//! Write handlers — footnotes and endorsements. use axum::{ extract::Path, http::StatusCode, response::{IntoResponse, Redirect, Response}, Form, }; use uuid::Uuid; use crate::auth::MaybeUser; use crate::AppState; use super::super::{ check_community_access, check_user_post_rate, check_write_access, check_write_state, get_community, WriteScope, parse_uuid, validate_body, FootnoteForm, }; use super::posts::{resolve_and_render_mentions, MAX_FOOTNOTES_PER_POST}; /// Why a footnote add was rejected. Pure predicate result; the handler /// translates each variant to an HTTP response. #[derive(Debug, PartialEq, Eq)] pub(super) enum FootnoteDenial { NotAuthor, PostRemoved, TooManyFootnotes, } /// Check whether `user_id` may add a footnote to a post. Pure — no I/O. pub(super) fn check_footnote_permission( user_id: Uuid, post_author_id: Uuid, post_removed: bool, existing_footnote_count: i64, ) -> Result<(), FootnoteDenial> { if user_id != post_author_id { return Err(FootnoteDenial::NotAuthor); } if post_removed { return Err(FootnoteDenial::PostRemoved); } if existing_footnote_count >= MAX_FOOTNOTES_PER_POST as i64 { return Err(FootnoteDenial::TooManyFootnotes); } Ok(()) } /// Why an endorsement toggle was rejected. #[derive(Debug, PartialEq, Eq)] pub(super) enum EndorsementDenial { CannotEndorseOwn, PostRemoved, UserSuspended, } /// Check whether `user_id` may toggle an endorsement on a post. Pure — no I/O. pub(super) fn check_endorsement_permission( user_id: Uuid, post_author_id: Uuid, post_removed: bool, user_suspended: bool, ) -> Result<(), EndorsementDenial> { if user_id == post_author_id { return Err(EndorsementDenial::CannotEndorseOwn); } if post_removed { return Err(EndorsementDenial::PostRemoved); } if user_suspended { return Err(EndorsementDenial::UserSuspended); } Ok(()) } // ============================================================================ // Footnote handler // ============================================================================ #[tracing::instrument(skip_all)] pub(in crate::routes) async fn add_footnote_handler( axum::extract::State(state): axum::extract::State, Path((slug, category_slug, thread_id_str, post_id_str)): Path<(String, String, String, String)>, MaybeUser(session_user): MaybeUser, Form(form): Form, ) -> Result { let user = session_user .ok_or_else(|| Redirect::to("/auth/login").into_response())?; let post_id = parse_uuid(&post_id_str)?; let post_data = mt_db::queries::get_post_for_edit(&state.db, post_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error fetching post for footnote"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })? .ok_or_else(|| StatusCode::NOT_FOUND.into_response())?; let removed: bool = sqlx::query_scalar("SELECT removed_at IS NOT NULL FROM posts WHERE id = $1") .bind(post_id) .fetch_one(&state.db) .await .map_err(|e| { tracing::error!(error = ?e, "db error checking removal status"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; let footnote_count = mt_db::queries::count_footnotes_for_post(&state.db, post_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error counting footnotes"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; check_footnote_permission(user.user_id, post_data.author_id, removed, footnote_count) .map_err(|denial| match denial { FootnoteDenial::NotAuthor | FootnoteDenial::PostRemoved => { StatusCode::FORBIDDEN.into_response() } FootnoteDenial::TooManyFootnotes => ( StatusCode::UNPROCESSABLE_ENTITY, "Maximum footnotes reached for this post.", ) .into_response(), })?; // Check write access (suspension + ban + mute) let community = get_community(&state.db, &slug).await?; check_write_access(&state.db, community.id, user.user_id, community.suspended_at.is_some()).await?; check_write_state(&state, &community, &user, WriteScope::ContinueExisting).await?; mt_db::mutations::ensure_membership(&state.db, user.user_id, community.id) .await .map_err(|e| { tracing::error!(error = ?e, "db error ensuring membership"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; check_user_post_rate(&state.db, user.user_id).await?; let body = validate_body(&form.body, 65536, "Footnote")?; let author_plus = user.perks.effective_plus(); if !author_plus { crate::routes::reject_embeds_for_free_user(body)?; } let (body_html, _mention_ids) = resolve_and_render_mentions( &state.db, body, community.id, &slug, user.user_id, author_plus, ).await?; mt_db::mutations::insert_footnote(&state.db, post_id, user.user_id, body, &body_html) .await .map_err(|e| { tracing::error!(error = ?e, "db error inserting footnote"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; Ok(Redirect::to(&format!( "/p/{slug}/{category_slug}/{thread_id_str}?toast=Footnote+added" ))) } // ============================================================================ // Endorsement handler // ============================================================================ #[tracing::instrument(skip_all)] pub(in crate::routes) async fn toggle_endorsement_handler( axum::extract::State(state): axum::extract::State, Path((slug, category_slug, thread_id_str, post_id_str)): Path<(String, String, String, String)>, MaybeUser(session_user): MaybeUser, ) -> Result { let user = session_user .ok_or_else(|| Redirect::to("/auth/login").into_response())?; let post_id = parse_uuid(&post_id_str)?; let post_data = mt_db::queries::get_post_for_edit(&state.db, post_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error fetching post for endorsement"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })? .ok_or_else(|| StatusCode::NOT_FOUND.into_response())?; let removed: bool = sqlx::query_scalar("SELECT removed_at IS NOT NULL FROM posts WHERE id = $1") .bind(post_id) .fetch_one(&state.db) .await .map_err(|e| { tracing::error!(error = ?e, "db error checking removal status"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; // Check community access (suspension + ban) — no mute check since endorsing is not content let community = get_community(&state.db, &slug).await?; check_community_access(&state.db, &community, Some(user.user_id)).await?; // Endorsement is a write action, so it's blocked by Frozen/Archived state. check_write_state(&state, &community, &user, WriteScope::ContinueExisting).await?; let suspended = mt_db::queries::is_user_suspended(&state.db, user.user_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error checking user suspension"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; check_endorsement_permission(user.user_id, post_data.author_id, removed, suspended) .map_err(|denial| match denial { EndorsementDenial::CannotEndorseOwn | EndorsementDenial::PostRemoved => { StatusCode::FORBIDDEN.into_response() } EndorsementDenial::UserSuspended => { (StatusCode::FORBIDDEN, "Your account has been suspended.").into_response() } })?; mt_db::mutations::toggle_endorsement(&state.db, post_id, user.user_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error toggling endorsement"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; Ok(Redirect::to(&format!( "/p/{slug}/{category_slug}/{thread_id_str}#post-{post_id_str}" ))) } #[cfg(test)] mod permission_tests { use super::*; fn uid(b: u8) -> Uuid { Uuid::from_bytes([b; 16]) } // ── check_footnote_permission ── #[test] fn footnote_author_can_add_when_not_removed_and_under_cap() { let me = uid(1); let result = check_footnote_permission(me, me, false, 0); assert!(result.is_ok()); } #[test] fn footnote_non_author_is_rejected() { // Pins `user_id != post_author_id` vs `==`. let me = uid(1); let other = uid(2); assert_eq!( check_footnote_permission(me, other, false, 0), Err(FootnoteDenial::NotAuthor) ); } #[test] fn footnote_on_removed_post_is_rejected_even_for_author() { let me = uid(1); assert_eq!( check_footnote_permission(me, me, true, 0), Err(FootnoteDenial::PostRemoved) ); } #[test] fn footnote_at_cap_is_rejected() { // Pins `count >= MAX` vs `>`. At exactly MAX, must reject. let me = uid(1); let cap = MAX_FOOTNOTES_PER_POST as i64; assert_eq!( check_footnote_permission(me, me, false, cap), Err(FootnoteDenial::TooManyFootnotes) ); } #[test] fn footnote_one_below_cap_is_allowed() { let me = uid(1); let just_below = MAX_FOOTNOTES_PER_POST as i64 - 1; assert!(check_footnote_permission(me, me, false, just_below).is_ok()); } #[test] fn footnote_above_cap_is_rejected() { let me = uid(1); let over = MAX_FOOTNOTES_PER_POST as i64 + 1; assert_eq!( check_footnote_permission(me, me, false, over), Err(FootnoteDenial::TooManyFootnotes) ); } #[test] fn footnote_check_order_author_then_removal_then_cap() { // The author check fires first — even on a removed post over the cap, // a non-author gets NotAuthor (not PostRemoved or TooMany). let me = uid(1); let other = uid(2); let cap = MAX_FOOTNOTES_PER_POST as i64; assert_eq!( check_footnote_permission(me, other, true, cap), Err(FootnoteDenial::NotAuthor) ); // Removal check fires second. assert_eq!( check_footnote_permission(me, me, true, cap), Err(FootnoteDenial::PostRemoved) ); } // ── check_endorsement_permission ── #[test] fn endorsement_other_user_on_live_post_is_allowed() { let me = uid(1); let author = uid(2); assert!(check_endorsement_permission(me, author, false, false).is_ok()); } #[test] fn endorsement_self_is_rejected() { // Pins `user_id == post_author_id` vs `!=`. let me = uid(1); assert_eq!( check_endorsement_permission(me, me, false, false), Err(EndorsementDenial::CannotEndorseOwn) ); } #[test] fn endorsement_on_removed_post_is_rejected() { let me = uid(1); let author = uid(2); assert_eq!( check_endorsement_permission(me, author, true, false), Err(EndorsementDenial::PostRemoved) ); } #[test] fn endorsement_by_suspended_user_is_rejected() { let me = uid(1); let author = uid(2); assert_eq!( check_endorsement_permission(me, author, false, true), Err(EndorsementDenial::UserSuspended) ); } #[test] fn endorsement_check_order_self_then_removal_then_suspension() { // Self-check fires first: even if removed AND suspended, self attempt // returns CannotEndorseOwn. let me = uid(1); assert_eq!( check_endorsement_permission(me, me, true, true), Err(EndorsementDenial::CannotEndorseOwn) ); // With author check passing, removal fires before suspension. let author = uid(2); assert_eq!( check_endorsement_permission(me, author, true, true), Err(EndorsementDenial::PostRemoved) ); } }