Soft delete for comments implemented

backend/src/middleware/permissionsMiddleware.js

@@ -91,13 +91,11 @@ const isAuthor = rule({
       resourceId,
     },
   )
+  session.close()
   const [author] = result.records.map(record => {
     return record.get('author')
   })
-  const {
-    properties: { id: authorId },
-  } = author
-  session.close()
+  const authorId = author && author.properties && author.properties.id
   return authorId === user.id
 })
 

backend/src/models/Comment.js

@@ -0,0 +1,34 @@
+import uuid from 'uuid/v4'
+
+module.exports = {
+  id: { type: 'string', primary: true, default: uuid },
+  createdAt: { type: 'string', isoDate: true, default: () => new Date().toISOString() },
+  updatedAt: {
+    type: 'string',
+    isoDate: true,
+    required: true,
+    default: () => new Date().toISOString(),
+  },
+  content: { type: 'string', disallow: [null], min: 3 },
+  contentExcerpt: { type: 'string', allow: [null] },
+  deleted: { type: 'boolean', default: false },
+  disabled: { type: 'boolean', default: false },
+  post: {
+    type: 'relationship',
+    relationship: 'COMMENTS',
+    target: 'Post',
+    direction: 'out',
+  },
+  author: {
+    type: 'relationship',
+    relationship: 'WROTE',
+    target: 'User',
+    direction: 'in',
+  },
+  disabledBy: {
+    type: 'relationship',
+    relationship: 'WROTE',
+    target: 'User',
+    direction: 'in',
+  },
+}

backend/src/models/index.js

@@ -7,5 +7,6 @@ export default {
   EmailAddress: require('./EmailAddress.js'),
   SocialMedia: require('./SocialMedia.js'),
   Post: require('./Post.js'),
+  Comment: require('./Comment.js'),
   Category: require('./Category.js'),
 }

backend/src/schema/resolvers/comments.js

@@ -47,9 +47,19 @@ export default {
       session.close()
       return commentReturnedWithAuthor
     },
-    DeleteComment: async (object, params, context, resolveInfo) => {
-      const comment = await neo4jgraphql(object, params, context, resolveInfo, false)
-
+    DeleteComment: async (object, args, context, resolveInfo) => {
+      const session = context.driver.session()
+      const transactionRes = await session.run(
+        `
+        MATCH (comment:Comment {id: $commentId})
+        SET comment.deleted        = TRUE
+        SET comment.content        = 'DELETED'
+        SET comment.contentExcerpt = 'DELETED'
+        RETURN comment
+      `,
+        { commentId: args.id },
+      )
+      const [comment] = transactionRes.records.map(record => record.get('comment').properties)
       return comment
     },
   },

backend/src/schema/resolvers/comments.spec.js

@@ -1,6 +1,5 @@
-import { GraphQLClient } from 'graphql-request'
 import Factory from '../../seed/factories'
-import { host, login, gql } from '../../jest/helpers'
+import { gql } from '../../jest/helpers'
 import { createTestClient } from 'apollo-server-testing'
 import createServer from '../../server'
 import { neode as getNeode, getDriver } from '../../bootstrap/neo4j'
@@ -9,13 +8,10 @@ const driver = getDriver()
 const neode = getNeode()
 const factory = Factory()
 
-let client
-let headers
-const categoryIds = ['cat9']
-
 let variables
 let mutate
 let authenticatedUser
+let commentAuthor
 
 beforeAll(() => {
   const { server } = createServer({
@@ -54,6 +50,26 @@ const createCommentMutation = gql`
     }
   }
 `
+const setupPostAndComment = async () => {
+  commentAuthor = await factory.create('User')
+  await factory.create('Post', {
+    id: 'p1',
+    content: 'Post to be commented',
+    categoryIds: ['cat9'],
+  })
+  await factory.create('Comment', {
+    id: 'c456',
+    postId: 'p1',
+    author: commentAuthor,
+    content: 'Comment to be deleted',
+  })
+  variables = {
+    ...variables,
+    id: 'c456',
+    content: 'The comment is updated',
+  }
+}
+
 describe('CreateComment', () => {
   describe('unauthenticated', () => {
     it('throws authorization error', async () => {
@@ -62,8 +78,8 @@ describe('CreateComment', () => {
         postId: 'p1',
         content: "I'm not authorised to comment",
       }
-      const result = await mutate({ mutation: createCommentMutation, variables })
-      expect(result.errors[0]).toHaveProperty('message', 'Not Authorised!')
+      const { errors } = await mutate({ mutation: createCommentMutation, variables })
+      expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
     })
   })
 
@@ -75,7 +91,7 @@ describe('CreateComment', () => {
 
     describe('given a post', () => {
       beforeEach(async () => {
-        await factory.create('Post', { categoryIds, id: 'p1' })
+        await factory.create('Post', { categoryIds: ['cat9'], id: 'p1' })
         variables = {
           ...variables,
           postId: 'p1',
@@ -138,193 +154,128 @@ describe('CreateComment', () => {
   })
 })
 
-describe('ManageComments', () => {
-  let authorParams
-  beforeEach(async () => {
-    authorParams = {
-      email: 'author@example.org',
-      password: '1234',
-    }
-    const asAuthor = Factory()
-    await asAuthor.create('User', authorParams)
-    await asAuthor.authenticateAs(authorParams)
-    await asAuthor.create('Post', {
-      id: 'p1',
-      content: 'Post to be commented',
-      categoryIds,
-    })
-    await asAuthor.create('Comment', {
-      id: 'c456',
-      postId: 'p1',
-      content: 'Comment to be deleted',
-    })
-  })
-
-  describe('UpdateComment', () => {
-    const updateCommentMutation = gql`
-      mutation($content: String!, $id: ID!) {
-        UpdateComment(content: $content, id: $id) {
-          id
-          content
-        }
+describe('UpdateComment', () => {
+  const updateCommentMutation = gql`
+    mutation($content: String!, $id: ID!) {
+      UpdateComment(content: $content, id: $id) {
+        id
+        content
       }
-    `
-
-    let updateCommentVariables = {
-      id: 'c456',
-      content: 'The comment is updated',
     }
+  `
+
+  describe('given a post and a comment', () => {
+    beforeEach(setupPostAndComment)
 
     describe('unauthenticated', () => {
       it('throws authorization error', async () => {
-        client = new GraphQLClient(host)
-        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
-          'Not Authorised',
-        )
+        const { errors } = await mutate({ mutation: updateCommentMutation, variables })
+        expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
       })
     })
 
     describe('authenticated but not the author', () => {
       beforeEach(async () => {
-        headers = await login({
-          email: 'test@example.org',
-          password: '1234',
-        })
-        client = new GraphQLClient(host, {
-          headers,
-        })
+        const randomGuy = await factory.create('User')
+        authenticatedUser = await randomGuy.toJson()
       })
 
       it('throws authorization error', async () => {
-        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
-          'Not Authorised',
-        )
+        const { errors } = await mutate({ mutation: updateCommentMutation, variables })
+        expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
       })
     })
 
     describe('authenticated as author', () => {
       beforeEach(async () => {
-        headers = await login(authorParams)
-        client = new GraphQLClient(host, {
-          headers,
-        })
+        authenticatedUser = await commentAuthor.toJson()
       })
 
       it('updates the comment', async () => {
         const expected = {
-          UpdateComment: {
-            id: 'c456',
-            content: 'The comment is updated',
-          },
+          data: { UpdateComment: { id: 'c456', content: 'The comment is updated' } },
         }
-        await expect(
-          client.request(updateCommentMutation, updateCommentVariables),
-        ).resolves.toEqual(expected)
-      })
-
-      it('throw an error if an empty string is sent from the editor as content', async () => {
-        updateCommentVariables = {
-          id: 'c456',
-          content: '<p></p>',
-        }
-
-        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
-          'Comment must be at least 1 character long!',
+        await expect(mutate({ mutation: updateCommentMutation, variables })).resolves.toMatchObject(
+          expected,
         )
       })
 
-      it('throws an error if a comment sent from the editor does not contain a single letter character', async () => {
-        updateCommentVariables = {
-          id: 'c456',
-          content: '<p> </p>',
-        }
+      describe('if `content` empty', () => {
+        beforeEach(() => {
+          variables = { ...variables, content: '  <p> </p>' }
+        })
 
-        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
-          'Comment must be at least 1 character long!',
-        )
+        it('throws InputError', async () => {
+          const { errors } = await mutate({ mutation: updateCommentMutation, variables })
+          expect(errors[0]).toHaveProperty('message', 'Comment must be at least 1 character long!')
+        })
       })
 
-      it('throws an error if commentId is sent as an empty string', async () => {
-        updateCommentVariables = {
-          id: '',
-          content: '<p>Hello</p>',
-        }
+      describe('if comment does not exist for given id', () => {
+        beforeEach(() => {
+          variables = { ...variables, id: 'does-not-exist' }
+        })
 
-        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
-          'Not Authorised!',
-        )
-      })
-
-      it('throws an error if the comment does not exist in the database', async () => {
-        updateCommentVariables = {
-          id: 'c1000',
-          content: '<p>Hello</p>',
-        }
-
-        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
-          'Not Authorised!',
-        )
+        it('returns null', async () => {
+          const { data, errors } = await mutate({ mutation: updateCommentMutation, variables })
+          expect(data).toMatchObject({ UpdateComment: null })
+          expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
+        })
       })
     })
   })
+})
 
-  describe('DeleteComment', () => {
-    const deleteCommentMutation = gql`
-      mutation($id: ID!) {
-        DeleteComment(id: $id) {
-          id
-        }
+describe('DeleteComment', () => {
+  const deleteCommentMutation = gql`
+    mutation($id: ID!) {
+      DeleteComment(id: $id) {
+        id
+        content
+        contentExcerpt
+        deleted
       }
-    `
-
-    const deleteCommentVariables = {
-      id: 'c456',
     }
+  `
+
+  describe('given a post and a comment', () => {
+    beforeEach(setupPostAndComment)
 
     describe('unauthenticated', () => {
       it('throws authorization error', async () => {
-        client = new GraphQLClient(host)
-        await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow(
-          'Not Authorised',
-        )
+        const result = await mutate({ mutation: deleteCommentMutation, variables })
+        expect(result.errors[0]).toHaveProperty('message', 'Not Authorised!')
       })
     })
 
     describe('authenticated but not the author', () => {
       beforeEach(async () => {
-        headers = await login({
-          email: 'test@example.org',
-          password: '1234',
-        })
-        client = new GraphQLClient(host, {
-          headers,
-        })
+        const randomGuy = await factory.create('User')
+        authenticatedUser = await randomGuy.toJson()
       })
 
       it('throws authorization error', async () => {
-        await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow(
-          'Not Authorised',
-        )
+        const { errors } = await mutate({ mutation: deleteCommentMutation, variables })
+        expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
       })
     })
 
     describe('authenticated as author', () => {
       beforeEach(async () => {
-        headers = await login(authorParams)
-        client = new GraphQLClient(host, {
-          headers,
-        })
+        authenticatedUser = await commentAuthor.toJson()
       })
 
-      it('deletes the comment', async () => {
+      it('marks the comment as deleted and blacks out content', async () => {
+        const { data } = await mutate({ mutation: deleteCommentMutation, variables })
         const expected = {
           DeleteComment: {
             id: 'c456',
+            deleted: true,
+            content: 'DELETED',
+            contentExcerpt: 'DELETED',
           },
         }
-        await expect(
-          client.request(deleteCommentMutation, deleteCommentVariables),
-        ).resolves.toEqual(expected)
+        expect(data).toMatchObject(expected)
       })
     })
   })

backend/src/seed/factories/comments.js

@@ -1,21 +1,27 @@
 import faker from 'faker'
 import uuid from 'uuid/v4'
 
-export default function(params) {
-  const {
-    id = uuid(),
-    postId = 'p6',
-    content = [faker.lorem.sentence(), faker.lorem.sentence()].join('. '),
-  } = params
-
+export default function create() {
   return {
-    mutation: `
-      mutation($id: ID!, $postId: ID!, $content: String!) {
-        CreateComment(id: $id, postId: $postId, content: $content) {
-          id
-        }
+    factory: async ({ args, neodeInstance }) => {
+      const defaults = {
+        id: uuid(),
+        content: [faker.lorem.sentence(), faker.lorem.sentence()].join('. '),
       }
-    `,
-    variables: { id, postId, content },
+      args = {
+        ...defaults,
+        ...args,
+      }
+      const { postId } = args
+      if (!postId) throw new Error('PostId is missing!')
+      const post = await neodeInstance.find('Post', postId)
+      delete args.postId
+      const author = args.author || (await neodeInstance.create('User', args))
+      delete args.author
+      const comment = await neodeInstance.create('Comment', args)
+      await comment.relateTo(post, 'post')
+      await comment.relateTo(author, 'author')
+      return comment
+    },
   }
 }