diff --git a/graph/mutators/comment.js b/graph/mutators/comment.js index 0290d9f16..724e71917 100644 --- a/graph/mutators/comment.js +++ b/graph/mutators/comment.js @@ -28,7 +28,7 @@ const createComment = ({user, loaders: {Comments}}, {body, asset_id, parent_id = .then(async (comment) => { if (user.hasRoles('ADMIN') || user.hasRoles('MODERATOR')) { - await CommentsService.addTag(comment.id, 'STAFF', user.id); + await CommentsService.addTag(comment.id, 'STAFF', user.id, 'PUBLIC'); } // If the loaders are present, clear the caches for these values because we @@ -202,8 +202,8 @@ const setCommentStatus = ({loaders: {Comments}}, {id, status}) => { * @param {String} id identifier of the comment (uuid) * @param {String} tag name of the tag */ -const addCommentTag = ({user, loaders: {Comments}}, {id, tag}) => { - return CommentsService.addTag(id, tag, user.id); +const addCommentTag = ({user, loaders: {Comments}}, {id, tag, privacy_type}) => { + return CommentsService.addTag(id, tag, user.id, privacy_type); }; /** diff --git a/graph/resolvers/root_mutation.js b/graph/resolvers/root_mutation.js index 661cc9f96..d669869cd 100644 --- a/graph/resolvers/root_mutation.js +++ b/graph/resolvers/root_mutation.js @@ -32,8 +32,8 @@ const RootMutation = { setCommentStatus(_, {id, status}, {mutators: {Comment}}) { return wrapResponse(null)(Comment.setCommentStatus({id, status})); }, - addCommentTag(_, {id, tag}, {mutators: {Comment}}) { - return wrapResponse('comment')(Comment.addCommentTag({id, tag}).then(() => CommentsService.findById(id))); + addCommentTag(_, {id, tag, privacy_type}, {mutators: {Comment}}) { + return wrapResponse('comment')(Comment.addCommentTag({id, tag, privacy_type}).then(() => CommentsService.findById(id))); }, removeCommentTag(_, {id, tag}, {mutators: {Comment}}) { return wrapResponse('comment')(Comment.removeCommentTag({id, tag}).then(() => CommentsService.findById(id))); diff --git a/graph/typeDefs.graphql b/graph/typeDefs.graphql index 32c2c16c2..200e752b6 100644 --- a/graph/typeDefs.graphql +++ b/graph/typeDefs.graphql @@ -808,7 +808,7 @@ type RootMutation { setCommentStatus(id: ID!, status: COMMENT_STATUS!): SetCommentStatusResponse # Add tag to comment. - addCommentTag(id: ID!, tag: String!): AddCommentTagResponse + addCommentTag(id: ID!, tag: String!, privacy_type: String!): AddCommentTagResponse # Remove tag from comment. removeCommentTag(id: ID!, tag: String!): RemoveCommentTagResponse diff --git a/services/comments.js b/services/comments.js index d61b6ca25..ccb5a9131 100644 --- a/services/comments.js +++ b/services/comments.js @@ -49,7 +49,7 @@ module.exports = class CommentsService { * @param {String} name the name of the tag to add * @param {String} assigned_by the user id for the user who added the tag */ - static addTag(id, name, assigned_by) { + static addTag(id, name, assigned_by, privacy_type) { return CommentModel.findOne({id}) .then((comment) => { @@ -61,6 +61,7 @@ module.exports = class CommentsService { item_id: id, item_type: 'COMMENTS', user_id: assigned_by, + privacy_type }); }); } diff --git a/services/tags.js b/services/tags.js index c4010e562..5cd0a09e1 100644 --- a/services/tags.js +++ b/services/tags.js @@ -5,6 +5,12 @@ const ALLOWED_COMMENT_TAGS = [ {name: 'BEST'}, ]; +const ALLOWED_PRIVACY_TYPE = [ + {privacy_type: 'PUBLIC'}, + {privacy_type: 'SELF'}, + {privacy_type: 'ADMIN'} +]; + module.exports = class TagsService { /** @@ -59,15 +65,9 @@ module.exports = class TagsService { return Promise.reject(new Error('tag not allowed')); } - // // Tags are made unique by using a query that can be reproducable, i.e., - // // not containing user inputable values. - // let query = { - // name: tag.name, - // item_id: tag.item_id, - // item_type: tag.item_type, - // assigned_by: tag.user_id, - // privacy_type: tag.privacy_type - // }; + if (ALLOWED_PRIVACY_TYPE.find((p) => p.privacy_type === tag.privacy_type) == null) { + return Promise.reject(new Error('privacy type not allowed')); + } // Create/Update the tag. let newtag = new TagModel({ diff --git a/test/server/graph/mutations/addCommentTag.js b/test/server/graph/mutations/addCommentTag.js index 063537004..01966bd88 100644 --- a/test/server/graph/mutations/addCommentTag.js +++ b/test/server/graph/mutations/addCommentTag.js @@ -16,8 +16,8 @@ describe('graph.mutations.addCommentTag', () => { }); const query = ` - mutation AddCommentTag ($id: ID!, $tag: String!) { - addCommentTag(id:$id, tag:$tag) { + mutation AddCommentTag ($id: ID!, $tag: String!, $privacy_type: String!) { + addCommentTag(id:$id, tag:$tag, privacy_type:$privacy_type) { comment { id } @@ -31,7 +31,7 @@ describe('graph.mutations.addCommentTag', () => { it('moderators can add tags to comments', async () => { const user = new UserModel({roles: ['MODERATOR' ]}); const context = new Context({user}); - const response = await graphql(schema, query, {}, context, {id: comment.id, tag: 'BEST'}); + const response = await graphql(schema, query, {}, context, {id: comment.id, tag: 'BEST', privacy_type: 'PUBLIC'}); if (response.errors && response.errors.length) { console.error(response.errors); } @@ -51,7 +51,7 @@ describe('graph.mutations.addCommentTag', () => { }).forEach(([ userDescription, user ]) => { it(userDescription, async function () { const context = new Context({user}); - const response = await graphql(schema, query, {}, context, {id: comment.id, tag: 'BEST'}); + const response = await graphql(schema, query, {}, context, {id: comment.id, tag: 'BEST', privacy_type: 'PUBLIC'}); if (response.errors && response.errors.length) { console.error(response.errors); } diff --git a/test/server/graph/mutations/removeCommentTag.js b/test/server/graph/mutations/removeCommentTag.js index 4455a0108..7660eef35 100644 --- a/test/server/graph/mutations/removeCommentTag.js +++ b/test/server/graph/mutations/removeCommentTag.js @@ -34,7 +34,7 @@ describe('graph.mutations.removeCommentTag', () => { const context = new Context({user}); // add a tag first - await CommentsService.addTag(comment.id, 'BEST'); + await CommentsService.addTag(comment.id, 'BEST', user.id, 'PUBLIC'); const response = await graphql(schema, query, {}, context, {id: comment.id, tag: 'BEST'}); if (response.errors && response.errors.length) { console.error(response.errors); @@ -59,7 +59,7 @@ describe('graph.mutations.removeCommentTag', () => { const context = new Context({user}); // add a tag first - await CommentsService.addTag(comment.id, 'BEST'); + await CommentsService.addTag(comment.id, 'BEST', user ? user.id : null, 'PUBLIC'); const response = await graphql(schema, query, {}, context, {id: comment.id, tag: 'BEST'}); if (response.errors && response.errors.length) { console.error(response.errors); diff --git a/test/server/services/comments.js b/test/server/services/comments.js index 952e071a3..d4fc5f17e 100644 --- a/test/server/services/comments.js +++ b/test/server/services/comments.js @@ -225,7 +225,7 @@ describe('services.CommentsService', () => { const commentId = comments[0].id; const tagName = 'BEST'; const userId = users[0].id; - await CommentsService.addTag(commentId, tagName, userId); + await CommentsService.addTag(commentId, tagName, userId, 'PUBLIC'); const tags = await TagService.findByItemIdAndName(commentId, 'BEST', 'COMMENTS'); expect(tags.length).to.equal(1); expect(tags[0].name).to.equal(tagName); @@ -237,7 +237,7 @@ describe('services.CommentsService', () => { const tagName = 'BEST'; const userId = users[0].id; - await expect(CommentsService.addTag(commentId, tagName, userId)).to.be.rejected; + await expect(CommentsService.addTag(commentId, tagName, userId, 'PUBLIC')).to.be.rejected; }); it('can\'t add same tag.name twice', async () => { const commentId = comments[0].id; @@ -245,10 +245,10 @@ describe('services.CommentsService', () => { const userId = users[0].id; // first time - await CommentsService.addTag(commentId, tagName, userId); + await CommentsService.addTag(commentId, tagName, userId, 'PUBLIC'); // second time should fail - await expect(CommentsService.addTag(commentId, tagName, userId)).to.be.rejected; + await expect(CommentsService.addTag(commentId, tagName, userId, 'PUBLIC')).to.be.rejected; }); }); @@ -256,7 +256,7 @@ describe('services.CommentsService', () => { it('removes a tag', async () => { const commentId = comments[0].id; const tagName = 'BEST'; - await CommentsService.addTag(commentId, tagName, users[0].id); + await CommentsService.addTag(commentId, tagName, users[0].id, 'PUBLIC'); const tags = await TagService.findByItemIdAndName(commentId, tagName, 'COMMENTS'); expect(tags.length).to.equal(1); @@ -273,7 +273,7 @@ describe('services.CommentsService', () => { // just make sure it has no tags to start const tags = await TagService.findByItemIdAndName(commentId, tagName, 'COMMENTS'); expect(tags.length).to.equal(0); - + // ok now to remove it await expect(CommentsService.removeTag(commentId, tagName)).to.be.rejected; });