website Changeset - 28f3b8de08e7 · Conservancy Kallithea

Changeset - 28f3b8de08e7

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Ben Sturmfels (bsturmfels) - 1 month ago 2024-03-21 00:51:57
ben@sturm.com.au

usethesource: Allow logged in users to edit/delete their own comments only

Unless of course they're given the "change comment" and "delete comment"
permissions, with which they can change or delete any comment.

3 files changed with 11 insertions and 3 deletions:

conservancy/usethesource/templates/usethesource/candidate.html

conservancy/usethesource/templates/usethesource/comment_partial.html

conservancy/usethesource/views.py

0 comments (0 inline, 0 general)

conservancy/usethesource/templates/usethesource/candidate.html

➞

Show inline comments

@@ ... / @@ -15,7 +15,7 @@ @@
       <div>
         <div class="flex items-center">
           <h2 class="f2 lh-title ttu mt0">{{ candidate.name }}</h2>
-          {% if user.is_staff or user.is_superuser %}<a href="{% url 'admin:usethesource_candidate_change' object_id=candidate.id %}" title="Edit candidate" class="f3 white bg-light-silver db ph2 mh2 mb3" style="transform: scaleX(-1); text-decoration: none !important">✎</a>{% endif %}
+          {% if perms.usethesource.change_candidate %}<a href="{% url 'admin:usethesource_candidate_change' object_id=candidate.id %}" title="Edit candidate" class="f3 white bg-light-silver db ph2 mh2 mb3" style="transform: scaleX(-1); text-decoration: none !important">✎</a>{% endif %}
         </div>
         <p><strong>Vendor</strong>: {{ candidate.vendor }}</p>

conservancy/usethesource/templates/usethesource/comment_partial.html

➞

Show inline comments

 <div class="mb4" hx-target="this" hx-swap="outerHTML">
   <div class="mb2">
     <strong>{% if comment.attribute_to %}{{ comment.attribute_to }}{% else %}{{ comment.user }}{% endif %} — {{ comment.time }}</strong>
-    {% if user.is_staff %}
+    {% if request.user == comment.user or perms.usethesource.change_comment %}
       <a href="#" class="f7 white bg-light-silver ph2" hx-get="{% url 'usethesource:edit_comment' comment_id=comment.id %}">edit</a>
     {% endif %}
     {% if request.user == comment.user or perms.usethesource.delete_comment %}
       <a href="#" class="f7 white bg-light-red ph2" hx-delete="{% url 'usethesource:delete_comment' comment_id=comment.id show_add='false' %}" hx-confirm="Are you sure you want to delete this comment?">delete</a>
     {% endif %}
   </div>

conservancy/usethesource/views.py

➞

Show inline comments

 from django.contrib.admin.views.decorators import staff_member_required
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404, redirect, render
 from .models import Candidate, Comment
@@ ... / @@ -53,6 +54,8 @@ def create_comment(request, slug): @@
 @staff_member_required
 def edit_comment(request, comment_id):
     comment = get_object_or_404(Comment, id=comment_id)
     if request.user != comment.user and not request.user.has_perm('usethesource.change_comment'):
         raise PermissionDenied
     if request.method == 'GET':
         form = CommentForm(instance=comment)
     else:
@@ ... / @@ -72,8 +75,11 @@ def view_comment(request, comment_id, show_add): @@
 @staff_member_required
 def delete_comment(request, comment_id, show_add):
     comment = get_object_or_404(Comment, id=comment_id)
     if request.user != comment.user and not request.user.has_perm('usethesource.delete_comment'):
         raise PermissionDenied
     comment.delete()
     show_add = show_add == 'true'
     Comment.objects.filter(id=comment_id).delete()
     return render(request, 'usethesource/comment_deleted.html', {'comment': None, 'add': show_add})

0 comments (0 inline, 0 general)