app/blueprints/threads/__init__.py

   1 # Content DB
   2 # Copyright (C) 2018  rubenwardy
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16
  17
  18 from flask import *
  19
  20 bp = Blueprint("threads", __name__)
  21
  22 from flask_user import *
  23 from app.models import *
  24 from app.utils import addNotification, clearNotifications, isYes, addAuditLog
  25
  26 import datetime
  27
  28 from flask_wtf import FlaskForm
  29 from wtforms import *
  30 from wtforms.validators import *
  31 from app.utils import get_int_or_abort
  32
  33 @bp.route("/threads/")
  34 def list_all():
  35         query = Thread.query
  36         if not Permission.SEE_THREAD.check(current_user):
  37                 query = query.filter_by(private=False)
  38
  39         pid = request.args.get("pid")
  40         if pid:
  41                 pid = get_int_or_abort(pid)
  42                 query = query.filter_by(package_id=pid)
  43
  44         query = query.order_by(db.desc(Thread.created_at))
  45
  46         return render_template("threads/list.html", threads=query.all())
  47
  48
  49 @bp.route("/threads/<int:id>/subscribe/", methods=["POST"])
  50 @login_required
  51 def subscribe(id):
  52         thread = Thread.query.get(id)
  53         if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
  54                 abort(404)
  55
  56         if current_user in thread.watchers:
  57                 flash("Already subscribed!", "success")
  58         else:
  59                 flash("Subscribed to thread", "success")
  60                 thread.watchers.append(current_user)
  61                 db.session.commit()
  62
  63         return redirect(thread.getViewURL())
  64
  65
  66 @bp.route("/threads/<int:id>/unsubscribe/", methods=["POST"])
  67 @login_required
  68 def unsubscribe(id):
  69         thread = Thread.query.get(id)
  70         if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
  71                 abort(404)
  72
  73         if current_user in thread.watchers:
  74                 flash("Unsubscribed!", "success")
  75                 thread.watchers.remove(current_user)
  76                 db.session.commit()
  77         else:
  78                 flash("Already not subscribed!", "success")
  79
  80         return redirect(thread.getViewURL())
  81
  82
  83 @bp.route("/threads/<int:id>/set-lock/", methods=["POST"])
  84 @login_required
  85 def set_lock(id):
  86         thread = Thread.query.get(id)
  87         if thread is None or not thread.checkPerm(current_user, Permission.LOCK_THREAD):
  88                 abort(404)
  89
  90         thread.locked = isYes(request.args.get("lock"))
  91         if thread.locked is None:
  92                 abort(400)
  93
  94         msg = None
  95         if thread.locked:
  96                 msg = "Locked thread '{}'".format(thread.title)
  97                 flash("Locked thread", "success")
  98         else:
  99                 msg = "Unlocked thread '{}'".format(thread.title)
 100                 flash("Unlocked thread", "success")
 101
 102         addNotification(thread.watchers, current_user, msg, thread.getViewURL(), thread.package)
 103         addAuditLog(AuditSeverity.MODERATION, current_user, msg, thread.getViewURL(), thread.package)
 104
 105         db.session.commit()
 106
 107         return redirect(thread.getViewURL())
 108
 109
 110 @bp.route("/threads/<int:id>/delete/", methods=["GET", "POST"])
 111 @login_required
 112 def delete_reply(id):
 113         thread = Thread.query.get(id)
 114         if thread is None:
 115                 abort(404)
 116
 117         reply_id = request.args.get("reply")
 118         if reply_id is None:
 119                 abort(404)
 120
 121         reply = ThreadReply.query.get(reply_id)
 122         if reply is None or reply.thread != thread:
 123                 abort(404)
 124
 125         if thread.replies[0] == reply:
 126                 flash("Cannot delete thread opening post!", "danger")
 127                 return redirect(thread.getViewURL())
 128
 129         if not reply.checkPerm(current_user, Permission.DELETE_REPLY):
 130                 abort(403)
 131
 132         if request.method == "GET":
 133                 return render_template("threads/delete_reply.html", thread=thread, reply=reply)
 134
 135         msg = "Deleted reply by {}".format(reply.author.display_name)
 136         addAuditLog(AuditSeverity.MODERATION, current_user, msg, thread.getViewURL(), thread.package, reply.comment)
 137
 138         db.session.delete(reply)
 139         db.session.commit()
 140
 141         return redirect(thread.getViewURL())
 142
 143
 144
 145
 146 class CommentForm(FlaskForm):
 147         comment = TextAreaField("Comment", [InputRequired(), Length(10, 500)])
 148         submit  = SubmitField("Comment")
 149
 150
 151
 152 @bp.route("/threads/<int:id>/edit/", methods=["GET", "POST"])
 153 @login_required
 154 def edit_reply(id):
 155         thread = Thread.query.get(id)
 156         if thread is None:
 157                 abort(404)
 158
 159         reply_id = request.args.get("reply")
 160         if reply_id is None:
 161                 abort(404)
 162
 163         reply = ThreadReply.query.get(reply_id)
 164         if reply is None or reply.thread != thread:
 165                 abort(404)
 166
 167         if not reply.checkPerm(current_user, Permission.EDIT_REPLY):
 168                 abort(403)
 169
 170         form = CommentForm(formdata=request.form, obj=reply)
 171         if request.method == "POST" and form.validate():
 172                 comment = form.comment.data
 173
 174                 msg = "Edited reply by {}".format(reply.author.display_name)
 175                 severity = AuditSeverity.NORMAL if current_user == reply.author else AuditSeverity.MODERATION
 176                 addNotification(reply.author, current_user, msg, thread.getViewURL(), thread.package)
 177                 addAuditLog(severity, current_user, msg, thread.getViewURL(), thread.package, reply.comment)
 178
 179                 reply.comment = comment
 180
 181                 db.session.commit()
 182
 183                 return redirect(thread.getViewURL())
 184
 185         return render_template("threads/edit_reply.html", thread=thread, reply=reply, form=form)
 186
 187
 188 @bp.route("/threads/<int:id>/", methods=["GET", "POST"])
 189 def view(id):
 190         thread = Thread.query.get(id)
 191         if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
 192                 abort(404)
 193
 194         if current_user.is_authenticated and request.method == "POST":
 195                 comment = request.form["comment"]
 196
 197                 if not thread.checkPerm(current_user, Permission.COMMENT_THREAD):
 198                         flash("You cannot comment on this thread", "danger")
 199                         return redirect(thread.getViewURL())
 200
 201                 if not current_user.canCommentRL():
 202                         flash("Please wait before commenting again", "danger")
 203                         return redirect(thread.getViewURL())
 204
 205                 if len(comment) <= 500 and len(comment) > 3:
 206                         reply = ThreadReply()
 207                         reply.author = current_user
 208                         reply.comment = comment
 209                         db.session.add(reply)
 210
 211                         thread.replies.append(reply)
 212                         if not current_user in thread.watchers:
 213                                 thread.watchers.append(current_user)
 214
 215                         msg = "New comment on '{}'".format(thread.title)
 216                         addNotification(thread.watchers, current_user, msg, thread.getViewURL(), thread.package)
 217                         db.session.commit()
 218
 219                         return redirect(thread.getViewURL())
 220
 221                 else:
 222                         flash("Comment needs to be between 3 and 500 characters.")
 223
 224         return render_template("threads/view.html", thread=thread)
 225
 226
 227 class ThreadForm(FlaskForm):
 228         title   = StringField("Title", [InputRequired(), Length(3,100)])
 229         comment = TextAreaField("Comment", [InputRequired(), Length(10, 500)])
 230         private = BooleanField("Private")
 231         submit  = SubmitField("Open Thread")
 232
 233
 234 @bp.route("/threads/new/", methods=["GET", "POST"])
 235 @login_required
 236 def new():
 237         form = ThreadForm(formdata=request.form)
 238
 239         package = None
 240         if "pid" in request.args:
 241                 package = Package.query.get(int(request.args.get("pid")))
 242                 if package is None:
 243                         flash("Unable to find that package!", "danger")
 244
 245         # Don't allow making orphan threads on approved packages for now
 246         if package is None:
 247                 abort(403)
 248
 249         def_is_private   = request.args.get("private") or False
 250         if package is None:
 251                 def_is_private = True
 252         allow_change     = package and package.approved
 253         is_review_thread = package and not package.approved
 254
 255         # Check that user can make the thread
 256         if not package.checkPerm(current_user, Permission.CREATE_THREAD):
 257                 flash("Unable to create thread!", "danger")
 258                 return redirect(url_for("homepage.home"))
 259
 260         # Only allow creating one thread when not approved
 261         elif is_review_thread and package.review_thread is not None:
 262                 flash("A review thread already exists!", "danger")
 263                 return redirect(package.review_thread.getViewURL())
 264
 265         elif not current_user.canOpenThreadRL():
 266                 flash("Please wait before opening another thread", "danger")
 267
 268                 if package:
 269                         return redirect(package.getDetailsURL())
 270                 else:
 271                         return redirect(url_for("homepage.home"))
 272
 273         # Set default values
 274         elif request.method == "GET":
 275                 form.private.data = def_is_private
 276                 form.title.data   = request.args.get("title") or ""
 277
 278         # Validate and submit
 279         elif request.method == "POST" and form.validate():
 280                 thread = Thread()
 281                 thread.author  = current_user
 282                 thread.title   = form.title.data
 283                 thread.private = form.private.data if allow_change else def_is_private
 284                 thread.package = package
 285                 db.session.add(thread)
 286
 287                 thread.watchers.append(current_user)
 288                 if package is not None and package.author != current_user:
 289                         thread.watchers.append(package.author)
 290
 291                 reply = ThreadReply()
 292                 reply.thread  = thread
 293                 reply.author  = current_user
 294                 reply.comment = form.comment.data
 295                 db.session.add(reply)
 296
 297                 thread.replies.append(reply)
 298
 299                 db.session.commit()
 300
 301                 if is_review_thread:
 302                         package.review_thread = thread
 303
 304                 notif_msg = "New thread '{}'".format(thread.title)
 305                 if package is not None:
 306                         addNotification(package.maintainers, current_user, notif_msg, thread.getViewURL(), package)
 307
 308                 editors = User.query.filter(User.rank >= UserRank.EDITOR).all()
 309                 addNotification(editors, current_user, notif_msg, thread.getViewURL(), package)
 310
 311                 db.session.commit()
 312
 313                 return redirect(thread.getViewURL())
 314
 315
 316         return render_template("threads/new.html", form=form, allow_private_change=allow_change, package=package)