From 15786e1c98b800e4ee7f57636b86aac12b39a09e Mon Sep 17 00:00:00 2001 From: "max.tyson" Date: Fri, 2 Aug 2024 13:26:50 +1200 Subject: [PATCH] Add moderation API --- website/src/pages/api/posts/moderate.ts | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/website/src/pages/api/posts/moderate.ts b/website/src/pages/api/posts/moderate.ts index 1830f33..e425bd2 100644 --- a/website/src/pages/api/posts/moderate.ts +++ b/website/src/pages/api/posts/moderate.ts @@ -25,7 +25,7 @@ export default async function handler( // Check if the user is permitted to access the API const session = await getServerSession(request, response, authOptions) - const permission = await checkApiPermissions(request, response, session, client, makeQuery, "api:plants:moderate:access") + const permission = await checkApiPermissions(request, response, session, client, makeQuery, "api:admin:moderate:access") if(!permission) return response.status(401).json({error: "Not Authorized"}) @@ -40,17 +40,40 @@ export default async function handler( // Check if the data is being downloaded from the Postgres database const tables = getTables() + let query = "" switch (operation) { case "list": + + + // List all the posts that need to be moderated + query = `SELECT * FROM posts WHERE ${tables.post_approved} = false;`; + break; case "approve": + + // Approve the post + query = `UPDATE posts SET ${tables.post_approved} = true WHERE ${tables.id} = ${id};`; + break; case "deny": + + // Deny the post + query = `DELETE FROM posts WHERE ${tables.id} = ${id};`; + break; + default: + return response.status(400).json({error: "Invalid operation"}); + } + + // Run the query + const data = await makeQuery(query, client) + + return response.status(200).json({message: "Success", data: data}); + } catch (error) { return response.status(500).json({message: "ERROR IN SERVER", error: error }); } finally {