From 8c74beb78cec60bf44723661b2b6dd2ed5304a3a Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Fri, 12 Mar 2021 11:25:56 -0800
Subject: [PATCH] Allow moderators to delete reported statuses
---
bookwyrm/templates/moderation/report.html | 5 +++
.../templates/moderation/report_preview.html | 1 -
.../snippets/status/status_body.html | 9 ++++-
bookwyrm/tests/views/test_reports.py | 1 -
bookwyrm/tests/views/test_status.py | 34 ++++++++++++++++++-
bookwyrm/views/status.py | 2 +-
6 files changed, 47 insertions(+), 5 deletions(-)
diff --git a/bookwyrm/templates/moderation/report.html b/bookwyrm/templates/moderation/report.html
index b2e61cc44..ae014d68c 100644
--- a/bookwyrm/templates/moderation/report.html
+++ b/bookwyrm/templates/moderation/report.html
@@ -15,6 +15,7 @@
<div class="block content">
<h3>{% trans "Actions" %}</h3>
+ <p><a href="{{ report.user.local_path }}">{% trans "View user profile" %}</a></p>
<div class="is-flex">
<p class="mr-1">
<a class="button" href="{% url 'direct-messages-user' report.user.username %}">{% trans "Send direct message" %}</a>
@@ -46,7 +47,11 @@
<ul>
{% for status in report.statuses.select_subclasses.all %}
<li>
+ {% if status.deleted %}
+ <em>{% trans "Statuses has been deleted" %}</em>
+ {% else %}
{% include 'snippets/status/status.html' with status=status moderation_mode=True %}
+ {% endif %}
</li>
{% endfor %}
</ul>
diff --git a/bookwyrm/templates/moderation/report_preview.html b/bookwyrm/templates/moderation/report_preview.html
index c35010cf6..3a5ebcf95 100644
--- a/bookwyrm/templates/moderation/report_preview.html
+++ b/bookwyrm/templates/moderation/report_preview.html
@@ -12,7 +12,6 @@
<p>
{% if report.note %}{{ report.note }}{% else %}<em>{% trans "No notes provided" %}</em>{% endif %}
</p>
- <p><a href="{{ report.user.local_path }}">{% trans "View user profile" %}</a></p>
</div>
{% endblock %}
diff --git a/bookwyrm/templates/snippets/status/status_body.html b/bookwyrm/templates/snippets/status/status_body.html
index f3732d1a3..a7e8e8843 100644
--- a/bookwyrm/templates/snippets/status/status_body.html
+++ b/bookwyrm/templates/snippets/status/status_body.html
@@ -19,8 +19,15 @@
{% block card-footer %}
<div class="card-footer-item">
{% if moderation_mode and perms.bookwyrm.moderate_post %}
+
{# moderation options #}
- <button class="button is-danger is-light">{% trans "Delete status" %}</button>
+ <form class="dropdown-item pt-0 pb-0" name="delete-{{status.id}}" action="/delete-status/{{ status.id }}" method="post">
+ {% csrf_token %}
+ <button class="button is-danger is-light" type="submit">
+ {% trans "Delete status" %}
+ </button>
+ </form>
+
{% elif request.user.is_authenticated %}
<div class="field has-addons">
<div class="control">
diff --git a/bookwyrm/tests/views/test_reports.py b/bookwyrm/tests/views/test_reports.py
index 724e7b5a6..98d28acdf 100644
--- a/bookwyrm/tests/views/test_reports.py
+++ b/bookwyrm/tests/views/test_reports.py
@@ -99,7 +99,6 @@ class ReportViews(TestCase):
report.refresh_from_db()
self.assertFalse(report.resolved)
-
def test_deactivate_user(self):
""" toggle whether a user is able to log in """
self.assertTrue(self.rat.is_active)
diff --git a/bookwyrm/tests/views/test_status.py b/bookwyrm/tests/views/test_status.py
index 7fdc0e060..32080a5a8 100644
--- a/bookwyrm/tests/views/test_status.py
+++ b/bookwyrm/tests/views/test_status.py
@@ -216,7 +216,7 @@ class StatusViews(TestCase):
'<a href="%s">'
"archive.org/details/dli.granth.72113/page/n25/mode/2up</a>" % url,
)
- url = "https://openlibrary.org/search" "?q=arkady+strugatsky&mode=everything"
+ url = "https://openlibrary.org/search?q=arkady+strugatsky&mode=everything"
self.assertEqual(
views.status.format_links(url),
'<a href="%s">openlibrary.org/search'
@@ -253,3 +253,35 @@ class StatusViews(TestCase):
self.assertEqual(activity["object"]["type"], "Tombstone")
status.refresh_from_db()
self.assertTrue(status.deleted)
+
+ def test_handle_delete_status_permission_denied(self):
+ """ marks a status as deleted """
+ view = views.DeleteStatus.as_view()
+ with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
+ status = models.Status.objects.create(user=self.local_user, content="hi")
+ self.assertFalse(status.deleted)
+ request = self.factory.post("")
+ request.user = self.remote_user
+
+ view(request, status.id)
+
+ status.refresh_from_db()
+ self.assertFalse(status.deleted)
+
+ def test_handle_delete_status_moderator(self):
+ """ marks a status as deleted """
+ view = views.DeleteStatus.as_view()
+ with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
+ status = models.Status.objects.create(user=self.local_user, content="hi")
+ self.assertFalse(status.deleted)
+ request = self.factory.post("")
+ request.user = self.remote_user
+ request.user.is_superuser = True
+
+ with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay") as mock:
+ view(request, status.id)
+ activity = json.loads(mock.call_args_list[0][0][1])
+ self.assertEqual(activity["type"], "Delete")
+ self.assertEqual(activity["object"]["type"], "Tombstone")
+ status.refresh_from_db()
+ self.assertTrue(status.deleted)
diff --git a/bookwyrm/views/status.py b/bookwyrm/views/status.py
index 8cc5df69c..0cb5974bd 100644
--- a/bookwyrm/views/status.py
+++ b/bookwyrm/views/status.py
@@ -75,7 +75,7 @@ class DeleteStatus(View):
status = get_object_or_404(models.Status, id=status_id)
# don't let people delete other people's statuses
- if status.user != request.user:
+ if status.user != request.user and not request.user.has_perm("moderate_post"):
return HttpResponseBadRequest()
# perform deletion