From b7c4555d751b8ddf7a3a5f996d5e27a2694e50ac Mon Sep 17 00:00:00 2001 From: Farzad Hayatbakhsh Date: Tue, 26 Nov 2024 17:27:35 +1000 Subject: [PATCH 1/6] Admonition about known limitation of mentionedUids user validation --- modules/ROOT/partials/plugin-apis/comments-apis.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/ROOT/partials/plugin-apis/comments-apis.adoc b/modules/ROOT/partials/plugin-apis/comments-apis.adoc index 127d967288..90432aaec0 100644 --- a/modules/ROOT/partials/plugin-apis/comments-apis.adoc +++ b/modules/ROOT/partials/plugin-apis/comments-apis.adoc @@ -118,6 +118,12 @@ When the xref:mentions.adoc[Mentions] plugin is enabled, each of the above event It is recommended to use this API to retrieve which users have been mentioned in comments. +[NOTE] +==== +The `mentionedUids` array captures any string following the `@` symbol without verifying if these strings correspond to valid user IDs. It is up to the developer to ensure that the mentioned users are valid users in the database. Refer to the xref:#example-using-geteventlog[getEventLog example] for an example of how to retrieve and verify the `mentionedUids` array. +==== + +[[example-using-geteventlog]] ==== Example: using `+getEventLog()+` [source,js] From be7ddd3d3a6d38fc241a826e4fc73aba8887f632 Mon Sep 17 00:00:00 2001 From: Farzad Hayatbakhsh Date: Tue, 26 Nov 2024 17:49:28 +1000 Subject: [PATCH 2/6] Validate mentionedUids in each of the events --- modules/ROOT/partials/plugin-apis/comments-apis.adoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/ROOT/partials/plugin-apis/comments-apis.adoc b/modules/ROOT/partials/plugin-apis/comments-apis.adoc index 90432aaec0..fa39ec7fe3 100644 --- a/modules/ROOT/partials/plugin-apis/comments-apis.adoc +++ b/modules/ROOT/partials/plugin-apis/comments-apis.adoc @@ -128,6 +128,13 @@ The `mentionedUids` array captures any string following the `@` symbol without v [source,js] ---- +// Fake database of users +const users = { + "user1": "John Doe", + "user2": "Jane Doe", + "user3": "Alice Doe", +}; + const comments = tinymce.activeEditor.plugins.tinycomments; console.log(comments.getEventLog()); @@ -137,6 +144,10 @@ console.log(comments.getEventLog( const eventLog = comments.getEventLog(); const events = eventLog.events; +// Ensure that the mentioned users are valid users in the database +events.forEach((event) => { + event.mentionedUids = event.mentionedUids ? event.mentionedUids.filter((uid) => users[uid]) : undefined; +}); const mentionedUsers = events.flatMap(({ mentionedUids }) => mentionedUids || []); console.log(mentionedUsers); From aa6ff2c4672e8e5a5d1a5e529e39af45517adf72 Mon Sep 17 00:00:00 2001 From: Farzad Hayatbakhsh Date: Fri, 29 Nov 2024 11:55:30 +1000 Subject: [PATCH 3/6] Deep copy events to avoid modifying original event log data. --- modules/ROOT/partials/plugin-apis/comments-apis.adoc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/partials/plugin-apis/comments-apis.adoc b/modules/ROOT/partials/plugin-apis/comments-apis.adoc index fa39ec7fe3..b05d073bfe 100644 --- a/modules/ROOT/partials/plugin-apis/comments-apis.adoc +++ b/modules/ROOT/partials/plugin-apis/comments-apis.adoc @@ -144,15 +144,19 @@ console.log(comments.getEventLog( const eventLog = comments.getEventLog(); const events = eventLog.events; + // Ensure that the mentioned users are valid users in the database -events.forEach((event) => { +const validatedEvents = JSON.parse(JSON.stringify(events)); +validatedEvents.forEach((event) => { + // Filter out invalid users - change this to your own validation logic event.mentionedUids = event.mentionedUids ? event.mentionedUids.filter((uid) => users[uid]) : undefined; }); -const mentionedUsers = events.flatMap(({ mentionedUids }) => mentionedUids || []); + +const mentionedUsers = validatedEvents.flatMap(({ mentionedUids }) => mentionedUids || []); console.log(mentionedUsers); let whoMentionedWho = {}; -events.forEach((event) => { +validatedEvents.forEach((event) => { if ((event.type === "create" || event.type === "reply") && event.mentionedUids !== undefined) { console.log(event); if (whoMentionedWho[event.conversationAuthor.author] === undefined) { From 25905c42357e7ef830cb3f93857ee98541b544fa Mon Sep 17 00:00:00 2001 From: Farzad Hayat Date: Fri, 6 Dec 2024 13:18:10 +1000 Subject: [PATCH 4/6] Update modules/ROOT/partials/plugin-apis/comments-apis.adoc Co-authored-by: Mitchell Crompton --- modules/ROOT/partials/plugin-apis/comments-apis.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ROOT/partials/plugin-apis/comments-apis.adoc b/modules/ROOT/partials/plugin-apis/comments-apis.adoc index b05d073bfe..27c6439642 100644 --- a/modules/ROOT/partials/plugin-apis/comments-apis.adoc +++ b/modules/ROOT/partials/plugin-apis/comments-apis.adoc @@ -130,9 +130,9 @@ The `mentionedUids` array captures any string following the `@` symbol without v ---- // Fake database of users const users = { - "user1": "John Doe", - "user2": "Jane Doe", - "user3": "Alice Doe", + "johndoe": "John Doe", + "janedoe": "Jane Doe", + "alicedoe": "Alice Doe", }; const comments = tinymce.activeEditor.plugins.tinycomments; From 9487336a081e8b8c0f63298c07639a04b5fc5a0d Mon Sep 17 00:00:00 2001 From: Farzad Hayat Date: Fri, 6 Dec 2024 13:19:22 +1000 Subject: [PATCH 5/6] Update modules/ROOT/partials/plugin-apis/comments-apis.adoc Co-authored-by: Karl Kemister-Sheppard --- modules/ROOT/partials/plugin-apis/comments-apis.adoc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/partials/plugin-apis/comments-apis.adoc b/modules/ROOT/partials/plugin-apis/comments-apis.adoc index 27c6439642..005a6797ab 100644 --- a/modules/ROOT/partials/plugin-apis/comments-apis.adoc +++ b/modules/ROOT/partials/plugin-apis/comments-apis.adoc @@ -120,7 +120,10 @@ It is recommended to use this API to retrieve which users have been mentioned in [NOTE] ==== -The `mentionedUids` array captures any string following the `@` symbol without verifying if these strings correspond to valid user IDs. It is up to the developer to ensure that the mentioned users are valid users in the database. Refer to the xref:#example-using-geteventlog[getEventLog example] for an example of how to retrieve and verify the `mentionedUids` array. +The `mentionedUids` array captures strings following the `@` symbol without verifying if they correspond to valid user IDs. It is the integrator's responsibility to validate these strings against the database to ensure they represent valid users. + +For guidance on retrieving and verifying the `mentionedUids` array, refer to the xref:#example-using-geteventlog[getEventLog example]. + ==== [[example-using-geteventlog]] From de2987298a7849d8b43a037e2562dde81397b74c Mon Sep 17 00:00:00 2001 From: Farzad Hayatbakhsh Date: Tue, 10 Dec 2024 12:19:17 +1000 Subject: [PATCH 6/6] Improve the sample user database --- .../partials/plugin-apis/comments-apis.adoc | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/modules/ROOT/partials/plugin-apis/comments-apis.adoc b/modules/ROOT/partials/plugin-apis/comments-apis.adoc index 005a6797ab..4fd0149b01 100644 --- a/modules/ROOT/partials/plugin-apis/comments-apis.adoc +++ b/modules/ROOT/partials/plugin-apis/comments-apis.adoc @@ -131,11 +131,22 @@ For guidance on retrieving and verifying the `mentionedUids` array, refer to the [source,js] ---- -// Fake database of users -const users = { - "johndoe": "John Doe", - "janedoe": "Jane Doe", - "alicedoe": "Alice Doe", +// Sample user database +const userDb = { + "johnsmith": { + "id": "johnsmith", + "name": "John Smith", + "fullName": "John Smith", + "description": "Company Founder", + "image": "https://i.pravatar.cc/150?img=11" + }, + "jennynichols": { + "id": "jennynichols", + "name": "Jenny Nichols", + "fullName": "Jenny Nichols", + "description": "Marketing Director", + "image": "https://i.pravatar.cc/150?img=10" + } }; const comments = tinymce.activeEditor.plugins.tinycomments; @@ -152,7 +163,7 @@ const events = eventLog.events; const validatedEvents = JSON.parse(JSON.stringify(events)); validatedEvents.forEach((event) => { // Filter out invalid users - change this to your own validation logic - event.mentionedUids = event.mentionedUids ? event.mentionedUids.filter((uid) => users[uid]) : undefined; + event.mentionedUids = event.mentionedUids ? event.mentionedUids.filter((uid) => userDb[uid]) : undefined; }); const mentionedUsers = validatedEvents.flatMap(({ mentionedUids }) => mentionedUids || []);