Allow moderators to delete reported statuses

2021-03-12 11:25:56 -08:00 · 2021-03-12 11:25:56 -08:00 · 8c74beb78c
commit 8c74beb78c
parent 677a49fee3
6 changed files with 47 additions and 5 deletions
--- a/bookwyrm/templates/moderation/report.html
+++ b/bookwyrm/templates/moderation/report.html
@ -15,6 +15,7 @@

 <div class="block content">
    <h3>{% trans "Actions" %}</h3>
+    <p><a href="{{ report.user.local_path }}">{% trans "View user profile" %}</a></p>
    <div class="is-flex">
        <p class="mr-1">
            <a class="button" href="{% url 'direct-messages-user' report.user.username %}">{% trans "Send direct message" %}</a>
@ -46,7 +47,11 @@
    <ul>
        {% for status in report.statuses.select_subclasses.all %}
        <li>
+            {% if status.deleted %}
+            <em>{% trans "Statuses has been deleted" %}</em>
+            {% else %}
            {% include 'snippets/status/status.html' with status=status moderation_mode=True %}
+            {% endif %}
        </li>
        {% endfor %}
    </ul>
--- a/bookwyrm/templates/moderation/report_preview.html
+++ b/bookwyrm/templates/moderation/report_preview.html
@ -12,7 +12,6 @@
    <p>
        {% if report.note %}{{ report.note }}{% else %}<em>{% trans "No notes provided" %}</em>{% endif %}
    </p>
-    <p><a href="{{ report.user.local_path }}">{% trans "View user profile" %}</a></p>
 </div>
 {% endblock %}

--- a/bookwyrm/templates/snippets/status/status_body.html
+++ b/bookwyrm/templates/snippets/status/status_body.html
@ -19,8 +19,15 @@
 {% block card-footer %}
 <div class="card-footer-item">
    {% if moderation_mode and perms.bookwyrm.moderate_post %}
+
    {# moderation options #}
-    <button class="button is-danger is-light">{% trans "Delete status" %}</button>
+    <form class="dropdown-item pt-0 pb-0" name="delete-{{status.id}}" action="/delete-status/{{ status.id }}" method="post">
+        {% csrf_token %}
+        <button class="button is-danger is-light" type="submit">
+            {% trans "Delete status" %}
+        </button>
+    </form>
+
    {% elif request.user.is_authenticated %}
    <div class="field has-addons">
        <div class="control">
--- a/bookwyrm/tests/views/test_reports.py
+++ b/bookwyrm/tests/views/test_reports.py
@ -99,7 +99,6 @@ class ReportViews(TestCase):
        report.refresh_from_db()
        self.assertFalse(report.resolved)

-
    def test_deactivate_user(self):
        """ toggle whether a user is able to log in """
        self.assertTrue(self.rat.is_active)
--- a/bookwyrm/tests/views/test_status.py
+++ b/bookwyrm/tests/views/test_status.py
@ -216,7 +216,7 @@ class StatusViews(TestCase):
            '<a href="%s">'
            "archive.org/details/dli.granth.72113/page/n25/mode/2up</a>" % url,
        )
-        url = "https://openlibrary.org/search" "?q=arkady+strugatsky&mode=everything"
+        url = "https://openlibrary.org/search?q=arkady+strugatsky&mode=everything"
        self.assertEqual(
            views.status.format_links(url),
            '<a href="%s">openlibrary.org/search'
@ -253,3 +253,35 @@ class StatusViews(TestCase):
            self.assertEqual(activity["object"]["type"], "Tombstone")
        status.refresh_from_db()
        self.assertTrue(status.deleted)
+
+    def test_handle_delete_status_permission_denied(self):
+        """ marks a status as deleted """
+        view = views.DeleteStatus.as_view()
+        with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
+            status = models.Status.objects.create(user=self.local_user, content="hi")
+        self.assertFalse(status.deleted)
+        request = self.factory.post("")
+        request.user = self.remote_user
+
+        view(request, status.id)
+
+        status.refresh_from_db()
+        self.assertFalse(status.deleted)
+
+    def test_handle_delete_status_moderator(self):
+        """ marks a status as deleted """
+        view = views.DeleteStatus.as_view()
+        with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
+            status = models.Status.objects.create(user=self.local_user, content="hi")
+        self.assertFalse(status.deleted)
+        request = self.factory.post("")
+        request.user = self.remote_user
+        request.user.is_superuser = True
+
+        with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay") as mock:
+            view(request, status.id)
+            activity = json.loads(mock.call_args_list[0][0][1])
+            self.assertEqual(activity["type"], "Delete")
+            self.assertEqual(activity["object"]["type"], "Tombstone")
+        status.refresh_from_db()
+        self.assertTrue(status.deleted)
--- a/bookwyrm/views/status.py
+++ b/bookwyrm/views/status.py
@ -75,7 +75,7 @@ class DeleteStatus(View):
        status = get_object_or_404(models.Status, id=status_id)

        # don't let people delete other people's statuses
-        if status.user != request.user:
+        if status.user != request.user and not request.user.has_perm("moderate_post"):
            return HttpResponseBadRequest()

        # perform deletion