// checkBeforeDelete checks
// - if user is RW on topic
// - if topic is Private OR is CanDeleteMsg or CanDeleteAllMsg
func (m *MessagesController) checkBeforeDelete(ctx *gin.Context, message tat.Message, user tat.User, force bool, topic tat.Topic) error {
isRW, isTopicAdmin := topicDB.GetUserRights(&topic, &user)
if !isRW {
e := fmt.Sprintf("No RW Access to topic %s", message.Topic)
ctx.JSON(http.StatusForbidden, gin.H{"error": e})
return fmt.Errorf(e)
}
if topic.AdminCanDeleteAllMsg && isTopicAdmin {
return nil
}
if !strings.HasPrefix(message.Topic, "/Private/"+user.Username) && !topic.CanDeleteMsg && !topic.CanDeleteAllMsg {
if !topic.CanDeleteMsg && !topic.CanDeleteAllMsg {
e := fmt.Sprintf("You can't delete a message from topic %s", topic.Topic)
ctx.JSON(http.StatusForbidden, gin.H{"error": e})
return fmt.Errorf(e)
}
e := fmt.Sprintf("Could not delete a message in topic %s", message.Topic)
ctx.JSON(http.StatusBadRequest, gin.H{"error": e})
return fmt.Errorf(e)
}
if !topic.CanDeleteAllMsg && message.Author.Username != user.Username && !strings.HasPrefix(message.Topic, "/Private/"+user.Username) {
// if it's a reply and force true, allow delete it.
if !force || (force && message.InReplyOfIDRoot == "") {
e := fmt.Sprintf("Could not delete a message from another user %s than you %s", message.Author.Username, user.Username)
ctx.JSON(http.StatusBadRequest, gin.H{"error": e})
return fmt.Errorf(e)
}
}
// if label done on msg, can delete it
if !force && message.IsDoing() {
e := fmt.Sprintf("Could not delete a message with a doing label")
ctx.JSON(http.StatusBadRequest, gin.H{"error": e})
return fmt.Errorf(e)
}
return nil
}
