Ticket #11625: 11625.diff

File 11625.diff, 7.4 KB (added by wayla, 6 years ago)

Added permission checks to action methods.

  • django/contrib/comments/admin.py

    diff --git a/django/contrib/comments/admin.py b/django/contrib/comments/admin.py
    index 3b1fb14..4ce2fca 100644
    a b  
    11from django.contrib import admin
    2 from django.contrib.comments.models import Comment
     2from django.contrib.comments.models import Comment, CommentFlag
    33from django.utils.translation import ugettext_lazy as _
    4 from django.contrib.comments import get_model
     4from django.contrib.comments import get_model, signals
     5from django.core.exceptions import PermissionDenied
    56
    67class CommentsAdmin(admin.ModelAdmin):
    78    fieldsets = (
    class CommentsAdmin(admin.ModelAdmin): 
    2122    date_hierarchy = 'submit_date'
    2223    ordering = ('-submit_date',)
    2324    search_fields = ('comment', 'user__username', 'user_name', 'user_email', 'user_url', 'ip_address')
     25    actions = ['approve_selected', 'remove_selected']
     26
     27    def approve_selected(self, request, queryset):
     28        """ Approve comments through moderation. """
     29
     30        if not request.user.has_perm('comments.can_moderate')
     31            raise PermissionDenied
     32
     33        for comment in queryset:
     34            # Flag the comment as approved.
     35            flag, created = CommentFlag.objects.get_or_create(
     36                comment = comment,
     37                user    = request.user,
     38                flag    = CommentFlag.MODERATOR_APPROVAL
     39            )
     40
     41            comment.is_removed = False
     42            comment.is_public = True
     43            comment.save()
     44
     45            signals.comment_was_flagged.send(
     46                sender  = comment.__class__,
     47                comment = comment,
     48                flag    = flag,
     49                created = created,
     50                request = request
     51            )
     52       
     53        self.message_user(request, '%s successfully approved.' % self._get_message_bit(queryset.count()))
     54
     55    approve_selected.short_description = 'Approve selected comments'
     56
     57    def remove_selected(self, request, queryset):
     58        """ Remove comments through moderation. """
     59
     60        if not request.user.has_perm('comments.can_moderate')
     61            raise PermissionDenied
     62
     63        for comment in queryset:
     64            # Flag the comment as removed.
     65            flag, created = CommentFlag.objects.get_or_create(
     66                comment = comment,
     67                user    = request.user,
     68                flag    = CommentFlag.MODERATOR_DELETION
     69            )
     70
     71            comment.is_removed = True
     72            comment.save()
     73
     74            signals.comment_was_flagged.send(
     75                sender  = comment.__class__,
     76                comment = comment,
     77                flag    = flag,
     78                created = created,
     79                request = request
     80            )
     81
     82        self.message_user(request, '%s successfully removed.' % self._get_message_bit(queryset.count()))
     83   
     84    remove_selected.short_description = 'Remove selected comments'
     85
     86    def _get_message_bit(self, rows_updated):
     87        if rows_updated == 1:
     88            return '1 comment was'
     89        else:
     90            return '%s comments were' % rows_updated
    2491
    2592# Only register the default admin if the model is the built-in comment model
    2693# (this won't be true if there's a custom comment app).
  • tests/regressiontests/comment_tests/tests/__init__.py

    diff --git a/tests/regressiontests/comment_tests/tests/__init__.py b/tests/regressiontests/comment_tests/tests/__init__.py
    index 449fea4..b2ead81 100644
    a b from regressiontests.comment_tests.tests.templatetag_tests import * 
    8787from regressiontests.comment_tests.tests.comment_view_tests import *
    8888from regressiontests.comment_tests.tests.moderation_view_tests import *
    8989from regressiontests.comment_tests.tests.comment_utils_moderators_tests import *
     90from regressiontests.comment_tests.tests.admin_moderation_tests import *
  • new file tests/regressiontests/comment_tests/tests/admin_moderation_tests.py

    diff --git a/tests/regressiontests/comment_tests/tests/admin_moderation_tests.py b/tests/regressiontests/comment_tests/tests/admin_moderation_tests.py
    new file mode 100644
    index 0000000..3106dd1
    - +  
     1from django.contrib.comments.models import Comment, CommentFlag
     2from regressiontests.comment_tests.tests import CommentTestCase
     3from django.contrib.comments import signals
     4from django.contrib.admin.helpers import ACTION_CHECKBOX_NAME
     5
     6class AdminModerationTests(CommentTestCase):
     7    fixtures = ['comment_tests', 'admin-views-users.xml']
     8
     9    def setUp(self):
     10        self.client.login(username='super', password='secret')
     11
     12    def tearDown(self):
     13        self.client.logout()
     14
     15    def test_comment_admin_approve_action(self):
     16        "Tests the builtin aprove action defined as an admin method."
     17        c1, c2, c3, c4 = self.createSomeComments()
     18        c1.is_public = False
     19        c1.is_removed = True
     20        c1.save()
     21        action_data = {
     22            ACTION_CHECKBOX_NAME: [1],
     23            'action' : 'approve_selected',
     24            'index' : c1.pk,
     25        }
     26        response = self.client.post('/admin/comments/comment', action_data)
     27        c = Comment.objects.get(pk=c1.pk)
     28        self.assertTrue(c.is_public)
     29        self.assertFalse(c.is_removed)
     30        self.assertEqual(c.flags.filter(flag=CommentFlag.MODERATOR_APPROVAL, user__username="super").count(), 1)
     31
     32    def test_approve_action_signals(self):
     33        "Test signal is received upon aprove action."
     34        def receive(sender, **kwargs):
     35            received_signals.append(kwargs.get('signal'))
     36
     37        received_signals = []
     38        signals.comment_was_flagged.connect(receive)
     39
     40        self.test_comment_admin_approve_action()
     41        self.assertEqual(received_signals, [signals.comment_was_flagged])
     42   
     43    def test_comment_admin_remove_action(self):
     44        "Tests the builtin remove action defined as an admin method."
     45        c1, c2, c3, c4 = self.createSomeComments()
     46        action_data = {
     47            ACTION_CHECKBOX_NAME: [1],
     48            'action' : 'remove_selected',
     49            'index' : c1.pk,
     50        }
     51        response = self.client.post('/admin/comments/comment/', action_data)
     52        c = Comment.objects.get(pk=c1.pk)
     53        self.assertTrue(c.is_removed)
     54        self.assertEqual(c.flags.filter(flag=CommentFlag.MODERATOR_DELETION, user__username="super").count(), 1)
     55
     56    def test_remove_action_signals(self):
     57        "Test signal is received upon remove action."
     58        def receive(sender, **kwargs):
     59            received_signals.append(kwargs.get('signal'))
     60
     61        received_signals = []
     62        signals.comment_was_flagged.connect(receive)
     63
     64        self.test_comment_admin_remove_action()
     65        self.assertEqual(received_signals, [signals.comment_was_flagged])
     66
  • tests/regressiontests/comment_tests/urls.py

    diff --git a/tests/regressiontests/comment_tests/urls.py b/tests/regressiontests/comment_tests/urls.py
    index 0058689..76ca4b9 100644
    a b  
    11from django.conf.urls.defaults import *
     2from django.contrib import admin
    23
    34urlpatterns = patterns('regressiontests.comment_tests.custom_comments.views',
    45    url(r'^post/$',          'custom_submit_comment'),
    urlpatterns = patterns('regressiontests.comment_tests.custom_comments.views', 
    78    url(r'^approve/(\d+)/$', 'custom_approve_comment'),
    89)
    910
     11urlpatterns += patterns('',
     12    url(r'^admin/', include(admin.site.urls)),
     13)
     14
Back to Top