Add: delete review
This commit is contained in:
@@ -97,6 +97,7 @@ func NewAPI(config Config) (*API, error) {
|
||||
apiMux.HandleFunc("/get_reviews_on_file", api.HandleGetReviewsOnFile)
|
||||
apiMux.HandleFunc("/get_review", api.HandleGetReview)
|
||||
apiMux.HandleFunc("/update_review", api.HandleUpdateReview)
|
||||
apiMux.HandleFunc("/delete_review", api.HandleDeleteReview)
|
||||
// below needs token
|
||||
apiMux.HandleFunc("/walk", api.HandleWalk)
|
||||
apiMux.HandleFunc("/reset", api.HandleReset)
|
||||
|
||||
@@ -2,6 +2,7 @@ package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"msw-open-music/pkg/database"
|
||||
"net/http"
|
||||
"time"
|
||||
@@ -102,6 +103,32 @@ func (api *API) HandleGetReview(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
func (api *API) CheckUserCanModifyReview(w http.ResponseWriter, r *http.Request, reviewID int64) error {
|
||||
review, err := api.Db.GetReview(reviewID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = api.CheckNotAnonymous(w, r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = api.CheckAdmin(w, r)
|
||||
if err != nil {
|
||||
userID, err := api.GetUserID(w, r)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if review.UserId != userID {
|
||||
return errors.New("you are not allowed to modify this review")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) {
|
||||
req := &database.Review{}
|
||||
|
||||
@@ -111,6 +138,12 @@ func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
err = api.CheckUserCanModifyReview(w, r, req.ID)
|
||||
if err != nil {
|
||||
api.HandleError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
req.UpdatedAt = time.Now().Unix()
|
||||
|
||||
err = api.Db.UpdateReview(req)
|
||||
@@ -121,3 +154,31 @@ func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
api.HandleOK(w, r)
|
||||
}
|
||||
|
||||
type DeleteReviewRequest struct {
|
||||
ID int64 `json:"id"`
|
||||
}
|
||||
|
||||
func (api *API) HandleDeleteReview(w http.ResponseWriter, r *http.Request) {
|
||||
req := &DeleteReviewRequest{}
|
||||
|
||||
err := json.NewDecoder(r.Body).Decode(req)
|
||||
if err != nil {
|
||||
api.HandleError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
err = api.CheckUserCanModifyReview(w, r, req.ID)
|
||||
if err != nil {
|
||||
api.HandleError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
err = api.Db.DeleteReview(req.ID)
|
||||
if err != nil {
|
||||
api.HandleError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
api.HandleOK(w, r)
|
||||
}
|
||||
|
||||
@@ -161,7 +161,6 @@ func (api *API) CheckAdmin(w http.ResponseWriter, r *http.Request) error {
|
||||
return ErrNotAdmin
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -66,3 +66,8 @@ func (database *Database) UpdateReview(review *Review) error {
|
||||
review.ID)
|
||||
return err
|
||||
}
|
||||
|
||||
func (database *Database) DeleteReview(reviewId int64) error {
|
||||
_, err := database.stmt.deleteReview.Exec(reviewId)
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -222,6 +222,8 @@ var getReviewQuery = `SELECT id, file_id, user_id, created_at, updated_at, conte
|
||||
|
||||
var updateReviewQuery = `UPDATE reviews SET content = ?, updated_at = ? WHERE id = ?;`
|
||||
|
||||
var deleteReviewQuery = `DELETE FROM reviews WHERE id = ?;`
|
||||
|
||||
type Stmt struct {
|
||||
initFilesTable *sql.Stmt
|
||||
initFoldersTable *sql.Stmt
|
||||
@@ -266,6 +268,7 @@ type Stmt struct {
|
||||
getReviewsOnFile *sql.Stmt
|
||||
getReview *sql.Stmt
|
||||
updateReview *sql.Stmt
|
||||
deleteReview *sql.Stmt
|
||||
}
|
||||
|
||||
func NewPreparedStatement(sqlConn *sql.DB) (*Stmt, error) {
|
||||
@@ -594,5 +597,11 @@ func NewPreparedStatement(sqlConn *sql.DB) (*Stmt, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// init deleteReview
|
||||
stmt.deleteReview, err = sqlConn.Prepare(deleteReviewQuery)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return stmt, err
|
||||
}
|
||||
|
||||
@@ -56,6 +56,27 @@ function SingleReview() {
|
||||
});
|
||||
}
|
||||
|
||||
function deleteReview() {
|
||||
fetch("/api/v1/delete_review", {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
body: JSON.stringify({
|
||||
id: parseInt(params.id),
|
||||
}),
|
||||
})
|
||||
.then((response) => response.json())
|
||||
.then((data) => {
|
||||
if (data.error) {
|
||||
alert(data.error);
|
||||
} else {
|
||||
alert("Review deleted!");
|
||||
navigate(-1);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
useEffect(() => {
|
||||
refresh();
|
||||
}, []);
|
||||
@@ -67,8 +88,11 @@ function SingleReview() {
|
||||
value={review.content}
|
||||
onChange={(e) => setReview({ ...review, content: e.target.value })}
|
||||
></textarea>
|
||||
<div>
|
||||
<button onClick={() => deleteReview()}>Delete</button>
|
||||
<button onClick={() => save()}>Save</button>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user