diff --git a/bookwyrm/models/status.py b/bookwyrm/models/status.py index 3a0fad5e..e4f28e00 100644 --- a/bookwyrm/models/status.py +++ b/bookwyrm/models/status.py @@ -3,6 +3,7 @@ from dataclasses import MISSING import re from django.apps import apps +from django.core.exceptions import PermissionDenied from django.core.validators import MaxValueValidator, MinValueValidator from django.db import models from django.dispatch import receiver @@ -187,6 +188,14 @@ class Status(OrderedCollectionPageMixin, BookWyrmModel): """json serialized activitypub class""" return self.to_activity_dataclass(pure=pure).serialize() + def raise_not_editable(self, viewer): + """certain types of status aren't editable""" + # first, the standard raise + super().raise_not_editable(viewer) + if isinstance(self, (GeneratedNote, ReviewRating)): + raise PermissionDenied + + class GeneratedNote(Status): """these are app-generated messages about user activity""" diff --git a/bookwyrm/views/status.py b/bookwyrm/views/status.py index a8b3ab0a..3da8c725 100644 --- a/bookwyrm/views/status.py +++ b/bookwyrm/views/status.py @@ -98,8 +98,7 @@ class DeleteStatus(View): status = get_object_or_404(models.Status, id=status_id) # don't let people delete other people's statuses - if status.user != request.user and not request.user.has_perm("moderate_post"): - return HttpResponseBadRequest() + status.raise_not_deletable(request.user) # perform deletion status.delete() @@ -115,12 +114,8 @@ class DeleteAndRedraft(View): status = get_object_or_404( models.Status.objects.select_subclasses(), id=status_id ) - if isinstance(status, (models.GeneratedNote, models.ReviewRating)): - return HttpResponseBadRequest() - # don't let people redraft other people's statuses - if status.user != request.user: - return HttpResponseBadRequest() + status.raise_not_editable(request.user) status_type = status.status_type.lower() if status.reply_parent: