--- a/web/lib/django/contrib/comments/views/moderation.py Wed May 19 17:43:59 2010 +0200
+++ b/web/lib/django/contrib/comments/views/moderation.py Tue May 25 02:43:45 2010 +0200
@@ -3,12 +3,12 @@
from django.shortcuts import get_object_or_404, render_to_response
from django.contrib.auth.decorators import login_required, permission_required
from utils import next_redirect, confirmation_view
-from django.core.paginator import Paginator, InvalidPage
-from django.http import Http404
from django.contrib import comments
from django.contrib.comments import signals
+from django.views.decorators.csrf import csrf_protect
-#@login_required
+@csrf_protect
+@login_required
def flag(request, comment_id, next=None):
"""
Flags a comment. Confirmation on GET, action on POST.
@@ -22,18 +22,7 @@
# Flag on POST
if request.method == 'POST':
- flag, created = comments.models.CommentFlag.objects.get_or_create(
- comment = comment,
- user = request.user,
- flag = comments.models.CommentFlag.SUGGEST_REMOVAL
- )
- signals.comment_was_flagged.send(
- sender = comment.__class__,
- comment = comment,
- flag = flag,
- created = created,
- request = request,
- )
+ perform_flag(request, comment)
return next_redirect(request.POST.copy(), next, flag_done, c=comment.pk)
# Render a form on GET
@@ -42,9 +31,9 @@
{'comment': comment, "next": next},
template.RequestContext(request)
)
-flag = login_required(flag)
-#@permission_required("comments.delete_comment")
+@csrf_protect
+@permission_required("comments.can_moderate")
def delete(request, comment_id, next=None):
"""
Deletes a comment. Confirmation on GET, action on POST. Requires the "can
@@ -60,20 +49,7 @@
# Delete on POST
if request.method == 'POST':
# Flag the comment as deleted instead of actually deleting it.
- flag, created = comments.models.CommentFlag.objects.get_or_create(
- comment = comment,
- user = request.user,
- flag = comments.models.CommentFlag.MODERATOR_DELETION
- )
- comment.is_removed = True
- comment.save()
- signals.comment_was_flagged.send(
- sender = comment.__class__,
- comment = comment,
- flag = flag,
- created = created,
- request = request,
- )
+ perform_delete(request, comment)
return next_redirect(request.POST.copy(), next, delete_done, c=comment.pk)
# Render a form on GET
@@ -82,9 +58,9 @@
{'comment': comment, "next": next},
template.RequestContext(request)
)
-delete = permission_required("comments.can_moderate")(delete)
-#@permission_required("comments.can_moderate")
+@csrf_protect
+@permission_required("comments.can_moderate")
def approve(request, comment_id, next=None):
"""
Approve a comment (that is, mark it as public and non-removed). Confirmation
@@ -100,23 +76,7 @@
# Delete on POST
if request.method == 'POST':
# Flag the comment as approved.
- flag, created = comments.models.CommentFlag.objects.get_or_create(
- comment = comment,
- user = request.user,
- flag = comments.models.CommentFlag.MODERATOR_APPROVAL,
- )
-
- comment.is_removed = False
- comment.is_public = True
- comment.save()
-
- signals.comment_was_flagged.send(
- sender = comment.__class__,
- comment = comment,
- flag = flag,
- created = created,
- request = request,
- )
+ perform_approve(request, comment)
return next_redirect(request.POST.copy(), next, approve_done, c=comment.pk)
# Render a form on GET
@@ -126,69 +86,64 @@
template.RequestContext(request)
)
-approve = permission_required("comments.can_moderate")(approve)
+# The following functions actually perform the various flag/aprove/delete
+# actions. They've been broken out into seperate functions to that they
+# may be called from admin actions.
+
+def perform_flag(request, comment):
+ """
+ Actually perform the flagging of a comment from a request.
+ """
+ flag, created = comments.models.CommentFlag.objects.get_or_create(
+ comment = comment,
+ user = request.user,
+ flag = comments.models.CommentFlag.SUGGEST_REMOVAL
+ )
+ signals.comment_was_flagged.send(
+ sender = comment.__class__,
+ comment = comment,
+ flag = flag,
+ created = created,
+ request = request,
+ )
+
+def perform_delete(request, comment):
+ flag, created = comments.models.CommentFlag.objects.get_or_create(
+ comment = comment,
+ user = request.user,
+ flag = comments.models.CommentFlag.MODERATOR_DELETION
+ )
+ comment.is_removed = True
+ comment.save()
+ signals.comment_was_flagged.send(
+ sender = comment.__class__,
+ comment = comment,
+ flag = flag,
+ created = created,
+ request = request,
+ )
-#@permission_required("comments.can_moderate")
-def moderation_queue(request):
- """
- Displays a list of unapproved comments to be approved.
-
- Templates: `comments/moderation_queue.html`
- Context:
- comments
- Comments to be approved (paginated).
- empty
- Is the comment list empty?
- is_paginated
- Is there more than one page?
- results_per_page
- Number of comments per page
- has_next
- Is there a next page?
- has_previous
- Is there a previous page?
- page
- The current page number
- next
- The next page number
- pages
- Number of pages
- hits
- Total number of comments
- page_range
- Range of page numbers
+def perform_approve(request, comment):
+ flag, created = comments.models.CommentFlag.objects.get_or_create(
+ comment = comment,
+ user = request.user,
+ flag = comments.models.CommentFlag.MODERATOR_APPROVAL,
+ )
- """
- qs = comments.get_model().objects.filter(is_public=False, is_removed=False)
- paginator = Paginator(qs, 100)
-
- try:
- page = int(request.GET.get("page", 1))
- except ValueError:
- raise Http404
-
- try:
- comments_per_page = paginator.page(page)
- except InvalidPage:
- raise Http404
+ comment.is_removed = False
+ comment.is_public = True
+ comment.save()
- return render_to_response("comments/moderation_queue.html", {
- 'comments' : comments_per_page.object_list,
- 'empty' : page == 1 and paginator.count == 0,
- 'is_paginated': paginator.num_pages > 1,
- 'results_per_page': 100,
- 'has_next': comments_per_page.has_next(),
- 'has_previous': comments_per_page.has_previous(),
- 'page': page,
- 'next': page + 1,
- 'previous': page - 1,
- 'pages': paginator.num_pages,
- 'hits' : paginator.count,
- 'page_range' : paginator.page_range
- }, context_instance=template.RequestContext(request))
+ signals.comment_was_flagged.send(
+ sender = comment.__class__,
+ comment = comment,
+ flag = flag,
+ created = created,
+ request = request,
+ )
-moderation_queue = permission_required("comments.can_moderate")(moderation_queue)
+# Confirmation views.
flag_done = confirmation_view(
template = "comments/flagged.html",