Feat: Admin and Mods

db/models.go

@@ -181,6 +181,7 @@ type Comment struct {
 	ReportCount               uint       `gorm:"column:report_count" json:"-"`
 	ReviewedByMod             bool       `gorm:"column:reviewed_by_mod" json:"-"`
 	Edited                    bool       `gorm:"column:edited" json:"edited"`
+	SchoolID                  uint       `gorm:"column:school_id" json:"-"`
 }
 
 func (c *Comment) ObscureIfHidden() Comment {
@@ -347,6 +348,7 @@ type Report struct {
 	Post           *Post       `gorm:"foreignKey:PostID" json:"post,omitempty"` // Use "omitempty" here
 	CommentID      *uint       `db:"comment_id" gorm:"default:NULL" json:"-"`
 	Comment        *Comment    `gorm:"foreignKey:CommentID" json:"comment,omitempty"` // Use "omitempty" here
+	SchoolID       uint        `gorm:"column:school_id" json:"-"`
 }
 
 type CronJob struct {
@@ -356,6 +358,20 @@ type CronJob struct {
 	Type      string         `gorm:"column:type" json:"type"`
 }
 
+func (RoleAssignmentLog) TableName() string {
+	return "role_assignment_logs"
+}
+
+type RoleAssignmentLog struct {
+	ID             int        `gorm:"primary_key;column:id" json:"id"`
+	CreatedAt      TimeMicros `gorm:"column:created_at;autoCreateTime" json:"created_at"`
+	ActionUserID   string     `gorm:"column:action_user_id" json:"action_user_id"`
+	AffectedUserID string     `gorm:"column:affected_user_id" json:"affected_user_id"`
+	OldRoles       string     `gorm:"column:old_roles" json:"old_roles"`
+	NewRoles       string     `gorm:"column:new_roles" json:"new_roles"`
+	ActionType     string     `gorm:"column:action_type" json:"action_type"`
+}
+
 func (CronJob) TableName() string {
 	return "cron_jobs"
 }

features/admin/fetch_reports_for_comment_by_id.go

@@ -18,13 +18,24 @@ func (h *handler) handleFetchReportForCommentById(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	fetchResults := fetchResults{}
 
-	err = h.db.
+	query := h.db.
 		Preload("ReportType").
 		Where(req.Next.Cursor("created_at >")).
-		Where("comment_id IS NOT NULL").
-		Order("created_at ASC").
+		Where("comment_id IS NOT NULL")
+
+	if len(userRoles.SchoolMods) > 0 {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+	}
+
+	err = query.Order("created_at ASC").
 		Find(&fetchResults.Reports).
 		Limit(config.AdminViewAllReportsPerCommentId).
 		Error

features/admin/fetch_reports_for_post_by_id.go

@@ -18,13 +18,24 @@ func (h *handler) handleFetchReportForPostById(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	fetchResults := fetchResults{}
 
-	err = h.db.
+	query := h.db.
 		Preload("ReportType").
 		Where(req.Next.Cursor("created_at >")).
-		Where("post_id IS NOT NULL").
-		Order("created_at ASC").
+		Where("post_id IS NOT NULL")
+
+	if len(userRoles.SchoolMods) > 0 {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+	}
+
+	err = query.Order("created_at ASC").
 		Find(&fetchResults.Reports).
 		Limit(config.AdminViewAllReportsPerPostId).
 		Error

features/admin/get_report_by_id.go

@@ -22,12 +22,25 @@ func (h *handler) handleGetReportById(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	report := db.Report{}
-	err = h.db.
+	query := h.db.
 		Preload("ReportType"). // preload the ReportType field of the Report
-		Where("id = ?", idNumeric).
-		First(&report).
+		Where("id = ?", idNumeric)
+
+	if len(userRoles.SchoolMods) > 0 {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+	}
+
+	err = query.First(&report).
 		Error
+
+	// If user does not have access to report or report does not exist, return 404
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			response.New(http.StatusNotFound).Err(notFound.Error()).Send(c)

features/admin/get_reports.go

@@ -24,11 +24,21 @@ func (h *handler) handleGetReports(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	fetchResults := FetchedReports{}
 
 	query := h.db.
 		Where(req.Next.Cursor("created_at <"))
 
+	if len(userRoles.SchoolMods) > 0 {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+	}
+
 	if req.Type != "all" {
 		query = query.Where("type = ?", req.Type)
 	}

features/admin/hide.go

@@ -15,6 +15,10 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+const (
+	uniSpecific bool = false
+)
+
 type fcmTokenWithReportID struct {
 	Token    string `gorm:"column:token"`
 	ReportID uint   `gorm:"column:report_id"`
@@ -51,6 +55,12 @@ func (h *handler) handleHideContent(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	// start a transaction
 	tx := h.db.Begin()
 	// if something goes ary, rollback
@@ -68,10 +78,19 @@ func (h *handler) handleHideContent(c *gin.Context) {
 	}
 
 	// update the "hidden" field on content.
-	result := tx.
-		Table(table).
-		Where("id = ?", req.ContentID).
-		Updates(updateData)
+	query := tx.Table(table).Where("id = ?", req.ContentID)
+
+	if len(userRoles.SchoolMods) > 0 && table == "posts" {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+		post := db.Post{}
+		if query.First(&post).Error != nil {
+			tx.Rollback()
+			response.New(http.StatusForbidden).Err("missing school permissions").Send(c)
+			return
+		}
+	}
+
+	result := query.Updates(updateData)
 
 	if result.Error != nil {
 		tx.Rollback()

features/admin/ranked_comments_by_report.go

@@ -33,6 +33,12 @@ func (h *handler) handleGetRankedCommentsByReport(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	token, err := utils.UserTokenFromContext(c)
 	if err != nil {
 		response.New(http.StatusInternalServerError).Err(serverError.Error()).Send(c)
@@ -73,10 +79,15 @@ func (h *handler) handleGetRankedCommentsByReport(c *gin.Context) {
 
 	comments := []db.Comment{}
 	// fetch comments
-	err = h.db.
+	query := h.db.
 		Where("reviewed_by_mod = ?"+excludedIDQuery, req.ReviewedByMod).
-		Order("report_count DESC").
-		Find(&comments).
+		Order("report_count DESC")
+
+	if len(userRoles.SchoolMods) > 0 {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+	}
+
+	err = query.Find(&comments).
 		Limit(config.AdminCommentsSortedByReportsPageSize).
 		Error
 	if err != nil {

features/admin/ranked_posts_by_report.go

@@ -33,6 +33,12 @@ func (h *handler) handleGetRankedPostsByReport(c *gin.Context) {
 		return
 	}
 
+	userRoles, err := getUserRoles(c)
+	if err != nil {
+		response.New(http.StatusInternalServerError).Err(err.Error()).Send(c)
+		return
+	}
+
 	token, err := utils.UserTokenFromContext(c)
 	if err != nil {
 		response.New(http.StatusInternalServerError).Err(serverError.Error()).Send(c)
@@ -73,13 +79,18 @@ func (h *handler) handleGetRankedPostsByReport(c *gin.Context) {
 
 	posts := []db.Post{}
 	// fetch comments
-	err = h.db.
+	query := h.db.
 		Preload("Faculty").
 		Preload("School").
 		Preload("Category").
 		Preload("YearOfStudy").
-		Where("reviewed_by_mod = ?"+excludedIDQuery, req.ReviewedByMod).
-		Order("report_count DESC").
+		Where("reviewed_by_mod = ?"+excludedIDQuery, req.ReviewedByMod)
+
+	if len(userRoles.SchoolMods) > 0 {
+		query.Where("school_id IN ?", userRoles.SchoolMods)
+	}
+
+	err = query.Order("report_count DESC").
 		Find(&posts).
 		Limit(config.AdminPostsSortedByReportsPageSize).
 		Error