Browse Source

Re-enable comment tags, visible to only admins

This re-enables the comment tagging functionality, giving the permission
to all users who are over a week old. However, as of this commit, the
tags have no functional effect at all, and are only visible to admins.
merge-requests/37/head
Deimos 6 years ago
parent
commit
765f0aef42
  1. 10
      tildes/tildes/models/comment/comment.py
  2. 1
      tildes/tildes/models/comment/comment_tag.py
  3. 28
      tildes/tildes/models/user/user.py
  4. 15
      tildes/tildes/templates/macros/comments.jinja2
  5. 4
      tildes/tildes/templates/macros/links.jinja2

10
tildes/tildes/models/comment/comment.py

@ -164,8 +164,13 @@ class Comment(DatabaseModel):
acl.append((Allow, Authenticated, "vote")) acl.append((Allow, Authenticated, "vote"))
# tag: # tag:
# - temporary: nobody can tag comments
acl.append((Deny, Everyone, "tag"))
# - removed comments can't be tagged by anyone
# - otherwise, people with the "comment.tag" permission other than the author
if self.is_removed:
acl.append((Deny, Everyone, "tag"))
acl.append((Deny, self.user_id, "tag"))
acl.append((Allow, "comment.tag", "tag"))
# reply: # reply:
# - removed comments can't be replied to by anyone # - removed comments can't be replied to by anyone
@ -194,6 +199,7 @@ class Comment(DatabaseModel):
# tools that require specifically granted permissions # tools that require specifically granted permissions
acl.append((Allow, "admin", "remove")) acl.append((Allow, "admin", "remove"))
acl.append((Allow, "admin", "view_tags"))
acl.append(DENY_ALL) acl.append(DENY_ALL)

1
tildes/tildes/models/comment/comment_tag.py

@ -35,6 +35,7 @@ class CommentTag(DatabaseModel):
) )
comment: Comment = relationship(Comment, backref=backref("tags", lazy=False)) comment: Comment = relationship(Comment, backref=backref("tags", lazy=False))
user: User = relationship(User, lazy=False, innerjoin=True)
def __init__(self, comment: Comment, user: User, tag: CommentTagOption) -> None: def __init__(self, comment: Comment, user: User, tag: CommentTagOption) -> None:
"""Add a new tag to a comment.""" """Add a new tag to a comment."""

28
tildes/tildes/models/user/user.py

@ -3,7 +3,7 @@
"""Contains the User class.""" """Contains the User class."""
from datetime import datetime
from datetime import datetime, timedelta
from typing import Any, List, Optional, Sequence, Tuple from typing import Any, List, Optional, Sequence, Tuple
from mypy_extensions import NoReturn from mypy_extensions import NoReturn
@ -33,6 +33,7 @@ from sqlalchemy_utils import Ltree
from tildes.enums import TopicSortOption from tildes.enums import TopicSortOption
from tildes.lib.database import ArrayOfLtree, CIText from tildes.lib.database import ArrayOfLtree, CIText
from tildes.lib.datetime import utc_now
from tildes.lib.hash import hash_string, is_match_for_hash from tildes.lib.hash import hash_string, is_match_for_hash
from tildes.models import DatabaseModel from tildes.models import DatabaseModel
from tildes.schemas.user import EMAIL_ADDRESS_NOTE_MAX_LENGTH, UserSchema from tildes.schemas.user import EMAIL_ADDRESS_NOTE_MAX_LENGTH, UserSchema
@ -213,16 +214,23 @@ class User(DatabaseModel):
@property @property
def auth_principals(self) -> List[str]: def auth_principals(self) -> List[str]:
"""Return the user's authorization principals (used for permissions).""" """Return the user's authorization principals (used for permissions)."""
if not self.permissions:
return []
if isinstance(self.permissions, str):
return [self.permissions]
principals: List[str] = []
if isinstance(self.permissions, list):
return self.permissions
raise ValueError("Unknown permissions format")
# start with any principals manually defined in the permissions column
if not self.permissions:
pass
elif isinstance(self.permissions, str):
principals = [self.permissions]
elif isinstance(self.permissions, list):
principals = self.permissions
else:
raise ValueError("Unknown permissions format")
# give the user the "comment.tag" permission if they're over a week old
if utc_now() - self.created_time > timedelta(days=7):
principals.append("comment.tag")
return principals
@property @property
def is_admin(self) -> bool: def is_admin(self) -> bool:

15
tildes/tildes/templates/macros/comments.jinja2

@ -19,7 +19,7 @@
data-comment-depth="{{ loop.depth0 }}" data-comment-depth="{{ loop.depth0 }}"
{% endif %} {% endif %}
{% if request.has_permission('view', comment) %}
{% if request.has_permission("tag", comment) %}
data-comment-user-tags="{{ comment.tags_by_user(request.user)|join(' ') }}" data-comment-user-tags="{{ comment.tags_by_user(request.user)|join(' ') }}"
{% endif %} {% endif %}
> >
@ -96,12 +96,17 @@
</span> </span>
{% endif %} {% endif %}
{% if comment.tag_counts %}
{% if comment.tag_counts and request.has_permission("view_tags", comment) %}
<ul class="comment-tags"> <ul class="comment-tags">
{% for tag, count in comment.tag_counts.most_common() %}
{% for tag_name, count in comment.tag_counts.most_common() %}
<li> <li>
<span class="label label-comment-tag label-comment-tag-{{ tag|lower }}">{{ tag }}</span>
<span class="comment-tag-count">x{{ count }}</span>
<span class="label label-comment-tag label-comment-tag-{{ tag_name|lower }}">{{ tag_name }}</span>
<span class="comment-tag-count">
x{{ count }}
({% for tag in comment.tags if tag.name == tag_name -%}
{{ username_linked(tag.user.username) }}
{%- endfor %})
</span>
</li> </li>
{% endfor %} {% endfor %}
</ul> </ul>

4
tildes/tildes/templates/macros/links.jinja2

@ -1,9 +1,9 @@
{# Copyright (c) 2018 Tildes contributors <code@tildes.net> #} {# Copyright (c) 2018 Tildes contributors <code@tildes.net> #}
{# SPDX-License-Identifier: AGPL-3.0-or-later #} {# SPDX-License-Identifier: AGPL-3.0-or-later #}
{% macro username_linked(username) %}
{% macro username_linked(username) -%}
<a href="/user/{{ username }}" class="link-user">{{ username }}</a> <a href="/user/{{ username }}" class="link-user">{{ username }}</a>
{% endmacro %}
{%- endmacro %}
{% macro group_linked(group_path) %} {% macro group_linked(group_path) %}
<a href="/~{{ group_path }}" class="link-group">~{{ group_path }}</a> <a href="/~{{ group_path }}" class="link-group">~{{ group_path }}</a>

Loading…
Cancel
Save