option for users to delete their own comments

This commit is contained in:
2026-05-24 10:05:40 +02:00
parent 375e1a85d4
commit bb4125601f
8 changed files with 96 additions and 29 deletions

View File

@@ -543,8 +543,14 @@ export default (router, tpl) => {
const comment = await db`SELECT content, item_id, user_id FROM comments WHERE id = ${commentId}`;
if (!comment.length) return res.reply({ code: 404, body: JSON.stringify({ success: false, message: "Not found" }) });
if (!req.session.admin && !req.session.is_moderator && comment[0].user_id !== req.session.id) {
return res.reply({ code: 403, body: JSON.stringify({ success: false, message: "Forbidden" }) });
const { getAllowCommentDeletion } = await import("../settings.mjs");
const canDeleteOwn = getAllowCommentDeletion();
const isOwner = comment[0].user_id === req.session.id;
if (!req.session.admin && !req.session.is_moderator) {
if (!canDeleteOwn || !isOwner) {
return res.reply({ code: 403, body: JSON.stringify({ success: false, message: "Forbidden" }) });
}
}
// Log all deletions in audit log

View File

@@ -80,3 +80,7 @@ export const setLogUserIps = (val) => {}; // No-op, strictly config-based
export const getHashUserIps = () => !!cfg.websrv.hash_user_ips;
export const setHashUserIps = (val) => {}; // No-op, strictly config-based
export const getAllowCommentDeletion = () => !!cfg.websrv.allow_comment_deletion;
export const setAllowCommentDeletion = (val) => {}; // No-op, strictly config-based