ToolJet/server/src/controllers/comment.controller.ts

import {
  Controller,
  Request,
  Get,
  Post,
  Body,
  Param,
  Delete,
  UseGuards,
  Patch,
  Query,
  ForbiddenException,
} from '@nestjs/common';
import { CommentService } from '@services/comment.service';
import { CreateCommentDTO } from '../dto/create-comment.dto';
import { Comment } from '../entities/comment.entity';
import { Thread } from '../entities/thread.entity';
import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
import { CommentsAbilityFactory } from 'src/modules/casl/abilities/comments-ability.factory';

@Controller('comments')
export class CommentController {
  constructor(private commentService: CommentService, private commentsAbilityFactory: CommentsAbilityFactory) {}

  @UseGuards(JwtAuthGuard)
  @Post('create')
  public async createComment(@Request() req, @Body() createCommentDto: CreateCommentDTO): Promise<Comment> {
    const _response = await Thread.findOne({
      where: { id: createCommentDto.threadId },
    });
    const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.appId });

    if (!ability.can('createComment', Comment)) {
      throw new ForbiddenException('You do not have permissions to perform this action');
    }

    const comment = await this.commentService.createComment(createCommentDto, req.user.id, req.user.organization.id);
    return comment;
  }

  @UseGuards(JwtAuthGuard)
  @Get('/:threadId/all')
  public async getComments(@Request() req, @Param('threadId') threadId: string, @Query() query): Promise<Comment[]> {
    const _response = await Thread.findOne({
      where: { id: threadId },
    });
    const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.appId });

    if (!ability.can('fetchComments', Comment)) {
      throw new ForbiddenException('You do not have permissions to perform this action');
    }

    const comments = await this.commentService.getComments(threadId, query.appVersionsId);
    return comments;
  }

  @UseGuards(JwtAuthGuard)
  @Get('/:appId/notifications')
  public async getNotifications(@Request() req, @Param('appId') appId: string, @Query() query): Promise<Comment[]> {
    const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: appId });

    if (!ability.can('fetchComments', Comment)) {
      throw new ForbiddenException('You do not have permissions to perform this action');
    }
    const comments = await this.commentService.getNotifications(
      appId,
      req.user.id,
      query.isResolved,
      query.appVersionsId
    );
    return comments;
  }

  @UseGuards(JwtAuthGuard)
  @Get('/:commentId')
  public async getComment(@Param('commentId') commentId: number) {
    const comment = await this.commentService.getComment(commentId);
    return comment;
  }

  @UseGuards(JwtAuthGuard)
  @Patch('/edit/:commentId')
  public async editComment(
    @Request() req,
    @Body() createCommentDto: CreateCommentDTO,
    @Param('commentId') commentId: number
  ): Promise<Comment> {
    const _response = await Comment.findOne({
      where: { id: commentId },
      relations: ['thread'],
    });
    const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.thread.appId });

    if (!ability.can('updateComment', Comment)) {
      throw new ForbiddenException('You do not have permissions to perform this action');
    }
    const comment = await this.commentService.editComment(commentId, createCommentDto);
    return comment;
  }

  @UseGuards(JwtAuthGuard)
  @Delete('/delete/:commentId')
  public async deleteComment(@Request() req, @Param('commentId') commentId: number) {
    const _response = await Comment.findOne({
      where: { id: commentId },
      relations: ['thread'],
    });
    const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.thread.appId });

    if (!ability.can('deleteComment', Comment)) {
      throw new ForbiddenException('You do not have permissions to perform this action');
    }
    const deletedComment = await this.commentService.deleteComment(commentId);
    return deletedComment;
  }
}
Feature: Collaboration ( realtime comments for canvas ) 🔥 (#810) * feat: initial commit for collaboration feature * add dnd to comments * add positions endpoint * feat: encapsulate all http common logic in http-client * segregate sections and transfer responsibility of state * feat: use-spring to add fade effect :zap: * fix: open in right * fix: left-right position css * add footer for message * integrate getcomment endpoint * use fromnow for date ago * add dnd * - Add data trasfer object for comment - Add class-validator package to check the response type from client - Add comment repository class for persistance layer - Add comment service with std. http methods - Update controller with all http methods - Update comment module - Fix http-client bug when error is thrown * fix http client bug when error is thrown * feat: add entity thread * feat: add migrations for thread and comment * update entitites * add tid to migration * filter comments by tid(thread_id) * fix: comment migration, add missing column comment * feat: integrate in ui * feat: split comments based on app_id * fix: dnd to correct position * package json engines * engines update * update npm * npm 6 to 7 * fix: add user initials to thread * fix: add firtname lastname to the comments * - Return user object when save thread called - Hide password field from user response - Fix created_at date typo - Instead of fetch all threads on new thread added, add the response to array of existing threads * feat: update ui components * change icon on comments view * ui fixes * fix: close icon close the popover * temp: comment select: false * use currentUser from localStorage * fix: on click outside if comment is open, dont hit addThread * fix: auth token issue in http-client * on drag hide the comment if open * add jwt auth * spec: add test for comment & thread * cleanup: remove console.log * feat: add comment actions * feat: add edit, delete, resolve options * feat: add mentions component * feat: add nestjs websockets * temp * websocket: establish client-server communication * ws: add message listner to comments module in ui * feat: add broadcast method to broadcast new events to all clients :bomb: * ws: cleanup :call_me_hand: * fix: remove max height from comment actions * feat: add user mentions, emoji support * fix: add static list of users - temp * update and delete iterations * - Rename comment, thread to comments, threads - Add conditional actions - Show edit, delete only if he is comment owner - Show resolve only if he is thread owner * reset engines * move svgr webpack to deps * fix: ui issues * remove log stmt * refactor: move resolved icon to comment-header * feat: allow comments to be added on top of widgets * feat: add keyboard shortcut * scroll to bottom on comment add * ui fixes * feat: add react toast for notification display * feat: add comment badge * fix: ws connection * fix: ws * remove rvrse * feat: add comment sidebar * feat: add comment right sidebar * fix: add missing foreign key elements * - upgrade typeorm to 0.2.38 - comment sidebar ui - added filter ui * feat: on click of right sidebar notificaiton open the comment box * reset engines * fix: add organization id to the comment and thread module * fix: add current version id * add currentversion id * disable comments if no id present * temp:checking for heroku deploy * fetch app on edit and deploy version * rename current_version_id to app_versions_id * ui fixes * show mentioned user in blue color * add ui changes * add authorization for create thread * change color to blue on click of comment, add auth for other endpoints of thread * update threads, notifications using socket * add auth for comments * remove events spec file * fix duplicate key error * fix notificaitons updation on edit, delete, resolve buttons clicked * update notifications for edit * feature toggle changes for frontend * add check for comments server * add emoji mart package for emoji * add reply count in comment sidebar * subtract 1 from count in comment sidebar * change empty text when no comments available 2021-11-01 07:28:03 +00:00			`import {`
			`Controller,`
			`Request,`
			`Get,`
			`Post,`
			`Body,`
			`Param,`
			`Delete,`
			`UseGuards,`
			`Patch,`
			`Query,`
			`ForbiddenException,`
			`} from '@nestjs/common';`
			`import { CommentService } from '@services/comment.service';`
			`import { CreateCommentDTO } from '../dto/create-comment.dto';`
			`import { Comment } from '../entities/comment.entity';`
			`import { Thread } from '../entities/thread.entity';`
			`import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';`
			`import { CommentsAbilityFactory } from 'src/modules/casl/abilities/comments-ability.factory';`

			`@Controller('comments')`
			`export class CommentController {`
			`constructor(private commentService: CommentService, private commentsAbilityFactory: CommentsAbilityFactory) {}`

			`@UseGuards(JwtAuthGuard)`
			`@Post('create')`
			`public async createComment(@Request() req, @Body() createCommentDto: CreateCommentDTO): Promise<Comment> {`
			`const _response = await Thread.findOne({`
			`where: { id: createCommentDto.threadId },`
			`});`
			`const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.appId });`

			`if (!ability.can('createComment', Comment)) {`
			`throw new ForbiddenException('You do not have permissions to perform this action');`
			`}`

			`const comment = await this.commentService.createComment(createCommentDto, req.user.id, req.user.organization.id);`
			`return comment;`
			`}`

			`@UseGuards(JwtAuthGuard)`
			`@Get('/:threadId/all')`
			`public async getComments(@Request() req, @Param('threadId') threadId: string, @Query() query): Promise<Comment[]> {`
			`const _response = await Thread.findOne({`
			`where: { id: threadId },`
			`});`
			`const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.appId });`

			`if (!ability.can('fetchComments', Comment)) {`
			`throw new ForbiddenException('You do not have permissions to perform this action');`
			`}`

			`const comments = await this.commentService.getComments(threadId, query.appVersionsId);`
			`return comments;`
			`}`

			`@UseGuards(JwtAuthGuard)`
			`@Get('/:appId/notifications')`
			`public async getNotifications(@Request() req, @Param('appId') appId: string, @Query() query): Promise<Comment[]> {`
			`const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: appId });`

			`if (!ability.can('fetchComments', Comment)) {`
			`throw new ForbiddenException('You do not have permissions to perform this action');`
			`}`
			`const comments = await this.commentService.getNotifications(`
			`appId,`
			`req.user.id,`
			`query.isResolved,`
			`query.appVersionsId`
			`);`
			`return comments;`
			`}`

			`@UseGuards(JwtAuthGuard)`
			`@Get('/:commentId')`
			`public async getComment(@Param('commentId') commentId: number) {`
			`const comment = await this.commentService.getComment(commentId);`
			`return comment;`
			`}`

			`@UseGuards(JwtAuthGuard)`
			`@Patch('/edit/:commentId')`
			`public async editComment(`
			`@Request() req,`
			`@Body() createCommentDto: CreateCommentDTO,`
			`@Param('commentId') commentId: number`
			`): Promise<Comment> {`
			`const _response = await Comment.findOne({`
			`where: { id: commentId },`
			`relations: ['thread'],`
			`});`
			`const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.thread.appId });`

			`if (!ability.can('updateComment', Comment)) {`
			`throw new ForbiddenException('You do not have permissions to perform this action');`
			`}`
			`const comment = await this.commentService.editComment(commentId, createCommentDto);`
			`return comment;`
			`}`

			`@UseGuards(JwtAuthGuard)`
			`@Delete('/delete/:commentId')`
			`public async deleteComment(@Request() req, @Param('commentId') commentId: number) {`
			`const _response = await Comment.findOne({`
			`where: { id: commentId },`
			`relations: ['thread'],`
			`});`
			`const ability = await this.commentsAbilityFactory.appsActions(req.user, { id: _response.thread.appId });`

			`if (!ability.can('deleteComment', Comment)) {`
			`throw new ForbiddenException('You do not have permissions to perform this action');`
			`}`
			`const deletedComment = await this.commentService.deleteComment(commentId);`
			`return deletedComment;`
			`}`
			`}`