feat: add voters/upvoters v3 routes

closes #12423
2026-05-06 16:27:30 +02:00 · 2024-05-31 11:45:41 -04:00
parent 3854a43427
commit 1aaa6cbbc5
8 changed files with 186 additions and 99 deletions
--- a/src/api/posts.js
+++ b/src/api/posts.js
@@ -3,6 +3,7 @@
 const validator = require('validator');
 const _ = require('lodash');

+const db = require('../database');
 const utils = require('../utils');
 const user = require('../user');
 const posts = require('../posts');
@@ -306,6 +307,95 @@ postsAPI.unvote = async function (caller, data) {
 	return await apiHelpers.postCommand(caller, 'unvote', 'voted', '', data);
 };

+postsAPI.getVoters = async function (caller, data) {
+	if (!data || !data.pid) {
+		throw new Error('[[error:invalid-data]]');
+	}
+	const { pid } = data;
+	const cid = await posts.getCidByPid(pid);
+	if (!await canSeeVotes(caller.uid, cid)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+	const showDownvotes = !meta.config['downvote:disabled'];
+	const [upvoteUids, downvoteUids] = await Promise.all([
+		db.getSetMembers(`pid:${data.pid}:upvote`),
+		showDownvotes ? db.getSetMembers(`pid:${data.pid}:downvote`) : [],
+	]);
+
+	const [upvoters, downvoters] = await Promise.all([
+		user.getUsersFields(upvoteUids, ['username', 'userslug', 'picture']),
+		user.getUsersFields(downvoteUids, ['username', 'userslug', 'picture']),
+	]);
+
+	return {
+		upvoteCount: upvoters.length,
+		downvoteCount: downvoters.length,
+		showDownvotes: showDownvotes,
+		upvoters: upvoters,
+		downvoters: downvoters,
+	};
+};
+
+postsAPI.getUpvoters = async function (caller, data) {
+	if (!data.pid) {
+		throw new Error('[[error:invalid-data]]');
+	}
+	const { pid } = data;
+	const cid = await posts.getCidByPid(pid);
+	if (!await canSeeVotes(caller.uid, cid)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+
+	let upvotedUids = (await posts.getUpvotedUidsByPids([pid]))[0];
+	const cutoff = 6;
+	if (!upvotedUids.length) {
+		return {
+			otherCount: 0,
+			usernames: [],
+			cutoff,
+		};
+	}
+	let otherCount = 0;
+	if (upvotedUids.length > cutoff) {
+		otherCount = upvotedUids.length - (cutoff - 1);
+		upvotedUids = upvotedUids.slice(0, cutoff - 1);
+	}
+
+	const usernames = await user.getUsernamesByUids(upvotedUids);
+	return {
+		otherCount,
+		usernames,
+		cutoff,
+	};
+};
+
+async function canSeeVotes(uid, cids) {
+	const isArray = Array.isArray(cids);
+	if (!isArray) {
+		cids = [cids];
+	}
+	const uniqCids = _.uniq(cids);
+	const [canRead, isAdmin, isMod] = await Promise.all([
+		privileges.categories.isUserAllowedTo(
+			'topics:read', uniqCids, uid
+		),
+		privileges.users.isAdministrator(uid),
+		privileges.users.isModerator(uid, cids),
+	]);
+	const cidToAllowed = _.zipObject(uniqCids, canRead);
+	const checks = cids.map(
+		(cid, index) => isAdmin || isMod[index] ||
+		(
+			cidToAllowed[cid] &&
+			(
+				meta.config.voteVisibility === 'all' ||
+				(meta.config.voteVisibility === 'loggedin' && parseInt(uid, 10) > 0)
+			)
+		)
+	);
+	return isArray ? checks : checks[0];
+}
+
 postsAPI.bookmark = async function (caller, data) {
 	return await apiHelpers.postCommand(caller, 'bookmark', 'bookmarked', '', data);
 };