From c49e4458e2676f8dffe1e74df0bbadbe8a1fd6a9 Mon Sep 17 00:00:00 2001
From: trisua <tri@swmff.org>
Date: Sun, 13 Apr 2025 00:48:32 -0400
Subject: [PATCH] add: allow community questions to be deleted by community
 owner

---
 .../public/html/communities/questions.html    | 34 +++++++++++++++++++
 crates/app/src/routes/pages/communities.rs    | 19 +++++++++++
 crates/core/src/database/questions.rs         | 14 +++++++-
 .../core/src/model/communities_permissions.rs |  1 +
 4 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/crates/app/src/public/html/communities/questions.html b/crates/app/src/public/html/communities/questions.html
index a4f11aa..79cba8d 100644
--- a/crates/app/src/public/html/communities/questions.html
+++ b/crates/app/src/public/html/communities/questions.html
@@ -35,6 +35,17 @@
                         <span>{{ text "general:action.open" }}</span>
                         {% endif %}
                     </a>
+
+                    {% if user %} {% if can_manage_questions or is_helper or
+                    question[1].id == user.id %}
+                    <button
+                        class="quaternary small red"
+                        onclick="remove_question('{{ question[0].id }}')"
+                    >
+                        {{ icon "trash" }}
+                        <span>{{ text "general:action.delete" }}</span>
+                    </button>
+                    {% endif %} {% endif %}
                 </div>
             </div>
             {% endfor %} {{ components::pagination(page=page, items=feed|length)
@@ -42,4 +53,27 @@
         </div>
     </div>
 </div>
+
+<script>
+    async function remove_question(id) {
+        if (
+            !(await trigger("atto::confirm", [
+                "Are you sure you want to do this?",
+            ]))
+        ) {
+            return;
+        }
+
+        fetch(`/api/v1/questions/${id}`, {
+            method: "DELETE",
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+            });
+    }
+</script>
 {% endblock %}
diff --git a/crates/app/src/routes/pages/communities.rs b/crates/app/src/routes/pages/communities.rs
index 77d5ebd..bab04ca 100644
--- a/crates/app/src/routes/pages/communities.rs
+++ b/crates/app/src/routes/pages/communities.rs
@@ -112,6 +112,12 @@ macro_rules! community_context_bools {
             false
         };
 
+        let can_manage_questions = if let Some(ref membership) = membership {
+            membership.role.check(CommunityPermission::MANAGE_QUESTIONS)
+        } else {
+            false
+        };
+
         (
             is_owner,
             is_joined,
@@ -120,6 +126,7 @@ macro_rules! community_context_bools {
             can_manage_posts,
             can_manage_community,
             can_manage_roles,
+            can_manage_questions,
         )
     }};
 }
@@ -262,6 +269,7 @@ pub fn community_context(
     can_manage_posts: bool,
     can_manage_community: bool,
     can_manage_roles: bool,
+    can_manage_questions: bool,
 ) {
     context.insert("community", &community);
     context.insert("is_owner", &is_owner);
@@ -272,6 +280,7 @@ pub fn community_context(
     context.insert("can_manage_posts", &can_manage_posts);
     context.insert("can_manage_community", &can_manage_community);
     context.insert("can_manage_roles", &can_manage_roles);
+    context.insert("can_manage_questions", &can_manage_questions);
 }
 
 /// `/community/{title}`
@@ -338,6 +347,7 @@ pub async fn feed_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     ) = community_context_bools!(data, user, community);
 
     context.insert("feed", &feed);
@@ -354,6 +364,7 @@ pub async fn feed_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     );
 
     // return
@@ -424,6 +435,7 @@ pub async fn questions_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     ) = community_context_bools!(data, user, community);
 
     context.insert("feed", &feed);
@@ -439,6 +451,7 @@ pub async fn questions_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     );
 
     // return
@@ -559,6 +572,7 @@ pub async fn post_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     ) = community_context_bools!(data, user, community);
 
     context.insert("post", &post);
@@ -593,6 +607,7 @@ pub async fn post_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     );
 
     // return
@@ -663,6 +678,7 @@ pub async fn members_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     ) = community_context_bools!(data, user, community);
 
     context.insert("list", &list);
@@ -679,6 +695,7 @@ pub async fn members_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     );
 
     // return
@@ -744,6 +761,7 @@ pub async fn question_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     ) = community_context_bools!(data, user, community);
 
     context.insert("question", &question);
@@ -770,6 +788,7 @@ pub async fn question_request(
         can_manage_posts,
         can_manage_community,
         can_manage_roles,
+        can_manage_questions,
     );
 
     // return
diff --git a/crates/core/src/database/questions.rs b/crates/core/src/database/questions.rs
index 2bb1fd0..377bf36 100644
--- a/crates/core/src/database/questions.rs
+++ b/crates/core/src/database/questions.rs
@@ -2,6 +2,7 @@ use std::collections::HashMap;
 
 use super::*;
 use crate::cache::Cache;
+use crate::model::communities_permissions::CommunityPermission;
 use crate::model::{
     Error, Result,
     communities::Question,
@@ -206,7 +207,18 @@ impl DataManager {
             && user.id != y.receiver
             && !user.permissions.check(FinePermission::MANAGE_QUESTIONS)
         {
-            return Err(Error::NotAllowed);
+            if y.community != 0 {
+                // check for MANAGE_QUESTIONS permission
+                let membership = self
+                    .get_membership_by_owner_community_no_void(user.id, y.community)
+                    .await?;
+
+                if !membership.role.check(CommunityPermission::MANAGE_QUESTIONS) {
+                    return Err(Error::NotAllowed);
+                }
+            } else {
+                return Err(Error::NotAllowed);
+            }
         }
 
         let conn = match self.connect().await {
diff --git a/crates/core/src/model/communities_permissions.rs b/crates/core/src/model/communities_permissions.rs
index 246ecb0..2fbba3f 100644
--- a/crates/core/src/model/communities_permissions.rs
+++ b/crates/core/src/model/communities_permissions.rs
@@ -17,6 +17,7 @@ bitflags! {
         const REQUESTED = 1 << 6;
         const MANAGE_PINS = 1 << 7;
         const MANAGE_COMMUNITY = 1 << 8;
+        const MANAGE_QUESTIONS = 1 << 9;
 
         const _ = !0;
     }