add: post drafts

fix: allow question sender to view question
2025-05-17 19:57:09 -04:00 · 2025-05-17 19:57:09 -04:00 · f6cbeb9bd8
commit f6cbeb9bd8
parent 24162573ee
22 changed files with 642 additions and 100 deletions
--- a/crates/app/src/routes/pages/communities.rs
+++ b/crates/app/src/routes/pages/communities.rs
@ -8,6 +8,7 @@ use axum::{
    response::{Html, IntoResponse},
 };
 use axum_extra::extract::CookieJar;
+use serde::Deserialize;
 use tera::Context;
 use tetratto_core::model::{
    auth::User,
@ -236,10 +237,19 @@ pub async fn search_request(
    ))
 }

+#[derive(Deserialize)]
+pub struct CreatePostProps {
+    #[serde(default)]
+    pub community: usize,
+    #[serde(default)]
+    pub from_draft: usize,
+}
+
 /// `/communities/intents/post`
 pub async fn create_post_request(
    jar: CookieJar,
    Extension(data): Extension<State>,
+    Query(props): Query<CreatePostProps>,
 ) -> impl IntoResponse {
    let data = data.read().await;
    let user = match get_user_from_token!(jar, data.0) {
@ -271,9 +281,32 @@ pub async fn create_post_request(
        communities.push(community)
    }

+    // get draft
+    let draft = if props.from_draft != 0 {
+        match data.0.get_draft_by_id(props.from_draft).await {
+            Ok(d) => {
+                // drafts can only be used by their owner
+                if d.owner == user.id { Some(d) } else { None }
+            }
+            Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+        }
+    } else {
+        None
+    };
+
+    let drafts = match data.0.get_drafts_by_user_all(user.id).await {
+        Ok(l) => l,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    // ...
    let lang = get_lang!(jar, data.0);
    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+
+    context.insert("draft", &draft);
+    context.insert("drafts", &drafts);
    context.insert("communities", &communities);
+    context.insert("selected_community", &props.community);

    // return
    Ok(Html(
@ -1118,10 +1151,16 @@ pub async fn question_request(
        false
    };

+    let is_sender = if let Some(ref ua) = user {
+        ua.id == question.owner
+    } else {
+        false
+    };
+
    // check permissions
    let (can_read, _) = check_permissions!(community, jar, data, user);

-    if !can_read {
+    if !can_read && !is_sender {
        return Err(Html(
            render_error(Error::NotAllowed, &jar, &data, &user).await,
        ));