feat: notify author on deletion

adds notification to author when something is deleted by moderator.
additionally it's possible to add reason for deletion for posts,
collections, tags and answers that is logged in the audit log.

closes #312

Author: drodil

plugins/qeta-backend/src/service/NotificationManager.ts

@@ -131,6 +131,117 @@ export class NotificationManager {
     return notificationReceivers;
   }
 
+  async onPostDelete(
+    username: string,
+    post: Post,
+    reason?: string,
+  ): Promise<string[]> {
+    if (!this.notifications || !this.enabled || post.author === username) {
+      return [];
+    }
+
+    try {
+      const user = await this.getUserDisplayName(username);
+
+      await this.notifications.send({
+        recipients: {
+          type: 'entity',
+          entityRef: post.author,
+        },
+        payload: {
+          title: `Deleted ${post.type}`,
+          description: this.formatDescription(
+            `${user} deleted your ${post.type} "${post.title}" with reason: ${
+              reason || 'No reason provided'
+            }`,
+          ),
+          link:
+            post.type === 'question'
+              ? `/qeta/questions/${post.id}`
+              : `/qeta/articles/${post.id}`,
+          topic: `${post.type} deleted`,
+          scope: `${post.type}:delete:${post.id}`,
+        },
+      });
+    } catch (e) {
+      this.logger.error(`Failed to send notification for post delete: ${e}`);
+    }
+    return [post.author];
+  }
+
+  async onCollectionDelete(
+    username: string,
+    collection: Collection,
+    reason?: string,
+  ): Promise<string[]> {
+    if (!this.notifications || !this.enabled || collection.owner === username) {
+      return [];
+    }
+
+    try {
+      const user = await this.getUserDisplayName(username);
+
+      await this.notifications.send({
+        recipients: {
+          type: 'entity',
+          entityRef: collection.owner,
+        },
+        payload: {
+          title: `Deleted collection`,
+          description: this.formatDescription(
+            `${user} deleted your collection "${
+              collection.title
+            }" with reason: ${reason || 'No reason provided'}`,
+          ),
+          link: `/qeta/collections/${collection.id}`,
+          topic: `Collection deleted`,
+          scope: `collection:delete:${collection.id}`,
+        },
+      });
+    } catch (e) {
+      this.logger.error(
+        `Failed to send notification for collection delete: ${e}`,
+      );
+    }
+    return [collection.owner];
+  }
+
+  async onAnswerDelete(
+    username: string,
+    post: Post,
+    answer: Answer,
+    reason?: string,
+  ): Promise<string[]> {
+    if (!this.notifications || !this.enabled || answer.author === username) {
+      return [];
+    }
+
+    try {
+      const user = await this.getUserDisplayName(username);
+
+      await this.notifications.send({
+        recipients: {
+          type: 'entity',
+          entityRef: answer.author,
+        },
+        payload: {
+          title: `Deleted answer`,
+          description: this.formatDescription(
+            `${user} deleted your answer from question "${
+              post.title
+            }" with reason: ${reason || 'No reason provided'}`,
+          ),
+          link: `/qeta/questions/${post.id}`,
+          topic: `Answer deleted`,
+          scope: `answer:delete:${answer.id}`,
+        },
+      });
+    } catch (e) {
+      this.logger.error(`Failed to send notification for answer delete: ${e}`);
+    }
+    return [answer.author];
+  }
+
   async onPostEdit(
     username: string,
     post: Post,

plugins/qeta-backend/src/service/routes/answers.ts

@@ -4,6 +4,7 @@ import { getCreated, mapAdditionalFields } from '../util';
 import {
   AnswersQuerySchema,
   CommentSchema,
+  DeleteMetadataSchema,
   PostAnswerSchema,
   RouteOptions,
 } from '../types';
@@ -600,7 +601,12 @@ export const answersRoutes = (router: Router, options: RouteOptions) => {
     const username = await permissionMgr.getUsername(request);
     const postId = Number.parseInt(request.params.id, 10);
     const answerId = Number.parseInt(request.params.answerId, 10);
-    if (Number.isNaN(postId) || Number.isNaN(answerId)) {
+    const validateRequestBody = ajv.compile(DeleteMetadataSchema);
+    if (
+      Number.isNaN(postId) ||
+      Number.isNaN(answerId) ||
+      !validateRequestBody(request.body)
+    ) {
       response.status(400).send({ errors: 'Invalid id', type: 'body' });
       return;
     }
@@ -634,6 +640,14 @@ export const answersRoutes = (router: Router, options: RouteOptions) => {
       deleted = await database.deleteAnswer(answerId, true);
     } else {
       deleted = await database.deleteAnswer(answerId);
+      if (deleted) {
+        notificationMgr.onAnswerDelete(
+          username,
+          post,
+          answer,
+          request.body.reason,
+        );
+      }
     }
 
     if (deleted) {
@@ -644,6 +658,7 @@ export const answersRoutes = (router: Router, options: RouteOptions) => {
           question: post,
           answer,
           author: username,
+          reason: request.body.reason,
         },
         metadata: { action: 'delete_answer' },
       });
@@ -654,6 +669,7 @@ export const answersRoutes = (router: Router, options: RouteOptions) => {
         meta: {
           answer: entityToJsonObject(answer),
           post: entityToJsonObject(post),
+          reason: request.body.reason,
         },
       });
     }

plugins/qeta-backend/src/service/routes/collections.ts

@@ -16,6 +16,7 @@ import {
   CollectionRankPostSchema,
   CollectionSchema,
   CollectionsQuerySchema,
+  DeleteMetadataSchema,
   RouteOptions,
 } from '../types';
 import { entityToJsonObject, validateDateRange, wrapAsync } from './util';
@@ -293,12 +294,12 @@ export const collectionsRoutes = (router: Router, options: RouteOptions) => {
     response.json(collection);
   });
 
-  // DELETE /questions/:id
+  // DELETE /collections/:id
   router.delete('/collections/:id', async (request, response) => {
     // Validation
-
     const collectionId = Number.parseInt(request.params.id, 10);
-    if (Number.isNaN(collectionId)) {
+    const validateRequestBody = ajv.compile(DeleteMetadataSchema);
+    if (Number.isNaN(collectionId) || !validateRequestBody(request.body)) {
       response
         .status(400)
         .send({ errors: 'Invalid collection id', type: 'body' });
@@ -328,17 +329,26 @@ export const collectionsRoutes = (router: Router, options: RouteOptions) => {
         eventPayload: {
           collection,
           author: username,
+          reason: request.body.reason,
         },
         metadata: { action: 'delete_collection' },
       });
     }
 
     if (deleted) {
+      notificationMgr.onCollectionDelete(
+        username,
+        collection,
+        request.body.reason,
+      );
       auditor?.createEvent({
         eventId: 'delete-collection',
         severityLevel: 'medium',
         request,
-        meta: { collection: entityToJsonObject(collection) },
+        meta: {
+          collection: entityToJsonObject(collection),
+          reason: request.body.reason,
+        },
       });
     }
 

plugins/qeta-backend/src/service/routes/helpers.ts

@@ -1,5 +1,6 @@
 import { Router } from 'express';
 import {
+  DeleteMetadataSchema,
   DraftQuestionSchema,
   EntitiesQuerySchema,
   RouteOptions,
@@ -380,7 +381,8 @@ export const helperRoutes = (router: Router, options: RouteOptions) => {
 
   router.delete('/tags/:tag', async (request, response) => {
     const tagId = Number.parseInt(request.params.tag, 10);
-    if (Number.isNaN(tagId)) {
+    const validateRequestBody = ajv.compile(DeleteMetadataSchema);
+    if (Number.isNaN(tagId) || !validateRequestBody(request.body)) {
       response.status(400).send({ errors: 'Invalid tag id', type: 'body' });
       return;
     }
@@ -398,6 +400,7 @@ export const helperRoutes = (router: Router, options: RouteOptions) => {
         request,
         meta: {
           tagId,
+          reason: request.body.reason,
         },
       });
     }

plugins/qeta-backend/src/service/routes/posts.ts

@@ -18,6 +18,7 @@ import {
 import addFormats from 'ajv-formats';
 import {
   CommentSchema,
+  DeleteMetadataSchema,
   PostSchema,
   PostsQuerySchema,
   RouteOptions,
@@ -763,7 +764,13 @@ export const postsRoutes = (router: Router, options: RouteOptions) => {
   router.delete('/posts/:id', async (request, response) => {
     const ret = await getPostAndCheckStatus(request, response, false, true);
     if (!ret) return;
-    const { post } = ret;
+    const validateRequestBody = ajv.compile(DeleteMetadataSchema);
+    if (!validateRequestBody(request.body)) {
+      response.status(400).send({ errors: 'Invalid data', type: 'body' });
+      return;
+    }
+
+    const { post, username } = ret;
 
     await permissionMgr.authorize(request, qetaDeletePostPermission, {
       resource: post,
@@ -778,6 +785,9 @@ export const postsRoutes = (router: Router, options: RouteOptions) => {
       deleted = await database.deletePost(post.id, true);
     } else {
       deleted = await database.deletePost(post.id);
+      if (deleted) {
+        notificationMgr.onPostDelete(username, post, request.body.reason);
+      }
     }
 
     if (deleted) {
@@ -786,6 +796,7 @@ export const postsRoutes = (router: Router, options: RouteOptions) => {
         eventPayload: {
           post,
           author: post.author,
+          reason: request.body.reason,
         },
         metadata: { action: 'delete_post' },
       });
@@ -794,7 +805,7 @@ export const postsRoutes = (router: Router, options: RouteOptions) => {
         eventId: 'delete-post',
         severityLevel: 'medium',
         request,
-        meta: { post: entityToJsonObject(post) },
+        meta: { post: entityToJsonObject(post), reason: request.body.reason },
       });
     }
 

plugins/qeta-backend/src/service/types.ts

@@ -360,6 +360,18 @@ export const PostAnswerSchema: JSONSchemaType<AnswerQuestion> = {
   additionalProperties: false,
 };
 
+export interface DeleteMetadata {
+  reason?: string;
+}
+
+export const DeleteMetadataSchema: JSONSchemaType<DeleteMetadata> = {
+  type: 'object',
+  properties: {
+    reason: { type: 'string', minLength: 1, nullable: true },
+  },
+  additionalProperties: false,
+};
+
 export interface Comment {
   content: string;
   user?: string;

plugins/qeta-common/src/api/QetaApi.ts

@@ -352,11 +352,16 @@ export interface QetaApi {
     requestOptions?: RequestOptions,
   ): Promise<AnswerResponse>;
 
-  deletePost(postId: number, requestOptions?: RequestOptions): Promise<boolean>;
+  deletePost(
+    postId: number,
+    reason?: string,
+    requestOptions?: RequestOptions,
+  ): Promise<boolean>;
 
   deleteAnswer(
     postId: number | string,
     id: number,
+    reason?: string,
     requestOptions?: RequestOptions,
   ): Promise<boolean>;
 
@@ -403,7 +408,11 @@ export interface QetaApi {
   getFollowedTags(requestOptions?: RequestOptions): Promise<UserTagsResponse>;
   followTag(tag: string, requestOptions?: RequestOptions): Promise<boolean>;
   unfollowTag(tag: string, requestOptions?: RequestOptions): Promise<boolean>;
-  deleteTag(id: number, requestOptions?: RequestOptions): Promise<boolean>;
+  deleteTag(
+    id: number,
+    reason?: string,
+    requestOptions?: RequestOptions,
+  ): Promise<boolean>;
 
   getFollowedEntities(
     requestOptions?: RequestOptions,
@@ -455,6 +464,7 @@ export interface QetaApi {
   ): Promise<CollectionResponse>;
   deleteCollection(
     id?: number,
+    reason?: string,
     requestOptions?: RequestOptions,
   ): Promise<boolean>;
   addPostToCollection(