Changeset View
Standalone View
keyserver/src/deleters/link-deleters.js
- This file was added.
| // @flow | |||||||||
| import type { DisableInviteLinkRequest } from 'lib/types/link-types.js'; | |||||||||
| import { threadPermissions } from 'lib/types/thread-permission-types.js'; | |||||||||
| import { ServerError } from 'lib/utils/errors.js'; | |||||||||
| import { dbQuery, SQL } from '../database/database.js'; | |||||||||
| import { checkThreadPermission } from '../fetchers/thread-permission-fetchers.js'; | |||||||||
| import { Viewer } from '../session/viewer.js'; | |||||||||
| async function deleteInviteLink( | |||||||||
| viewer: Viewer, | |||||||||
| request: DisableInviteLinkRequest, | |||||||||
| ) { | |||||||||
kamilUnsubmitted Not Done Inline Actions
kamil: | |||||||||
tomekAuthorUnsubmitted Done Inline ActionsDon't think that it matters - otherwise Flow would complain as this function is exported. tomek: Don't think that it matters - otherwise Flow would complain as this function is exported. | |||||||||
| const hasPermission = await checkThreadPermission( | |||||||||
| viewer, | |||||||||
| request.communityID, | |||||||||
| threadPermissions.MANAGE_INVITE_LINKS, | |||||||||
| ); | |||||||||
| if (!hasPermission) { | |||||||||
| throw new ServerError('invalid_credentials'); | |||||||||
| } | |||||||||
| const query = SQL` | |||||||||
| DELETE FROM invite_links | |||||||||
| WHERE name = ${request.name} AND community = ${request.communityID} | |||||||||
| `; | |||||||||
kamilUnsubmitted Not Done Inline Actionsshouldn't we throw ServerError('invalid_parameters'); when no rows was deleted? or maybe another solution will be returning deleted invite link to inform the client about the result? kamil: shouldn't we throw `ServerError('invalid_parameters');` when no rows was deleted?
or maybe… | |||||||||
tomekAuthorUnsubmitted Done Inline ActionsWhy should we throw? It is generally a good idea to have more idempotent API: in this case, the intention of a user was for a link to not exist. If that's the case, then great - it doesn't matter if a link wasn't existing before. A possible scenario where it could happen is when two users try to disable a link at the same time - it's ok that one of the request will finish earlier. A different corner case is when a link was renamed by one user. Then it's hard to tell how we should handle that. There are a couple of solutions. But that would require some analysis (probably not worth it in the near future). tomek: Why should we throw? It is generally a good idea to have more idempotent API: in this case, the… | |||||||||
kamilUnsubmitted Not Done Inline ActionsYour explanation makes sense. My intention was to point out that when a user calls this endpoint and nothing changes we probably shouldn't allow the user to call it (as this is something unexpected), but from the scenario you brought it looks like a regular situation, sorry for the confusion kamil: Your explanation makes sense. My intention was to point out that when a user calls this… | |||||||||
| await dbQuery(query); | |||||||||
| } | |||||||||
| export { deleteInviteLink }; | |||||||||