Allow removing your own warning

2026-02-01 15:21:07 +03:00 · 2022-07-20 18:52:27 -04:00
parent 6e1df18c38
commit 3203271fdf
2 changed files with 30 additions and 11 deletions
--- a/src/routes/postWarning.ts
+++ b/src/routes/postWarning.ts
@@ -22,17 +22,15 @@ function checkExpiredWarning(warning: warningEntry): boolean {
 }
 export async function postWarning(req: Request, res: Response): Promise<Response> {
-    // exit early if no body passed in
+    if (!req.body.userID) return res.status(400).json({ "message": "Missing parameters" });
-    if (!req.body.userID && !req.body.issuerUserID) return res.status(400).json({ "message": "Missing parameters" });
+
-    // Collect user input data
+    const issuerUserID: HashedUserID = req.body.issuerUserID ? await getHashCache(req.body.issuerUserID as UserID) : null;
-    const issuerUserID: HashedUserID = await getHashCache(<UserID> req.body.issuerUserID);
+    const userID: HashedUserID = issuerUserID ? req.body.userID : await getHashCache(req.body.userID as UserID);
    const userID: UserID = req.body.userID;
    const issueTime = new Date().getTime();
    const enabled: boolean = req.body.enabled ?? true;
    const reason: string = req.body.reason ?? "";
-    // Ensure user is a VIP
+    if ((!issuerUserID && enabled) ||(issuerUserID && !await isUserVIP(issuerUserID))) {
    if (!await isUserVIP(issuerUserID)) {
        Logger.warn(`Permission violation: User ${issuerUserID} attempted to warn user ${userID}.`);
        return res.status(403).json({ "message": "Not a VIP" });
    }
--- a/test/cases/postWarning.ts
+++ b/test/cases/postWarning.ts
@@ -9,6 +9,8 @@ describe("postWarning", () => {
    const endpoint = "/api/warnUser";
    const getWarning = (userID: string) => db.prepare("get", `SELECT "userID", "issueTime", "issuerUserID", enabled, "reason" FROM warnings WHERE "userID" = ?`, [userID]);
    const warnedUser = getHash("warning-0");
    before(async () => {
        await db.prepare("run", `INSERT INTO "vipUsers" ("userID") VALUES (?)`, [getHash("warning-vip")]);
    });
@@ -16,7 +18,7 @@ describe("postWarning", () => {
    it("Should be able to create warning if vip (exp 200)", (done) => {
        const json = {
            issuerUserID: "warning-vip",
-            userID: "warning-0",
+            userID: warnedUser,
            reason: "warning-reason-0"
        };
        client.post(endpoint, json)
@@ -37,7 +39,7 @@ describe("postWarning", () => {
    it("Should be not be able to create a duplicate warning if vip", (done) => {
        const json = {
            issuerUserID: "warning-vip",
-            userID: "warning-0",
+            userID: warnedUser,
        };
        client.post(endpoint, json)
@@ -57,7 +59,7 @@ describe("postWarning", () => {
    it("Should be able to remove warning if vip", (done) => {
        const json = {
            issuerUserID: "warning-vip",
-            userID: "warning-0",
+            userID: warnedUser,
            enabled: false
        };
@@ -100,7 +102,7 @@ describe("postWarning", () => {
    it("Should re-enable disabled warning", (done) => {
        const json = {
            issuerUserID: "warning-vip",
-            userID: "warning-0",
+            userID: warnedUser,
            enabled: true
        };
@@ -116,4 +118,23 @@ describe("postWarning", () => {
            })
            .catch(err => done(err));
    });
    it("Should be able to remove your own warning", (done) => {
        const json = {
            userID: "warning-0",
            enabled: false
        };
        client.post(endpoint, json)
            .then(async res => {
                assert.strictEqual(res.status, 200);
                const data = await getWarning(warnedUser);
                const expected = {
                    enabled: 0
                };
                assert.ok(partialDeepEquals(data, expected));
                done();
            })
            .catch(err => done(err));
    });
 });