Merge branch 'api-v3-chat-delete' of https://github.com/TheHollidayInn/habitrpg into TheHollidayInn-api-v3-chat-delete

common/locales/en/api-v3.json

@@ -65,5 +65,6 @@
   "uuidsMustBeAnArray": "UUIDs invites must be a an Array.",
   "emailsMustBeAnArray": "Email invites must be a an Array.",
   "canOnlyInviteMaxInvites": "You can only invite \"<%= maxInvites %>\" at a time",
-  "cantOnlyUnlinkChalTask": "Only challenges tasks can be unlinked."
+  "cantOnlyUnlinkChalTask": "Only challenges tasks can be unlinked.",
+  "onlyCreatorOrAdminCanDeleteChat": "Not authorized to delete this message!"
 }

test/api/v3/integration/chat/DELETE-chat_id.test.js

@@ -0,0 +1,81 @@
+import {
+  createAndPopulateGroup,
+  generateUser,
+  translate as t,
+} from '../../../../helpers/api-v3-integration.helper';
+import { v4 as generateUUID } from 'uuid';
+
+describe('DELETE /groups/:groupId/chat/:chatId', () => {
+  let groupWithChat, message, user, userThatDidNotCreateChat, admin;
+
+  before(async () => {
+    let { group, groupLeader } = await createAndPopulateGroup({
+      groupDetails: {
+        type: 'guild',
+        privacy: 'public',
+      },
+    });
+
+    groupWithChat = group;
+    user = groupLeader;
+    message = await user.post(`/groups/${groupWithChat._id}/chat`, { message: 'Some message' });
+    message = message.message;
+    userThatDidNotCreateChat = await generateUser();
+    admin = await generateUser({'contributor.admin': true});
+  });
+
+  context('Chat errors', () => {
+    it('returns an error is message does not exist', async () => {
+      let fakeChatId = generateUUID();
+      await expect(user.del(`/groups/${groupWithChat._id}/chat/${fakeChatId}`)).to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('messageGroupChatNotFound'),
+      });
+    });
+
+    it('returns an error when user does not have permission to delete', async () => {
+      await expect(userThatDidNotCreateChat.del(`/groups/${groupWithChat._id}/chat/${message.id}`)).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyCreatorOrAdminCanDeleteChat'),
+      });
+    });
+  });
+
+  context('Chat success', () => {
+    let nextMessage;
+
+    beforeEach(async () => {
+      nextMessage = await user.post(`/groups/${groupWithChat._id}/chat`, { message: 'Some new message' });
+      nextMessage = nextMessage.message;
+    });
+
+    it('allows creator to delete a their message', async () => {
+      await user.del(`/groups/${groupWithChat._id}/chat/${nextMessage.id}`);
+      let messages = await user.get(`/groups/${groupWithChat._id}/chat/`);
+      expect(messages).is.an('array');
+      expect(messages).to.not.include(nextMessage);
+    });
+
+    it('allows admin to delete another user\'s message', async () => {
+      await admin.del(`/groups/${groupWithChat._id}/chat/${nextMessage.id}`);
+      let messages = await user.get(`/groups/${groupWithChat._id}/chat/`);
+      expect(messages).is.an('array');
+      expect(messages).to.not.include(nextMessage);
+    });
+
+    it('returns empty when previous message parameter is passed and the last message was deleted', async () => {
+      await expect(user.del(`/groups/${groupWithChat._id}/chat/${nextMessage.id}?previousMsg=${nextMessage.id}`))
+        .to.eventually.be.empty;
+    });
+
+    it('returns the update chat when previous message parameter is passed and the chat is updated', async () => {
+      await expect(user.del(`/groups/${groupWithChat._id}/chat/${nextMessage.id}?previousMsg=${message.id}`))
+        .eventually
+        .is.an('array')
+        .to.include(message)
+        .to.be.lengthOf(1);
+    });
+  });
+});

website/src/controllers/api-v3/chat.js

@@ -4,6 +4,7 @@ import { model as Group } from '../../models/group';
 import { model as User } from '../../models/user';
 import {
   NotFound,
+  NotAuthorized,
 } from '../../libs/api-v3/errors';
 import _ from 'lodash';
 import { sendTxn } from '../../libs/api-v3/email';
@@ -292,4 +293,61 @@ api.seenChat = {
   },
 };
 
+/**
+ * @api {delete} /groups/:groupId/chat/:chatId Delete chat message from a group
+ * @apiVersion 3.0.0
+ * @apiName DeleteChat
+ * @apiGroup Chat
+ *
+ * @apiParam {string} groupId The group _id (or 'party')
+ * @apiParam {string} chatId The chat _id
+ *
+ * @apiSuccess {Array} The update chat array
+ * @apiSuccess {Object} An empty object when the previous message was deleted
+ */
+api.deleteChat = {
+  method: 'DELETE',
+  url: '/groups/:groupId/chat/:chatId',
+  middlewares: [authWithHeaders(), cron],
+  async handler (req, res) {
+    let user = res.locals.user;
+    let groupId = req.params.groupId;
+    let chatId = req.params.chatId;
+
+    req.checkParams('groupId', res.t('groupIdRequired')).notEmpty();
+    req.checkParams('chatId', res.t('chatIdRequired')).notEmpty();
+
+    let validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
+    let group = await Group.getGroup({user, groupId, fields: 'chat'});
+    if (!group) throw new NotFound(res.t('groupNotFound'));
+
+    let message = _.find(group.chat, {id: chatId});
+    if (!message) throw new NotFound(res.t('messageGroupChatNotFound'));
+
+    if (user._id !== message.uuid && !user.contributor.admin) {
+      throw new NotAuthorized(res.t('onlyCreatorOrAdminCanDeleteChat'));
+    }
+
+    let lastClientMsg = req.query.previousMsg;
+    let chatUpdated = lastClientMsg && group.chat && group.chat[0] && group.chat[0].id !== lastClientMsg ? true : false;
+
+    await Group.update(
+      {_id: group._id},
+      {$pull: {chat: {id: chatId} } }
+    );
+
+    if (chatUpdated) {
+      group = group.toJSON();
+      _.remove(group.chat, function removeChat (chat) {
+        return chat.id === chatId;
+      });
+      res.json(group.chat);
+    } else {
+      res.send(200, {});
+    }
+  },
+};
+
 export default api;