Changeset - 28f3b8de08e7
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Ben Sturmfels (bsturmfels) - 1 month ago 2024-03-21 00:51:57
ben@sturm.com.au
usethesource: Allow logged in users to edit/delete their own comments only

Unless of course they're given the "change comment" and "delete comment"
permissions, with which they can change or delete any comment.
3 files changed with 11 insertions and 3 deletions:
conservancy/usethesource/templates/usethesource/candidate.html
1
1
conservancy/usethesource/templates/usethesource/comment_partial.html
3
1
conservancy/usethesource/views.py
7
1
0 comments (0 inline, 0 general)
conservancy/usethesource/templates/usethesource/candidate.html
Show inline comments
...
 
@@ -12,13 +12,13 @@
 

			




	
	
	
		
 
  <section class="pa2 mt4 mb3">


			




	
	
	
		
 
    <div style="display: flex; justify-content: space-between">


			




	
	
	
		
 
      <div>


			




	
	
	
		
 
        <div class="flex items-center">


			




	
	
	
		
 
          <h2 class="f2 lh-title ttu mt0">{{ candidate.name }}</h2>


			




	
	
	
		
 
          {% if user.is_staff or user.is_superuser %}<a href="{% url 'admin:usethesource_candidate_change' object_id=candidate.id %}" title="Edit candidate" class="f3 white bg-light-silver db ph2 mh2 mb3" style="transform: scaleX(-1); text-decoration: none !important">✎</a>{% endif %}


			




	
	
	
		
 
          {% if perms.usethesource.change_candidate %}<a href="{% url 'admin:usethesource_candidate_change' object_id=candidate.id %}" title="Edit candidate" class="f3 white bg-light-silver db ph2 mh2 mb3" style="transform: scaleX(-1); text-decoration: none !important">✎</a>{% endif %}


			




	
	
	
		
 
        </div>


			




	
	
	
		
 

			




	
	
	
		
 
        <p><strong>Vendor</strong>: {{ candidate.vendor }}</p>


			




	
	
	
		
 
        <p><strong>Device</strong>: {{ candidate.device }}</p>


			




	
	
	
		
 
        <p><strong>Released</strong>: {{ candidate.release_date }}</p>


			




	
	
	
		
 
      </div>


			




        

    


    
    

    

        

                

                    conservancy/usethesource/templates/usethesource/comment_partial.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
<div class="mb4" hx-target="this" hx-swap="outerHTML">


			




	
	
	
		
 
  <div class="mb2">


			




	
	
	
		
 
    <strong>{% if comment.attribute_to %}{{ comment.attribute_to }}{% else %}{{ comment.user }}{% endif %} — {{ comment.time }}</strong>


			




	
	
	
		
 
    {% if user.is_staff %}


			




	
	
	
		
 
    {% if request.user == comment.user or perms.usethesource.change_comment %}


			




	
	
	
		
 
      <a href="#" class="f7 white bg-light-silver ph2" hx-get="{% url 'usethesource:edit_comment' comment_id=comment.id %}">edit</a>


			




	
	
	
		
 
    {% endif %}


			




	
	
	
		
 
    {% if request.user == comment.user or perms.usethesource.delete_comment %}


			




	
	
	
		
 
      <a href="#" class="f7 white bg-light-red ph2" hx-delete="{% url 'usethesource:delete_comment' comment_id=comment.id show_add='false' %}" hx-confirm="Are you sure you want to delete this comment?">delete</a>


			




	
	
	
		
 
    {% endif %}


			




	
	
	
		
 
  </div>


			




	
	
	
		
 
  {{ comment.message|urlize|linebreaksbr }}


			




	
	
	
		
 
</div>


			




        

    


    
    

    

        

                

                    conservancy/usethesource/views.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
from django.contrib.admin.views.decorators import staff_member_required


			




	
	
	
		
 
from django.core.exceptions import PermissionDenied


			




	
	
	
		
 
from django.shortcuts import get_object_or_404, redirect, render


			




	
	
	
		
 

			




	
	
	
		
 
from .models import Candidate, Comment


			




	
	
	
		
 
from .forms import CommentForm, DownloadForm


			




	
	
	
		
 
from .emails import make_comment_email


			




	
	
	
		
 

			




	...
	
		
 
@@ -50,12 +51,14 @@ def create_comment(request, slug):


			




	
	
	
		
 
    return render(request, 'usethesource/add_comment_form.html', {'form': form, 'candidate': candidate})


			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@staff_member_required


			




	
	
	
		
 
def edit_comment(request, comment_id):


			




	
	
	
		
 
    comment = get_object_or_404(Comment, id=comment_id)


			




	
	
	
		
 
    if request.user != comment.user and not request.user.has_perm('usethesource.change_comment'):


			




	
	
	
		
 
        raise PermissionDenied


			




	
	
	
		
 
    if request.method == 'GET':


			




	
	
	
		
 
        form = CommentForm(instance=comment)


			




	
	
	
		
 
    else:


			




	
	
	
		
 
        form = CommentForm(request.POST, instance=comment)


			




	
	
	
		
 
        if form.is_valid():


			




	
	
	
		
 
            comment = form.save()


			




	...
	
		
 
@@ -69,14 +72,17 @@ def view_comment(request, comment_id, show_add):


			




	
	
	
		
 
    comment = get_object_or_404(Comment, id=comment_id)


			




	
	
	
		
 
    return render(request, 'usethesource/returned_comment.html', {'comment': comment, 'candidate': comment.candidate, 'add': show_add})


			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@staff_member_required


			




	
	
	
		
 
def delete_comment(request, comment_id, show_add):


			




	
	
	
		
 
    comment = get_object_or_404(Comment, id=comment_id)


			




	
	
	
		
 
    if request.user != comment.user and not request.user.has_perm('usethesource.delete_comment'):


			




	
	
	
		
 
        raise PermissionDenied


			




	
	
	
		
 
    comment.delete()


			




	
	
	
		
 
    show_add = show_add == 'true'


			




	
	
	
		
 
    Comment.objects.filter(id=comment_id).delete()


			




	
	
	
		
 
    return render(request, 'usethesource/comment_deleted.html', {'comment': None, 'add': show_add})


			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
@staff_member_required


			




	
	
	
		
 
def add_button(request, slug):


			




	
	
	
		
 
    candidate = get_object_or_404(Candidate, slug=slug)


			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







    


    

  


    








    
        Server instance: kapok.sfconservancy.org-694
    
    
        This site is powered by
            Kallithea 0.6.3,
        which is
        © 2010–2020 by various authors & licensed under GPLv3.
            – SupportPrivacy Policy