Let users w/ mod permissions hard delete threads #136
Conversation
nrdbstrd
commented
Jun 20, 2023
nrdbstrd
commented
- Wrote SQL query to delete threads & references to it from database
- Wrote DELETE endpoint for API
- Wrote tests for endpoint
- currently passes all except for 'thread already deleted test;' the endpoint works correctly, but site now returns a different response than when I originally wrote tests.
| @@ -3,3 +3,5 @@ | |||
| Welcome to BobaBoard's server project! | |||
|
|
|||
| Find related documentation on the [BobaDocs website](https://bobadocs.netlify.app/docs/engineering/boba-server/getting-started). | |||
|
|
|||
| this is a test commit to see if git's gonna fight me again | |||
There was a problem hiding this comment.
are_you_winning_son.png (pls revert :P)
| @@ -66,4 +66,4 @@ if (require.main === module) { | |||
| ); | |||
| } | |||
|
|
|||
| export default app; | |||
| export default app; | |||
There was a problem hiding this comment.
this should also be reverted, and hopefully small spurious changes like these won't happen again once we get our linting sorted
| "/:thread_id", | ||
| ensureLoggedIn, | ||
| ensureThreadAccess, | ||
| // ensureModPermissions? at some point |
There was a problem hiding this comment.
I would write a guard here to check if we're running in a development environment as part of this PR, just so that you can make it actually throw an Error by default. The risk being that we forget you haven't implemented the check, we accidentally do a release, then anyone can delete threads via API.
I think this should be as easy as doing:
router.delete(
"/:thread_id",
ensureLoggedIn,
ensureThreadAccess,
(_, _, next) => {
if (process.env. NODE_ENV === "development" || process.env.NODE_ENV === "test") {
next()
}
throw new Api500Error("this function is not available in production");
},
async (req, res) => {
// existing code....or something like that! Let me know if it doesn't work for any reason, haven't done this before.
Also feel free to put this somewhere so we can reuse it, if you find (or can create) a nice place!
| @@ -9,6 +9,41 @@ const createThread = ` | |||
| $/thread_options/) | |||
| RETURNING id`; | |||
|
|
|||
| const deleteThread = ` | |||
There was a problem hiding this comment.
This makes sense, but since we're at it we could split these more just so it's easier to read (and can be reused). I think what would make sense is:
delete tagsdelete commentsdelete postsdelete thread
Feel free to just add it as a TODO!
| @@ -9,6 +9,41 @@ const createThread = ` | |||
| $/thread_options/) | |||
| RETURNING id`; | |||
|
|
|||
| const deleteThread = ` | |||
| DELETE FROM post_categories WHERE post_id IN ( | |||
There was a problem hiding this comment.
Also, you're missing index tags I think
| expect(res.body).toEqual<GenericResponse>(ENSURE_LOGGED_IN_NO_TOKEN); | ||
| }); | ||
|
|
||
| test("should fail when thread has already been deleted/does not exist", async () => { |
There was a problem hiding this comment.
This test is failing right now: https://app.circleci.com/pipelines/github/BobaBoard/boba-backend/686/workflows/f8364f0e-c2e5-4564-8ad2-1e5e607747e5/jobs/1153
Feel free to comment it out and add it at the next pass. We probably can get this info as part of checking if the user has permissions for deleting the thread, so no point doing it now.
| @@ -269,6 +271,27 @@ export const CREATE_GORE_THREAD_RESPONSE: Thread = { | |||
| }, | |||
| }; | |||
|
|
|||
| // todo: finish filling fields | |||
| export const DELETED_THREAD_SUMMARY: ThreadSummary = { | |||
There was a problem hiding this comment.
I don't think you need this. Crossing fingers you should just be able to use any thread that already exists and the test DB setup will automatically rollback your query at the end of your tests (but let me know if this doesn't happen, cause that logic is a bit finicky sometimes). Mostly, adding a new thread will cause a lot of tests to fail cause they rely on how many posts we have in the DB.
(Yes, there's some bad practices at play here....)
I'm also fine with keeping it, but you'll have to fix the tests
| firebaseId: string; | ||
| }) => { | ||
| try { | ||
| const result = await pool.none(sql.deleteThread, { |
There was a problem hiding this comment.
You want to use pool.tx here (see:
boba-backend/server/boards/queries.ts
Line 201 in a7069e9
The reason is that if the query fails midway (e.g. could delete all the tags, but failed on the comments), you want the whole thing to deletion to rollback and the db to be restored to the original state.
See documentation too: https://github.com/vitaly-t/pg-promise#transactions
| @@ -220,3 +220,29 @@ INSERT INTO user_thread_identities(thread_id, user_id, identity_id) | |||
| (SELECT id FROM Users WHERE username = 'SexyDaddy69'), | |||
| (SELECT id FROM secret_identities WHERE display_name = 'The Prophet')); | |||
|
|
|||
| /* Insert test thread for deleting */ | |||
There was a problem hiding this comment.
See my comment at the end on the file. We may or may not want this. I'm inclined to trying to just delete existing ones for now, and then only do this if the db stuff I hacked in (which automatically restores DB state between tests) yells at us later.
enigmalea
added
the
⚾Needs Pinch Hitter
