def post(self, comment_id):
comment = Comment.get_by_id(int(comment_id))
topic = Topic.query(Topic.title == comment.topic_title).get()
user = users.get_current_user()
if user.email() == comment.author_email or users.is_current_user_admin(
):
Comment.delete_comment(comment=comment)
Topic.comment_sum_minus_one(topic=topic)
return self.redirect_to("topic", topic_id=comment.topic_id)
def test_add_comment_1(self):
"""
Test create_comment: user and event exists, comment length good
"""
user = "******"
content = "this is a comment"
event_id = self.event_id
time = datetime.strptime("2020-01-01 12:12:30", "%Y-%m-%d %H:%M:%S")
comment = Comment(user=user,
content=content,
comment_time=time,
event=event_id)
comment_id = Comment.create_comment(comment)
comments = Comment.get_comment_by_event(event_id)
self.assertEqual(len(comments), 1)
self.assertIn(comment_id, comments[0].comment_id)
Comment.delete_comment(comment_id)
def test_delete_comment_1(self):
"""
Test delete_comment: comment exists
"""
user = "******"
event_id = self.event_id
content = "this is a comment"
time = datetime.strptime("2020-01-01 12:12:30", "%Y-%m-%d %H:%M:%S")
comment = Comment(user=user,
content=content,
comment_time=time,
event=event_id)
comment_id = Comment.create_comment(comment)
comments = Comment.get_comment_by_event(event_id)
self.assertEqual(len(comments), 1)
Comment.delete_comment(comment_id)
comments = Comment.get_comment_by_event(event_id)
self.assertEqual(len(comments), 0)
def get(self, post_key, comment_key):
""" Delete a comment
:param post_key:
Post which the comment belongs to
:param comment_key:
Comment to delete
"""
if Comment.delete_comment(self.user_comment):
self.redirect_to("viewpost", post_key=post_key)
else:
self.abort(500)
def comment_delete(comment_id):
comment = Comment.get_by_id(comment_id=comment_id)
# get current user
session_token = request.cookies.get("session_token")
user = User.get_by_session_token(session_token=session_token)
# check if user logged in & if user is author
if not user:
return redirect(url_for('auth.login'))
elif comment.author_id != user._id:
return "You can only delete your own comments!"
# check CSRF tokens
csrf = request.form.get("csrf")
redis_csrf = get_csrf_token(username=user.username)
# if they match, allow user to delete the comment
if csrf and csrf == redis_csrf:
Comment.delete_comment(comment_id=comment_id)
return redirect(url_for('topic.topic_details', topic_id=comment.topic_id))
else:
return "CSRF error: tokens don't match!"
def delete(request):
weibo_id = int(request.query['id'])
Comment.delete_comment(weibo_id)
Weibo.delete(weibo_id)
d = dict(message="成功删除 weibo")
return json_response(d)
def delete_comment(comment_id=None):
if comment_id != None:
Comment.delete_comment(comment_id, g.current_user.id)
return ''