option for users to delete their own comments
This commit is contained in:
@@ -543,8 +543,14 @@ export default (router, tpl) => {
|
||||
const comment = await db`SELECT content, item_id, user_id FROM comments WHERE id = ${commentId}`;
|
||||
if (!comment.length) return res.reply({ code: 404, body: JSON.stringify({ success: false, message: "Not found" }) });
|
||||
|
||||
if (!req.session.admin && !req.session.is_moderator && comment[0].user_id !== req.session.id) {
|
||||
return res.reply({ code: 403, body: JSON.stringify({ success: false, message: "Forbidden" }) });
|
||||
const { getAllowCommentDeletion } = await import("../settings.mjs");
|
||||
const canDeleteOwn = getAllowCommentDeletion();
|
||||
const isOwner = comment[0].user_id === req.session.id;
|
||||
|
||||
if (!req.session.admin && !req.session.is_moderator) {
|
||||
if (!canDeleteOwn || !isOwner) {
|
||||
return res.reply({ code: 403, body: JSON.stringify({ success: false, message: "Forbidden" }) });
|
||||
}
|
||||
}
|
||||
|
||||
// Log all deletions in audit log
|
||||
|
||||
@@ -80,3 +80,7 @@ export const setLogUserIps = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
export const getHashUserIps = () => !!cfg.websrv.hash_user_ips;
|
||||
export const setHashUserIps = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
export const getAllowCommentDeletion = () => !!cfg.websrv.allow_comment_deletion;
|
||||
export const setAllowCommentDeletion = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
|
||||
Reference in New Issue
Block a user