.message;
+
+      await issueCommentRepository.save(comment);
+
+      return res.status(200).json(comment);
+    } catch (e) {
+      logger.debug('Put request for issue comment failed', {
+        label: 'API',
+        errorMessage: e.message,
+      });
+      next({ status: 404, message: 'Issue comment not found.' });
+    }
+  }
+);
+
+issueCommentRoutes.delete<{ commentId: string }, IssueComment>(
+  '/:commentId',
+  isAuthenticated([Permission.MANAGE_ISSUES, Permission.CREATE_ISSUES], {
+    type: 'or',
+  }),
+  async (req, res, next) => {
+    const issueCommentRepository = getRepository(IssueComment);
+
+    try {
+      const comment = await issueCommentRepository.findOneOrFail({
+        where: { id: Number(req.params.commentId) },
+      });
+
+      if (
+        !req.user?.hasPermission([Permission.MANAGE_ISSUES], { type: 'or' }) &&
+        comment.user.id !== req.user?.id
+      ) {
+        return next({
+          status: 403,
+          message: 'You do not have permission to delete this comment.',
+        });
+      }
+
+      await issueCommentRepository.remove(comment);
+
+      return res.status(204).send();
+    } catch (e) {
+      logger.debug('Delete request for issue comment failed', {
+        label: 'API',
+        errorMessage: e.message,
+      });
+      next({ status: 404, message: 'Issue comment not found.' });
+    }
+  }
+);
+
+export default issueCommentRoutes;