(
req: AuthedRequestWithTenantAndBody<putThreadType>,
res: Response,
next: NextFunction
)
| 51 | res.json(threads); |
| 52 | } |
| 53 | static async put( |
| 54 | req: AuthedRequestWithTenantAndBody<putThreadType>, |
| 55 | res: Response, |
| 56 | next: NextFunction |
| 57 | ) { |
| 58 | // if pinned, must be admin/owner |
| 59 | if ( |
| 60 | typeof req.body.pinned === 'boolean' && |
| 61 | isNotManager(req.tenant_user?.role) |
| 62 | ) { |
| 63 | return next(new Forbidden('User not allow to pin messages')); |
| 64 | } |
| 65 | |
| 66 | // if member, must be the creator |
| 67 | if (isMember(req.tenant_user?.role)) { |
| 68 | const thread = await ThreadsServices.get({ |
| 69 | id: req.body.id, |
| 70 | accountId: req.tenant?.id!, |
| 71 | }); |
| 72 | if (req.tenant_user?.id !== thread?.messages?.shift()?.author?.id) { |
| 73 | return next(new Forbidden('User not allow to update this message')); |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | const thread = await ThreadsServices.update({ |
| 78 | ...req.body, |
| 79 | accountId: req.tenant?.id!, |
| 80 | }); |
| 81 | res.json(thread); |
| 82 | } |
| 83 | static async post( |
| 84 | req: AuthedRequestWithTenantAndBody<postThreadType>, |
| 85 | res: Response, |
no test coverage detected