59 lines
1.6 KiB
JavaScript
59 lines
1.6 KiB
JavaScript
'use strict';
|
|
|
|
const { createCoreController } = require('@strapi/strapi').factories;
|
|
const { ApplicationError, NotFoundError, UnauthorizedError } = require("@strapi/utils").errors
|
|
|
|
module.exports = createCoreController('api::commentaire.commentaire', ({strapi}) => ({
|
|
async create(ctx) {
|
|
const {body} = ctx.request
|
|
let {data} = body
|
|
|
|
if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
|
|
try {
|
|
const {id} = await strapi.plugins[
|
|
'users-permissions'
|
|
].services.jwt.getToken(ctx)
|
|
|
|
if (id !== data.user.id) {
|
|
throw new UnauthorizedError('Opération non autorisée')
|
|
}
|
|
} catch (err) {
|
|
throw new UnauthorizedError(ctx, err, 'Opération non autorisée')
|
|
}
|
|
}
|
|
const user = await strapi.entityService.findOne('plugin::users-permissions.user', body.data.user.id)
|
|
|
|
if (!user) {
|
|
throw new NotFoundError('Utilisateur introuvable.')
|
|
}
|
|
|
|
if (user.id !== data.user.id || user.username !== data.user.username || user.email !== data.user.email) {
|
|
throw new ApplicationError('Informations non valides.')
|
|
}
|
|
|
|
data.user = user.id
|
|
|
|
const parole = await strapi.entityService.findOne('api::parole.parole', data.parole, {
|
|
fields: ['id']
|
|
})
|
|
|
|
if (!parole) {
|
|
throw new NotFoundError('Texte introuvable.')
|
|
}
|
|
|
|
const newCommentaire = await strapi.entityService.create('api::commentaire.commentaire', {
|
|
data: {
|
|
...data
|
|
}
|
|
})
|
|
|
|
await strapi.entityService.update('api::parole.parole', parole.id, {
|
|
data: {
|
|
commentaires: [newCommentaire.id]
|
|
}
|
|
})
|
|
|
|
return newCommentaire;
|
|
}
|
|
}))
|