Supported public vs internal application comments, and moved some type dependencies to the shared lib

api/src/routes/applications.ts

@@ -8,6 +8,7 @@ import { getRankByName, insertMemberRank } from '../services/rankService';
 import { ApplicationFull, CommentRow } from "@app/shared/types/application"
 import { assignUserToStatus } from '../services/statusService';
 import { Request, Response } from 'express';
+import { getUserRoles } from '../services/rolesService';
 
 // POST /application
 router.post('/', async (req, res) => {
@@ -104,14 +105,28 @@ router.get('/me/:id', async (req: Request, res: Response) => {
 });
 
 // GET /application/:id
-router.get('/:id', async (req, res) => {
-  let appID = req.params.id;
+router.get('/:id', async (req: Request, res: Response) => {
+  let appID = Number(req.params.id);
+  let asAdmin = !!req.query.admin || false;
+  let user = req.user.id;
+
+  //TODO: Replace this with bigger authorization system eventually
+  if (asAdmin) {
+    let allowed = (await getUserRoles(user)).some((role) =>
+      role.name.toLowerCase() === 'dev' ||
+      role.name.toLowerCase() === 'recruiter' ||
+      role.name.toLowerCase() === 'administrator')
+    console.log(allowed)
+    if (!allowed) {
+      return res.sendStatus(403)
+    }
+  }
   try {
     const application = await getApplicationByID(appID);
     if (application === undefined)
       return res.sendStatus(204);
 
-    const comments: CommentRow[] = await getApplicationComments(appID);
+    const comments: CommentRow[] = await getApplicationComments(appID, asAdmin);
 
     const output: ApplicationFull = {
       application,
@@ -211,6 +226,51 @@ VALUES(?, ?, ?);`
   }
 });
 
+// POST /application/:id/comment
+router.post('/:id/adminComment', async (req: Request, res: Response) => {
+  const appID = req.params.id;
+  const data = req.body.message;
+  const user = req.user;
+
+  console.log(user)
+
+  const sql = `INSERT INTO application_comments(
+    application_id,
+    poster_id,
+    post_content,
+    admin_only
+  )
+VALUES(?, ?, ?, 1);`
+
+  try {
+    const conn = await pool.getConnection();
+
+    const result = await conn.query(sql, [appID, user.id, data])
+    console.log(result)
+    if (result.affectedRows !== 1) {
+      conn.release();
+      throw new Error("Insert Failure")
+    }
+
+    const getSQL = `SELECT app.id AS comment_id,
+      app.post_content,
+      app.poster_id,
+      app.post_time,
+      app.last_modified,
+      app.admin_only,
+      member.name AS poster_name
+        FROM application_comments AS app
+          INNER JOIN members AS member ON member.id = app.poster_id
+        WHERE app.id = ?; `;
+    const comment = await conn.query(getSQL, [result.insertId])
+    res.status(201).json(comment[0]);
+
+  } catch (err) {
+    console.error('Comment failed:', err);
+    res.status(500).json({ error: 'Could not post comment' });
+  }
+});
+
 router.post('/restart', async (req: Request, res: Response) => {
   const user = req.user.id;
   try {

api/src/services/applicationService.ts

@@ -90,15 +90,20 @@ export async function denyApplication(id: number) {
   }
 }
 
-export async function getApplicationComments(appID: number): Promise<CommentRow[]> {
+export async function getApplicationComments(appID: number, admin: boolean = false): Promise<CommentRow[]> {
+  const excludeAdmin = ' AND app.admin_only = false';
+
+  const whereClause = `WHERE app.application_id = ?${!admin ? excludeAdmin : ''}`;
+
   return await pool.query(`SELECT app.id AS comment_id,
           app.post_content,
           app.poster_id,
           app.post_time,
           app.last_modified,
+          app.admin_only,
           member.name AS poster_name
         FROM application_comments AS app
           INNER JOIN members AS member ON member.id = app.poster_id
-        WHERE app.application_id = ?;`,
+        ${whereClause}`,
     [appID]);
 }