From 0b3bbb1f14f4a374ec82bae98c4e30408202ab5b Mon Sep 17 00:00:00 2001
From: roschaefer <git@roschaefer.de>
Date: Tue, 3 Sep 2019 12:58:17 +0200
Subject: [PATCH] Delete post.title and obfuscate `slug`

---
 backend/src/middleware/softDeleteMiddleware.js      | 1 +
 backend/src/middleware/softDeleteMiddleware.spec.js | 9 +++++++++
 backend/src/schema/resolvers/posts.js               | 2 ++
 backend/src/schema/resolvers/users.js               | 2 ++
 4 files changed, 14 insertions(+)

diff --git a/backend/src/middleware/softDeleteMiddleware.js b/backend/src/middleware/softDeleteMiddleware.js
index b07770fd9..29898c216 100644
--- a/backend/src/middleware/softDeleteMiddleware.js
+++ b/backend/src/middleware/softDeleteMiddleware.js
@@ -18,6 +18,7 @@ const obfuscate = async (resolve, root, args, context, info) => {
     root.content = 'UNAVAILABLE'
     root.contentExcerpt = 'UNAVAILABLE'
     root.title = 'UNAVAILABLE'
+    root.slug = 'UNAVAILABLE'
     root.image = 'UNAVAILABLE'
     root.avatar = 'UNAVAILABLE'
     root.about = 'UNAVAILABLE'
diff --git a/backend/src/middleware/softDeleteMiddleware.spec.js b/backend/src/middleware/softDeleteMiddleware.spec.js
index 73446fe1e..8e1e10551 100644
--- a/backend/src/middleware/softDeleteMiddleware.spec.js
+++ b/backend/src/middleware/softDeleteMiddleware.spec.js
@@ -31,6 +31,7 @@ beforeAll(async () => {
       id: 'u2',
       role: 'user',
       name: 'Offensive Name',
+      slug: 'offensive-name',
       avatar: '/some/offensive/avatar.jpg',
       about: 'This self description is very offensive',
     }),
@@ -52,6 +53,7 @@ beforeAll(async () => {
       author: user,
       id: 'p1',
       title: 'Deleted post',
+      slug: 'deleted-post',
       deleted: true,
       categoryIds,
     }),
@@ -59,6 +61,7 @@ beforeAll(async () => {
       author: user,
       id: 'p3',
       title: 'Publicly visible post',
+      slug: 'publicly-visible-post',
       deleted: false,
       categoryIds,
     }),
@@ -147,6 +150,7 @@ describe('softDeleteMiddleware', () => {
           User(id: "u1") {
             following {
               name
+              slug
               about
               avatar
             }
@@ -163,6 +167,7 @@ describe('softDeleteMiddleware', () => {
             following {
               contributions {
                 title
+                slug
                 image
                 content
                 contentExcerpt
@@ -188,6 +193,7 @@ describe('softDeleteMiddleware', () => {
         beforeEach(beforeUser)
 
         it('displays name', () => expect(subject.name).toEqual('Offensive Name'))
+        it('obfuscates slug', () => expect(subject.slug).toEqual('offensive-name'))
         it('displays about', () =>
           expect(subject.about).toEqual('This self description is very offensive'))
         it('displays avatar', () => expect(subject.avatar).toEqual('/some/offensive/avatar.jpg'))
@@ -197,6 +203,7 @@ describe('softDeleteMiddleware', () => {
         beforeEach(beforePost)
 
         it('displays title', () => expect(subject.title).toEqual('Disabled post'))
+        it('obfuscates slug', () => expect(subject.slug).toEqual('disabled-post'))
         it('displays content', () =>
           expect(subject.content).toEqual('This is an offensive post content'))
         it('displays contentExcerpt', () =>
@@ -222,6 +229,7 @@ describe('softDeleteMiddleware', () => {
         beforeEach(beforeUser)
 
         it('obfuscates name', () => expect(subject.name).toEqual('UNAVAILABLE'))
+        it('obfuscates slug', () => expect(subject.slug).toEqual('UNAVAILABLE'))
         it('obfuscates about', () => expect(subject.about).toEqual('UNAVAILABLE'))
         it('obfuscates avatar', () => expect(subject.avatar).toEqual('UNAVAILABLE'))
       })
@@ -230,6 +238,7 @@ describe('softDeleteMiddleware', () => {
         beforeEach(beforePost)
 
         it('obfuscates title', () => expect(subject.title).toEqual('UNAVAILABLE'))
+        it('obfuscates slug', () => expect(subject.slug).toEqual('UNAVAILABLE'))
         it('obfuscates content', () => expect(subject.content).toEqual('UNAVAILABLE'))
         it('obfuscates contentExcerpt', () => expect(subject.contentExcerpt).toEqual('UNAVAILABLE'))
         it('obfuscates image', () => expect(subject.image).toEqual('UNAVAILABLE'))
diff --git a/backend/src/schema/resolvers/posts.js b/backend/src/schema/resolvers/posts.js
index 1b97617cc..753b896e3 100644
--- a/backend/src/schema/resolvers/posts.js
+++ b/backend/src/schema/resolvers/posts.js
@@ -143,6 +143,7 @@ export default {
 
     DeletePost: async (object, args, context, resolveInfo) => {
       const session = context.driver.session()
+      // we cannot set slug to 'UNAVAILABE' because of unique constraints
       const transactionRes = await session.run(
         `
         MATCH (post:Post {id: $postId})
@@ -151,6 +152,7 @@ export default {
         SET post.image          = 'UNAVAILABLE'
         SET post.content        = 'UNAVAILABLE'
         SET post.contentExcerpt = 'UNAVAILABLE'
+        SET post.title          = 'UNAVAILABLE'
         SET comment.deleted     = TRUE
         RETURN post
       `,
diff --git a/backend/src/schema/resolvers/users.js b/backend/src/schema/resolvers/users.js
index 97bbcd13b..44d4cff50 100644
--- a/backend/src/schema/resolvers/users.js
+++ b/backend/src/schema/resolvers/users.js
@@ -123,6 +123,8 @@ export default {
             }),
           )
         }
+
+        // we cannot set slug to 'UNAVAILABE' because of unique constraints
         const transactionResult = await session.run(
           `
           MATCH (user:User {id: $userId})