Supported public vs internal application comments, and moved some type dependencies to the shared lib

2025-12-09 17:02:39 -05:00
parent e22f164097
commit f5a0df7795
9 changed files with 128 additions and 92 deletions
--- a/api/src/routes/applications.ts
+++ b/api/src/routes/applications.ts
@@ -8,6 +8,7 @@ import { getRankByName, insertMemberRank } from '../services/rankService';
 import { ApplicationFull, CommentRow } from "@app/shared/types/application"
 import { assignUserToStatus } from '../services/statusService';
 import { Request, Response } from 'express';
+import { getUserRoles } from '../services/rolesService';

 // POST /application
 router.post('/', async (req, res) => {
@@ -104,14 +105,28 @@ router.get('/me/:id', async (req: Request, res: Response) => {
 });

 // GET /application/:id
-router.get('/:id', async (req, res) => {
-  let appID = req.params.id;
+router.get('/:id', async (req: Request, res: Response) => {
+  let appID = Number(req.params.id);
+  let asAdmin = !!req.query.admin || false;
+  let user = req.user.id;
+
+  //TODO: Replace this with bigger authorization system eventually
+  if (asAdmin) {
+    let allowed = (await getUserRoles(user)).some((role) =>
+      role.name.toLowerCase() === 'dev' ||
+      role.name.toLowerCase() === 'recruiter' ||
+      role.name.toLowerCase() === 'administrator')
+    console.log(allowed)
+    if (!allowed) {
+      return res.sendStatus(403)
+    }
+  }
  try {
    const application = await getApplicationByID(appID);
    if (application === undefined)
      return res.sendStatus(204);

-    const comments: CommentRow[] = await getApplicationComments(appID);
+    const comments: CommentRow[] = await getApplicationComments(appID, asAdmin);

    const output: ApplicationFull = {
      application,
@@ -211,6 +226,51 @@ VALUES(?, ?, ?);`
  }
 });

+// POST /application/:id/comment
+router.post('/:id/adminComment', async (req: Request, res: Response) => {
+  const appID = req.params.id;
+  const data = req.body.message;
+  const user = req.user;
+
+  console.log(user)
+
+  const sql = `INSERT INTO application_comments(
+    application_id,
+    poster_id,
+    post_content,
+    admin_only
+  )
+VALUES(?, ?, ?, 1);`
+
+  try {
+    const conn = await pool.getConnection();
+
+    const result = await conn.query(sql, [appID, user.id, data])
+    console.log(result)
+    if (result.affectedRows !== 1) {
+      conn.release();
+      throw new Error("Insert Failure")
+    }
+
+    const getSQL = `SELECT app.id AS comment_id,
+      app.post_content,
+      app.poster_id,
+      app.post_time,
+      app.last_modified,
+      app.admin_only,
+      member.name AS poster_name
+        FROM application_comments AS app
+          INNER JOIN members AS member ON member.id = app.poster_id
+        WHERE app.id = ?; `;
+    const comment = await conn.query(getSQL, [result.insertId])
+    res.status(201).json(comment[0]);
+
+  } catch (err) {
+    console.error('Comment failed:', err);
+    res.status(500).json({ error: 'Could not post comment' });
+  }
+});
+
 router.post('/restart', async (req: Request, res: Response) => {
  const user = req.user.id;
  try {
--- a/api/src/services/applicationService.ts
+++ b/api/src/services/applicationService.ts
@@ -90,15 +90,20 @@ export async function denyApplication(id: number) {
  }
 }

-export async function getApplicationComments(appID: number): Promise<CommentRow[]> {
+export async function getApplicationComments(appID: number, admin: boolean = false): Promise<CommentRow[]> {
+  const excludeAdmin = ' AND app.admin_only = false';
+
+  const whereClause = `WHERE app.application_id = ?${!admin ? excludeAdmin : ''}`;
+
  return await pool.query(`SELECT app.id AS comment_id,
          app.post_content,
          app.poster_id,
          app.post_time,
          app.last_modified,
+          app.admin_only,
          member.name AS poster_name
        FROM application_comments AS app
          INNER JOIN members AS member ON member.id = app.poster_id
-        WHERE app.application_id = ?;`,
+        ${whereClause}`,
    [appID]);
 }
--- a/shared/types/application.ts
+++ b/shared/types/application.ts
@@ -40,6 +40,7 @@ export interface CommentRow {
    post_time: string;
    last_modified: string | null;
    poster_name: string;
+    admin_only: boolean;
 }

 export interface ApplicationFull {
--- a/ui/src/api/application.ts
+++ b/ui/src/api/application.ts
@@ -1,80 +1,11 @@
-export type ApplicationDto = Partial<{
-  age: number | string
-  name: string
-  playtime: number | string
-  hobbies: string
-  military: boolean
-  communities: string
-  joinReason: string
-  milsimAttraction: string
-  referral: string
-  steamProfile: string
-  timezone: string
-  canAttendSaturday: boolean
-  interests: string
-  aknowledgeRules: boolean
-}>
-
-export interface ApplicationData {
-  dob: string;
-  name: string;
-  playtime: number;
-  hobbies: string;
-  military: boolean;
-  communities: string;
-  joinReason: string;
-  milsimAttraction: string;
-  referral: string;
-  steamProfile: string;
-  timezone: string;
-  canAttendSaturday: boolean;
-  interests: string;
-  aknowledgeRules: boolean;
-}
-
-//reflects how applications are stored in the database
-export interface ApplicationRow {
-  id: number;
-  member_id: number;
-  app_version: number;
-  app_data: ApplicationData;
-
-  submitted_at: string;        // ISO datetime from DB (e.g., "2025-08-25T18:04:29.000Z")
-  updated_at: string | null;
-  approved_at: string | null;
-  denied_at: string | null;
-
-  app_status: ApplicationStatus;       // generated column
-  decision_at: string | null;  // generated column
-
-  // present when you join members (e.g., SELECT a.*, m.name AS member_name)
-  member_name: string;
-}
-export interface CommentRow {
-  comment_id: number;
-  post_content: string;
-  poster_id: number;
-  post_time: string;
-  last_modified: string | null;
-  poster_name: string;
-}
-
-export interface ApplicationFull {
-  application: ApplicationRow;
-  comments: CommentRow[];
-}
+import { ApplicationFull } from "@shared/types/application";


-export enum ApplicationStatus {
-  Pending = "Pending",
-  Accepted = "Accepted",
-  Denied = "Denied",
-}
 //  @ts-ignore
 const addr = import.meta.env.VITE_APIHOST;

-export async function loadApplication(id: number | string): Promise<ApplicationFull | null> {
-  const res = await fetch(`${addr}/application/${id}`, { credentials: 'include' })
+export async function loadApplication(id: number | string, asAdmin: boolean = false): Promise<ApplicationFull | null> {
+  const res = await fetch(`${addr}/application/${id}?admin=${asAdmin}`, { credentials: 'include' })
  if (res.status === 204) return null
  if (!res.ok) throw new Error('Failed to load application')
  const json = await res.json()
@@ -112,6 +43,21 @@ export async function postChatMessage(message: any, post_id: number) {
  return await response.json();
 }

+export async function postAdminChatMessage(message: any, post_id: number) {
+  const out = {
+    message: message
+  }
+
+  const response = await fetch(`${addr}/application/${post_id}/adminComment`, {
+    method: 'POST',
+    credentials: 'include',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(out),
+  })
+
+  return await response.json();
+}
+
 export async function getAllApplications(): Promise<ApplicationFull> {
  const res = await fetch(`${addr}/application/all`)

--- a/ui/src/components/application/ApplicationChat.vue
+++ b/ui/src/components/application/ApplicationChat.vue
@@ -11,13 +11,18 @@ import {
 import Textarea from '@/components/ui/textarea/Textarea.vue'
 import { toTypedSchema } from '@vee-validate/zod'
 import * as z from 'zod'
+import { useAuth } from '@/composables/useAuth'
+import { CommentRow } from '@shared/types/application'
+import { Dot } from 'lucide-vue-next'
+import { ref } from 'vue'

 const props = defineProps<{
-  messages: Array<Record<string, any>>
+  messages: CommentRow[]
 }>()

 const emit = defineEmits<{
  (e: 'post', text: string): void
+  (e: 'postInternal', text: string): void
 }>()

 const commentSchema = toTypedSchema(
@@ -26,8 +31,13 @@ const commentSchema = toTypedSchema(
  })
 )

+const submitMode = ref("public");
+
 // vee-validate passes (values, actions) to @submit
 function onSubmit(values: { text: string }, { resetForm }: { resetForm: () => void }) {
+  if (submitMode.value === "internal")
+    emit('postInternal', values.text.trim())
+  else
    emit('post', values.text.trim())
  resetForm()
 }
@@ -48,18 +58,24 @@ function onSubmit(values: { text: string }, { resetForm }: { resetForm: () => vo
      </FormField>

      <!-- Button below, right-aligned -->
-      <div class="mt-2 flex justify-end">
-        <Button type="submit">Post</Button>
+      <div class="mt-2 flex justify-end gap-2">
+        <Button type="submit" @click="submitMode = 'internal'" variant="outline">Post (Internal)</Button>
+        <Button type="submit" @click="submitMode = 'public'">Post</Button>
      </div>
    </Form>

    <!-- Existing posts -->
    <div class="space-y-3">
-      <div v-for="(message, i) in props.messages" :key="message.id ?? i"
-        class="rounded-md border border-neutral-800 p-3 space-y-5">
+      <div v-for="(message, i) in props.messages" :key="message.comment_id ?? i" class="rounded-md border p-3 space-y-5"
+        :class="message.admin_only ? 'border-amber-300/70' : 'border-neutral-800'">
        <!-- Comment header -->
        <div class="flex justify-between">
+          <div class="flex">
            <p>{{ message.poster_name }}</p>
+            <p v-if="message.admin_only" class="flex">
+              <Dot /><span class="text-amber-300">Internal</span>
+            </p>
+          </div>
          <p class="text-muted-foreground">{{ new Date(message.post_time).toLocaleString("EN-us", {
            year: "numeric",
            month: "long",
--- a/ui/src/components/application/ApplicationForm.vue
+++ b/ui/src/components/application/ApplicationForm.vue
@@ -16,7 +16,7 @@ import { Form } from 'vee-validate';
 import { onMounted, ref } from 'vue';
 import * as z from 'zod';
 import DateInput from '../form/DateInput.vue';
-import { ApplicationData } from '@/api/application';
+import { ApplicationData } from '@shared/types/application';

 const regexA = /^https?:\/\/steamcommunity\.com\/id\/[A-Za-z0-9_]+\/?$/;
 const regexB = /^https?:\/\/steamcommunity\.com\/profiles\/\d+\/?$/;
--- a/ui/src/pages/Application.vue
+++ b/ui/src/pages/Application.vue
@@ -2,15 +2,16 @@
 import ApplicationChat from '@/components/application/ApplicationChat.vue';
 import ApplicationForm from '@/components/application/ApplicationForm.vue';
 import { onMounted, ref } from 'vue';
-import { ApplicationData, approveApplication, denyApplication, loadApplication, postApplication, postChatMessage, ApplicationStatus, getMyApplication, ApplicationFull } from '@/api/application';
+import { approveApplication, denyApplication, loadApplication, postApplication, postChatMessage, getMyApplication, postAdminChatMessage } from '@/api/application';
 import { useRoute } from 'vue-router';
 import Button from '@/components/ui/button/Button.vue';
 import { CheckIcon, XIcon } from 'lucide-vue-next';
 import Unauthorized from './Unauthorized.vue';
+import { ApplicationData, ApplicationFull, ApplicationStatus, CommentRow } from '@shared/types/application';

 const appData = ref<ApplicationData>(null);
 const appID = ref<number | null>(null);
-const chatData = ref<object[]>([])
+const chatData = ref<CommentRow[]>([])
 const readOnly = ref<boolean>(false);
 const newApp = ref<boolean>(null);
 const status = ref<ApplicationStatus>(null);
@@ -47,7 +48,7 @@ onMounted(async () => {
    //recruiter mode
    if (props.mode === 'view-recruiter') {
        finalMode.value = 'view-recruiter';
-        loadData(await loadApplication(Number(route.params.id)))
+        loadData(await loadApplication(Number(route.params.id), true))
    }

    //viewer mode
@@ -87,6 +88,10 @@ async function postComment(comment) {
    chatData.value.push(await postChatMessage(comment, appID.value));
 }

+async function postCommentInternal(comment) {
+    chatData.value.push(await postAdminChatMessage(comment, appID.value));
+}
+
 const emit = defineEmits(['submit']);

 async function postApp(appData) {
@@ -159,7 +164,8 @@ async function handleDeny(id) {
            </ApplicationForm>
            <div v-if="!newApp" class="pb-15">
                <h3 class="scroll-m-20 text-2xl font-semibold tracking-tight mb-4">Discussion</h3>
-                <ApplicationChat :messages="chatData" @post="postComment"></ApplicationChat>
+                <ApplicationChat :messages="chatData" @post="postComment" @post-internal="postCommentInternal">
+                </ApplicationChat>
            </div>
        </div>

--- a/ui/src/pages/ManageApplications.vue
+++ b/ui/src/pages/ManageApplications.vue
@@ -1,5 +1,6 @@
 <script setup>
-import { getAllApplications, approveApplication, denyApplication, ApplicationStatus } from '@/api/application';
+import { getAllApplications, approveApplication, denyApplication     } from '@/api/application';
+import { ApplicationStatus } from '@shared/types/application'
 import {
    Table,
    TableBody,
--- a/ui/src/pages/MyApplications.vue
+++ b/ui/src/pages/MyApplications.vue
@@ -1,5 +1,6 @@
 <script setup>
-import { getAllApplications, approveApplication, denyApplication, ApplicationStatus, loadMyApplications } from '@/api/application';
+import { loadMyApplications } from '@/api/application';
+import { ApplicationStatus } from '@shared/types/application';
 import {
    Table,
    TableBody,