Mercurial > public > sg101

annotate comments/views.py @ 1221:d6b3f7e77f6c modernize tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add unit tests for comments views.
author Brian Neal <bgneal@gmail.com>
date Sat, 01 Mar 2025 15:52:11 -0600
parents 02181fa5ac9d
children
rev   line source
gremmie@1 1 """
gremmie@1 2 Views for the comments application.
bgneal@693 3
gremmie@1 4 """
bgneal@1206 5 from django.apps import apps
gremmie@1 6 from django.contrib.auth.decorators import login_required
gremmie@1 7 from django.core.exceptions import ObjectDoesNotExist
gremmie@1 8 from django.http import HttpResponse
gremmie@1 9 from django.http import HttpResponseBadRequest
gremmie@1 10 from django.http import HttpResponseForbidden
bgneal@1032 11 from django.shortcuts import render
gremmie@1 12 from django.utils.html import escape
gremmie@1 13 from django.views.decorators.http import require_POST
gremmie@1 14
gremmie@1 15 from core.functions import email_admins
bgneal@974 16 from core.html import image_check, ImageCheckError
bgneal@136 17 from core.markup import site_markup
gremmie@1 18 from comments.forms import CommentForm
gremmie@1 19 from comments.models import Comment
gremmie@1 20 from comments.models import CommentFlag
bgneal@215 21 import antispam
bgneal@215 22 import antispam.utils
bgneal@215 23
gremmie@1 24
bgneal@974 25 PREVIEW_UNAVAILABLE = """
bgneal@974 26 <p><strong>Error</strong>: {}</p>
bgneal@974 27 <p>Sorry, preview is unavailable.</p>
bgneal@974 28 <p>There is an image in your post which failed our image check. We can only
bgneal@1021 29 accept images from a small number of sources for security reasons.</p>
bgneal@1021 30 <p>If there are forms below this post box, you may use them to safely hot-link
bgneal@1021 31 to images hosted elsewhere on the Internet or upload from your computer or
bgneal@1021 32 device.</p>
bgneal@1021 33 <p>If there are no image forms on this page, you can upload a photo from your
bgneal@1021 34 computer or device from your user profile. Copy the image code you receive
bgneal@1021 35 into the post box here.</p>
bgneal@974 36 """
bgneal@974 37
bgneal@974 38
gremmie@1 39 @login_required
gremmie@1 40 @require_POST
gremmie@1 41 def post_comment(request):
gremmie@1 42 """
gremmie@1 43 This function handles the posting of comments. If successful, returns
bgneal@215 44 the comment text as the response. This function is meant to be the target
gremmie@1 45 of an AJAX post.
gremmie@1 46 """
gremmie@1 47 # Look up the object we're trying to comment about
gremmie@1 48 ctype = request.POST.get('content_type', None)
gremmie@1 49 object_pk = request.POST.get('object_pk', None)
gremmie@1 50 if ctype is None or object_pk is None:
gremmie@1 51 return HttpResponseBadRequest('Missing content_type or object_pk field.')
gremmie@1 52
gremmie@1 53 try:
bgneal@1206 54 model = apps.get_model(*ctype.split('.', 1))
gremmie@1 55 target = model.objects.get(pk=object_pk)
bgneal@1221 56 except LookupError:
gremmie@1 57 return HttpResponseBadRequest(
gremmie@1 58 "Invalid content_type value: %r" % escape(ctype))
bgneal@1221 59 except ValueError:
gremmie@1 60 return HttpResponseBadRequest(
gremmie@1 61 "The given content-type %r does not resolve to a valid model." % \
gremmie@1 62 escape(ctype))
gremmie@1 63 except ObjectDoesNotExist:
gremmie@1 64 return HttpResponseBadRequest(
gremmie@1 65 "No object matching content-type %r and object PK %r exists." % \
gremmie@1 66 (escape(ctype), escape(object_pk)))
bgneal@1221 67 except:
bgneal@1221 68 return HttpResponseBadRequest('Unexpected error')
gremmie@1 69
gremmie@1 70 # Can we comment on the target object?
gremmie@1 71 if hasattr(target, 'can_comment_on'):
gremmie@1 72 if callable(target.can_comment_on):
gremmie@1 73 can_comment_on = target.can_comment_on()
gremmie@1 74 else:
gremmie@1 75 can_comment_on = target.can_comment_on
gremmie@1 76 else:
gremmie@1 77 can_comment_on = True
gremmie@1 78
gremmie@1 79 if not can_comment_on:
gremmie@1 80 return HttpResponseForbidden('Cannot comment on this item.')
gremmie@1 81
gremmie@1 82 # Check form validity
gremmie@1 83
gremmie@1 84 form = CommentForm(target, request.POST)
gremmie@1 85 if not form.is_valid():
bgneal@963 86 # The client side javascript is pretty simplistic right now and we don't
bgneal@963 87 # want to change it yet. It is expecting a single error string. Just grab
bgneal@963 88 # the first error message and use that.
bgneal@963 89 errors = form.errors.as_data()
bgneal@963 90 msg = errors.values()[0][0].message if errors else 'Unknown error'
bgneal@963 91 return HttpResponseBadRequest(msg)
gremmie@1 92
bgneal@215 93 comment = form.get_comment_object(request.user, request.META.get("REMOTE_ADDR", None))
gremmie@1 94
bgneal@693 95 # Check for spam
bgneal@215 96
bgneal@215 97 if antispam.utils.spam_check(request, comment.comment):
bgneal@215 98 return HttpResponseForbidden(antispam.BUSTED_MESSAGE)
bgneal@215 99
bgneal@963 100 comment.save(html=form.comment_html)
gremmie@1 101
gremmie@1 102 # return the rendered comment
bgneal@1032 103 return render(request, 'comments/comment.html', {
gremmie@1 104 'comment': comment,
bgneal@1032 105 })
bgneal@693 106
gremmie@1 107
gremmie@1 108 @require_POST
gremmie@1 109 def flag_comment(request):
gremmie@1 110 """
gremmie@1 111 This function handles the flagging of comments by users. This function should
gremmie@1 112 be the target of an AJAX post.
gremmie@1 113 """
gremmie@1 114 if not request.user.is_authenticated():
bgneal@1221 115 return HttpResponseForbidden('Please login or register to flag a comment.')
gremmie@1 116
gremmie@1 117 id = request.POST.get('id', None)
gremmie@1 118 if id is None:
gremmie@1 119 return HttpResponseBadRequest('No id')
gremmie@1 120
gremmie@1 121 try:
gremmie@1 122 comment = Comment.objects.get(pk=id)
gremmie@1 123 except Comment.DoesNotExist:
gremmie@1 124 return HttpResponseBadRequest('No comment with id %s' % id)
gremmie@1 125
gremmie@1 126 flag = CommentFlag(user=request.user, comment=comment)
gremmie@1 127 flag.save()
gremmie@1 128 email_admins('A Comment Has Been Flagged', """Hello,
gremmie@1 129
gremmie@1 130 A user has flagged a comment for review.
gremmie@1 131 """)
gremmie@1 132 return HttpResponse('The comment was flagged. A moderator will review the comment shortly. ' \
gremmie@1 133 'Thanks for helping to improve the discussions on this site.')
gremmie@1 134
gremmie@1 135
gremmie@1 136 @require_POST
gremmie@1 137 def markdown_preview(request):
gremmie@1 138 """
gremmie@1 139 This function should be the target of an AJAX POST. It takes the 'data' parameter
gremmie@1 140 from the POST parameters and returns a rendered HTML page from the data, which
bgneal@693 141 is assumed to be in markdown format. The HTML page is suitable for the preview
gremmie@1 142 function for a javascript editor such as markItUp.
gremmie@1 143 """
gremmie@1 144 if not request.user.is_authenticated():
bgneal@1094 145 return HttpResponseForbidden('This service is only available to logged-in users.')
gremmie@1 146
gremmie@1 147 data = request.POST.get('data', None)
gremmie@1 148 if data is None:
gremmie@1 149 return HttpResponseBadRequest('No data')
gremmie@1 150
bgneal@974 151 html = site_markup(data)
bgneal@978 152 if html:
bgneal@978 153 try:
bgneal@978 154 image_check(html)
bgneal@978 155 except ImageCheckError as ex:
bgneal@978 156 html = PREVIEW_UNAVAILABLE.format(ex)
bgneal@974 157
bgneal@1032 158 return render(request, 'comments/markdown_preview.html', {
bgneal@974 159 'data': html,
bgneal@1032 160 })
bgneal@1094 161
bgneal@1094 162
bgneal@1094 163 @require_POST
bgneal@1094 164 def markdown_preview_v3(request):
bgneal@1094 165 if not request.user.is_authenticated():
bgneal@1094 166 return HttpResponseForbidden(
bgneal@1094 167 'This service is only available to logged-in users.')
bgneal@1094 168
bgneal@1094 169 data = request.POST.get('data', None)
bgneal@1094 170 html = site_markup(data) if data else ''
bgneal@1094 171 if html:
bgneal@1094 172 try:
bgneal@1094 173 image_check(html)
bgneal@1094 174 except ImageCheckError as ex:
bgneal@1094 175 html = PREVIEW_UNAVAILABLE.format(ex)
bgneal@1094 176
bgneal@1094 177 return HttpResponse(html)