From dfd66b789cd6cc9470c2a98bcbda9ee5e0f3ad0f Mon Sep 17 00:00:00 2001
From: tilly-Q <nattilypigeonfowl@gmail.com>
Date: Thu, 29 Aug 2013 13:47:50 -0400
Subject: This was a big commit! I included lots of documentation below, but
 generally I did a few things. I wrote many many many new tests, either in old
 test files or in the three new test files I made. I also did some
 code-keeping work, deleting trailing whitespace and deleting vestigial code.
 Lastly, I fixed the parts of the code which I realized were broken thru the
 process of running tests.

===============================================================================
 Deleted trailing whitespace:
===============================================================================
--\  mediagoblin/decorators.py
--\  mediagoblin/auth/tools.py
--\  mediagoblin/db/migrations.py
--\  mediagoblin/db/models.py
--\  mediagoblin/gmg_commands/users.py
--\  mediagoblin/moderation/forms.py
--\  mediagoblin/moderation/tools.py
--\  mediagoblin/moderation/views.py
--\  mediagoblin/templates/mediagoblin/moderation/media_panel.html
--\  mediagoblin/templates/mediagoblin/moderation/report.html
--\  mediagoblin/templates/mediagoblin/moderation/report_panel.html
--\  mediagoblin/templates/mediagoblin/moderation/user.html
--\  mediagoblin/templates/mediagoblin/moderation/user_panel.html
--\  mediagoblin/templates/mediagoblin/user_pages/report.html
--\  mediagoblin/templates/mediagoblin/utils/report.html
--\  mediagoblin/user_pages/lib.py
--\  mediagoblin/user_pages/views.py
===============================================================================
 Deleted Vestigial Code
===============================================================================
--\  mediagoblin/db/util.py
--\  mediagoblin/tests/test_notifications.py
===============================================================================
 Modified the Code:
===============================================================================
--\  mediagoblin/moderation/tools.py
--| Encapsulated the code around giving/taking away privileges into two
  | funtions.

--\  mediagoblin/moderation/views.py
--| Imported and used the give/take away privilege functions
--| Replaced 'require_admin_or_moderator_login' with
  |'user_has_privilege(u"admin")' for adding/taking away privileges, only
  | admins are allowed to do this.

--\  mediagoblin/templates/mediagoblin/banned.html
--| Added relevant translation tags
--| Added ability to display indefinite banning

--\  mediagoblin/templates/mediagoblin/user_pages/media.html
--| Made sure the add comments button was only visible for users with the
  | `commenter` privilege

--\  mediagoblin/tests/test_submission.py
--| Paroneayea fixed a DetachedInstanceError I was having with the our_user
  | function

--\  mediagoblin/tests/tools.py
--| Added a fixture_add_comment_report function for testing.

--\  mediagoblin/tools/response.py
--| Fixed a minor error where a necessary return statement was missing
--| Fit the code within 80 columns

--\  mediagoblin/user_pages/views.py
--| Added a necessary decorator to ensure that only users with the 'commenter'
  | privilege can post comments
===============================================================================
 Wrote new tests for an old test file:
===============================================================================
--\  mediagoblin/tests/test_auth.py
--| Added a new test to make sure privilege granting on registration happens
  | correctly

--\  mediagoblin/tests/test_modelmethods.py*
--| Added a test to ensure the User method has_privilege works properly
===============================================================================
 Wrote entirely new files full of tests:
===============================================================================
--\  mediagoblin/tests/test_moderation.py
--\  mediagoblin/tests/test_privileges.py
--\  mediagoblin/tests/test_reporting.py
===============================================================================
===============================================================================
NOTE: Any files I've marked with a * in this commit report, were actually subm-
itted in my last commit. I made that committ to fix an error I was having, so
they weren't properly documented in that report.
===============================================================================
===============================================================================
---
 mediagoblin/moderation/forms.py |  4 ++--
 mediagoblin/moderation/tools.py | 53 +++++++++++++++++++++++++++++++----------
 mediagoblin/moderation/views.py | 29 +++++++++++-----------
 3 files changed, 58 insertions(+), 28 deletions(-)

(limited to 'mediagoblin/moderation')

diff --git a/mediagoblin/moderation/forms.py b/mediagoblin/moderation/forms.py
index 718cd8fa..a3202359 100644
--- a/mediagoblin/moderation/forms.py
+++ b/mediagoblin/moderation/forms.py
@@ -28,7 +28,7 @@ class MultiCheckboxField(wtforms.SelectMultipleField):
 
     Iterating the field will produce subfields, allowing custom rendering of
     the enclosed checkbox fields.
-    
+
     code from http://wtforms.simplecodes.com/docs/1.0.4/specific_problems.html
     """
     widget = wtforms.widgets.ListWidget(prefix_label=False)
@@ -40,7 +40,7 @@ class PrivilegeAddRemoveForm(wtforms.Form):
 
 class ReportResolutionForm(wtforms.Form):
     action_to_resolve = MultiCheckboxField(
-        _(u'What action will you take to resolve the report?'), 
+        _(u'What action will you take to resolve the report?'),
         validators=[wtforms.validators.optional()],
         choices=ACTION_CHOICES)
     targeted_user   = wtforms.HiddenField('',
diff --git a/mediagoblin/moderation/tools.py b/mediagoblin/moderation/tools.py
index b4daca15..d58df3a8 100644
--- a/mediagoblin/moderation/tools.py
+++ b/mediagoblin/moderation/tools.py
@@ -31,17 +31,15 @@ def take_punitive_actions(request, form, report, user):
         # punitive actions that a moderator could take.
         if u'takeaway' in form.action_to_resolve.data:
             for privilege_name in form.take_away_privileges.data:
-                privilege = Privilege.query.filter(
-                    Privilege.privilege_name==privilege_name).one()
+                take_away_privileges(user.username, privilege_name)
                 form.resolution_content.data += \
-                    u"<br>%s took away %s\'s %s privileges" % (
+                    u"<br>%s took away %s\'s %s privileges." % (
                         request.user.username,
                         user.username,
-                        privilege.privilege_name)
-                user.all_privileges.remove(privilege)
+                        privilege_name)
 
         # If the moderator elects to ban the user, a new instance of user_ban
-        # will be created.        
+        # will be created.
         if u'userban' in form.action_to_resolve.data:
             reason = form.resolution_content.data + \
                 "<br>"+request.user.username
@@ -51,7 +49,7 @@ def take_punitive_actions(request, form, report, user):
                 reason= form.why_user_was_banned.data
             )
             Session.add(user_ban)
-    
+
             if form.user_banned_until.data is not None:
                 form.resolution_content.data += \
                     u"<br>%s banned user %s until %s." % (
@@ -86,17 +84,17 @@ def take_punitive_actions(request, form, report, user):
                 deleted_comment = report.comment
                 Session.delete(deleted_comment)
                 form.resolution_content.data += \
-                    u"<br>%s deleted the comment" % (
+                    u"<br>%s deleted the comment." % (
                         request.user.username)
         elif u'delete' in form.action_to_resolve.data and \
-            report.is_media_entry_report():    
+            report.is_media_entry_report():
                 deleted_media = report.media_entry
                 Session.delete(deleted_media)
                 form.resolution_content.data += \
-                    u"<br>%s deleted the media entry" % (
-                        request.user.username)    
+                    u"<br>%s deleted the media entry." % (
+                        request.user.username)
 
-        # If the moderator didn't delete the content we then attach the 
+        # If the moderator didn't delete the content we then attach the
         # content to the archived report. We also have to actively delete the
         # old report, since it won't be deleted by cascading.
         elif report.is_comment_report():
@@ -133,3 +131,34 @@ def take_punitive_actions(request, form, report, user):
             request,
             'mediagoblin.moderation.reports_detail',
             report_id=report.id)
+
+def take_away_privileges(user,*privileges):
+    if len(privileges) == 1:
+        privilege = Privilege.query.filter(
+            Privilege.privilege_name==privileges[0]).first()
+        user = User.query.filter(
+            User.username==user).first()
+        if privilege in user.all_privileges:
+            user.all_privileges.remove(privilege)
+            return True
+        return False
+
+    elif len(privileges) > 1:
+        return (take_away_privileges(user, privileges[0]) and \
+            take_away_privileges(user, *privileges[1:]))
+
+def give_privileges(user,*privileges):
+    if len(privileges) == 1:
+        privilege = Privilege.query.filter(
+            Privilege.privilege_name==privileges[0]).first()
+        user = User.query.filter(
+            User.username==user).first()
+        if privilege not in user.all_privileges:
+            user.all_privileges.append(privilege)
+            return True
+        return False
+
+    elif len(privileges) > 1:
+        return (give_privileges(user, privileges[0]) and \
+            give_privileges(user, *privileges[1:]))
+
diff --git a/mediagoblin/moderation/views.py b/mediagoblin/moderation/views.py
index d82eca7d..b2223744 100644
--- a/mediagoblin/moderation/views.py
+++ b/mediagoblin/moderation/views.py
@@ -19,12 +19,12 @@ from werkzeug.exceptions import Forbidden
 from mediagoblin.db.models import (MediaEntry, User, MediaComment, \
                                    CommentReport, ReportBase, Privilege, \
                                    UserBan, ArchivedReport)
-from mediagoblin.db.util import user_privileges_to_dictionary
 from mediagoblin.decorators import (require_admin_or_moderator_login, \
-                                    active_user_from_url)
+                                    active_user_from_url, user_has_privilege)
 from mediagoblin.tools.response import render_to_response, redirect
 from mediagoblin.moderation import forms as moderation_forms
-from mediagoblin.moderation.tools import take_punitive_actions
+from mediagoblin.moderation.tools import (take_punitive_actions, \
+    take_away_privileges, give_privileges)
 from datetime import datetime
 
 @require_admin_or_moderator_login
@@ -86,7 +86,7 @@ def moderation_users_detail(request):
 @require_admin_or_moderator_login
 def moderation_reports_panel(request):
     '''
-    Show the global panel for monitoring reports filed against comments or 
+    Show the global panel for monitoring reports filed against comments or
         media entries for this instance.
     '''
     report_list = ReportBase.query.filter(
@@ -115,7 +115,7 @@ def moderation_reports_detail(request):
 
     form.take_away_privileges.choices = [
         (s.privilege_name,s.privilege_name.title()) \
-            for s in report.reported_user.all_privileges 
+            for s in report.reported_user.all_privileges
     ]
 
     if request.method == "POST" and form.validate() and not (
@@ -134,7 +134,7 @@ def moderation_reports_detail(request):
         {'report':report,
          'form':form})
 
-@require_admin_or_moderator_login
+@user_has_privilege(u'admin')
 @active_user_from_url
 def give_or_take_away_privilege(request, url_user):
     '''
@@ -144,12 +144,13 @@ def give_or_take_away_privilege(request, url_user):
     if request.method == "POST" and form.validate():
         privilege = Privilege.query.filter(
             Privilege.privilege_name==form.privilege_name.data).one()
-        if privilege in url_user.all_privileges:
-            url_user.all_privileges.remove(privilege)
-        else:      
-            url_user.all_privileges.append(privilege)
+        if not take_away_privileges(
+            url_user.username, form.privilege_name.data):
+
+            give_privileges(url_user.username, form.privilege_name.data)
         url_user.save()
-        return redirect(
-            request,
-            'mediagoblin.moderation.users_detail',
-            user=url_user.username)
+
+    return redirect(
+        request,
+        'mediagoblin.moderation.users_detail',
+        user=url_user.username)
-- 
cgit v1.2.3