external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(FastAPI): add /pkgbase/{name}/comments/{id}/delete (post)

Browse source 
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-09-30 13:58:37 -07:00
parent d3be30744c
commit 40cd1b9029
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
2 changed files with 66 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
aurweb/routers/packages.py
View file

@ -11,7 +11,7 @@ import aurweb.models.package_comment
import aurweb.models.package_keyword
import aurweb.packages.util
from aurweb import db
from aurweb import db, l10n
from aurweb.auth import auth_required
from aurweb.models.license import License
from aurweb.models.package import Package
@ -298,3 +298,26 @@ async def pkgbase_comment_post(
# Redirect to the pkgbase page anchored to the updated comment.
return RedirectResponse(f"/pkgbase/{pkgbase.Name}#comment-{db_comment.ID}",
status_code=int(HTTPStatus.SEE_OTHER))
@router.post("/pkgbase/{name}/comments/{id}/delete")
@auth_required(True)
async def pkgbase_comment_delete(request: Request, name: str, id: int):
pkgbase = get_pkg_or_base(name, PackageBase)
comment = get_pkgbase_comment(pkgbase, id)
authorized = request.user.has_credential("CRED_COMMENT_DELETE",
[comment.User])
if not authorized:
_ = l10n.get_translator_for_request(request)
raise HTTPException(
status_code=int(HTTPStatus.UNAUTHORIZED),
detail=_("You are not allowed to delete this comment."))
now = int(datetime.utcnow().timestamp())
with db.begin():
comment.Deleter = request.user
comment.DelTS = now
return RedirectResponse(f"/pkgbase/{name}",
status_code=int(HTTPStatus.SEE_OTHER))

43
test/test_packages_routes.py
View file

@ -995,7 +995,7 @@ def test_pkgbase_comments_missing_comment(client: TestClient, maintainer: User,
assert resp.status_code == int(HTTPStatus.EXPECTATION_FAILED)
def test_pkgbase_comments(client: TestClient, maintainer: User,
def test_pkgbase_comments(client: TestClient, maintainer: User, user: User,
package: Package):
cookies = {"AURSID": maintainer.login(Request(), "testPassword")}
pkgbasename = package.PackageBase.Name
@ -1077,3 +1077,44 @@ def test_pkgbase_comments(client: TestClient, maintainer: User,
data = resp.json()
assert "form" in data
def test_pkgbase_comment_delete(client: TestClient,
user: User,
package: Package,
comment: PackageComment):
# Test the unauthorized case of comment deletion.
cookies = {"AURSID": user.login(Request(), "testPassword")}
pkgbasename = package.PackageBase.Name
endpoint = f"/pkgbase/{pkgbasename}/comments/{comment.ID}/delete"
with client as request:
resp = request.post(endpoint, cookies=cookies)
assert resp.status_code == int(HTTPStatus.SEE_OTHER)
expected = f"/pkgbase/{pkgbasename}"
assert resp.headers.get("location") == expected
def test_pkgbase_comment_delete_unauthorized(client: TestClient,
maintainer: User,
package: Package,
comment: PackageComment):
# Test the unauthorized case of comment deletion.
cookies = {"AURSID": maintainer.login(Request(), "testPassword")}
pkgbasename = package.PackageBase.Name
endpoint = f"/pkgbase/{pkgbasename}/comments/{comment.ID}/delete"
with client as request:
resp = request.post(endpoint, cookies=cookies)
assert resp.status_code == int(HTTPStatus.UNAUTHORIZED)
def test_pkgbase_comment_delete_not_found(client: TestClient,
maintainer: User,
package: Package):
cookies = {"AURSID": maintainer.login(Request(), "testPassword")}
comment_id = 12345 # Non-existing comment.
pkgbasename = package.PackageBase.Name
endpoint = f"/pkgbase/{pkgbasename}/comments/{comment_id}/delete"
with client as request:
resp = request.post(endpoint, cookies=cookies)
assert resp.status_code == int(HTTPStatus.NOT_FOUND)