From f32c922fafae6c11893cba0ce061365657581e79 Mon Sep 17 00:00:00 2001 From: heimoshuiyu Date: Mon, 13 Dec 2021 05:52:10 +0800 Subject: [PATCH] Add: delete review --- pkg/api/api.go | 1 + pkg/api/handle_review.go | 61 +++++++++++++++++++++++++++++++++ pkg/api/handle_user.go | 1 - pkg/database/method_review.go | 5 +++ pkg/database/sql_stmt.go | 9 +++++ web/src/component/EditReview.js | 26 +++++++++++++- 6 files changed, 101 insertions(+), 2 deletions(-) diff --git a/pkg/api/api.go b/pkg/api/api.go index 28eb51c..ceafb0c 100644 --- a/pkg/api/api.go +++ b/pkg/api/api.go @@ -97,6 +97,7 @@ func NewAPI(config Config) (*API, error) { apiMux.HandleFunc("/get_reviews_on_file", api.HandleGetReviewsOnFile) apiMux.HandleFunc("/get_review", api.HandleGetReview) apiMux.HandleFunc("/update_review", api.HandleUpdateReview) + apiMux.HandleFunc("/delete_review", api.HandleDeleteReview) // below needs token apiMux.HandleFunc("/walk", api.HandleWalk) apiMux.HandleFunc("/reset", api.HandleReset) diff --git a/pkg/api/handle_review.go b/pkg/api/handle_review.go index 0d25682..e9b0d73 100644 --- a/pkg/api/handle_review.go +++ b/pkg/api/handle_review.go @@ -2,6 +2,7 @@ package api import ( "encoding/json" + "errors" "msw-open-music/pkg/database" "net/http" "time" @@ -102,6 +103,32 @@ func (api *API) HandleGetReview(w http.ResponseWriter, r *http.Request) { } } +func (api *API) CheckUserCanModifyReview(w http.ResponseWriter, r *http.Request, reviewID int64) error { + review, err := api.Db.GetReview(reviewID) + if err != nil { + return err + } + + err = api.CheckNotAnonymous(w, r) + if err != nil { + return err + } + + err = api.CheckAdmin(w, r) + if err != nil { + userID, err := api.GetUserID(w, r) + if err != nil { + return err + } + + if review.UserId != userID { + return errors.New("you are not allowed to modify this review") + } + } + + return nil +} + func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) { req := &database.Review{} @@ -111,6 +138,12 @@ func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) { return } + err = api.CheckUserCanModifyReview(w, r, req.ID) + if err != nil { + api.HandleError(w, r, err) + return + } + req.UpdatedAt = time.Now().Unix() err = api.Db.UpdateReview(req) @@ -121,3 +154,31 @@ func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) { api.HandleOK(w, r) } + +type DeleteReviewRequest struct { + ID int64 `json:"id"` +} + +func (api *API) HandleDeleteReview(w http.ResponseWriter, r *http.Request) { + req := &DeleteReviewRequest{} + + err := json.NewDecoder(r.Body).Decode(req) + if err != nil { + api.HandleError(w, r, err) + return + } + + err = api.CheckUserCanModifyReview(w, r, req.ID) + if err != nil { + api.HandleError(w, r, err) + return + } + + err = api.Db.DeleteReview(req.ID) + if err != nil { + api.HandleError(w, r, err) + return + } + + api.HandleOK(w, r) +} diff --git a/pkg/api/handle_user.go b/pkg/api/handle_user.go index 1bb54ff..105974a 100644 --- a/pkg/api/handle_user.go +++ b/pkg/api/handle_user.go @@ -161,7 +161,6 @@ func (api *API) CheckAdmin(w http.ResponseWriter, r *http.Request) error { return ErrNotAdmin } - w.WriteHeader(http.StatusOK) return nil } diff --git a/pkg/database/method_review.go b/pkg/database/method_review.go index 915456f..f6d29c9 100644 --- a/pkg/database/method_review.go +++ b/pkg/database/method_review.go @@ -66,3 +66,8 @@ func (database *Database) UpdateReview(review *Review) error { review.ID) return err } + +func (database *Database) DeleteReview(reviewId int64) error { + _, err := database.stmt.deleteReview.Exec(reviewId) + return err +} diff --git a/pkg/database/sql_stmt.go b/pkg/database/sql_stmt.go index 4dce78e..da3f0cd 100644 --- a/pkg/database/sql_stmt.go +++ b/pkg/database/sql_stmt.go @@ -222,6 +222,8 @@ var getReviewQuery = `SELECT id, file_id, user_id, created_at, updated_at, conte var updateReviewQuery = `UPDATE reviews SET content = ?, updated_at = ? WHERE id = ?;` +var deleteReviewQuery = `DELETE FROM reviews WHERE id = ?;` + type Stmt struct { initFilesTable *sql.Stmt initFoldersTable *sql.Stmt @@ -266,6 +268,7 @@ type Stmt struct { getReviewsOnFile *sql.Stmt getReview *sql.Stmt updateReview *sql.Stmt + deleteReview *sql.Stmt } func NewPreparedStatement(sqlConn *sql.DB) (*Stmt, error) { @@ -594,5 +597,11 @@ func NewPreparedStatement(sqlConn *sql.DB) (*Stmt, error) { return nil, err } + // init deleteReview + stmt.deleteReview, err = sqlConn.Prepare(deleteReviewQuery) + if err != nil { + return nil, err + } + return stmt, err } diff --git a/web/src/component/EditReview.js b/web/src/component/EditReview.js index e335a7d..bf1fb70 100644 --- a/web/src/component/EditReview.js +++ b/web/src/component/EditReview.js @@ -56,6 +56,27 @@ function SingleReview() { }); } + function deleteReview() { + fetch("/api/v1/delete_review", { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + body: JSON.stringify({ + id: parseInt(params.id), + }), + }) + .then((response) => response.json()) + .then((data) => { + if (data.error) { + alert(data.error); + } else { + alert("Review deleted!"); + navigate(-1); + } + }); + } + useEffect(() => { refresh(); }, []); @@ -67,7 +88,10 @@ function SingleReview() { value={review.content} onChange={(e) => setReview({ ...review, content: e.target.value })} > - +
+ + +
); }