diff options
| author | rubenwardy <rw@rubenwardy.com> | 2020-07-11 03:29:33 +0100 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2020-07-11 03:29:38 +0100 |
| commit | 31b8a7931bdb95b296e236c11705206507b035d8 (patch) | |
| tree | dafcdca8f5dea95a326c08125f7d035be812ddd9 /app/blueprints/threads | |
| parent | a4dd4f04293b6ad6dab5d3dc0a4c52a3290b4394 (diff) | |
| download | cheatdb-31b8a7931bdb95b296e236c11705206507b035d8.tar.xz | |
Add ability for moderators to delete comments
Diffstat (limited to 'app/blueprints/threads')
| -rw-r--r-- | app/blueprints/threads/__init__.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/app/blueprints/threads/__init__.py b/app/blueprints/threads/__init__.py index e3043c0..28a7fde 100644 --- a/app/blueprints/threads/__init__.py +++ b/app/blueprints/threads/__init__.py @@ -107,6 +107,40 @@ def set_lock(id): return redirect(thread.getViewURL()) +@bp.route("/threads/<int:id>/delete/", methods=["GET", "POST"]) +@login_required +def delete_reply(id): + thread = Thread.query.get(id) + if thread is None: + abort(404) + + reply_id = request.args.get("reply") + if reply_id is None: + abort(404) + + reply = ThreadReply.query.get(reply_id) + if reply is None or reply.thread != thread: + abort(404) + + if thread.replies[0] == reply: + flash("Cannot delete thread opening post!", "danger") + return redirect(thread.getViewURL()) + + if not thread.checkPerm(current_user, Permission.DELETE_REPLY): + abort(403) + + if request.method == "GET": + return render_template("threads/delete_reply.html", thread=thread, reply=reply) + + msg = "Deleted reply by {}".format(reply.author.display_name) + addAuditLog(AuditSeverity.MODERATION, current_user, msg, thread.getViewURL(), thread.package, reply.comment) + + db.session.delete(reply) + db.session.commit() + + return redirect(thread.getViewURL()) + + @bp.route("/threads/<int:id>/", methods=["GET", "POST"]) def view(id): thread = Thread.query.get(id) @@ -152,6 +186,7 @@ class ThreadForm(FlaskForm): private = BooleanField("Private") submit = SubmitField("Open Thread") + @bp.route("/threads/new/", methods=["GET", "POST"]) @login_required def new(): |