option for users to delete their own comments
This commit is contained in:
@@ -543,8 +543,14 @@ export default (router, tpl) => {
|
||||
const comment = await db`SELECT content, item_id, user_id FROM comments WHERE id = ${commentId}`;
|
||||
if (!comment.length) return res.reply({ code: 404, body: JSON.stringify({ success: false, message: "Not found" }) });
|
||||
|
||||
if (!req.session.admin && !req.session.is_moderator && comment[0].user_id !== req.session.id) {
|
||||
return res.reply({ code: 403, body: JSON.stringify({ success: false, message: "Forbidden" }) });
|
||||
const { getAllowCommentDeletion } = await import("../settings.mjs");
|
||||
const canDeleteOwn = getAllowCommentDeletion();
|
||||
const isOwner = comment[0].user_id === req.session.id;
|
||||
|
||||
if (!req.session.admin && !req.session.is_moderator) {
|
||||
if (!canDeleteOwn || !isOwner) {
|
||||
return res.reply({ code: 403, body: JSON.stringify({ success: false, message: "Forbidden" }) });
|
||||
}
|
||||
}
|
||||
|
||||
// Log all deletions in audit log
|
||||
|
||||
@@ -80,3 +80,7 @@ export const setLogUserIps = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
export const getHashUserIps = () => !!cfg.websrv.hash_user_ips;
|
||||
export const setHashUserIps = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
export const getAllowCommentDeletion = () => !!cfg.websrv.allow_comment_deletion;
|
||||
export const setAllowCommentDeletion = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ import { handleMetaExtract } from "./meta_extract_handler.mjs";
|
||||
import { handleMetaStrip } from "./meta_strip_handler.mjs";
|
||||
import { handleCommentUpload } from "./comment_upload_handler.mjs";
|
||||
import { handleDmAttachmentUpload, handleDmAttachmentDownload, handleDmAttachmentDelete } from "./dm_attachment_handler.mjs";
|
||||
import { getManualApproval, setManualApproval, getMinTags, setMinTags, getRegistrationOpen, setRegistrationOpen, getTrustedUploads, setTrustedUploads, getBypassDuplicateCheck, setBypassDuplicateCheck, getProtectFiles, setProtectFiles, getPrivateMessages, setPrivateMessages, getDmAttachments, setDmAttachments, getDmUnencrypted, setDmUnencrypted, getDefaultLayout, setDefaultLayout, getEnablePdf, setEnablePdf, getEnableCleanup, setEnableCleanup, getCleanupStartDate, setCleanupStartDate, getCleanupEndDate, setCleanupEndDate, getLogUserIps, setLogUserIps, getHashUserIps, setHashUserIps, getShitpostMode, setShitpostMode } from "./inc/settings.mjs";
|
||||
import { getManualApproval, setManualApproval, getMinTags, setMinTags, getRegistrationOpen, setRegistrationOpen, getTrustedUploads, setTrustedUploads, getBypassDuplicateCheck, setBypassDuplicateCheck, getProtectFiles, setProtectFiles, getPrivateMessages, setPrivateMessages, getDmAttachments, setDmAttachments, getDmUnencrypted, setDmUnencrypted, getDefaultLayout, setDefaultLayout, getEnablePdf, setEnablePdf, getEnableCleanup, setEnableCleanup, getCleanupStartDate, setCleanupStartDate, getCleanupEndDate, setCleanupEndDate, getLogUserIps, setLogUserIps, getHashUserIps, setHashUserIps, getShitpostMode, setShitpostMode, getAllowCommentDeletion, setAllowCommentDeletion } from "./inc/settings.mjs";
|
||||
import { updateHallsCache, getHalls } from "./inc/halls_cache.mjs";
|
||||
import { createI18n } from "./inc/i18n.mjs";
|
||||
import security from "./inc/security.mjs";
|
||||
@@ -1114,6 +1114,7 @@ process.on('uncaughtException', err => {
|
||||
get private_messages() { return getPrivateMessages(); },
|
||||
get dm_attachments() { return getDmAttachments(); },
|
||||
get dm_unencrypted() { return getDmUnencrypted(); },
|
||||
get allow_comment_deletion() { return getAllowCommentDeletion(); },
|
||||
get enable_pdf() { return getEnablePdf(); },
|
||||
get enable_cleanup() { return getEnableCleanup(); },
|
||||
get cleanup_start_date() { return getCleanupStartDate(); },
|
||||
|
||||
Reference in New Issue
Block a user