def dispatch(self, request, *args, **kwargs): self.comment = get_object_or_404(Comment, pk=self.kwargs.get('pk')) if not self.comment.is_flagged: raise PermissionDenied if not is_comment_admin(request.user) and not is_comment_moderator(request.user): raise PermissionDenied return super().dispatch(request, *args, **kwargs)
def get_comments(self): comments = self.model_object.comments.filter_parents_by_object( self.model_object, include_flagged=is_comment_moderator(self.request.user)) page = get_request_data(self.request, 'page') comments_per_page = settings.COMMENT_PER_PAGE if comments_per_page: comments = paginate_comments(comments, comments_per_page, page) return comments
def has_object_permission(self, request, view, obj): # GET, HEAD or OPTIONS requests are SAFE_METHODS. if request.method in permissions.SAFE_METHODS: return True # PUT and DELETE permissions are allowed to the owner of the comment. if request.method == 'DELETE': # comment admin can delete other users comments return any([ is_comment_admin(request.user), obj.user == request.user, (obj.is_flagged and is_comment_moderator(request.user)) ]) return obj.user == request.user
def get_url(self, request): page_url = self.content_object.get_absolute_url() comments_per_page = settings.COMMENT_PER_PAGE if comments_per_page: qs_all_parents = self.__class__.objects.filter_parents_by_object( self.content_object, include_flagged=is_comment_moderator(request.user)) position = qs_all_parents.filter( posted__gte=self.posted).count() + 1 if position > comments_per_page: page_url += '?page=' + str(ceil(position / comments_per_page)) return page_url + '#' + self.urlhash
def has_permission(self, request): return is_comment_admin(request.user) or is_comment_moderator( request.user)
def has_object_permission(self, request, obj): return request.user == obj.user or is_comment_admin(request.user) \ or (obj.is_flagged and is_comment_moderator(request.user))
def test_is_comment_moderator_no_moderation(self): self.assertFalse(is_comment_moderator(self.moderator))
def has_permission(self, request, view): if not super().has_permission(request, view): return False return is_comment_admin(request.user) or is_comment_moderator( request.user)
def has_object_permission(self, request, view, obj): return obj.is_flagged and (is_comment_admin(request.user) or is_comment_moderator(request.user))
def can_delete_comment(comment, user): return is_comment_admin(user) or (comment.is_flagged and is_comment_moderator(user))
def get_replies_count(comment, user): return comment.replies(include_flagged=is_comment_moderator(user)).count()
def get_comments_count(obj, user): return obj.comments.all_comments_by_object( obj, include_flagged=is_comment_moderator(user)).count()
def test_one_moderation_system_enabled(self): self.assertIs(is_comment_moderator(self.moderator), True)
def test_flagging_and_blocking_disabled(self): self.assertIs(is_comment_moderator(self.moderator), False)