def delete_thread(request):
"""Delete thread."""
if not (valid_permission(request, 'forum_delete')
and valid_permission(request, 'forum_mod_edit')):
request.errors.add('body', 'access_denied', 'Access denied')
return
thread_id = request.params["thread_id"]
bb.delete_thread(thread_id)
return {"status": "success"}
def delete_post(request):
"""Delete post."""
post_obj = bb.get_post(request.params["post_id"])
if not (valid_permission(request, 'forum_delete')
and valid_permission(request, 'forum_mod_edit')):
request.errors.add('body', 'access_denied', 'Access denied')
return
what_id = bb.delete_post(post_obj)
if what_id == 1:
what = "post"
else:
what = "thread"
return {"status": "deleted", "what": what, "what_id": what_id}
def check_owner(request, page_id):
page = c.show_page(page_id)
if (valid_permission(request, 'article_mod')
or page.user == request.validated['user_db']):
return True
else:
request.errors.add('body', 'access_denied', 'Access denied')
return False
def update_post(request):
"""Update post."""
user = request.validated['user_db']
post_obj = bb.get_post(request.params["post_id"])
if not valid_permission(request, 'forum_edit'):
request.errors.add('body', 'access_denied', 'Access denied')
return
if not (valid_permission(request, 'forum_mod_edit')
or post_obj.user == user):
request.errors.add('body', 'access_denied', 'Access denied')
return
post_obj.name = request.json_body['title']
post_obj.article = request.json_body['body']
return {
"status": "updated",
"post_name": post_obj.name,
"post_content": post_obj.article,
"post_time": str(post_obj.time),
"post_username": post_obj.user.name,
"post_id": post_obj.id
}
def update_thread(request):
"""Update thread."""
user = request.validated['user_db']
thread = bb.get_thread(request.params["thread_id"])
if not valid_permission(request, 'forum_edit'):
request.errors.add('body', 'access_denied', 'Access denied')
return
if (valid_permission(request, 'forum_mod_edit')
or thread.posts[0].user == user):
thread.name = request.json_body['title']
thread.description = request.json_body['description']
else:
request.errors.add('body', 'access_denied', 'Access denied')
return
return {
"status": "success",
"thread_id": thread.id,
"thread_name": thread.name,
"thread_desc": thread.description,
"thread_total_posts": thread.total_posts()
}
def api_article_delete(request):
if not valid_permission(request, "article_delete"):
request.errors.add('body', 'access_denied', 'Access denied')
return
page_id = request.matchdict.get('page_id')
if not check_owner(request, page_id):
return
try:
c.delete(request, c.show_page(page_id))
return {"status": "deleted"}
except PageNotFound:
request.errors.add('querystring', 'not_found', 'Page Not Found')
def api_article_create(request):
"""
Creates an article.
Accepts: display_name, article, summary, tags
"""
if not valid_permission(request, "article_create"):
request.errors.add('body', 'access_denied', 'Access denied')
return
page_id, display_name, article, summary, tags = quick_get_matchdict(
request)
user = request.validated['user_db']
try:
c.create(request, page_id, display_name, article, summary, user, tags)
return {"status": "created"}
except PageFound:
request.errors.add('querystring', 'found', 'A page already exists')
def create_thread(request):
"""Create thread."""
if not valid_permission(request, 'forum_reply'):
request.errors.add('body', 'access_denied', 'Access denied')
return
user = request.validated['user_db']
forum = bb.get_forum(request.params.get('forum_id'))
thread = bb.add_thread(request.json_body.get("title"),
request.json_body.get("description"),
request.json_body.get("body"), user, forum)
return {
"status": "success",
"thread_id": thread.id,
"thread_name": thread.name,
"thread_desc": thread.description,
"thread_total_posts": thread.total_posts()
}
def create_post(request):
"""Create post."""
name = request.json_body['title']
article = request.json_body['body']
user = request.validated['user_db']
thread_obj = bb.get_thread(request.params["thread_id"])
if not valid_permission(request, 'forum_reply'):
request.errors.add('body', 'access_denied', 'Access denied')
return
post_obj = bb.add_post(thread_obj, name, article, user)
return {
"status": "created",
"post_name": post_obj.name,
"post_content": post_obj.article,
"post_time": str(post_obj.time),
"post_username": post_obj.user.name,
"post_id": post_obj.id
}
def api_article_update(request):
"""
Updates an article.
Accepts: display_name, article, summary, tags
"""
if not valid_permission(request, "article_update"):
request.errors.add('body', 'access_denied', 'Access denied')
return
page_id, display_name, article, summary, tags = quick_get_matchdict(
request)
if not check_owner(request, page_id):
return
user = request.validated['user_db']
try:
page = c.show_page(page_id)
page.display_name = display_name
c.update(request, page, article, summary, user, tags)
return {"status": "updated"}
except PageNotFound:
request.errors.add('querystring', 'not_found', 'Page not found')
def edit_board_permission(request, **kwargs):
if not valid_permission(request, 'edit_board'):
request.errors.add('body', 'access_denied', 'Access denied')
return