From 10f8f443f1d63c9384c94b6b32327b5955c6ed90 Mon Sep 17 00:00:00 2001 From: rr- Date: Sun, 24 Apr 2016 11:15:03 +0200 Subject: [PATCH] server/comments: add comment deleting --- API.md | 23 +++++++- server/szurubooru/api/comment_api.py | 15 ++++- .../tests/api/test_comment_deleting.py | 57 +++++++++++++++++++ 3 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 server/szurubooru/tests/api/test_comment_deleting.py diff --git a/API.md b/API.md index 638ff3e..44468b3 100644 --- a/API.md +++ b/API.md @@ -43,7 +43,7 @@ - [Creating comment](#creating-comment) - [Updating comment](#updating-comment) - ~~Getting comment~~ - - ~~Deleting comment~~ + - [Deleting comment](#deleting-comment) - ~~Rating comment~~ - Users - [Listing users](#listing-users) @@ -740,6 +740,27 @@ data. Updates an existing comment text. +## Deleting comment +- **Request** + + `DELETE /comment/` + +- **Output** + + ```json5 + {} + ``` + +- **Errors** + + - the comment does not exist + - privileges are too low + +- **Description** + + Deletes existing comment. + + ## Listing users - **Request** diff --git a/server/szurubooru/api/comment_api.py b/server/szurubooru/api/comment_api.py index 23eb0b1..29b53ab 100644 --- a/server/szurubooru/api/comment_api.py +++ b/server/szurubooru/api/comment_api.py @@ -43,4 +43,17 @@ class CommentDetailApi(BaseApi): return {'comment': comments.serialize_comment(comment, ctx.user)} def delete(self, ctx, comment_id): - raise NotImplementedError() + comment = comments.get_comment_by_id(comment_id) + if not comment: + raise comments.CommentNotFoundError( + 'Comment %r not found.' % comment_id) + + if ctx.user.user_id == comment.user_id: + infix = 'self' + else: + infix = 'any' + + auth.verify_privilege(ctx.user, 'comments:delete:%s' % infix) + ctx.session.delete(comment) + ctx.session.commit() + return {} diff --git a/server/szurubooru/tests/api/test_comment_deleting.py b/server/szurubooru/tests/api/test_comment_deleting.py new file mode 100644 index 0000000..fa1cb28 --- /dev/null +++ b/server/szurubooru/tests/api/test_comment_deleting.py @@ -0,0 +1,57 @@ +import pytest +from datetime import datetime +from szurubooru import api, db, errors +from szurubooru.func import util, comments + +@pytest.fixture +def test_ctx(config_injector, context_factory, user_factory, comment_factory): + config_injector({ + 'privileges': { + 'comments:delete:self': 'regular_user', + 'comments:delete:any': 'mod', + }, + 'ranks': ['anonymous', 'regular_user', 'mod', 'admin'], + }) + ret = util.dotdict() + ret.context_factory = context_factory + ret.user_factory = user_factory + ret.comment_factory = comment_factory + ret.api = api.CommentDetailApi() + return ret + +def test_deleting_own_comment(test_ctx): + user = test_ctx.user_factory() + comment = test_ctx.comment_factory(user=user) + db.session.add(comment) + db.session.commit() + result = test_ctx.api.delete( + test_ctx.context_factory(user=user), comment.comment_id) + assert result == {} + assert db.session.query(db.Comment).count() == 0 + +def test_deleting_someones_else_comment(test_ctx): + user1 = test_ctx.user_factory(rank='regular_user') + user2 = test_ctx.user_factory(rank='mod') + comment = test_ctx.comment_factory(user=user1) + db.session.add(comment) + db.session.commit() + result = test_ctx.api.delete( + test_ctx.context_factory(user=user2), comment.comment_id) + assert db.session.query(db.Comment).count() == 0 + +def test_trying_to_delete_someones_else_comment_without_privileges(test_ctx): + user1 = test_ctx.user_factory(rank='regular_user') + user2 = test_ctx.user_factory(rank='regular_user') + comment = test_ctx.comment_factory(user=user1) + db.session.add(comment) + db.session.commit() + with pytest.raises(errors.AuthError): + test_ctx.api.delete( + test_ctx.context_factory(user=user2), comment.comment_id) + assert db.session.query(db.Comment).count() == 1 + +def test_trying_to_delete_non_existing(test_ctx): + with pytest.raises(comments.CommentNotFoundError): + test_ctx.api.delete( + test_ctx.context_factory( + user=test_ctx.user_factory(rank='regular_user')), 1)