fix(FastAPI): comment.html template rendering

Deleters and edits were not previously taken into account. This fix addresses that issue using User.has_credential. Signed-off-by: Kevin Morris <kevr@0cost.org>
2025-02-03 10:43:03 +01:00 · 2021-09-30 13:53:31 -07:00 · 2021-09-30 13:53:31 -07:00 · 59d04d6e0c
commit 59d04d6e0c
parent fc28aad245
1 changed files with 89 additions and 59 deletions
--- a/templates/partials/packages/comment.html
+++ b/templates/partials/packages/comment.html
@ -1,4 +1,12 @@
-<h4 id="comment-{{ comment.ID }}" class="comment-header">
+{% set header_cls = "comment-header" %}
 {% set article_cls = "article-content" %}
 {% if comment.Deleter %}
 	{% set header_cls = "%s %s" | format(header_cls, "comment-deleted") %}
 	{% set article_cls = "%s %s" | format(article_cls, "comment-deleted") %}
 {% endif %}
 {% if not comment.Deleter or request.user.has_credential("CRED_COMMENT_VIEW_DELETED", approved=[comment.Deleter]) %}
 	<h4 id="comment-{{ comment.ID }}" class="{{ header_cls }}">
 		{% set commented_at = comment.CommentTS | dt | as_timezone(timezone) %}
 		{% set view_account_info = 'View account information for %s' | tr | format(comment.User.Username) %}
 		{{
@ -27,17 +35,21 @@
 				}})
 			</span>
 		{% endif %}
-    {% if request.user.is_elevated() or pkgbase.Maintainer == request.user %}
+		{% if not comment.Deleter %}
-        <form class="delete-comment-form" method="post" action="/pkgbase/{{ name }}/">
+			{% if request.user.has_credential('CRED_COMMENT_DELETE', approved=[comment.User]) %}
 				<form class="delete-comment-form" method="post"
 					  action="/pkgbase/{{ pkgbase.Name }}/comments/{{ comment.ID }}/delete">
 					<fieldset style="display:inline;">
                <input type="hidden" name="action" value="do_DeleteComment" />
                <input type="hidden" name="comment_id" value="{{ comment.ID }}"/>
                <input type="hidden" name="return_to" value="/pkgbase/{{ name }}/"/>
 						<input type="image" class="delete-comment" src="/images/x.min.svg" width="11" height="11" alt="{{ 'Delete comment' | tr }}" title="{{ 'Delete comment' | tr }}" name="submit" value="1" />
 					</fieldset>
 				</form>
-        <a href="/pkgbase/{{ pkgname }}/edit-comment/?comment_id={{ comment.ID }}" class="edit-comment" title="Edit comment"><img src="/images/pencil.min.svg" alt="Edit comment" width="11" height="11"></a>
+			{% endif %}
 			{% if request.user.has_credential('CRED_COMMENT_EDIT', approved=[comment.User]) %}
 				<a href="/pkgbase/{{ pkgname }}/edit-comment/?comment_id={{ comment.ID }}" class="edit-comment" title="Edit comment"><img src="/images/pencil.min.svg" alt="Edit comment" width="11" height="11"></a>
 			{% endif %}
 			{% if request.user.has_credential("CRED_COMMENT_PIN", approved=[pkgbase.Maintainer]) %}
 				<form class="pin-comment-form" method="post" action="/pkgbase/{{ name }}/">
 					<fieldset style="display:inline;">
 						<input type="hidden" name="action" value="do_PinComment"/>
@ -48,8 +60,25 @@
 					</fieldset>
 				</form>
 			{% endif %}
-</h4>
+		{% else %}
-<div id="comment-{{ comment.ID }}-content" class="article-content">
+			{% if request.user.has_credential("CRED_COMMENT_UNDELETE", approved=[comment.User]) %}
 				<form class="undelete-comment-form"
 					  method="post"
 					  action="/pkgbase/{{ pkgbase.Name }}/comments/{{ comment.ID }}/undelete"
 				>
 					<fieldset style="display:inline;">
 						<input type="image"
 							   class="undelete-comment"
 							   src="/images/action-undo.min.svg"
 							   alt="{{ 'Undelete comment' | tr }}"
 							   title="{{ 'Undelete comment' | tr }}"
 							   name="submit" value="1" width="11" height="11" />
 					</fieldset>
 				</form>
 			{% endif %}
 		{% endif %}
 	</h4>
 	<div id="comment-{{ comment.ID }}-content" class="{{ article_cls }}">
 		<div>
 			{% if comment.RenderedComment %}
 				{{ comment.RenderedComment | safe }}
@ -57,4 +86,5 @@
 				{{ comment.Comments }}
 			{% endif %}
 		</div>
-</div>
+	</div>
 {% endif %}