From f3af7c7f94b52e5eaf4dd6c154d639773ee2a663 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Apr 13 2015 14:59:13 +0000 Subject: Drop the remove_comment endpoint and move the logic into update_issue This allows having a single form in the page and we just rely on different submit button to find out the desired action. --- diff --git a/pagure/templates/_formhelper.html b/pagure/templates/_formhelper.html index bab5e18..cad4f02 100644 --- a/pagure/templates/_formhelper.html +++ b/pagure/templates/_formhelper.html @@ -77,13 +77,11 @@ {% if id != 0 and g.fas_user and ( g.fas_user.username == comment.user.username or repo_admin) %} - - + {% endif %} diff --git a/pagure/ui/issues.py b/pagure/ui/issues.py index d4cf5ce..05617a9 100644 --- a/pagure/ui/issues.py +++ b/pagure/ui/issues.py @@ -69,6 +69,30 @@ def update_issue(repo, issueid, username=None): if form.validate_on_submit(): repo_admin = is_repo_admin(repo) + if flask.request.form.get('drop_comment'): + commentid = flask.request.form.get('drop_comment') + + comment = pagure.lib.get_issue_comment( + SESSION, issue.uid, commentid) + if comment is None or comment.issue.project != repo: + flask.abort(404, 'Comment not found') + + if flask.g.fas_user.username != comment.user.username \ + or not is_repo_admin(repo): + flask.abort( + 403, + 'You are not allowed to remove this comment from this issue') + + SESSION.delete(comment) + try: + SESSION.commit() + flask.flash('Comment removed') + except SQLAlchemyError, err: # pragma: no cover + SESSION.rollback() + LOG.error(err) + flask.flash( + 'Could not remove the comment: %s' % commentid, 'error') + comment = form.comment.data try: depends = [ @@ -644,63 +668,3 @@ def view_issue_raw_file(repo, filename=None, username=None): headers['Content-Encoding'] = encoding return (data, 200, headers) - - - -@APP.route( - '//issue//comment//drop', - methods=['GET', 'POST']) -@APP.route( - '/fork///issue//comment//drop', - methods=['GET', 'POST']) -@cla_required -def remove_comment(repo, issueid, commentid, username=None): - """ Remove the specified comment of an issue. - """ - repo = pagure.lib.get_project(SESSION, repo, user=username) - - if not repo: - flask.abort(404, 'Project not found') - - if not repo.settings.get('issue_tracker', True): - flask.abort(404, 'No issue tracker found for this project') - - issue = pagure.lib.search_issues(SESSION, repo, issueid=issueid) - - if issue is None or issue.project != repo: - flask.abort(404, 'Issue not found') - - comment = pagure.lib.get_issue_comment( - SESSION, issue.uid, commentid) - if comment is None or comment.issue.project != repo: - flask.abort(404, 'Comment not found') - - if flask.g.fas_user.username != comment.user.username \ - or not is_repo_admin(repo): - flask.abort( - 403, - 'You are not allowed to remove this comment from this issue') - - form = pagure.forms.ConfirmationForm() - # Since we are using GET here we can't use the traditional way to - # validate the CSRF token so we use this one instead. - # Using POST would be best but we cannot nest forms in html and - # the whole page in a single form to allow editing multiple fields at - # once, so we go around this here. - # It is kind of ugly as it relies on GET request so we should look into - # fixing this in the future. - if form.validate_csrf_data(flask.request.args.get('csrf_token')): - - SESSION.delete(comment) - try: - SESSION.commit() - flask.flash('Comment removed') - except SQLAlchemyError, err: # pragma: no cover - SESSION.rollback() - LOG.error(err) - flask.flash( - 'Could not remove the comment: %s' % commentid, 'error') - - return flask.redirect(flask.url_for( - '.view_issue', repo=repo.name, issueid=issueid, username=username) - )