AjobK / Seaqull

Seaqull programming blog
http://www.seaqull.com
3 stars 0 forks source link

282 delete posts #296

Closed jerohero closed 3 years ago

jerohero commented 3 years ago

closes #284


What is it supposed to do
Post owners and admins are able to delete posts from the front-end. These posts are soft deleted, meaning they're actually archived (implemented in another branch) and will still exist while not appearing anymore.


How can we test your branch
Create a post. While creating the post, the delete button should not be visible. After this, a delete button should appear at the bottom right. image The delete button should not appear on posts that aren't created by the user you're logged in on. It should also appear when you're an admin, but this can't be tested due to an external issue (see additional notes).


Additional notes
Backend: In postRoutes I replaced the hasPermissions middleware at the archivePost route with a new hasPostPermissions middleware. This does the same as hasPermissions, but also checks if the user owns the post that is to be archived. As I'm not experienced with Express.js it might be worth looking at.

The pre-generated admin user appears to have a user role and not an admin role (this.props.store.profile.role returns 'user'). I wasn't able to test the delete functionality for admins due to this.

There is currently an issue in develop that crashes the application on startup, which should be fixed in the 1.1 hotfix branch.


1. General checklist


2. If relevant, front-end checklist


3. If relevant, back-end checklist


4. If relevant, test these browsers

AjobK commented 3 years ago

'DELETE POST' overlay on banner should be commented in code. Add a TODO to it stating that we will uncomment it again when creating the 'EDIT POST BANNER' functionality. Naturally the code will be modified at that time from delete functionalities to edit banner.

Change delete button to dark grey bin icon with 'DELETE' text next to it (or tooltip).

AjobK commented 3 years ago

image

When I've created a post and have been redirected to the view page and I click on the delete button it gives me an error. The error can be seen in the picture above. I can however delete a post when I refresh the page or go to it again through my profile.

More context in image below:

image

AjobK commented 3 years ago

image

I can delete posts of other people without even being logged in or being the correct author. Did this with insomnia.

AjobK commented 3 years ago

Please change route to something like /posts/archive or /posts/delete instead of just /archive. This is very restricting for possible future archive routes and it doesn't give any context to the fact that you want to archive a post.

jerohero commented 3 years ago

image

I can delete posts of other people without even being logged in or being the correct author. Did this with insomnia.

I can't seem to replicate this issue. Are you sure you weren't logged in already and deleted the post as an admin?

Not logged in: chrome_brtkxzFWLq

Not logged in as post owner or admin: chrome_nuXCIcoG07

AjobK commented 3 years ago

image

Please change this to something more clear. I get this message when successfully archiving a post.

AjobK commented 3 years ago

image

When you attempt to archive a post url that doesn't exist it infinitely loads.

AjobK commented 3 years ago

image

Getting an error when trying to archive something with insomnia (postman) if I'm not logged in. Likely because of the following line:

image

You don't check whether post.profile exists, which results in infinite loading and an error in the terminal.