def delete_post(request, post_id):
"""
Deletes a Post after deletion is confirmed via POST.
A request to delete the first post in a Topic is interpreted
as a request to delete the Topic itself.
"""
filters = {'pk': post_id}
if not request.user.is_authenticated() or \
not auth.is_moderator(request.user):
filters['topic__hidden'] = False
post = get_object_or_404(Post.objects.with_user_details(), **filters)
topic = post.topic
if not auth.user_can_edit_post(request.user, post, topic):
return permission_denied(
request, message='You do not have permission to delete this post.')
if post.num_in_topic == 1 and not post.meta:
return delete_topic(request, post.topic_id)
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Deleting a post in:', topic)
if request.method == 'POST':
post.delete()
url = post.meta and topic.get_meta_url() or topic.get_absolute_url()
return HttpResponseRedirect(url)
else:
forum = Forum.objects.select_related().get(pk=topic.forum_id)
return render(
request, 'forum/delete_post.html', {
'post': post,
'topic': topic,
'forum': forum,
'section': forum.section,
'title': 'Delete Post',
'avatar_dimensions': get_avatar_dimensions(),
})
def delete_post(request, post_id):
"""
Deletes a Post after deletion is confirmed via POST.
A request to delete the first post in a Topic is interpreted
as a request to delete the Topic itself.
"""
filters = {'pk': post_id}
if not request.user.is_authenticated() or \
not auth.is_moderator(request.user):
filters['topic__hidden'] = False
post = get_object_or_404(Post.objects.with_user_details(), **filters)
topic = post.topic
if not auth.user_can_edit_post(request.user, post, topic):
return permission_denied(request,
message='You do not have permission to delete this post.')
if post.num_in_topic == 1 and not post.meta:
return delete_topic(request, post.topic_id)
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Deleting a post in:', topic)
if request.method == 'POST':
post.delete()
url = post.meta and topic.get_meta_url() or topic.get_absolute_url()
return HttpResponseRedirect(url)
else:
forum = Forum.objects.select_related().get(pk=topic.forum_id)
return render(request, 'forum/delete_post.html', {
'post': post,
'topic': topic,
'forum': forum,
'section': forum.section,
'title': 'Delete Post',
'avatar_dimensions': get_avatar_dimensions(),
})
def edit_post(request, post_id):
"""
Edits the given Post.
"""
filters = {'pk': post_id}
if not auth.is_moderator(request.user):
filters['topic__hidden'] = False
post = get_object_or_404(Post, **filters)
topic = post.topic
if not auth.user_can_edit_post(request.user, post, topic):
return permission_denied(request,
message='You do not have permission to edit this post.')
forum = Forum.objects.select_related().get(pk=topic.forum_id)
if forum.section.is_managed():
if not forum.section.is_corp_authed(request.user):
return permission_denied(request,
message="You are not a member of the appropriate corporation, alliance or coalition.")
meta_editable = auth.is_moderator(request.user)
if meta_editable:
was_meta = post.meta
preview = None
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Editing a post in:', topic)
if request.method == 'POST':
form = forms.ReplyForm(meta_editable, request.POST, instance=post)
if form.is_valid():
if 'preview' in request.POST:
preview = post_formatter.format_post(
form.cleaned_data['body'], form.cleaned_data['emoticons'])
elif 'submit' in request.POST:
post = form.save(commit=False)
if auth.is_moderator(request.user):
if post.meta and not was_meta:
moderation.make_post_meta(post, topic, forum)
elif not post.meta and was_meta:
moderation.make_post_not_meta(post, topic, forum)
else:
post.save()
else:
post.save()
return redirect_to_post(request, post.id, post)
else:
form = forms.ReplyForm(meta_editable, instance=post)
return render(request, 'forum/edit_post.html', {
'form': form,
'post': post,
'topic': topic,
'forum': forum,
'section': forum.section,
'preview': preview,
'title': 'Edit Post',
'quick_help_template': post_formatter.QUICK_HELP_TEMPLATE,
})
def edit_post(request, post_id):
"""
Edits the given Post.
"""
filters = {"pk": post_id}
if not auth.is_moderator(request.user):
filters["topic__hidden"] = False
post = get_object_or_404(Post, **filters)
topic = post.topic
if not auth.user_can_edit_post(request.user, post, topic):
return permission_denied(request, message="You do not have permission to edit this post.")
forum = Forum.objects.select_related().get(pk=topic.forum_id)
meta_editable = auth.is_moderator(request.user)
if meta_editable:
was_meta = post.meta
preview = None
if app_settings.USE_REDIS:
redis.seen_user(request.user, "Editing a post in:", topic)
if request.method == "POST":
form = forms.ReplyForm(meta_editable, request.POST, instance=post)
if form.is_valid():
if "preview" in request.POST:
preview = post_formatter.format_post(form.cleaned_data["body"], form.cleaned_data["emoticons"])
elif "submit" in request.POST:
post = form.save(commit=False)
if auth.is_moderator(request.user):
if post.meta and not was_meta:
moderation.make_post_meta(post, topic, forum)
elif not post.meta and was_meta:
moderation.make_post_not_meta(post, topic, forum)
else:
post.save()
else:
post.save()
return redirect_to_post(request, post.id, post)
else:
form = forms.ReplyForm(meta_editable, instance=post)
return render(
request,
"forum/edit_post.html",
{
"form": form,
"post": post,
"topic": topic,
"forum": forum,
"section": forum.section,
"preview": preview,
"title": "Edit Post",
"quick_help_template": post_formatter.QUICK_HELP_TEMPLATE,
},
)
def edit_post(request, post_id):
"""
Edits the given Post.
"""
filters = {'pk': post_id}
if not auth.is_moderator(request.user):
filters['topic__hidden'] = False
post = get_object_or_404(Post, **filters)
topic = post.topic
if not auth.user_can_edit_post(request.user, post, topic):
return permission_denied(
request, message='You do not have permission to edit this post.')
forum = Forum.objects.select_related().get(pk=topic.forum_id)
meta_editable = auth.is_moderator(request.user)
if meta_editable:
was_meta = post.meta
preview = None
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Editing a post in:', topic)
if request.method == 'POST':
form = forms.ReplyForm(meta_editable, request.POST, instance=post)
if form.is_valid():
if 'preview' in request.POST:
preview = post_formatter.format_post(
form.cleaned_data['body'], form.cleaned_data['emoticons'])
elif 'submit' in request.POST:
post = form.save(commit=False)
if auth.is_moderator(request.user):
if post.meta and not was_meta:
moderation.make_post_meta(post, topic, forum)
elif not post.meta and was_meta:
moderation.make_post_not_meta(post, topic, forum)
else:
post.save()
else:
post.save()
return redirect_to_post(request, post.id, post)
else:
form = forms.ReplyForm(meta_editable, instance=post)
return render(
request, 'forum/edit_post.html', {
'form': form,
'post': post,
'topic': topic,
'forum': forum,
'section': forum.section,
'preview': preview,
'title': 'Edit Post',
'quick_help_template': post_formatter.QUICK_HELP_TEMPLATE,
})
def delete_post(request, post_id):
"""
Deletes a Post after deletion is confirmed via POST.
A request to delete the first post in a Topic is interpreted
as a request to delete the Topic itself.
"""
filters = {"pk": post_id}
if not request.user.is_authenticated() or not auth.is_moderator(request.user):
filters["topic__hidden"] = False
post = get_object_or_404(Post.objects.with_user_details(), **filters)
topic = post.topic
if not auth.user_can_edit_post(request.user, post, topic):
return permission_denied(request, message="You do not have permission to delete this post.")
if post.num_in_topic == 1 and not post.meta:
return delete_topic(request, post.topic_id)
if app_settings.USE_REDIS:
redis.seen_user(request.user, "Deleting a post in:", topic)
if request.method == "POST":
post.delete()
url = post.meta and topic.get_meta_url() or topic.get_absolute_url()
return HttpResponseRedirect(url)
else:
forum = Forum.objects.select_related().get(pk=topic.forum_id)
return render(
request,
"forum/delete_post.html",
{
"post": post,
"topic": topic,
"forum": forum,
"section": forum.section,
"title": "Delete Post",
"avatar_dimensions": get_avatar_dimensions(),
},
)
def test_user_can_edit_post(self):
"""
Verifies the check for a given user being able to edit a given
Post.
Members of the User group may only edit their own Posts if they
are not in unlocked Topics.
"""
# Post by admin
post = Post.objects.get(pk=1)
topic = post.topic
self.assertTrue(auth.user_can_edit_post(self.admin, post))
self.assertTrue(auth.user_can_edit_post(self.moderator, post))
self.assertFalse(auth.user_can_edit_post(self.user, post))
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
# Post by moderator
post = Post.objects.get(pk=4)
topic = post.topic
self.assertTrue(auth.user_can_edit_post(self.admin, post))
self.assertTrue(auth.user_can_edit_post(self.moderator, post))
self.assertFalse(auth.user_can_edit_post(self.user, post))
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
# Post by user
post = Post.objects.get(pk=7)
topic = post.topic
self.assertTrue(auth.user_can_edit_post(self.admin, post))
self.assertTrue(auth.user_can_edit_post(self.moderator, post))
self.assertTrue(auth.user_can_edit_post(self.user, post))
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertTrue(auth.user_can_edit_post(self.user, post, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
def test_user_can_edit_post(self):
"""
Verifies the check for a given user being able to edit a given
Post.
Members of the User group may only edit their own Posts if they
are not in unlocked Topics.
"""
# Post by admin
post = Post.objects.get(pk=1)
topic = post.topic
self.assertTrue(auth.user_can_edit_post(self.admin, post))
self.assertTrue(auth.user_can_edit_post(self.moderator, post))
self.assertFalse(auth.user_can_edit_post(self.user, post))
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
# Post by moderator
post = Post.objects.get(pk=4)
topic = post.topic
self.assertTrue(auth.user_can_edit_post(self.admin, post))
self.assertTrue(auth.user_can_edit_post(self.moderator, post))
self.assertFalse(auth.user_can_edit_post(self.user, post))
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
# Post by user
post = Post.objects.get(pk=7)
topic = post.topic
self.assertTrue(auth.user_can_edit_post(self.admin, post))
self.assertTrue(auth.user_can_edit_post(self.moderator, post))
self.assertTrue(auth.user_can_edit_post(self.user, post))
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertTrue(auth.user_can_edit_post(self.user, post, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_post(self.admin, post, topic))
self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic))
self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
def can_edit_post(user, post):
return user.is_authenticated() and \
auth.user_can_edit_post(user, post)
def can_edit_post(user, post):
return user.is_authenticated() and \
auth.user_can_edit_post(user, post)