diff options
| author | rubenwardy <rw@rubenwardy.com> | 2020-07-11 03:29:33 +0100 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2020-07-11 03:29:38 +0100 |
| commit | 31b8a7931bdb95b296e236c11705206507b035d8 (patch) | |
| tree | dafcdca8f5dea95a326c08125f7d035be812ddd9 /app/blueprints | |
| parent | a4dd4f04293b6ad6dab5d3dc0a4c52a3290b4394 (diff) | |
| download | cheatdb-31b8a7931bdb95b296e236c11705206507b035d8.tar.xz | |
Add ability for moderators to delete comments
Diffstat (limited to 'app/blueprints')
| -rw-r--r-- | app/blueprints/admin/audit.py | 11 | ||||
| -rw-r--r-- | app/blueprints/threads/__init__.py | 35 |
2 files changed, 44 insertions, 2 deletions
diff --git a/app/blueprints/admin/audit.py b/app/blueprints/admin/audit.py index 64dc3a7..5ccac56 100644 --- a/app/blueprints/admin/audit.py +++ b/app/blueprints/admin/audit.py @@ -16,15 +16,22 @@ from flask import Blueprint, render_template, redirect, url_for -from flask_user import current_user, login_required +from flask_user import current_user from app.models import db, AuditLogEntry, UserRank from app.utils import rank_required from . import bp + @bp.route("/admin/audit/") -@login_required @rank_required(UserRank.MODERATOR) def audit(): log = AuditLogEntry.query.order_by(db.desc(AuditLogEntry.created_at)).all() return render_template("admin/audit.html", log=log) + + +@bp.route("/admin/audit/<int:id>/") +@rank_required(UserRank.MODERATOR) +def audit_view(id): + entry = AuditLogEntry.query.get(id) + return render_template("admin/audit_view.html", entry=entry) diff --git a/app/blueprints/threads/__init__.py b/app/blueprints/threads/__init__.py index e3043c0..28a7fde 100644 --- a/app/blueprints/threads/__init__.py +++ b/app/blueprints/threads/__init__.py @@ -107,6 +107,40 @@ def set_lock(id): return redirect(thread.getViewURL()) +@bp.route("/threads/<int:id>/delete/", methods=["GET", "POST"]) +@login_required +def delete_reply(id): + thread = Thread.query.get(id) + if thread is None: + abort(404) + + reply_id = request.args.get("reply") + if reply_id is None: + abort(404) + + reply = ThreadReply.query.get(reply_id) + if reply is None or reply.thread != thread: + abort(404) + + if thread.replies[0] == reply: + flash("Cannot delete thread opening post!", "danger") + return redirect(thread.getViewURL()) + + if not thread.checkPerm(current_user, Permission.DELETE_REPLY): + abort(403) + + if request.method == "GET": + return render_template("threads/delete_reply.html", thread=thread, reply=reply) + + msg = "Deleted reply by {}".format(reply.author.display_name) + addAuditLog(AuditSeverity.MODERATION, current_user, msg, thread.getViewURL(), thread.package, reply.comment) + + db.session.delete(reply) + db.session.commit() + + return redirect(thread.getViewURL()) + + @bp.route("/threads/<int:id>/", methods=["GET", "POST"]) def view(id): thread = Thread.query.get(id) @@ -152,6 +186,7 @@ class ThreadForm(FlaskForm): private = BooleanField("Private") submit = SubmitField("Open Thread") + @bp.route("/threads/new/", methods=["GET", "POST"]) @login_required def new(): |