From 40cd1b9029cc50e41c21d69e502947996862b7b4 Mon Sep 17 00:00:00 2001 From: Kevin Morris Date: Thu, 30 Sep 2021 13:58:37 -0700 Subject: [PATCH] feat(FastAPI): add /pkgbase/{name}/comments/{id}/delete (post) Signed-off-by: Kevin Morris --- aurweb/routers/packages.py | 25 ++++++++++++++++++++- test/test_packages_routes.py | 43 +++++++++++++++++++++++++++++++++++- 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/aurweb/routers/packages.py b/aurweb/routers/packages.py index d5c99e8d..3a5ca047 100644 --- a/aurweb/routers/packages.py +++ b/aurweb/routers/packages.py @@ -11,7 +11,7 @@ import aurweb.models.package_comment import aurweb.models.package_keyword import aurweb.packages.util -from aurweb import db +from aurweb import db, l10n from aurweb.auth import auth_required from aurweb.models.license import License from aurweb.models.package import Package @@ -298,3 +298,26 @@ async def pkgbase_comment_post( # Redirect to the pkgbase page anchored to the updated comment. return RedirectResponse(f"/pkgbase/{pkgbase.Name}#comment-{db_comment.ID}", status_code=int(HTTPStatus.SEE_OTHER)) + + +@router.post("/pkgbase/{name}/comments/{id}/delete") +@auth_required(True) +async def pkgbase_comment_delete(request: Request, name: str, id: int): + pkgbase = get_pkg_or_base(name, PackageBase) + comment = get_pkgbase_comment(pkgbase, id) + + authorized = request.user.has_credential("CRED_COMMENT_DELETE", + [comment.User]) + if not authorized: + _ = l10n.get_translator_for_request(request) + raise HTTPException( + status_code=int(HTTPStatus.UNAUTHORIZED), + detail=_("You are not allowed to delete this comment.")) + + now = int(datetime.utcnow().timestamp()) + with db.begin(): + comment.Deleter = request.user + comment.DelTS = now + + return RedirectResponse(f"/pkgbase/{name}", + status_code=int(HTTPStatus.SEE_OTHER)) diff --git a/test/test_packages_routes.py b/test/test_packages_routes.py index 93a7f524..eb3da41a 100644 --- a/test/test_packages_routes.py +++ b/test/test_packages_routes.py @@ -995,7 +995,7 @@ def test_pkgbase_comments_missing_comment(client: TestClient, maintainer: User, assert resp.status_code == int(HTTPStatus.EXPECTATION_FAILED) -def test_pkgbase_comments(client: TestClient, maintainer: User, +def test_pkgbase_comments(client: TestClient, maintainer: User, user: User, package: Package): cookies = {"AURSID": maintainer.login(Request(), "testPassword")} pkgbasename = package.PackageBase.Name @@ -1077,3 +1077,44 @@ def test_pkgbase_comments(client: TestClient, maintainer: User, data = resp.json() assert "form" in data + + +def test_pkgbase_comment_delete(client: TestClient, + user: User, + package: Package, + comment: PackageComment): + # Test the unauthorized case of comment deletion. + cookies = {"AURSID": user.login(Request(), "testPassword")} + pkgbasename = package.PackageBase.Name + endpoint = f"/pkgbase/{pkgbasename}/comments/{comment.ID}/delete" + with client as request: + resp = request.post(endpoint, cookies=cookies) + assert resp.status_code == int(HTTPStatus.SEE_OTHER) + + expected = f"/pkgbase/{pkgbasename}" + assert resp.headers.get("location") == expected + + +def test_pkgbase_comment_delete_unauthorized(client: TestClient, + maintainer: User, + package: Package, + comment: PackageComment): + # Test the unauthorized case of comment deletion. + cookies = {"AURSID": maintainer.login(Request(), "testPassword")} + pkgbasename = package.PackageBase.Name + endpoint = f"/pkgbase/{pkgbasename}/comments/{comment.ID}/delete" + with client as request: + resp = request.post(endpoint, cookies=cookies) + assert resp.status_code == int(HTTPStatus.UNAUTHORIZED) + + +def test_pkgbase_comment_delete_not_found(client: TestClient, + maintainer: User, + package: Package): + cookies = {"AURSID": maintainer.login(Request(), "testPassword")} + comment_id = 12345 # Non-existing comment. + pkgbasename = package.PackageBase.Name + endpoint = f"/pkgbase/{pkgbasename}/comments/{comment_id}/delete" + with client as request: + resp = request.post(endpoint, cookies=cookies) + assert resp.status_code == int(HTTPStatus.NOT_FOUND)