generated from nhcarrigan/template
feat: implement admin action APIs for comment and profile moderation
Added full API implementation for admin action buttons in the report management interface: Backend Changes: - Created new /api/comments routes for admin-only comment operations - Added PUT /api/comments/:id for admin comment editing - Added DELETE /api/comments/:id for admin comment deletion - Added POST /api/users/:id/make-private for admin profile privacy control - All endpoints protected with adminGuard and csrfProtection - Proper audit logging for all admin actions - Added onDelete: Cascade to CommentReport relation for safe comment deletion Frontend Changes: - Added adminUpdateComment() and adminDeleteComment() to CommentsService - Added makeProfilePrivate() to UserService - Integrated API calls into admin-reports component methods - editComment() now updates comment via API and refreshes report list - deleteComment() now deletes comment via API and refreshes report list - makeProfilePrivate() now updates profile privacy via API - editProfile() navigates using ObjectId instead of Discord username - All actions show success/error toasts and close modals on completion The admin interface now has full working moderation capabilities for both comment and profile reports.
This commit is contained in:
@@ -376,7 +376,7 @@ model ProfileReport {
|
||||
model CommentReport {
|
||||
id String @id @default(auto()) @map("_id") @db.ObjectId
|
||||
reportedCommentId String @db.ObjectId
|
||||
reportedComment Comment @relation(fields: [reportedCommentId], references: [id])
|
||||
reportedComment Comment @relation(fields: [reportedCommentId], references: [id], onDelete: Cascade)
|
||||
reporterId String @db.ObjectId
|
||||
reporter User @relation("CommentReporter", fields: [reporterId], references: [id])
|
||||
reason ReportReason
|
||||
|
||||
@@ -0,0 +1,72 @@
|
||||
/**
|
||||
* @copyright 2026 NHCarrigan
|
||||
* @license Naomi's Public License
|
||||
* @author Naomi Carrigan
|
||||
*/
|
||||
|
||||
import { FastifyPluginAsync } from "fastify";
|
||||
import { Comment, AuditAction, AuditCategory } from "@library/shared-types";
|
||||
import { CommentService } from "../../services/comment.service";
|
||||
import { AuditService } from "../../services/audit.service";
|
||||
import { adminGuard } from "../../middleware/admin-guard";
|
||||
|
||||
interface UpdateCommentBody {
|
||||
content: string;
|
||||
}
|
||||
|
||||
const commentsRoutes: FastifyPluginAsync = async (app) => {
|
||||
const commentService = new CommentService();
|
||||
|
||||
// Admin: Update any comment by ID
|
||||
app.put<{ Params: { id: string }; Body: UpdateCommentBody; Reply: Comment | { error: string } }>(
|
||||
"/:id",
|
||||
{
|
||||
preValidation: [app.authenticate, adminGuard],
|
||||
preHandler: [app.csrfProtection],
|
||||
},
|
||||
async (request, reply) => {
|
||||
const { id } = request.params;
|
||||
const { content } = request.body;
|
||||
|
||||
const existingComment = await commentService.getCommentById(id);
|
||||
if (!existingComment) {
|
||||
return reply.code(404).send({ error: "Comment not found" });
|
||||
}
|
||||
|
||||
const comment = await commentService.updateComment(id, content);
|
||||
await AuditService.logFromRequest(request, {
|
||||
action: AuditAction.commentUpdate,
|
||||
category: AuditCategory.admin,
|
||||
details: `Admin updated comment ${id}`,
|
||||
});
|
||||
return comment;
|
||||
}
|
||||
);
|
||||
|
||||
// Admin: Delete any comment by ID
|
||||
app.delete<{ Params: { id: string }; Reply: { success: boolean } | { error: string } }>(
|
||||
"/:id",
|
||||
{
|
||||
preValidation: [app.authenticate, adminGuard],
|
||||
preHandler: [app.csrfProtection],
|
||||
},
|
||||
async (request, reply) => {
|
||||
const { id } = request.params;
|
||||
|
||||
const existingComment = await commentService.getCommentById(id);
|
||||
if (!existingComment) {
|
||||
return reply.code(404).send({ error: "Comment not found" });
|
||||
}
|
||||
|
||||
await commentService.deleteComment(id);
|
||||
await AuditService.logFromRequest(request, {
|
||||
action: AuditAction.commentDelete,
|
||||
category: AuditCategory.admin,
|
||||
details: `Admin deleted comment ${id}`,
|
||||
});
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
export default commentsRoutes;
|
||||
@@ -231,6 +231,30 @@ const usersRoutes: FastifyPluginAsync = async (app) => {
|
||||
return user;
|
||||
}
|
||||
);
|
||||
|
||||
app.post<{ Params: { id: string }; Reply: User | { error: string } }>(
|
||||
"/:id/make-private",
|
||||
{
|
||||
preValidation: [app.authenticate, adminGuard],
|
||||
preHandler: [app.csrfProtection],
|
||||
},
|
||||
async (request, reply) => {
|
||||
const { id } = request.params;
|
||||
const user = await userService.updateUserSettings(id, { profilePublic: false });
|
||||
if (!user) {
|
||||
return reply.code(404).send({ error: "User not found" });
|
||||
}
|
||||
|
||||
await AuditService.logFromRequest(request, {
|
||||
action: AuditAction.entryUpdate,
|
||||
category: AuditCategory.admin,
|
||||
targetUserId: id,
|
||||
details: `Admin made profile private for user: ${user.username}`,
|
||||
});
|
||||
|
||||
return user;
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
export default usersRoutes;
|
||||
|
||||
Reference in New Issue
Block a user