Changeset View
Standalone View
keyserver/src/deleters/link-deleters.js
- This file was added.
// @flow | |||||||||
import type { DisableInviteLinkRequest } from 'lib/types/link-types.js'; | |||||||||
import { threadPermissions } from 'lib/types/thread-permission-types.js'; | |||||||||
import { ServerError } from 'lib/utils/errors.js'; | |||||||||
import { dbQuery, SQL } from '../database/database.js'; | |||||||||
import { checkThreadPermission } from '../fetchers/thread-permission-fetchers.js'; | |||||||||
import { Viewer } from '../session/viewer.js'; | |||||||||
async function deleteInviteLink( | |||||||||
viewer: Viewer, | |||||||||
request: DisableInviteLinkRequest, | |||||||||
) { | |||||||||
kamilUnsubmitted Not Done Inline Actions
kamil: | |||||||||
tomekAuthorUnsubmitted Done Inline ActionsDon't think that it matters - otherwise Flow would complain as this function is exported. tomek: Don't think that it matters - otherwise Flow would complain as this function is exported. | |||||||||
const hasPermission = await checkThreadPermission( | |||||||||
viewer, | |||||||||
request.communityID, | |||||||||
threadPermissions.MANAGE_INVITE_LINKS, | |||||||||
); | |||||||||
if (!hasPermission) { | |||||||||
throw new ServerError('invalid_credentials'); | |||||||||
} | |||||||||
const query = SQL` | |||||||||
DELETE FROM invite_links | |||||||||
WHERE name = ${request.name} AND community = ${request.communityID} | |||||||||
`; | |||||||||
kamilUnsubmitted Not Done Inline Actionsshouldn't we throw ServerError('invalid_parameters'); when no rows was deleted? or maybe another solution will be returning deleted invite link to inform the client about the result? kamil: shouldn't we throw `ServerError('invalid_parameters');` when no rows was deleted?
or maybe… | |||||||||
tomekAuthorUnsubmitted Done Inline ActionsWhy should we throw? It is generally a good idea to have more idempotent API: in this case, the intention of a user was for a link to not exist. If that's the case, then great - it doesn't matter if a link wasn't existing before. A possible scenario where it could happen is when two users try to disable a link at the same time - it's ok that one of the request will finish earlier. A different corner case is when a link was renamed by one user. Then it's hard to tell how we should handle that. There are a couple of solutions. But that would require some analysis (probably not worth it in the near future). tomek: Why should we throw? It is generally a good idea to have more idempotent API: in this case, the… | |||||||||
kamilUnsubmitted Not Done Inline ActionsYour explanation makes sense. My intention was to point out that when a user calls this endpoint and nothing changes we probably shouldn't allow the user to call it (as this is something unexpected), but from the scenario you brought it looks like a regular situation, sorry for the confusion kamil: Your explanation makes sense. My intention was to point out that when a user calls this… | |||||||||
await dbQuery(query); | |||||||||
} | |||||||||
export { deleteInviteLink }; |