It's Riseup's twentieth year, help keep us going! If you can afford it, please contribute to our winter fundraising drive.

Commit 168ca3c7 authored by azul's avatar azul

feature: allow page owners to remove spam comments

parent 07c6eb7f
......@@ -35,6 +35,20 @@ module Common::Ui::PostHelper
end
end
#
# display the edit link for this post.
# sometimes, posts are not really posts. in this case, we skip the edit link.
#
def delete_post_action(post)
if post.is_a?(Post) && may_destroy?(post)
link_to :delete.t, post_path(post),
remote: true,
method: 'delete',
class: 'shy',
icon: 'trash'
end
end
def star_post_action(post)
return unless may_twinkle?(post)
if !post.starred_by?(current_user)
......
......@@ -5,21 +5,33 @@ class PostPolicy < ApplicationPolicy
end
def update?
post and
post &&
post.user_id == user.id
end
alias destroy? update?
def destroy?
update? || (admin? && comment_by_visitor_on_public_page?)
end
def twinkle?
post.discussion.page and
page_policy.show? and
user.id and
page &&
page_policy.show? &&
user.id &&
user.id != post.user_id
end
protected
def admin?
page_policy.admin?
end
def comment_by_visitor_on_public_page?
page &&
page.public? &&
!post.user.may?(:view, page)
end
def page_policy
Pundit.policy!(user, page)
end
......
......@@ -7,6 +7,6 @@
%td.post_body.shy_parent{stars_for(post)}
.post_body{id: post.body_id, style: "z-index: 100;"}
.float_right
= edit_post_link(post)
= edit_post_link(post) || delete_post_action(post)
= star_post_action(post)
= post.body_html
......@@ -48,6 +48,20 @@ class CommentTest < IntegrationTest
assert_no_content 'test comment by blue that already existed'
end
def test_delete_visitor_comment
visitor = users(:penguin)
@page.public = true
visitor_comment = @page.add_post visitor,
body: 'test comment by penguin on public page'
login @blue
visit "/pages/#{@page.name_url}"
within_comment(visitor_comment) do
click_on 'Delete'
end
assert_content 'test comment by blue that already existed'
assert_no_content 'test comment by penguin on public page'
end
protected
def may_star?(comment, value)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment