From 4f5b247ed10e40f41badaab84bedf79f5c681b77 Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Mon, 21 Oct 2013 17:40:03 +0200 Subject: [PATCH] delete comments via mail --- isso/__init__.py | 1 + isso/notify.py | 9 +++++++-- isso/views/comment.py | 21 ++++++++++++++++++--- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/isso/__init__.py b/isso/__init__.py index 63e019a..e4816a5 100644 --- a/isso/__init__.py +++ b/isso/__init__.py @@ -63,6 +63,7 @@ rules = Map([ Rule('/', methods=['GET'], endpoint=views.comment.fetch), Rule('/count', methods=['GET'], endpoint=views.comment.count), + Rule('/delete/', endpoint=views.comment.delete), Rule('/activate/', endpoint=views.comment.activate), Rule('/admin/', endpoint=views.admin.index), diff --git a/isso/notify.py b/isso/notify.py index 2b51c69..2bc1211 100644 --- a/isso/notify.py +++ b/isso/notify.py @@ -1,11 +1,13 @@ # -*- encoding: utf-8 -*- +from __future__ import unicode_literals + from smtplib import SMTP, SMTP_SSL from email.header import Header from email.mime.text import MIMEText -def format(comment, permalink, remote_addr, activation_key=None): +def format(comment, permalink, remote_addr, deletion_key, activation_key=None): rv = [] rv.append("%s schrieb:" % (comment["author"] or "Jemand")) @@ -19,8 +21,11 @@ def format(comment, permalink, remote_addr, activation_key=None): rv.append("IP Adresse: %s" % remote_addr) rv.append("Link zum Kommentar: %s" % permalink) + rv.append("") + rv.append("---") + rv.append("Kommentar löschen: %s" % deletion_key) + if activation_key: - rv.append("") rv.append("Kommentar freischalten: %s" % activation_key) return u'\n'.join(rv) diff --git a/isso/views/comment.py b/isso/views/comment.py index d9825c7..d6813c4 100644 --- a/isso/views/comment.py +++ b/isso/views/comment.py @@ -86,12 +86,15 @@ def new(app, environ, request, uri): host = app.conf.get('general', 'host').rstrip("/") href = host + uri + "#isso-%i" % rv["id"] - auth = None + + deletion = host + environ["SCRIPT_NAME"] + "/delete/" + app.sign(str(rv["id"])) + activation = None if app.conf.getboolean('general', 'moderated'): - auth = host + environ["SCRIPT_NAME"] + "/activate/" + app.sign(str(rv["id"])) + activation = host + environ["SCRIPT_NAME"] + "/activate/" + app.sign(str(rv["id"])) - app.notify(title, notify.format(rv, href, utils.anonymize(str(request.remote_addr)), auth)) + app.notify(title, notify.format(rv, href, utils.anonymize(str(request.remote_addr)), + activation_key=activation, deletion_key=deletion)) # save checksum of text into cookie, so mallory can't modify/delete a comment, if # he add a comment, then removed it but not the signed cookie. @@ -234,6 +237,18 @@ def activate(app, environ, request, auth): return Response("Yo", 200) +def delete(app, environ, request, auth): + + try: + id = app.unsign(auth, max_age=2**32) + except (BadSignature, SignatureExpired): + abort(403) + + with app.lock: + app.db.comments.delete(id) + + return Response("%s successfully removed" % id) + def checkip(app, env, req): return Response(utils.anonymize(str(req.remote_addr)), 200)