// checkBeforeDelete checks // - if user is RW on topic // - if topic is Private OR is CanDeleteMsg or CanDeleteAllMsg func (m *MessagesController) checkBeforeDelete(ctx *gin.Context, message tat.Message, user tat.User, force bool, topic tat.Topic) error { isRW, isTopicAdmin := topicDB.GetUserRights(&topic, &user) if !isRW { e := fmt.Sprintf("No RW Access to topic %s", message.Topic) ctx.JSON(http.StatusForbidden, gin.H{"error": e}) return fmt.Errorf(e) } if topic.AdminCanDeleteAllMsg && isTopicAdmin { return nil } if !strings.HasPrefix(message.Topic, "/Private/"+user.Username) && !topic.CanDeleteMsg && !topic.CanDeleteAllMsg { if !topic.CanDeleteMsg && !topic.CanDeleteAllMsg { e := fmt.Sprintf("You can't delete a message from topic %s", topic.Topic) ctx.JSON(http.StatusForbidden, gin.H{"error": e}) return fmt.Errorf(e) } e := fmt.Sprintf("Could not delete a message in topic %s", message.Topic) ctx.JSON(http.StatusBadRequest, gin.H{"error": e}) return fmt.Errorf(e) } if !topic.CanDeleteAllMsg && message.Author.Username != user.Username && !strings.HasPrefix(message.Topic, "/Private/"+user.Username) { // if it's a reply and force true, allow delete it. if !force || (force && message.InReplyOfIDRoot == "") { e := fmt.Sprintf("Could not delete a message from another user %s than you %s", message.Author.Username, user.Username) ctx.JSON(http.StatusBadRequest, gin.H{"error": e}) return fmt.Errorf(e) } } // if label done on msg, can delete it if !force && message.IsDoing() { e := fmt.Sprintf("Could not delete a message with a doing label") ctx.JSON(http.StatusBadRequest, gin.H{"error": e}) return fmt.Errorf(e) } return nil }