From 485a948ab0135df8056dc6ddedf2134ef03efb78 Mon Sep 17 00:00:00 2001
From: Michael Vo <zax@zaxu.xyz>
Date: Mon, 27 Mar 2023 18:53:43 +1100
Subject: [PATCH] fix(backend): make create_comment endpoint sensible (#414)

* feat(backend): remove user id from new comment input

* fix(backend): use put instead of post for create_comment
---
 backend/server/src/comment.rs         | 22 ++++++++++++++++------
 backend/server/src/database/models.rs |  2 +-
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/backend/server/src/comment.rs b/backend/server/src/comment.rs
index a2878afd..bd123cd4 100644
--- a/backend/server/src/comment.rs
+++ b/backend/server/src/comment.rs
@@ -4,13 +4,18 @@ use crate::database::{
 };
 use crate::error::JsonErr;
 use rocket::{
-    form::Form,
     get,
     http::Status,
-    post,
-    serde::{json::Json, Serialize},
+    put,
+    serde::{json::Json, Deserialize, Serialize},
 };
 
+#[derive(Deserialize)]
+pub struct NewCommentInput {
+    pub application_id: i32,
+    pub description: String,
+}
+
 #[derive(Serialize)]
 pub enum CommentError {
     Unauthorized,
@@ -18,14 +23,14 @@ pub enum CommentError {
     CommentNotFound,
 }
 
-#[post("/", data = "<new_comment>")]
+#[put("/", data = "<new_comment_input>")]
 pub async fn create_comment(
-    new_comment: Form<NewComment>,
+    new_comment_input: Json<NewCommentInput>,
     user: User,
     db: Database,
 ) -> Result<Json<Comment>, JsonErr<CommentError>> {
     // need to be director to comment
-    let app_id = new_comment.application_id; // stack copy of i32
+    let app_id = new_comment_input.application_id; // stack copy of i32
     db.run(move |conn| {
         OrganisationUser::application_admin_level(app_id, user.id, &conn)
             .is_at_least_director()
@@ -34,6 +39,11 @@ pub async fn create_comment(
     .await
     .or_else(|_| Err(JsonErr(CommentError::Unauthorized, Status::Forbidden)))?;
 
+    let new_comment = NewComment {
+        application_id: new_comment_input.application_id,
+        commenter_user_id: user.id,
+        description: new_comment_input.description.to_string(),
+    };
     let comment = db
         .run(move |conn| NewComment::insert(&new_comment, conn))
         .await
diff --git a/backend/server/src/database/models.rs b/backend/server/src/database/models.rs
index b82864f6..48e5d1ef 100644
--- a/backend/server/src/database/models.rs
+++ b/backend/server/src/database/models.rs
@@ -1124,7 +1124,7 @@ pub struct Comment {
     pub updated_at: NaiveDateTime,
 }
 
-#[derive(Insertable, FromForm)]
+#[derive(Insertable)]
 #[table_name = "comments"]
 pub struct NewComment {
     pub application_id: i32,