feat: add admin role check for deletions

lareii · Sep 7, 2024 · 1ae3524 · 1ae3524
1 parent a5a8743
commit 1ae3524
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 10 deletions.
diff --git a/client/components/app/Comment/Dropdown.jsx b/client/components/app/Comment/Dropdown.jsx
@@ -49,7 +49,7 @@ export default function Dropdown({ comment, setComment, onDelete }) {
   return (
     <Dialog open={isModalOpen} onOpenChange={setIsModalOpen}>
       <DropdownMenu>
-        {user.id === comment.author.id && (
+        {(user.id === comment.author.id || user.role === 'admin' ) && (
           <DropdownMenuTrigger asChild>
             <Button variant='ghost' size='icon'>
               <Ellipsis className='w-4 h-4' />

diff --git a/client/components/app/Post/Dropdown.jsx b/client/components/app/Post/Dropdown.jsx
@@ -79,7 +79,7 @@ export default function Dropdown({ post, setPost, onDelete }) {
               çöpe git
             </Link>
           </DropdownMenuItem>
-          {user.id === post.author.id && (
+          {(user.id === post.author.id || user.role === 'admin') && (
             <>
               <DropdownMenuSeparator />
               <DropdownMenuItem>

diff --git a/server/handlers/comments/delete_comment.go b/server/handlers/comments/delete_comment.go
@@ -30,9 +30,11 @@ func DeleteComment(c *fiber.Ctx) error {
 	}
 
 	if comment.Author != user.ID {
-		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-			"message": "User not authorized.",
-		})
+		if user.Role != "admin" {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+				"message": "User not authorized.",
+			})
+		}
 	}
 
 	if err := models.DeleteComment(commentID); err != nil {

diff --git a/server/handlers/posts/delete_post.go b/server/handlers/posts/delete_post.go
@@ -30,9 +30,11 @@ func DeletePost(c *fiber.Ctx) error {
 	}
 
 	if post.Author != user.ID {
-		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-			"message": "User not authorized.",
-		})
+		if user.Role != "admin" {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+				"message": "User not authorized.",
+			})
+		}
 	}
 
 	if err := models.DeletePost(postID); err != nil {

diff --git a/server/models/user.go b/server/models/user.go
@@ -18,7 +18,7 @@ type User struct {
 	ID        primitive.ObjectID  `bson:"_id" json:"id"`
 	CreatedAt primitive.Timestamp `bson:"created_at" json:"created_at"`
 	IsBanned  bool                `bson:"is_banned" json:"is_banned,omitempty"`
-	IsAdmin   bool                `bson:"is_admin" json:"is_admin,omitempty"`
+	Role      string              `bson:"role" json:"role,omitempty"`
 	Email     string              `bson:"email,omitempty" json:"email,omitempty"`
 	Name      string              `bson:"name" json:"name"`
 	Username  string              `bson:"username" json:"username"`
@@ -80,7 +80,7 @@ func CreateUser(user User) error {
 		T: uint32(time.Now().Unix()),
 	}
 	user.IsBanned = false
-	user.IsAdmin = false
+	user.Role = "user"
 	user.About = ""
 	user.Points = 1