'use strict' import commentsService from '../../../src/data/bots/{id}/comments' import { authenticate, checkRole } from '../../../auth' import { Operation } from 'express-openapi' /** * Operations on /bots/{id}/comments */ export default function() { /**Returns list of comments for given bot */ const GET: Operation = async (req, res, next) => { const { isAllowedUser, role } = req.user if (!isAllowedUser && !checkRole(role, 'view')) { console.error('No permission to get comments') res.status(401).send() } else { try { res.status(200).json(await commentsService.getComments(req)) } catch (error) { res.status(error.code || 500).send(error.message) } } } /**Creates a new comment for given bot */ const POST: Operation = async (req, res, next) => { const { isAllowedUser, role } = req.user if (!isAllowedUser && !checkRole(role, 'comment')) { console.error('No permission to post comments') res.status(401).send() } else { try { res.status(200).json(await commentsService.postComment(req)) } catch (error) { res.status(error.code || 500).send(error.message) } } } return { GET: [authenticate(['allowed-users', 'bot-token']), GET], POST: [authenticate(['allowed-users', 'bot-token']), POST] } }