feat: server-side work for #9047

- rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res)
4 years ago · ef7d6db912
parent b5d910f53b
commit ef7d6db912
5 changed files with 24 additions and 10 deletions
--- a/src/api/posts.js
+++ b/src/api/posts.js
@ -37,7 +37,7 @@ postsAPI.edit = async function (caller, data) {

 	const editResult = await posts.edit(data);
 	if (editResult.topic.isMainPost) {
-		await topics.thumbs.commit(data.uuid, editResult.topic.tid);
+		await topics.thumbs.migrate(data.uuid, editResult.topic.tid);
 	}
 	if (editResult.topic.renamed) {
 		await events.log({
--- a/src/api/topics.js
+++ b/src/api/topics.js
@ -34,7 +34,7 @@ topicsAPI.create = async function (caller, data) {
 	}

 	const result = await topics.post(payload);
-	await topics.thumbs.commit(data.uuid, result.topicData.tid);
+	await topics.thumbs.migrate(data.uuid, result.topicData.tid);

 	socketHelpers.emitToUids('event:new_post', { posts: [result.postData] }, [caller.uid]);
 	socketHelpers.emitToUids('event:new_topic', result.topicData, [caller.uid]);
--- a/src/controllers/write/topics.js
+++ b/src/controllers/write/topics.js
@ -95,7 +95,7 @@ Topics.getThumbs = async (req, res) => {
 };

 Topics.addThumb = async (req, res) => {
-	await checkThumbPrivileges(req, res);
+	await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
 	if (res.headersSent) {
 		return;
 	}
@ -117,8 +117,21 @@ Topics.addThumb = async (req, res) => {
 	}));
 };

+Topics.migrateThumbs = async (req, res) => {
+	await Promise.all([
+		checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res }),
+		checkThumbPrivileges({ tid: req.body.tid, uid: req.user.uid, res }),
+	]);
+	if (res.headersSent) {
+		return;
+	}
+
+	await topics.thumbs.migrate(req.params.tid, req.body.tid);
+	helpers.formatApiResponse(200, res);
+};
+
 Topics.deleteThumb = async (req, res) => {
-	await checkThumbPrivileges(req, res);
+	await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
 	if (res.headersSent) {
 		return;
 	}
@ -127,17 +140,17 @@ Topics.deleteThumb = async (req, res) => {
 	helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
 };

-async function checkThumbPrivileges(req, res) {
+async function checkThumbPrivileges({ tid, uid, res }) {
 	// req.params.tid could be either a tid (pushing a new thumb to an existing topic) or a post UUID (a new topic being composed)
-	const isUUID = validator.isUUID(req.params.tid);
+	const isUUID = validator.isUUID(tid);

 	// Sanity-check the tid if it's strictly not a uuid
-	if (!isUUID && (isNaN(parseInt(req.params.tid, 10)) || !await topics.exists(req.params.tid))) {
+	if (!isUUID && (isNaN(parseInt(tid, 10)) || !await topics.exists(tid))) {
 		return helpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
 	}

 	// While drafts are not protected, tids are
-	if (!isUUID && !await privileges.topics.canEdit(req.params.tid, req.user.uid)) {
+	if (!isUUID && !await privileges.topics.canEdit(tid, uid)) {
 		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
 	}
 }
--- a/src/routes/write/topics.js
+++ b/src/routes/write/topics.js
@ -36,6 +36,7 @@ module.exports = function () {

 	setupApiRoute(router, 'get', '/:tid/thumbs', [], controllers.write.topics.getThumbs);
 	setupApiRoute(router, 'post', '/:tid/thumbs', [multipartMiddleware, middleware.validateFiles, ...middlewares], controllers.write.topics.addThumb);
+	setupApiRoute(router, 'put', '/:tid/thumbs', [], controllers.write.topics.migrateThumbs);
 	setupApiRoute(router, 'delete', '/:tid/thumbs', [...middlewares, middleware.assert.path], controllers.write.topics.deleteThumb);

 	return router;
--- a/src/topics/thumbs.js
+++ b/src/topics/thumbs.js
@ -45,11 +45,11 @@ Thumbs.associate = async function (id, path) {
 	db.sortedSetAdd(set, numThumbs, path);
 };

-Thumbs.commit = async function (uuid, tid) {
+Thumbs.migrate = async function (uuid, id) {
 	// Converts the draft thumb zset to the topic zset (combines thumbs if applicable)
 	const set = `draft:${uuid}:thumbs`;
 	const thumbs = await db.getSortedSetRange(set, 0, -1);
-	await Promise.all(thumbs.map(async path => await Thumbs.associate(tid, path)));
+	await Promise.all(thumbs.map(async path => await Thumbs.associate(id, path)));
 	await db.delete(set);
 };