From a006c75df9ddbdf69a3c3ba70a29a1bf78ad826b Mon Sep 17 00:00:00 2001
From: meltland <meltland@icloud.com>
Date: Sat, 22 Mar 2025 15:57:13 -0400
Subject: delete/edit

---
 main.py | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

(limited to 'main.py')

diff --git a/main.py b/main.py
index 4998c16..b00ea39 100644
--- a/main.py
+++ b/main.py
@@ -488,6 +488,61 @@ async def handler(websocket):
                 }))
                 await websocket.send(json.dumps({"error": False, "listener": listener}))
                 continue
+            elif r["command"] == "delete_post":
+                fc = util.field_check({"id": range(8,128)}, r)
+                if fc != True:
+                    await websocket.send(util.error(fc, listener))
+                    continue
+                if str(websocket.id) not in client_data:
+                    await websocket.send(util.error("unauthorized", listener))
+                    continue
+                data = db.posts.get_by_id(r["id"])
+                if type(data) != dict:
+                    await websocket.send(util.error(data, listener))
+                    continue
+                username = client_data[str(websocket.id)]["username"]
+                if data["author"] != username:
+                    if "DELETE" not in db.acc.get_perms(username):
+                        await websocket.send(util.error("unauthorized", listener))
+                        continue
+                deleted = db.posts.remove(r["id"])
+                if deleted != True:
+                    await websocket.send(util.error(data, listener))
+                    continue
+                broadcast(clients, json.dumps({
+                    "command": "deleted_post",
+                    "_id": r["id"],
+                    "deleted_by_author": data["author"] == username
+                }))
+                await websocket.send(json.dumps({"error": False, "listener": listener}))
+                continue
+            elif r["command"] == "edit_post":
+                fc = util.field_check({"id": range(8,128), "content": range(0,3001)}, r)
+                if fc != True:
+                    await websocket.send(util.error(fc, listener))
+                    continue
+                if str(websocket.id) not in client_data:
+                    await websocket.send(util.error("unauthorized", listener))
+                    continue
+                data = db.posts.get_by_id(r["id"])
+                if type(data) != dict:
+                    await websocket.send(util.error(data, listener))
+                    continue
+                username = client_data[str(websocket.id)]["username"]
+                if data["author"] != username:
+                    await websocket.send(util.error("unauthorized", listener))
+                    continue
+                edited = db.posts.edit(r["id"], r["content"])
+                if edited != True:
+                    await websocket.send(util.error(data, listener))
+                    continue
+                broadcast(clients, json.dumps({
+                    "command": "edited_post",
+                    "_id": r["id"],
+                    "content": r["content"]
+                }))
+                await websocket.send(json.dumps({"error": False, "listener": listener}))
+                continue
             elif r["command"] == "ping":
                 pass
             elif r["command"] in deprecated:
-- 
cgit 1.4.1-2-gfad0