def delete_topic(request, topic_id):
"""
Deletes a Topic after confirmation is made via POST.
"""
filters = {'pk': topic_id}
if not auth.is_moderator(request.user):
filters['hidden'] = False
topic = get_object_or_404(Topic, **filters)
post = Post.objects.with_user_details().get(topic=topic,
meta=False,
num_in_topic=1)
if not auth.user_can_edit_topic(request.user, topic):
return permission_denied(
request,
message='You do not have permission to delete this topic.')
forum = Forum.objects.select_related().get(pk=topic.forum_id)
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Deleting a Topic')
if request.method == 'POST':
topic.delete()
return HttpResponseRedirect(forum.get_absolute_url())
else:
return render(
request, 'forum/delete_topic.html', {
'post': post,
'topic': topic,
'forum': forum,
'section': forum.section,
'title': 'Delete Topic',
'avatar_dimensions': get_avatar_dimensions(),
})
def delete_topic(request, topic_id):
"""
Deletes a Topic after confirmation is made via POST.
"""
filters = {'pk': topic_id}
if not auth.is_moderator(request.user):
filters['hidden'] = False
topic = get_object_or_404(Topic, **filters)
post = Post.objects.with_user_details().get(topic=topic, meta=False,
num_in_topic=1)
if not auth.user_can_edit_topic(request.user, topic):
return permission_denied(request,
message='You do not have permission to delete this topic.')
forum = Forum.objects.select_related().get(pk=topic.forum_id)
if forum.section.is_managed():
if not forum.section.is_corp_authed(request.user):
return permission_denied(request,
message="You are not a member of the appropriate corporation, alliance or coalition.")
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Deleting a Topic')
if request.method == 'POST':
topic.delete()
return HttpResponseRedirect(forum.get_absolute_url())
else:
return render(request, 'forum/delete_topic.html', {
'post': post,
'topic': topic,
'forum': forum,
'section': forum.section,
'title': 'Delete Topic',
'avatar_dimensions': get_avatar_dimensions(),
})
def delete_topic(request, topic_id):
"""
Deletes a Topic after confirmation is made via POST.
"""
filters = {"pk": topic_id}
if not auth.is_moderator(request.user):
filters["hidden"] = False
topic = get_object_or_404(Topic, **filters)
post = Post.objects.with_user_details().get(topic=topic, meta=False, num_in_topic=1)
if not auth.user_can_edit_topic(request.user, topic):
return permission_denied(request, message="You do not have permission to delete this topic.")
forum = Forum.objects.select_related().get(pk=topic.forum_id)
if app_settings.USE_REDIS:
redis.seen_user(request.user, "Deleting a Topic")
if request.method == "POST":
topic.delete()
return HttpResponseRedirect(forum.get_absolute_url())
else:
return render(
request,
"forum/delete_topic.html",
{
"post": post,
"topic": topic,
"forum": forum,
"section": forum.section,
"title": "Delete Topic",
"avatar_dimensions": get_avatar_dimensions(),
},
)
def edit_topic(request, topic_id):
"""
Edits the given Topic.
To avoid regular Users from being shown non-working links, the
Topic's Forum's denormalised last Post data is also updated when
necessary after the moderator has made a change to the Topic's
``hidden`` status. Post counts and Topic counts will not be
affected by hiding a Topic - it is assumed this is a temporary
measure which will either lead to a Topic being cleaned up or
removed altogether.
"""
filters = {'pk': topic_id}
if not auth.is_moderator(request.user):
filters['hidden'] = False
topic = get_object_or_404(Topic, **filters)
forum = Forum.objects.select_related().get(pk=topic.forum_id)
if forum.section.is_managed():
if not forum.section.is_corp_authed(request.user):
return permission_denied(request,
message="You are not a member of the appropriate corporation, alliance or coalition.")
if not auth.user_can_edit_topic(request.user, topic):
return permission_denied(request,
message='You do not have permission to edit this topic.')
editable_fields = ['title', 'description']
moderator = auth.is_moderator(request.user)
if moderator:
was_hidden = topic.hidden
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Editing Topic:', topic)
if request.method == 'POST':
form = forms.EditTopicForm(moderator, request.POST, instance=topic)
if form.is_valid():
topic = form.save(commit=True)
if auth.is_moderator(request.user):
if topic.hidden and not was_hidden:
if forum.last_topic_id == topic.id:
# Set the forum's last post to the latest non-hidden
# post.
forum.set_last_post()
elif not topic.hidden and was_hidden:
# Just in case this topic still holds the last post
forum.set_last_post()
return HttpResponseRedirect(topic.get_absolute_url())
else:
form = forms.EditTopicForm(moderator, instance=topic)
return render(request, 'forum/edit_topic.html', {
'topic': topic,
'form': form,
'section': forum.section,
'forum': forum,
'title': 'Edit Topic',
'quick_help_template': post_formatter.QUICK_HELP_TEMPLATE,
})
def edit_topic(request, topic_id):
"""
Edits the given Topic.
To avoid regular Users from being shown non-working links, the
Topic's Forum's denormalised last Post data is also updated when
necessary after the moderator has made a change to the Topic's
``hidden`` status. Post counts and Topic counts will not be
affected by hiding a Topic - it is assumed this is a temporary
measure which will either lead to a Topic being cleaned up or
removed altogether.
"""
filters = {'pk': topic_id}
if not auth.is_moderator(request.user):
filters['hidden'] = False
topic = get_object_or_404(Topic, **filters)
forum = Forum.objects.select_related().get(pk=topic.forum_id)
if not auth.user_can_edit_topic(request.user, topic):
return permission_denied(
request, message='You do not have permission to edit this topic.')
editable_fields = ['title', 'description']
moderator = auth.is_moderator(request.user)
if moderator:
was_hidden = topic.hidden
if app_settings.USE_REDIS:
redis.seen_user(request.user, 'Editing Topic:', topic)
if request.method == 'POST':
form = forms.EditTopicForm(moderator, request.POST, instance=topic)
if form.is_valid():
topic = form.save(commit=True)
if auth.is_moderator(request.user):
if topic.hidden and not was_hidden:
if forum.last_topic_id == topic.id:
# Set the forum's last post to the latest non-hidden
# post.
forum.set_last_post()
elif not topic.hidden and was_hidden:
# Just in case this topic still holds the last post
forum.set_last_post()
return HttpResponseRedirect(topic.get_absolute_url())
else:
form = forms.EditTopicForm(moderator, instance=topic)
return render(
request, 'forum/edit_topic.html', {
'topic': topic,
'form': form,
'section': forum.section,
'forum': forum,
'title': 'Edit Topic',
'quick_help_template': post_formatter.QUICK_HELP_TEMPLATE,
})
def test_user_can_edit_topic(self):
"""
Verifies the check for a given user being able to edit a given
Topic.
Members of the User group may only edit their own Topics if they
are not locked.
"""
# Topic creeated by admin
topic = Topic.objects.get(pk=1)
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
# Topic created by moderator
topic = Topic.objects.get(pk=2)
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
# Topic created by user
topic = Topic.objects.get(pk=3)
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertTrue(auth.user_can_edit_topic(self.user, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
def test_user_can_edit_topic(self):
"""
Verifies the check for a given user being able to edit a given
Topic.
Members of the User group may only edit their own Topics if they
are not locked.
"""
# Topic creeated by admin
topic = Topic.objects.get(pk=1)
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
# Topic created by moderator
topic = Topic.objects.get(pk=2)
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
# Topic created by user
topic = Topic.objects.get(pk=3)
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertTrue(auth.user_can_edit_topic(self.user, topic))
topic.locked = True
self.assertTrue(auth.user_can_edit_topic(self.admin, topic))
self.assertTrue(auth.user_can_edit_topic(self.moderator, topic))
self.assertFalse(auth.user_can_edit_topic(self.user, topic))
def can_edit_topic(user, topic):
return user.is_authenticated() and \
auth.user_can_edit_topic(user, topic)
def can_edit_topic(user, topic):
return user.is_authenticated() and \
auth.user_can_edit_topic(user, topic)
