def moderate_user(request, uid, action):
if request.method != 'POST':
return html.json_response({'status':'error', 'msg':'Only POST requests are allowed'})
moderator = request.user
target = models.User.objects.get(id=uid)
if not target.profile.authorize(moderator=moderator):
return html.json_response({'status':'error', 'msg':'You do not have permission to moderate this user.'})
if action == 'suspend':
target.profile.suspended = True
target.profile.save()
text = notegen.suspend(target)
models.Note.send(target=moderator, content=text, sender=moderator)
return html.json_response({'status':'success', 'msg':'user suspended'})
elif action == 'reinstate':
# sanity check, the middleware should disable suspended users loggin in again
assert moderator != target, 'You may reinstate yourself'
target.profile.suspended = False
target.profile.save()
text = notegen.reinstate(target)
models.Note.send(target=moderator, content=text, sender=moderator)
return html.json_response({'status':'success', 'msg':'user reinstated'})
return html.json_response({'status':'error', 'msg':'Invalid action %s' % action})
def vote(request):
"Handles all voting on posts"
if request.method == 'POST':
author = request.user
if not author.is_authenticated():
return html.json_response({'status':'error', 'msg':'You must be logged in to vote'})
post_id = int(request.POST.get('post'))
post = models.Post.objects.get(id=post_id)
if post.author == author:
return html.json_response({'status':'error', 'msg':'You cannot vote on your own post'})
type = int(request.POST.get('type'))
old_vote = post.get_vote(author, type)
if old_vote:
old_vote.delete()
return html.json_response({
'status':'success',
'msg':'%s removed' % old_vote.get_type_display()})
else:
vote = post.add_vote(author, type)
if type in models.OPPOSING_VOTES:
# Remove an opposing vote if it exists
post.remove_vote(author, models.OPPOSING_VOTES[type])
return html.json_response({
'status':'success',
'msg':'%s added' % vote.get_type_display()})
return html.json_response({'status':'error', 'msg':'POST method must be used'})
def moderate_post(request, pid, action):
if request.method != 'POST':
return html.json_response({'status':'error', 'msg':'Only POST requests are allowed'})
moderator = request.user
post = models.Post.objects.get(id=pid)
if not post.authorize(user=moderator, strict=False):
return html.json_response({'status':'error', 'msg':'You do not have permission to moderate this post.'})
action_map = {'close':models.REV_CLOSE, 'reopen':models.REV_REOPEN,
'delete':models.REV_DELETE, 'undelete':models.REV_UNDELETE}
post.moderator_action(action_map[action], moderator)
return html.json_response({'status':'success', 'msg':'%s performed' % action})
def destroy_post(request, pid):
"Destroys a post"
if request.method != 'POST':
return html.json_response({'status':'error', 'msg':'Only POST requests are allowed'})
moderator = request.user
post = models.Post.objects.get(id=pid)
# for now only comments may be destroyed
assert post.post_type == const.POST_COMMENT
if not post.authorize(user=moderator, strict=False):
return html.json_response({'status':'error', 'msg':'You do not have permission to delete this post.'})
# TODO why won't this cascade when deleting a post?
models.PostRevision.objects.filter(post=post).all().delete()
post.delete()
return html.json_response({'status':'success', 'msg':'post deleted'})
def ajax_msg(msg, status):
return html.json_response(dict(status=status, msg=msg))
def ajax_msg(msg, status):
return html.json_response(dict(status=status, msg=msg))