IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Soft delete for comments implemented

Browse Source
This commit is contained in:
roschaefer 2019-08-30 18:15:18 +02:00
parent 4bfc0ff2bf
commit 0f64bbb71f
6 changed files with 158 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/src/middleware/permissionsMiddleware.js
View File

@ -91,13 +91,11 @@ const isAuthor = rule({
resourceId, resourceId,
}, },
) )
session.close()
const [author] = result.records.map(record => { const [author] = result.records.map(record => {
return record.get('author') return record.get('author')
}) })
const { const authorId = author && author.properties && author.properties.id
properties: { id: authorId },
} = author
session.close()
return authorId === user.id return authorId === user.id
}) })

34
backend/src/models/Comment.js Normal file
View File

@ -0,0 +1,34 @@
import uuid from 'uuid/v4'
module.exports = {
id: { type: 'string', primary: true, default: uuid },
createdAt: { type: 'string', isoDate: true, default: () => new Date().toISOString() },
updatedAt: {
type: 'string',
isoDate: true,
required: true,
default: () => new Date().toISOString(),
},
content: { type: 'string', disallow: [null], min: 3 },
contentExcerpt: { type: 'string', allow: [null] },
deleted: { type: 'boolean', default: false },
disabled: { type: 'boolean', default: false },
post: {
type: 'relationship',
relationship: 'COMMENTS',
target: 'Post',
direction: 'out',
},
author: {
type: 'relationship',
relationship: 'WROTE',
target: 'User',
direction: 'in',
},
disabledBy: {
type: 'relationship',
relationship: 'WROTE',
target: 'User',
direction: 'in',
},
}

1
backend/src/models/index.js
View File

@ -7,5 +7,6 @@ export default {
EmailAddress: require('./EmailAddress.js'), EmailAddress: require('./EmailAddress.js'),
SocialMedia: require('./SocialMedia.js'), SocialMedia: require('./SocialMedia.js'),
Post: require('./Post.js'), Post: require('./Post.js'),
Comment: require('./Comment.js'),
Category: require('./Category.js'), Category: require('./Category.js'),
} }

16
backend/src/schema/resolvers/comments.js
View File

@ -47,9 +47,19 @@ export default {
session.close() session.close()
return commentReturnedWithAuthor return commentReturnedWithAuthor
}, },
DeleteComment: async (object, params, context, resolveInfo) => { DeleteComment: async (object, args, context, resolveInfo) => {
const comment = await neo4jgraphql(object, params, context, resolveInfo, false) const session = context.driver.session()
const transactionRes = await session.run(
`
MATCH (comment:Comment {id: $commentId})
SET comment.deleted = TRUE
SET comment.content = 'DELETED'
SET comment.contentExcerpt = 'DELETED'
RETURN comment
`,
{ commentId: args.id },
)
const [comment] = transactionRes.records.map(record => record.get('comment').properties)
return comment return comment
}, },
}, },

225
backend/src/schema/resolvers/comments.spec.js
View File

@ -1,6 +1,5 @@
import { GraphQLClient } from 'graphql-request'
import Factory from '../../seed/factories' import Factory from '../../seed/factories'
import { host, login, gql } from '../../jest/helpers' import { gql } from '../../jest/helpers'
import { createTestClient } from 'apollo-server-testing' import { createTestClient } from 'apollo-server-testing'
import createServer from '../../server' import createServer from '../../server'
import { neode as getNeode, getDriver } from '../../bootstrap/neo4j' import { neode as getNeode, getDriver } from '../../bootstrap/neo4j'
@ -9,13 +8,10 @@ const driver = getDriver()
const neode = getNeode() const neode = getNeode()
const factory = Factory() const factory = Factory()
let client
let headers
const categoryIds = ['cat9']
let variables let variables
let mutate let mutate
let authenticatedUser let authenticatedUser
let commentAuthor
beforeAll(() => { beforeAll(() => {
const { server } = createServer({ const { server } = createServer({
@ -54,6 +50,26 @@ const createCommentMutation = gql`
} }
} }
` `
const setupPostAndComment = async () => {
commentAuthor = await factory.create('User')
await factory.create('Post', {
id: 'p1',
content: 'Post to be commented',
categoryIds: ['cat9'],
})
await factory.create('Comment', {
id: 'c456',
postId: 'p1',
author: commentAuthor,
content: 'Comment to be deleted',
})
variables = {
...variables,
id: 'c456',
content: 'The comment is updated',
}
}
describe('CreateComment', () => { describe('CreateComment', () => {
describe('unauthenticated', () => { describe('unauthenticated', () => {
it('throws authorization error', async () => { it('throws authorization error', async () => {
@ -62,8 +78,8 @@ describe('CreateComment', () => {
postId: 'p1', postId: 'p1',
content: "I'm not authorised to comment", content: "I'm not authorised to comment",
} }
const result = await mutate({ mutation: createCommentMutation, variables }) const { errors } = await mutate({ mutation: createCommentMutation, variables })
expect(result.errors[0]).toHaveProperty('message', 'Not Authorised!') expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
}) })
}) })
@ -75,7 +91,7 @@ describe('CreateComment', () => {
describe('given a post', () => { describe('given a post', () => {
beforeEach(async () => { beforeEach(async () => {
await factory.create('Post', { categoryIds, id: 'p1' }) await factory.create('Post', { categoryIds: ['cat9'], id: 'p1' })
variables = { variables = {
...variables, ...variables,
postId: 'p1', postId: 'p1',
@ -138,193 +154,128 @@ describe('CreateComment', () => {
}) })
}) })
describe('ManageComments', () => { describe('UpdateComment', () => {
let authorParams const updateCommentMutation = gql`
beforeEach(async () => { mutation($content: String!, $id: ID!) {
authorParams = { UpdateComment(content: $content, id: $id) {
email: 'author@example.org', id
password: '1234', content
}
const asAuthor = Factory()
await asAuthor.create('User', authorParams)
await asAuthor.authenticateAs(authorParams)
await asAuthor.create('Post', {
id: 'p1',
content: 'Post to be commented',
categoryIds,
})
await asAuthor.create('Comment', {
id: 'c456',
postId: 'p1',
content: 'Comment to be deleted',
})
})
describe('UpdateComment', () => {
const updateCommentMutation = gql`
mutation($content: String!, $id: ID!) {
UpdateComment(content: $content, id: $id) {
id
content
}
} }
`
let updateCommentVariables = {
id: 'c456',
content: 'The comment is updated',
} }
`
describe('given a post and a comment', () => {
beforeEach(setupPostAndComment)
describe('unauthenticated', () => { describe('unauthenticated', () => {
it('throws authorization error', async () => { it('throws authorization error', async () => {
client = new GraphQLClient(host) const { errors } = await mutate({ mutation: updateCommentMutation, variables })
await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow( expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
'Not Authorised',
)
}) })
}) })
describe('authenticated but not the author', () => { describe('authenticated but not the author', () => {
beforeEach(async () => { beforeEach(async () => {
headers = await login({ const randomGuy = await factory.create('User')
email: 'test@example.org', authenticatedUser = await randomGuy.toJson()
password: '1234',
})
client = new GraphQLClient(host, {
headers,
})
}) })
it('throws authorization error', async () => { it('throws authorization error', async () => {
await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow( const { errors } = await mutate({ mutation: updateCommentMutation, variables })
'Not Authorised', expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
)
}) })
}) })
describe('authenticated as author', () => { describe('authenticated as author', () => {
beforeEach(async () => { beforeEach(async () => {
headers = await login(authorParams) authenticatedUser = await commentAuthor.toJson()
client = new GraphQLClient(host, {
headers,
})
}) })
it('updates the comment', async () => { it('updates the comment', async () => {
const expected = { const expected = {
UpdateComment: { data: { UpdateComment: { id: 'c456', content: 'The comment is updated' } },
id: 'c456',
content: 'The comment is updated',
},
} }
await expect( await expect(mutate({ mutation: updateCommentMutation, variables })).resolves.toMatchObject(
client.request(updateCommentMutation, updateCommentVariables), expected,
).resolves.toEqual(expected)
})
it('throw an error if an empty string is sent from the editor as content', async () => {
updateCommentVariables = {
id: 'c456',
content: '<p></p>',
}
await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
'Comment must be at least 1 character long!',
) )
}) })
it('throws an error if a comment sent from the editor does not contain a single letter character', async () => { describe('if `content` empty', () => {
updateCommentVariables = { beforeEach(() => {
id: 'c456', variables = { ...variables, content: ' <p> </p>' }
content: '<p> </p>', })
}
await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow( it('throws InputError', async () => {
'Comment must be at least 1 character long!', const { errors } = await mutate({ mutation: updateCommentMutation, variables })
) expect(errors[0]).toHaveProperty('message', 'Comment must be at least 1 character long!')
})
}) })
it('throws an error if commentId is sent as an empty string', async () => { describe('if comment does not exist for given id', () => {
updateCommentVariables = { beforeEach(() => {
id: '', variables = { ...variables, id: 'does-not-exist' }
content: '<p>Hello</p>', })
}
await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow( it('returns null', async () => {
'Not Authorised!', const { data, errors } = await mutate({ mutation: updateCommentMutation, variables })
) expect(data).toMatchObject({ UpdateComment: null })
}) expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
})
it('throws an error if the comment does not exist in the database', async () => {
updateCommentVariables = {
id: 'c1000',
content: '<p>Hello</p>',
}
await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
'Not Authorised!',
)
}) })
}) })
}) })
})
describe('DeleteComment', () => { describe('DeleteComment', () => {
const deleteCommentMutation = gql` const deleteCommentMutation = gql`
mutation($id: ID!) { mutation($id: ID!) {
DeleteComment(id: $id) { DeleteComment(id: $id) {
id id
} content
contentExcerpt
deleted
} }
`
const deleteCommentVariables = {
id: 'c456',
} }
`
describe('given a post and a comment', () => {
beforeEach(setupPostAndComment)
describe('unauthenticated', () => { describe('unauthenticated', () => {
it('throws authorization error', async () => { it('throws authorization error', async () => {
client = new GraphQLClient(host) const result = await mutate({ mutation: deleteCommentMutation, variables })
await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow( expect(result.errors[0]).toHaveProperty('message', 'Not Authorised!')
'Not Authorised',
)
}) })
}) })
describe('authenticated but not the author', () => { describe('authenticated but not the author', () => {
beforeEach(async () => { beforeEach(async () => {
headers = await login({ const randomGuy = await factory.create('User')
email: 'test@example.org', authenticatedUser = await randomGuy.toJson()
password: '1234',
})
client = new GraphQLClient(host, {
headers,
})
}) })
it('throws authorization error', async () => { it('throws authorization error', async () => {
await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow( const { errors } = await mutate({ mutation: deleteCommentMutation, variables })
'Not Authorised', expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
)
}) })
}) })
describe('authenticated as author', () => { describe('authenticated as author', () => {
beforeEach(async () => { beforeEach(async () => {
headers = await login(authorParams) authenticatedUser = await commentAuthor.toJson()
client = new GraphQLClient(host, {
headers,
})
}) })
it('deletes the comment', async () => { it('marks the comment as deleted and blacks out content', async () => {
const { data } = await mutate({ mutation: deleteCommentMutation, variables })
const expected = { const expected = {
DeleteComment: { DeleteComment: {
id: 'c456', id: 'c456',
deleted: true,
content: 'DELETED',
contentExcerpt: 'DELETED',
}, },
} }
await expect( expect(data).toMatchObject(expected)
client.request(deleteCommentMutation, deleteCommentVariables),
).resolves.toEqual(expected)
}) })
}) })
}) })

34
backend/src/seed/factories/comments.js
View File

@ -1,21 +1,27 @@
import faker from 'faker' import faker from 'faker'
import uuid from 'uuid/v4' import uuid from 'uuid/v4'
export default function(params) { export default function create() {
const {
id = uuid(),
postId = 'p6',
content = [faker.lorem.sentence(), faker.lorem.sentence()].join('. '),
} = params
return { return {
mutation: ` factory: async ({ args, neodeInstance }) => {
mutation($id: ID!, $postId: ID!, $content: String!) { const defaults = {
CreateComment(id: $id, postId: $postId, content: $content) { id: uuid(),
id content: [faker.lorem.sentence(), faker.lorem.sentence()].join('. '),
}
} }
`, args = {
variables: { id, postId, content }, ...defaults,
...args,
}
const { postId } = args
if (!postId) throw new Error('PostId is missing!')
const post = await neodeInstance.find('Post', postId)
delete args.postId
const author = args.author || (await neodeInstance.create('User', args))
delete args.author
const comment = await neodeInstance.create('Comment', args)
await comment.relateTo(post, 'post')
await comment.relateTo(author, 'author')
return comment
},
} }
} }