Beispiel #1
0
def modcontrol_spam_remove_post_(request):
    """
    Submits content to the spam filtering backend, and hides it from view.

    Either `submitid` or `journalid` must be present in the request's parameters.

    :param request: The Pyramid request.
    :subparam request.params['submitid']: If present, the submission's ID number.
    :subparam request.params['journalid']: If present, the journal's ID number.
    :return/raises: HTTPSeeOther to /modcontrol/suspenduser.
    """
    submitid = request.params.get('submitid')
    journalid = request.params.get('journalid')

    # Only one parameter should ever be set
    if sum(item is not None for item in [submitid, journalid]) != 1:
        raise WeasylError("Unexpected")

    submitid = int(submitid) if submitid is not None else None
    journalid = int(journalid) if journalid is not None else None

    # Only pkey_value is untrusted input to this statement.
    statement = """
        SELECT userid, content, submitter_user_agent_id, submitter_ip_address
        FROM {table_name}
        WHERE {pkey_name} = %(pkey_value)s
    """

    if submitid:
        # The content_type parameter which will be used to signal to the filtering backend what kind of content this is.
        content_type = "submission"
        statement = statement.format(table_name="submission",
                                     pkey_name="submitid")
        record_identifier = submitid
        welcome.submission_remove(submitid=submitid)
        moderation.hidesubmission(submitid=submitid)
    elif journalid:
        content_type = "journal"
        statement = statement.format(table_name="journal",
                                     pkey_name="journalid")
        record_identifier = journalid
        welcome.journal_remove(journalid=journalid)
        moderation.hidejournal(journalid=journalid)

    userid, content, user_agent_id, ip_addr = define.engine.execute(
        statement, pkey_value=record_identifier).first()

    spam_filtering.submit(
        is_spam=True,
        user_ip=ip_addr,
        user_agent_id=user_agent_id,
        user_id=userid,
        comment_type=content_type,
        comment_content=content,
    )

    index.recent_submissions.invalidate()

    raise HTTPSeeOther("/modcontrol/suspenduser")
Beispiel #2
0
def remove(userid, submitid):
    ownerid = d.get_ownerid(submitid=submitid)

    if userid not in staff.MODS and userid != ownerid:
        raise WeasylError("InsufficientPermissions")

    query = d.execute("UPDATE submission SET settings = settings || 'h'"
                      " WHERE submitid = %i AND settings !~ 'h' RETURNING submitid", [submitid])

    if query:
        welcome.submission_remove(submitid)

    return ownerid
Beispiel #3
0
def remove(userid, submitid):
    ownerid = d.get_ownerid(submitid=submitid)

    if userid not in staff.MODS and userid != ownerid:
        raise WeasylError("InsufficientPermissions")

    query = d.execute("UPDATE submission SET settings = settings || 'h'"
                      " WHERE submitid = %i AND settings !~ 'h' RETURNING submitid", [submitid])

    if query:
        welcome.submission_remove(submitid)

    return ownerid
Beispiel #4
0
def hidesubmission(submitid):
    d.execute("UPDATE submission SET settings = settings || 'h' WHERE submitid = %i AND settings !~ 'h'", [submitid])
    welcome.submission_remove(submitid)
Beispiel #5
0
def hidesubmission(submitid):
    d.execute("UPDATE submission SET settings = settings || 'h' WHERE submitid = %i AND settings !~ 'h'", [submitid])
    welcome.submission_remove(submitid)