diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-03-30 16:36:54 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-03-30 16:36:54 -0400 |
| commit | 1f647374a8cdf3bc5c2d29ff8be277b027925c8c (patch) | |
| tree | 9fdf42d250edb941de13ecd1aab9185ba2b30b00 /db/rest/comment/api_comment_insert.sql | |
| parent | rename views to _views (diff) | |
| download | xssbook2-1f647374a8cdf3bc5c2d29ff8be277b027925c8c.tar.gz xssbook2-1f647374a8cdf3bc5c2d29ff8be277b027925c8c.tar.bz2 xssbook2-1f647374a8cdf3bc5c2d29ff8be277b027925c8c.zip | |
post comments, refactor post loading, hide load more btn
Diffstat (limited to 'db/rest/comment/api_comment_insert.sql')
| -rw-r--r-- | db/rest/comment/api_comment_insert.sql | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/db/rest/comment/api_comment_insert.sql b/db/rest/comment/api_comment_insert.sql new file mode 100644 index 0000000..878e194 --- /dev/null +++ b/db/rest/comment/api_comment_insert.sql @@ -0,0 +1,56 @@ +CREATE FUNCTION _api.comment_insert() +RETURNS TRIGGER +LANGUAGE plpgsql VOLATILE +AS $BODY$ +DECLARE + _user_id INTEGER; +BEGIN + _user_id = _api.get_user_id(); + + NEW.content := _api.trim(NEW.content); + PERFORM _api.validate_text( + _text => NEW.content, + _column => 'content', + _min => 1, + _max => 1024 + ); + + PERFORM TRUE + FROM admin.post + WHERE id = NEW.post_id; + + IF NOT FOUND THEN + PERFORM _api.raise( + _msg => 'api_null_post', + _err => 400 + ); + END IF; + + INSERT INTO admin.comment ( + user_id, + post_id, + content + ) VALUES ( + _user_id, + NEW.post_id, + NEW.content + ); + + RETURN NEW; +END +$BODY$; + +GRANT EXECUTE ON FUNCTION _api.comment_insert() + TO rest_user; +GRANT INSERT ON TABLE api.comment + TO rest_user; +GRANT INSERT ON TABLE admin.comment + TO rest_user; +GRANT UPDATE ON TABLE sys.comment_id_seq + TO rest_user; + +CREATE TRIGGER api_comment_insert_trgr + INSTEAD OF INSERT + ON api.comment + FOR EACH ROW + EXECUTE PROCEDURE _api.comment_insert(); |