def delete_post(request, post_id): """ Deletes a Post after deletion is confirmed via POST. A request to delete the first post in a Topic is interpreted as a request to delete the Topic itself. """ filters = {'pk': post_id} if not request.user.is_authenticated() or \ not auth.is_moderator(request.user): filters['topic__hidden'] = False post = get_object_or_404(Post.objects.with_user_details(), **filters) topic = post.topic if not auth.user_can_edit_post(request.user, post, topic): return permission_denied( request, message='You do not have permission to delete this post.') if post.num_in_topic == 1 and not post.meta: return delete_topic(request, post.topic_id) if app_settings.USE_REDIS: redis.seen_user(request.user, 'Deleting a post in:', topic) if request.method == 'POST': post.delete() url = post.meta and topic.get_meta_url() or topic.get_absolute_url() return HttpResponseRedirect(url) else: forum = Forum.objects.select_related().get(pk=topic.forum_id) return render( request, 'forum/delete_post.html', { 'post': post, 'topic': topic, 'forum': forum, 'section': forum.section, 'title': 'Delete Post', 'avatar_dimensions': get_avatar_dimensions(), })
def delete_post(request, post_id): """ Deletes a Post after deletion is confirmed via POST. A request to delete the first post in a Topic is interpreted as a request to delete the Topic itself. """ filters = {'pk': post_id} if not request.user.is_authenticated() or \ not auth.is_moderator(request.user): filters['topic__hidden'] = False post = get_object_or_404(Post.objects.with_user_details(), **filters) topic = post.topic if not auth.user_can_edit_post(request.user, post, topic): return permission_denied(request, message='You do not have permission to delete this post.') if post.num_in_topic == 1 and not post.meta: return delete_topic(request, post.topic_id) if app_settings.USE_REDIS: redis.seen_user(request.user, 'Deleting a post in:', topic) if request.method == 'POST': post.delete() url = post.meta and topic.get_meta_url() or topic.get_absolute_url() return HttpResponseRedirect(url) else: forum = Forum.objects.select_related().get(pk=topic.forum_id) return render(request, 'forum/delete_post.html', { 'post': post, 'topic': topic, 'forum': forum, 'section': forum.section, 'title': 'Delete Post', 'avatar_dimensions': get_avatar_dimensions(), })
def edit_post(request, post_id): """ Edits the given Post. """ filters = {'pk': post_id} if not auth.is_moderator(request.user): filters['topic__hidden'] = False post = get_object_or_404(Post, **filters) topic = post.topic if not auth.user_can_edit_post(request.user, post, topic): return permission_denied(request, message='You do not have permission to edit this post.') forum = Forum.objects.select_related().get(pk=topic.forum_id) if forum.section.is_managed(): if not forum.section.is_corp_authed(request.user): return permission_denied(request, message="You are not a member of the appropriate corporation, alliance or coalition.") meta_editable = auth.is_moderator(request.user) if meta_editable: was_meta = post.meta preview = None if app_settings.USE_REDIS: redis.seen_user(request.user, 'Editing a post in:', topic) if request.method == 'POST': form = forms.ReplyForm(meta_editable, request.POST, instance=post) if form.is_valid(): if 'preview' in request.POST: preview = post_formatter.format_post( form.cleaned_data['body'], form.cleaned_data['emoticons']) elif 'submit' in request.POST: post = form.save(commit=False) if auth.is_moderator(request.user): if post.meta and not was_meta: moderation.make_post_meta(post, topic, forum) elif not post.meta and was_meta: moderation.make_post_not_meta(post, topic, forum) else: post.save() else: post.save() return redirect_to_post(request, post.id, post) else: form = forms.ReplyForm(meta_editable, instance=post) return render(request, 'forum/edit_post.html', { 'form': form, 'post': post, 'topic': topic, 'forum': forum, 'section': forum.section, 'preview': preview, 'title': 'Edit Post', 'quick_help_template': post_formatter.QUICK_HELP_TEMPLATE, })
def edit_post(request, post_id): """ Edits the given Post. """ filters = {"pk": post_id} if not auth.is_moderator(request.user): filters["topic__hidden"] = False post = get_object_or_404(Post, **filters) topic = post.topic if not auth.user_can_edit_post(request.user, post, topic): return permission_denied(request, message="You do not have permission to edit this post.") forum = Forum.objects.select_related().get(pk=topic.forum_id) meta_editable = auth.is_moderator(request.user) if meta_editable: was_meta = post.meta preview = None if app_settings.USE_REDIS: redis.seen_user(request.user, "Editing a post in:", topic) if request.method == "POST": form = forms.ReplyForm(meta_editable, request.POST, instance=post) if form.is_valid(): if "preview" in request.POST: preview = post_formatter.format_post(form.cleaned_data["body"], form.cleaned_data["emoticons"]) elif "submit" in request.POST: post = form.save(commit=False) if auth.is_moderator(request.user): if post.meta and not was_meta: moderation.make_post_meta(post, topic, forum) elif not post.meta and was_meta: moderation.make_post_not_meta(post, topic, forum) else: post.save() else: post.save() return redirect_to_post(request, post.id, post) else: form = forms.ReplyForm(meta_editable, instance=post) return render( request, "forum/edit_post.html", { "form": form, "post": post, "topic": topic, "forum": forum, "section": forum.section, "preview": preview, "title": "Edit Post", "quick_help_template": post_formatter.QUICK_HELP_TEMPLATE, }, )
def edit_post(request, post_id): """ Edits the given Post. """ filters = {'pk': post_id} if not auth.is_moderator(request.user): filters['topic__hidden'] = False post = get_object_or_404(Post, **filters) topic = post.topic if not auth.user_can_edit_post(request.user, post, topic): return permission_denied( request, message='You do not have permission to edit this post.') forum = Forum.objects.select_related().get(pk=topic.forum_id) meta_editable = auth.is_moderator(request.user) if meta_editable: was_meta = post.meta preview = None if app_settings.USE_REDIS: redis.seen_user(request.user, 'Editing a post in:', topic) if request.method == 'POST': form = forms.ReplyForm(meta_editable, request.POST, instance=post) if form.is_valid(): if 'preview' in request.POST: preview = post_formatter.format_post( form.cleaned_data['body'], form.cleaned_data['emoticons']) elif 'submit' in request.POST: post = form.save(commit=False) if auth.is_moderator(request.user): if post.meta and not was_meta: moderation.make_post_meta(post, topic, forum) elif not post.meta and was_meta: moderation.make_post_not_meta(post, topic, forum) else: post.save() else: post.save() return redirect_to_post(request, post.id, post) else: form = forms.ReplyForm(meta_editable, instance=post) return render( request, 'forum/edit_post.html', { 'form': form, 'post': post, 'topic': topic, 'forum': forum, 'section': forum.section, 'preview': preview, 'title': 'Edit Post', 'quick_help_template': post_formatter.QUICK_HELP_TEMPLATE, })
def delete_post(request, post_id): """ Deletes a Post after deletion is confirmed via POST. A request to delete the first post in a Topic is interpreted as a request to delete the Topic itself. """ filters = {"pk": post_id} if not request.user.is_authenticated() or not auth.is_moderator(request.user): filters["topic__hidden"] = False post = get_object_or_404(Post.objects.with_user_details(), **filters) topic = post.topic if not auth.user_can_edit_post(request.user, post, topic): return permission_denied(request, message="You do not have permission to delete this post.") if post.num_in_topic == 1 and not post.meta: return delete_topic(request, post.topic_id) if app_settings.USE_REDIS: redis.seen_user(request.user, "Deleting a post in:", topic) if request.method == "POST": post.delete() url = post.meta and topic.get_meta_url() or topic.get_absolute_url() return HttpResponseRedirect(url) else: forum = Forum.objects.select_related().get(pk=topic.forum_id) return render( request, "forum/delete_post.html", { "post": post, "topic": topic, "forum": forum, "section": forum.section, "title": "Delete Post", "avatar_dimensions": get_avatar_dimensions(), }, )
def test_user_can_edit_post(self): """ Verifies the check for a given user being able to edit a given Post. Members of the User group may only edit their own Posts if they are not in unlocked Topics. """ # Post by admin post = Post.objects.get(pk=1) topic = post.topic self.assertTrue(auth.user_can_edit_post(self.admin, post)) self.assertTrue(auth.user_can_edit_post(self.moderator, post)) self.assertFalse(auth.user_can_edit_post(self.user, post)) self.assertTrue(auth.user_can_edit_post(self.admin, post, topic)) self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic)) self.assertFalse(auth.user_can_edit_post(self.user, post, topic)) topic.locked = True self.assertTrue(auth.user_can_edit_post(self.admin, post, topic)) self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic)) self.assertFalse(auth.user_can_edit_post(self.user, post, topic)) # Post by moderator post = Post.objects.get(pk=4) topic = post.topic self.assertTrue(auth.user_can_edit_post(self.admin, post)) self.assertTrue(auth.user_can_edit_post(self.moderator, post)) self.assertFalse(auth.user_can_edit_post(self.user, post)) self.assertTrue(auth.user_can_edit_post(self.admin, post, topic)) self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic)) self.assertFalse(auth.user_can_edit_post(self.user, post, topic)) topic.locked = True self.assertTrue(auth.user_can_edit_post(self.admin, post, topic)) self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic)) self.assertFalse(auth.user_can_edit_post(self.user, post, topic)) # Post by user post = Post.objects.get(pk=7) topic = post.topic self.assertTrue(auth.user_can_edit_post(self.admin, post)) self.assertTrue(auth.user_can_edit_post(self.moderator, post)) self.assertTrue(auth.user_can_edit_post(self.user, post)) self.assertTrue(auth.user_can_edit_post(self.admin, post, topic)) self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic)) self.assertTrue(auth.user_can_edit_post(self.user, post, topic)) topic.locked = True self.assertTrue(auth.user_can_edit_post(self.admin, post, topic)) self.assertTrue(auth.user_can_edit_post(self.moderator, post, topic)) self.assertFalse(auth.user_can_edit_post(self.user, post, topic))
def can_edit_post(user, post): return user.is_authenticated() and \ auth.user_can_edit_post(user, post)