From f261d09c614fc9231993c4941bc0fc83e64f22ca Mon Sep 17 00:00:00 2001 From: cryptogun Date: Fri, 3 Nov 2017 18:45:36 +0800 Subject: [PATCH 1/2] Option to forbid viewing other's modification history. Comment author can view their own comment modification history. Moderators can view anyone's history. --- spirit/comment/history/views.py | 8 ++++++++ spirit/comment/templates/spirit/comment/_render_list.html | 4 +++- spirit/core/conf/defaults.py | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/spirit/comment/history/views.py b/spirit/comment/history/views.py index f359d2b0a..c059278a5 100644 --- a/spirit/comment/history/views.py +++ b/spirit/comment/history/views.py @@ -3,7 +3,9 @@ from __future__ import unicode_literals from django.contrib.auth.decorators import login_required +from django.http import Http404 from django.shortcuts import render, get_object_or_404 +from django.utils.translation import ugettext as _ from djconfig import config @@ -17,6 +19,12 @@ def detail(request, comment_id): comment = get_object_or_404(Comment.objects.for_access(request.user), pk=comment_id) + # not comment author and not moderator: + if request.user != comment.user and not request.user.st.is_moderator: + raise Http404( + _("You have no right to view other's modification history.") + ) + comments = CommentHistory.objects\ .filter(comment_fk=comment)\ .select_related('comment_fk__user__st')\ diff --git a/spirit/comment/templates/spirit/comment/_render_list.html b/spirit/comment/templates/spirit/comment/_render_list.html index f171593dd..f66f91da9 100644 --- a/spirit/comment/templates/spirit/comment/_render_list.html +++ b/spirit/comment/templates/spirit/comment/_render_list.html @@ -1,7 +1,7 @@ {% load spirit_tags i18n %}
- + {% load_settings "ST_CUSTOMIZE_ALLOW_OTHERS_VIEWING_MODIFICATION_HISTORY" %} {% for c in comments %}
@@ -22,7 +22,9 @@
    {% if c.modified_count > 0 %} + {% if user.st.is_moderator or st_settings.ST_CUSTOMIZE_ALLOW_OTHERS_VIEWING_MODIFICATION_HISTORY or c.user == user %}
  • {{ c.modified_count }}
    • + {% endif %} {% endif %}
  • {{ c.date|shortnaturaltime }}
    • diff --git a/spirit/core/conf/defaults.py b/spirit/core/conf/defaults.py index f5ac50da3..e862ae7a0 100644 --- a/spirit/core/conf/defaults.py +++ b/spirit/core/conf/defaults.py @@ -100,3 +100,5 @@ os.path.dirname( os.path.dirname( os.path.dirname(__file__)))) + +ST_CUSTOMIZE_ALLOW_OTHERS_VIEWING_MODIFICATION_HISTORY = False From 762fb32950dc1faf80e9b8667cd2ebeb5b447ec9 Mon Sep 17 00:00:00 2001 From: cryptogun Date: Mon, 6 Nov 2017 02:58:03 +0800 Subject: [PATCH 2/2] 1. Fix block logic. 2. Change name of switch. --- spirit/comment/history/views.py | 7 +++++-- spirit/comment/templates/spirit/comment/_render_list.html | 4 ++-- spirit/core/conf/defaults.py | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/spirit/comment/history/views.py b/spirit/comment/history/views.py index c059278a5..a63fe8540 100644 --- a/spirit/comment/history/views.py +++ b/spirit/comment/history/views.py @@ -9,6 +9,7 @@ from djconfig import config +from ...core.conf import settings from ...core.utils.paginator import yt_paginate from .models import CommentHistory from ..models import Comment @@ -19,8 +20,10 @@ def detail(request, comment_id): comment = get_object_or_404(Comment.objects.for_access(request.user), pk=comment_id) - # not comment author and not moderator: - if request.user != comment.user and not request.user.st.is_moderator: + # Block if private is set and not comment author and not moderator: + if (settings.ST_PRIVATE_COMMENT_HISTORY and + request.user != comment.user and + not request.user.st.is_moderator): raise Http404( _("You have no right to view other's modification history.") ) diff --git a/spirit/comment/templates/spirit/comment/_render_list.html b/spirit/comment/templates/spirit/comment/_render_list.html index f66f91da9..1bcd9d5e4 100644 --- a/spirit/comment/templates/spirit/comment/_render_list.html +++ b/spirit/comment/templates/spirit/comment/_render_list.html @@ -1,7 +1,7 @@ {% load spirit_tags i18n %}
    - {% load_settings "ST_CUSTOMIZE_ALLOW_OTHERS_VIEWING_MODIFICATION_HISTORY" %} + {% load_settings "ST_PRIVATE_COMMENT_HISTORY" %} {% for c in comments %}
    @@ -22,7 +22,7 @@
      {% if c.modified_count > 0 %} - {% if user.st.is_moderator or st_settings.ST_CUSTOMIZE_ALLOW_OTHERS_VIEWING_MODIFICATION_HISTORY or c.user == user %} + {% if not st_settings.ST_PRIVATE_COMMENT_HISTORY or c.user == user or user.st.is_moderator %}
    • {{ c.modified_count }}
      • {% endif %} {% endif %} diff --git a/spirit/core/conf/defaults.py b/spirit/core/conf/defaults.py index e862ae7a0..cfa718977 100644 --- a/spirit/core/conf/defaults.py +++ b/spirit/core/conf/defaults.py @@ -101,4 +101,4 @@ os.path.dirname( os.path.dirname(__file__)))) -ST_CUSTOMIZE_ALLOW_OTHERS_VIEWING_MODIFICATION_HISTORY = False +ST_PRIVATE_COMMENT_HISTORY = True