Allow moderators & admin to edit & remove any post
This commit is contained in:
David Hoppenbrouwers
46
db/sqlite.py
46
db/sqlite.py
@@ -140,7 +140,7 @@ class DB:
|
|||||||
|
|
||||||
def get_user_private_info(self, user_id):
|
def get_user_private_info(self, user_id):
|
||||||
return self._db().execute('''
|
return self._db().execute('''
|
||||||
select name, about
|
select about
|
||||||
from users
|
from users
|
||||||
where user_id = ?
|
where user_id = ?
|
||||||
''',
|
''',
|
||||||
@@ -158,6 +158,15 @@ class DB:
|
|||||||
)
|
)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
|
def get_user_name_role(self, user_id):
|
||||||
|
return self._db().execute('''
|
||||||
|
select name, role
|
||||||
|
from users
|
||||||
|
where user_id = ?
|
||||||
|
''',
|
||||||
|
(user_id,)
|
||||||
|
).fetchone()
|
||||||
|
|
||||||
def get_user_name(self, user_id):
|
def get_user_name(self, user_id):
|
||||||
return self._db().execute('''
|
return self._db().execute('''
|
||||||
select name
|
select name
|
||||||
@@ -193,9 +202,13 @@ class DB:
|
|||||||
c.execute('''
|
c.execute('''
|
||||||
delete
|
delete
|
||||||
from threads
|
from threads
|
||||||
where thread_id = ? and author_id = ?
|
-- 1 = moderator, 2 = admin
|
||||||
|
where thread_id = ? and (
|
||||||
|
author_id = ?
|
||||||
|
or (select 1 from users where user_id = ? and (role = 1 or role = 2))
|
||||||
|
)
|
||||||
''',
|
''',
|
||||||
(thread_id, user_id)
|
(thread_id, user_id, user_id)
|
||||||
)
|
)
|
||||||
db.commit()
|
db.commit()
|
||||||
return c.rowcount > 0
|
return c.rowcount > 0
|
||||||
@@ -206,9 +219,16 @@ class DB:
|
|||||||
c.execute('''
|
c.execute('''
|
||||||
delete
|
delete
|
||||||
from comments
|
from comments
|
||||||
where comment_id = ? and author_id = ?
|
where comment_id = ?
|
||||||
|
and (
|
||||||
|
author_id = ?
|
||||||
|
-- 1 = moderator, 2 = admin
|
||||||
|
or (select 1 from users where user_id = ? and (role = 1 or role = 2))
|
||||||
|
)
|
||||||
|
-- Don't allow deleting comments with children
|
||||||
|
and (select 1 from comments where parent_id = ?) is null
|
||||||
''',
|
''',
|
||||||
(comment_id, user_id)
|
(comment_id, user_id, user_id, comment_id)
|
||||||
)
|
)
|
||||||
db.commit()
|
db.commit()
|
||||||
return c.rowcount > 0
|
return c.rowcount > 0
|
||||||
@@ -270,9 +290,13 @@ class DB:
|
|||||||
c.execute('''
|
c.execute('''
|
||||||
update threads
|
update threads
|
||||||
set title = ?, text = ?, modify_time = ?
|
set title = ?, text = ?, modify_time = ?
|
||||||
where thread_id = ? and author_id = ?
|
where thread_id = ? and (
|
||||||
|
author_id = ?
|
||||||
|
-- 1 = moderator, 2 = admin
|
||||||
|
or (select 1 from users where user_id = ? and (role = 1 or role = 2))
|
||||||
|
)
|
||||||
''',
|
''',
|
||||||
(title, text, time, thread_id, user_id)
|
(title, text, time, thread_id, user_id, user_id)
|
||||||
)
|
)
|
||||||
if c.rowcount > 0:
|
if c.rowcount > 0:
|
||||||
db.commit()
|
db.commit()
|
||||||
@@ -285,9 +309,13 @@ class DB:
|
|||||||
c.execute('''
|
c.execute('''
|
||||||
update comments
|
update comments
|
||||||
set text = ?, modify_time = ?
|
set text = ?, modify_time = ?
|
||||||
where comment_id = ? and author_id = ?
|
where comment_id = ? and (
|
||||||
|
author_id = ?
|
||||||
|
-- 1 = moderator, 2 = admin
|
||||||
|
or (select 1 from users where user_id = ? and (role = 1 or role = 2))
|
||||||
|
)
|
||||||
''',
|
''',
|
||||||
(text, time, comment_id, user_id)
|
(text, time, comment_id, user_id, user_id)
|
||||||
)
|
)
|
||||||
if c.rowcount > 0:
|
if c.rowcount > 0:
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|||||||
63
main.py
63
main.py
@@ -16,9 +16,19 @@ captcha_key = 'piss off bots'
|
|||||||
app.jinja_env.trim_blocks = True
|
app.jinja_env.trim_blocks = True
|
||||||
app.jinja_env.lstrip_blocks = True
|
app.jinja_env.lstrip_blocks = True
|
||||||
|
|
||||||
|
class Role:
|
||||||
|
USER = 0
|
||||||
|
MODERATOR = 1
|
||||||
|
ADMIN = 2
|
||||||
|
|
||||||
@app.route('/')
|
@app.route('/')
|
||||||
def index():
|
def index():
|
||||||
return render_template('index.html', title = NAME, forums = db.get_forums())
|
return render_template(
|
||||||
|
'index.html',
|
||||||
|
title = NAME,
|
||||||
|
user = get_user(),
|
||||||
|
forums = db.get_forums()
|
||||||
|
)
|
||||||
|
|
||||||
@app.route('/forum/<int:forum_id>/')
|
@app.route('/forum/<int:forum_id>/')
|
||||||
def forum(forum_id):
|
def forum(forum_id):
|
||||||
@@ -27,6 +37,7 @@ def forum(forum_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'forum.html',
|
'forum.html',
|
||||||
title = title,
|
title = title,
|
||||||
|
user = get_user(),
|
||||||
forum_id = forum_id,
|
forum_id = forum_id,
|
||||||
description = description,
|
description = description,
|
||||||
threads = threads,
|
threads = threads,
|
||||||
@@ -40,6 +51,7 @@ def thread(thread_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'thread.html',
|
'thread.html',
|
||||||
title = title,
|
title = title,
|
||||||
|
user = get_user(),
|
||||||
text = text,
|
text = text,
|
||||||
author = author,
|
author = author,
|
||||||
author_id = author_id,
|
author_id = author_id,
|
||||||
@@ -51,7 +63,6 @@ def thread(thread_id):
|
|||||||
|
|
||||||
@app.route('/comment/<int:comment_id>/')
|
@app.route('/comment/<int:comment_id>/')
|
||||||
def comment(comment_id):
|
def comment(comment_id):
|
||||||
user_id = session.get('user_id')
|
|
||||||
thread_id, parent_id, title, comments = db.get_subcomments(comment_id)
|
thread_id, parent_id, title, comments = db.get_subcomments(comment_id)
|
||||||
comments = create_comment_tree(comments)
|
comments = create_comment_tree(comments)
|
||||||
reply_comment, = comments
|
reply_comment, = comments
|
||||||
@@ -60,6 +71,7 @@ def comment(comment_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'comments.html',
|
'comments.html',
|
||||||
title = title,
|
title = title,
|
||||||
|
user = get_user(),
|
||||||
reply_comment = reply_comment,
|
reply_comment = reply_comment,
|
||||||
comments = comments,
|
comments = comments,
|
||||||
parent_id = parent_id,
|
parent_id = parent_id,
|
||||||
@@ -80,8 +92,11 @@ def login():
|
|||||||
# Sleep to reduce effectiveness of bruteforce
|
# Sleep to reduce effectiveness of bruteforce
|
||||||
time.sleep(0.1)
|
time.sleep(0.1)
|
||||||
flash('Username or password is invalid', 'error')
|
flash('Username or password is invalid', 'error')
|
||||||
return render_template('login.html', title = "Login")
|
return render_template(
|
||||||
return render_template('login.html', title = "Login")
|
'login.html',
|
||||||
|
title = 'Login',
|
||||||
|
user = get_user()
|
||||||
|
)
|
||||||
|
|
||||||
@app.route('/logout/')
|
@app.route('/logout/')
|
||||||
def logout():
|
def logout():
|
||||||
@@ -90,22 +105,21 @@ def logout():
|
|||||||
|
|
||||||
@app.route('/user/', methods = ['GET', 'POST'])
|
@app.route('/user/', methods = ['GET', 'POST'])
|
||||||
def user_edit():
|
def user_edit():
|
||||||
user_id = session.get('user_id')
|
user = get_user()
|
||||||
if user_id is None:
|
if user is None:
|
||||||
return redirect(url_for('login'))
|
return redirect(url_for('login'))
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
about = request.form['about'].replace('\r', '')
|
about = request.form['about'].replace('\r', '')
|
||||||
db.set_user_private_info(user_id, about)
|
db.set_user_private_info(user.id, about)
|
||||||
name, = db.get_user_name(user_id)
|
|
||||||
flash('Updated profile', 'success')
|
flash('Updated profile', 'success')
|
||||||
else:
|
else:
|
||||||
name, about = db.get_user_private_info(user_id)
|
about, = db.get_user_private_info(user.id)
|
||||||
|
|
||||||
return render_template(
|
return render_template(
|
||||||
'user_edit.html',
|
'user_edit.html',
|
||||||
name = name,
|
|
||||||
title = 'Edit profile',
|
title = 'Edit profile',
|
||||||
|
user = user,
|
||||||
about = about
|
about = about
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -115,6 +129,7 @@ def user_info(user_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'user_info.html',
|
'user_info.html',
|
||||||
title = 'Profile',
|
title = 'Profile',
|
||||||
|
user = get_user(),
|
||||||
name = name,
|
name = name,
|
||||||
about = about
|
about = about
|
||||||
)
|
)
|
||||||
@@ -133,6 +148,7 @@ def new_thread(forum_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'new_thread.html',
|
'new_thread.html',
|
||||||
title = 'Create new thread',
|
title = 'Create new thread',
|
||||||
|
user = get_user(),
|
||||||
)
|
)
|
||||||
|
|
||||||
@app.route('/thread/<int:thread_id>/confirm_delete/')
|
@app.route('/thread/<int:thread_id>/confirm_delete/')
|
||||||
@@ -141,6 +157,7 @@ def confirm_delete_thread(thread_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'confirm_delete_thread.html',
|
'confirm_delete_thread.html',
|
||||||
title = 'Delete thread',
|
title = 'Delete thread',
|
||||||
|
user = get_user(),
|
||||||
thread_title = title,
|
thread_title = title,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -187,6 +204,7 @@ def confirm_delete_comment(comment_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'confirm_delete_comment.html',
|
'confirm_delete_comment.html',
|
||||||
title = 'Delete comment',
|
title = 'Delete comment',
|
||||||
|
user = get_user(),
|
||||||
thread_title = title,
|
thread_title = title,
|
||||||
text = text,
|
text = text,
|
||||||
)
|
)
|
||||||
@@ -228,6 +246,7 @@ def edit_thread(thread_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'edit_thread.html',
|
'edit_thread.html',
|
||||||
title = 'Edit thread',
|
title = 'Edit thread',
|
||||||
|
user = get_user(),
|
||||||
thread_title = title,
|
thread_title = title,
|
||||||
text = text,
|
text = text,
|
||||||
)
|
)
|
||||||
@@ -255,6 +274,7 @@ def edit_comment(comment_id):
|
|||||||
return render_template(
|
return render_template(
|
||||||
'edit_comment.html',
|
'edit_comment.html',
|
||||||
title = 'Edit comment',
|
title = 'Edit comment',
|
||||||
|
user = get_user(),
|
||||||
thread_title = title,
|
thread_title = title,
|
||||||
text = text,
|
text = text,
|
||||||
)
|
)
|
||||||
@@ -283,6 +303,7 @@ def register():
|
|||||||
return render_template(
|
return render_template(
|
||||||
'register.html',
|
'register.html',
|
||||||
title = 'Register',
|
title = 'Register',
|
||||||
|
user = get_user(),
|
||||||
captcha = capt,
|
captcha = capt,
|
||||||
answer = answer,
|
answer = answer,
|
||||||
)
|
)
|
||||||
@@ -300,6 +321,8 @@ class Comment:
|
|||||||
self.parent_id = parent_id
|
self.parent_id = parent_id
|
||||||
|
|
||||||
def create_comment_tree(comments):
|
def create_comment_tree(comments):
|
||||||
|
comments = [*comments]
|
||||||
|
print(comments)
|
||||||
start = time.time();
|
start = time.time();
|
||||||
# Collect comments first, then build the tree in case we encounter a child before a parent
|
# Collect comments first, then build the tree in case we encounter a child before a parent
|
||||||
comment_map = {
|
comment_map = {
|
||||||
@@ -326,6 +349,26 @@ def create_comment_tree(comments):
|
|||||||
return root
|
return root
|
||||||
|
|
||||||
|
|
||||||
|
class User:
|
||||||
|
def __init__(self, id, name, role):
|
||||||
|
self.id = id
|
||||||
|
self.name = name
|
||||||
|
self.role = role
|
||||||
|
|
||||||
|
def is_moderator(self):
|
||||||
|
return self.role in (Role.ADMIN, Role.MODERATOR)
|
||||||
|
|
||||||
|
def is_admin(self):
|
||||||
|
return self.role == Role.ADMIN
|
||||||
|
|
||||||
|
def get_user():
|
||||||
|
id = session.get('user_id')
|
||||||
|
if id is not None:
|
||||||
|
name, role = db.get_user_name_role(id)
|
||||||
|
return User(id, name, role)
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
@app.context_processor
|
@app.context_processor
|
||||||
def utility_processor():
|
def utility_processor():
|
||||||
def format_since(t):
|
def format_since(t):
|
||||||
|
|||||||
@@ -9,8 +9,8 @@
|
|||||||
<nav>
|
<nav>
|
||||||
<a class=logo href="{{ url_for('index') }}">A</a>
|
<a class=logo href="{{ url_for('index') }}">A</a>
|
||||||
<div style="margin:auto"></div>
|
<div style="margin:auto"></div>
|
||||||
{% if 'user_id' in session %}
|
{% if user is not none %}
|
||||||
<a href="{{ url_for('user_edit') }}">User panel</a>
|
<a href="{{ url_for('user_edit') }}">{{ user.name }}</a>
|
||||||
<span>|</span>
|
<span>|</span>
|
||||||
<a href="{{ url_for('logout') }}">Logout</a>
|
<a href="{{ url_for('logout') }}">Logout</a>
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<i><a href="{{ url_for('user_info', user_id = id) }}">{{ name }}</a> - {{ format_since(ctime) }}{% if ctime != mtime %} (last modified {{ format_since(mtime) }}){% endif %}</i>
|
<i><a href="{{ url_for('user_info', user_id = id) }}">{{ name }}</a> - {{ format_since(ctime) }}{% if ctime != mtime %} (last modified {{ format_since(mtime) }}){% endif %}</i>
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
{%- macro comment_author(comment, thread_id) -%}
|
{%- macro comment_author(comment, thread_id, can_delete) -%}
|
||||||
<p><sub>
|
<p><sub>
|
||||||
{{- author(comment.author_id, comment.author, comment.create_time, comment.modify_time) }} |
|
{{- author(comment.author_id, comment.author, comment.create_time, comment.modify_time) }} |
|
||||||
{# Suffixing a # prevents unnecessary reloads #}
|
{# Suffixing a # prevents unnecessary reloads #}
|
||||||
@@ -10,30 +10,28 @@
|
|||||||
{%- if comment.parent_id is not none -%}
|
{%- if comment.parent_id is not none -%}
|
||||||
<a href="{{ url_for('comment', comment_id = comment.parent_id) }}#"> parent</a>
|
<a href="{{ url_for('comment', comment_id = comment.parent_id) }}#"> parent</a>
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- if comment.author_id == session.get('user_id') -%}
|
{%- if user is not none and (comment.author_id == user.id or user.is_moderator()) -%}
|
||||||
<a href="{{ url_for('edit_comment', comment_id = comment.id) }}"> edit</a>
|
<a href="{{ url_for('edit_comment', comment_id = comment.id) }}"> edit</a>
|
||||||
{%- endif -%}
|
{%- if can_delete -%}
|
||||||
{%- if comment.author_id == session.get('user_id') -%}
|
|
||||||
<a href="{{ url_for('confirm_delete_comment', comment_id = comment.id) }}"> delete</a>
|
<a href="{{ url_for('confirm_delete_comment', comment_id = comment.id) }}"> delete</a>
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
|
{%- endif -%}
|
||||||
</sub></p>
|
</sub></p>
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
{%- macro thread_author(author_id, name, ctime, mtime) -%}
|
{%- macro thread_author(author_id, name, ctime, mtime) -%}
|
||||||
<p><sub>
|
<p><sub>
|
||||||
{{- author(author_id, name, ctime, mtime) -}}
|
{{- author(author_id, name, ctime, mtime) -}}
|
||||||
{%- if author_id == session.get('user_id') -%}
|
{%- if user is not none and (author_id == user.id or user.is_moderator()) -%}
|
||||||
<a href="{{ url_for('edit_thread', thread_id = thread_id) }}"> edit</a>
|
<a href="{{ url_for('edit_thread', thread_id = thread_id) }}"> edit</a>
|
||||||
{%- endif -%}
|
|
||||||
{%- if author_id == session.get('user_id') -%}
|
|
||||||
<a href="{{ url_for('confirm_delete_thread', thread_id = thread_id) }}"> delete</a>
|
<a href="{{ url_for('confirm_delete_thread', thread_id = thread_id) }}"> delete</a>
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
</sub></p>
|
</sub></p>
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
{%- macro render_comment_pre(comment, thread_id) -%}
|
{%- macro render_comment_pre(comment, thread_id, can_delete) -%}
|
||||||
<div class=comment>
|
<div class=comment>
|
||||||
{{- comment_author(comment, thread_id) -}}
|
{{- comment_author(comment, thread_id, can_delete) -}}
|
||||||
<p>{{- minimd(comment.text) | safe -}}</p>
|
<p>{{- minimd(comment.text) | safe -}}</p>
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
@@ -45,13 +43,13 @@
|
|||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
{%- macro render_comment(comment, thread_id) -%}
|
{%- macro render_comment(comment, thread_id) -%}
|
||||||
{{- render_comment_pre(comment, thread_id) -}}
|
{{- render_comment_pre(comment, thread_id, comment.children | length == 0) -}}
|
||||||
<sup><a href="{{ url_for("comment", comment_id = comment.id) }}">reply</a></sup>
|
<sup><a href="{{ url_for("comment", comment_id = comment.id) }}">reply</a></sup>
|
||||||
{{- render_comment_post(comment, thread_id) -}}
|
{{- render_comment_post(comment, thread_id) -}}
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
{%- macro reply() -%}
|
{%- macro reply() -%}
|
||||||
{%- if 'user_id' in session -%}
|
{%- if user is not none -%}
|
||||||
<form method="post" action="comment/">
|
<form method="post" action="comment/">
|
||||||
<p><textarea name="text"></textarea></p>
|
<p><textarea name="text"></textarea></p>
|
||||||
<p><input type="submit" value="Post comment"></p>
|
<p><input type="submit" value="Post comment"></p>
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
||||||
{{ render_comment_pre(reply_comment, thread_id) }}
|
{{ render_comment_pre(reply_comment, thread_id, comments | length == 0) }}
|
||||||
|
|
||||||
{{ reply() }}
|
{{ reply() }}
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,11 @@
|
|||||||
{% extends 'base.html' %}
|
{% extends 'base.html' %}
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<p><a href="{{ url_for('user_info', user_id = session['user_id']) }}">View public profile</a></p>
|
<p><a href="{{ url_for('user_info', user_id = user.id) }}">View public profile</a></p>
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<table>
|
<table>
|
||||||
<tr><td>Username</td><td>{{ name }}</td></tr>
|
<tr><td>Username</td><td>{{ user.name }}</td></tr>
|
||||||
<tr><td>ID</td><td>{{ session['user_id'] }}</td></tr>
|
<tr><td>ID</td><td>{{ user.id }}</td></tr>
|
||||||
<tr><td>About</td><td><textarea name="about">{{ about }}</textarea></td></tr>
|
<tr><td>About</td><td><textarea name="about">{{ about }}</textarea></td></tr>
|
||||||
</form>
|
</form>
|
||||||
</table>
|
</table>
|
||||||
|
|||||||
Reference in New Issue
Block a user