Updated comments.add to use member id from cookie

refs https://github.com/TryGhost/Team/issues/1664 - make sure we only create comments for the currently logged in member
2024-11-30 21:40:39 +03:00 · 2022-07-05 15:47:37 +02:00 · 2022-07-05 15:47:37 +02:00 · d4c8660323
commit d4c8660323
parent 3e1e5b6760
1 changed files with 14 additions and 5 deletions
--- a/core/server/api/endpoints/comments-comments.js
+++ b/core/server/api/endpoints/comments-comments.js
@ -2,11 +2,13 @@ const Promise = require('bluebird');
 const tpl = require('@tryghost/tpl');
 const errors = require('@tryghost/errors');
 const models = require('../../models');
+const {identity} = require('lodash');
 const ALLOWED_INCLUDES = ['post', 'member'];
 const UNSAFE_ATTRS = ['status'];

 const messages = {
-    commentNotFound: 'Comment could not be found'
+    commentNotFound: 'Comment could not be found',
+    memberNotFound: 'Unable to find member'
 };

 module.exports = {
@ -103,9 +105,6 @@ module.exports = {
                include: ALLOWED_INCLUDES
            },
            data: {
-                member_id: {
-                    required: true
-                },
                post_id: {
                    required: true
                }
@ -115,7 +114,17 @@ module.exports = {
            unsafeAttrs: UNSAFE_ATTRS
        },
        query(frame) {
-            return models.Comment.add(frame.data.comments[0], frame.options);
+            // TODO: move to comment service
+            const data = frame.data.comments[0];
+
+            if (frame.options?.context?.member?.id) {
+                data.member_id = frame.options.context.member.id;
+                return models.Comment.add(data, frame.options);
+            } else {
+                return Promise.reject(new errors.NotFoundError({
+                    message: tpl(messages.memberNotFound)
+                }));
+            }
        }
    },