From 639ef2b5d100eabab7f4d312c02c6f256daafaf4 Mon Sep 17 00:00:00 2001
From: Dimitrie Stefanescu <didimitrie@gmail.com>
Date: Tue, 3 May 2022 11:18:42 +0100
Subject: [PATCH] feat(comments): scaffolding public comments

---
 .../comments/CommentThreadViewer.vue          |  1 +
 .../comments/graph/resolvers/comments.js      | 22 +++++++++++++++++--
 .../20220412150558_stream-public-comments.js  | 12 ++++++++++
 .../modules/core/graph/resolvers/streams.js   |  3 ++-
 .../core/graph/schemas/streams.graphql        |  2 ++
 5 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 packages/server/modules/comments/migrations/20220412150558_stream-public-comments.js

diff --git a/packages/frontend/src/main/components/comments/CommentThreadViewer.vue b/packages/frontend/src/main/components/comments/CommentThreadViewer.vue
index c1530d0a3..eae5f167e 100644
--- a/packages/frontend/src/main/components/comments/CommentThreadViewer.vue
+++ b/packages/frontend/src/main/components/comments/CommentThreadViewer.vue
@@ -192,6 +192,7 @@ export default {
           stream(id: $streamId) {
             id
             role
+            allowPublicComments
           }
         }
       `,
diff --git a/packages/server/modules/comments/graph/resolvers/comments.js b/packages/server/modules/comments/graph/resolvers/comments.js
index a6af6ee45..ac82481ef 100644
--- a/packages/server/modules/comments/graph/resolvers/comments.js
+++ b/packages/server/modules/comments/graph/resolvers/comments.js
@@ -117,7 +117,16 @@ module.exports = {
     },
 
     async commentCreate(parent, args, context) {
-      await authorizeResolver(context.userId, args.input.streamId, 'stream:reviewer')
+      if (!context.userId)
+        throw new ForbiddenError('Only registered users can comment.')
+
+      const stream = await getStream({
+        streamId: args.input.streamId,
+        userId: context.userId
+      })
+
+      if (!stream.allowPublicComments)
+        await authorizeResolver(context.userId, args.input.streamId, 'stream:reviewer')
 
       const id = await createComment({ userId: context.userId, input: args.input })
 
@@ -170,7 +179,16 @@ module.exports = {
     },
 
     async commentReply(parent, args, context) {
-      await authorizeResolver(context.userId, args.input.streamId, 'stream:reviewer')
+      if (!context.userId)
+        throw new ForbiddenError('Only registered users can comment.')
+
+      const stream = await getStream({
+        streamId: args.input.streamId,
+        userId: context.userId
+      })
+
+      if (!stream.allowPublicComments)
+        await authorizeResolver(context.userId, args.input.streamId, 'stream:reviewer')
 
       const id = await createCommentReply({
         authorId: context.userId,
diff --git a/packages/server/modules/comments/migrations/20220412150558_stream-public-comments.js b/packages/server/modules/comments/migrations/20220412150558_stream-public-comments.js
new file mode 100644
index 000000000..f2b79d26b
--- /dev/null
+++ b/packages/server/modules/comments/migrations/20220412150558_stream-public-comments.js
@@ -0,0 +1,12 @@
+/* istanbul ignore file */
+exports.up = async (knex) => {
+  await knex.schema.alterTable('streams', (table) => {
+    table.boolean('allowPublicComments').defaultTo(false)
+  })
+}
+
+exports.down = async (knex) => {
+  await knex.schema.alterTable('streams', (table) => {
+    table.dropColumn('allowPublicComments')
+  })
+}
diff --git a/packages/server/modules/core/graph/resolvers/streams.js b/packages/server/modules/core/graph/resolvers/streams.js
index 7ec411850..a32fc59d2 100644
--- a/packages/server/modules/core/graph/resolvers/streams.js
+++ b/packages/server/modules/core/graph/resolvers/streams.js
@@ -222,7 +222,8 @@ module.exports = {
         streamId: args.stream.id,
         name: args.stream.name,
         description: args.stream.description,
-        isPublic: args.stream.isPublic
+        isPublic: args.stream.isPublic,
+        allowPublicComments: args.stream.allowPublicComments
       }
 
       await updateStream(update)
diff --git a/packages/server/modules/core/graph/schemas/streams.graphql b/packages/server/modules/core/graph/schemas/streams.graphql
index e86dfea77..b255e39ef 100644
--- a/packages/server/modules/core/graph/schemas/streams.graphql
+++ b/packages/server/modules/core/graph/schemas/streams.graphql
@@ -24,6 +24,7 @@ type Stream {
   name: String!
   description: String
   isPublic: Boolean!
+  allowPublicComments: Boolean!
   """
   Your role for this stream. `null` if request is not authenticated, or the stream is not explicitly shared with you.
   """
@@ -164,6 +165,7 @@ input StreamUpdateInput {
   name: String
   description: String
   isPublic: Boolean
+  allowPublicComments: Boolean
 }
 
 input StreamGrantPermissionInput {