def modcontrol_spam_remove_post_(request):
"""
Submits content to the spam filtering backend, and hides it from view.
Either `submitid` or `journalid` must be present in the request's parameters.
:param request: The Pyramid request.
:subparam request.params['submitid']: If present, the submission's ID number.
:subparam request.params['journalid']: If present, the journal's ID number.
:return/raises: HTTPSeeOther to /modcontrol/suspenduser.
"""
submitid = request.params.get('submitid')
journalid = request.params.get('journalid')
# Only one parameter should ever be set
if sum(item is not None for item in [submitid, journalid]) != 1:
raise WeasylError("Unexpected")
submitid = int(submitid) if submitid is not None else None
journalid = int(journalid) if journalid is not None else None
# Only pkey_value is untrusted input to this statement.
statement = """
SELECT userid, content, submitter_user_agent_id, submitter_ip_address
FROM {table_name}
WHERE {pkey_name} = %(pkey_value)s
"""
if submitid:
# The content_type parameter which will be used to signal to the filtering backend what kind of content this is.
content_type = "submission"
statement = statement.format(table_name="submission",
pkey_name="submitid")
record_identifier = submitid
welcome.submission_remove(submitid=submitid)
moderation.hidesubmission(submitid=submitid)
elif journalid:
content_type = "journal"
statement = statement.format(table_name="journal",
pkey_name="journalid")
record_identifier = journalid
welcome.journal_remove(journalid=journalid)
moderation.hidejournal(journalid=journalid)
userid, content, user_agent_id, ip_addr = define.engine.execute(
statement, pkey_value=record_identifier).first()
spam_filtering.submit(
is_spam=True,
user_ip=ip_addr,
user_agent_id=user_agent_id,
user_id=userid,
comment_type=content_type,
comment_content=content,
)
index.recent_submissions.invalidate()
raise HTTPSeeOther("/modcontrol/suspenduser")
def remove(userid, submitid):
ownerid = d.get_ownerid(submitid=submitid)
if userid not in staff.MODS and userid != ownerid:
raise WeasylError("InsufficientPermissions")
query = d.execute("UPDATE submission SET settings = settings || 'h'"
" WHERE submitid = %i AND settings !~ 'h' RETURNING submitid", [submitid])
if query:
welcome.submission_remove(submitid)
return ownerid
def remove(userid, submitid):
ownerid = d.get_ownerid(submitid=submitid)
if userid not in staff.MODS and userid != ownerid:
raise WeasylError("InsufficientPermissions")
query = d.execute("UPDATE submission SET settings = settings || 'h'"
" WHERE submitid = %i AND settings !~ 'h' RETURNING submitid", [submitid])
if query:
welcome.submission_remove(submitid)
return ownerid
def hidesubmission(submitid):
d.execute("UPDATE submission SET settings = settings || 'h' WHERE submitid = %i AND settings !~ 'h'", [submitid])
welcome.submission_remove(submitid)
def hidesubmission(submitid):
d.execute("UPDATE submission SET settings = settings || 'h' WHERE submitid = %i AND settings !~ 'h'", [submitid])
welcome.submission_remove(submitid)