feat(be): power deletion (#219)

* feat: question power delete

* feat: reply power delete

Author: wlgh1553

apps/server/prisma/migrations/20241128045519_add_on_delete_cascade_to_reply_question/migration.sql

@@ -0,0 +1,5 @@
+-- DropForeignKey
+ALTER TABLE "Reply" DROP CONSTRAINT "Reply_question_id_fkey";
+
+-- AddForeignKey
+ALTER TABLE "Reply" ADD CONSTRAINT "Reply_question_id_fkey" FOREIGN KEY ("question_id") REFERENCES "Question"("question_id") ON DELETE CASCADE ON UPDATE CASCADE;

apps/server/prisma/schema.prisma

@@ -81,7 +81,7 @@ model Reply {
   deleted              Boolean  @default(false)
 
   session              Session          @relation("SessionReplies", fields: [sessionId], references: [sessionId])
-  question             Question         @relation("QuestionReplies", fields: [questionId], references: [questionId])
+  question             Question         @relation("QuestionReplies", fields: [questionId], references: [questionId], onDelete: Cascade)
   createUserTokenEntity UserSessionToken @relation("TokenReplies", fields: [createUserToken], references: [token])
   replyLikes           ReplyLike[]      @relation("ReplyLikes")
 }

apps/server/src/questions/questions.controller.ts

@@ -92,10 +92,10 @@ export class QuestionsController {
 
   @Delete(':questionId')
   @DeleteQuestionSwagger()
-  @UseGuards(SessionTokenValidationGuard, QuestionExistenceGuard, QuestionOwnershipGuard)
+  @UseGuards(SessionTokenValidationGuard, QuestionExistenceGuard)
   async deleteQuestion(@Param('questionId', ParseIntPipe) questionId: number, @Query() data: BaseDto, @Req() req: any) {
-    await this.questionsService.deleteQuestion(questionId, req.question);
     const { sessionId, token } = data;
+    await this.questionsService.deleteQuestion(questionId, req.question, data);
     const resultForOther = { questionId };
     this.socketGateway.broadcastQuestionDelete(sessionId, token, resultForOther);
     return {};

apps/server/src/questions/questions.service.ts

@@ -5,6 +5,7 @@ import { CreateQuestionDto } from './dto/create-question.dto';
 import { GetQuestionDto } from './dto/get-question.dto';
 import { QuestionsRepository } from './questions.repository';
 
+import { BaseDto } from '@common/base.dto';
 import {
   UpdateQuestionBodyDto,
   UpdateQuestionClosedDto,
@@ -127,13 +128,20 @@ export class QuestionsService {
     return await this.questionRepository.updateBody(questionId, body);
   }
 
-  async deleteQuestion(questionId: number, question: Question) {
-    const isReplied = await this.repliesRepository.findReplyByQuestionId(questionId);
-    if (isReplied) {
-      throw new ForbiddenException('답변이 달린 질문은 삭제할 수 없습니다.');
-    }
-    if (question.closed) {
-      throw new ForbiddenException('이미 완료된 답변은 삭제할 수 없습니다.');
+  async deleteQuestion(questionId: number, question: Question, { token }: BaseDto) {
+    const { isHost } = await this.sessionAuthRepository.findByToken(token);
+
+    if (!isHost) {
+      if (question.createUserToken !== token) {
+        throw new ForbiddenException('권한이 없습니다.');
+      }
+      const isReplied = await this.repliesRepository.findReplyByQuestionId(questionId);
+      if (isReplied) {
+        throw new ForbiddenException('답변이 달린 질문은 삭제할 수 없습니다.');
+      }
+      if (question.closed) {
+        throw new ForbiddenException('이미 완료된 답변은 삭제할 수 없습니다.');
+      }
     }
     return await this.questionRepository.deleteQuestion(questionId);
   }

apps/server/src/replies/replies.controller.ts

@@ -7,6 +7,7 @@ import {
   Patch,
   Post,
   Query,
+  Req,
   UseGuards,
   UseInterceptors,
 } from '@nestjs/common';
@@ -68,10 +69,10 @@ export class RepliesController {
 
   @Delete(':replyId')
   @DeleteReplySwagger()
-  @UseGuards(SessionTokenValidationGuard, ReplyExistenceGuard, ReplyOwnershipGuard)
-  async delete(@Param('replyId', ParseIntPipe) replyId: number, @Query() data: BaseDto) {
-    const { questionId } = await this.repliesService.deleteReply(replyId);
+  @UseGuards(SessionTokenValidationGuard, ReplyExistenceGuard)
+  async delete(@Param('replyId', ParseIntPipe) replyId: number, @Query() data: BaseDto, @Req() request: Request) {
     const { sessionId, token } = data;
+    const { questionId } = await this.repliesService.deleteReply(replyId, token, request['reply']);
     const resultForOther = { replyId, questionId };
     this.socketGateway.broadcastReplyDelete(sessionId, token, resultForOther);
     return {};

apps/server/src/replies/replies.service.ts

@@ -1,6 +1,5 @@
-import { create } from 'node:domain';
-
-import { Injectable } from '@nestjs/common';
+import { ForbiddenException, Injectable } from '@nestjs/common';
+import { Reply } from '@prisma/client';
 
 import { CreateReplyDto } from './dto/create-reply.dto';
 import { UpdateReplyBodyDto } from './dto/update-reply.dto';
@@ -39,7 +38,11 @@ export class RepliesService {
     return await this.repliesRepository.updateBody(replyId, body);
   }
 
-  async deleteReply(replyId: number) {
+  async deleteReply(replyId: number, token: string, reply: Reply) {
+    const { isHost } = await this.sessionAuthRepository.findByToken(token);
+
+    if (!isHost && reply.createUserToken !== token) throw new ForbiddenException('권한이 없습니다.');
+
     return await this.repliesRepository.deleteReply(replyId);
   }