extern/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2024-11-22 00:03:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow commenting by regular users when posting media requires advanced permissions (#1023)

Browse Source
This commit is contained in:
Kyle Maas 2024-10-02 08:52:30 -04:00 committed by GitHub
parent f7136e2a11
commit 90e593946d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cms/permissions.py
View File

@ -11,6 +11,13 @@ class IsAuthorizedToAdd(permissions.BasePermission):
return user_allowed_to_upload(request) return user_allowed_to_upload(request)
class IsAuthorizedToAddComment(permissions.BasePermission):
def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS:
return True
return user_allowed_to_comment(request)
class IsUserOrManager(permissions.BasePermission): class IsUserOrManager(permissions.BasePermission):
"""To be used in cases where request.user is either the """To be used in cases where request.user is either the
object owner, or anyone amongst MediaCMS managers object owner, or anyone amongst MediaCMS managers
@ -66,3 +73,24 @@ def user_allowed_to_upload(request):
if request.user.advancedUser: if request.user.advancedUser:
return True return True
return False return False
def user_allowed_to_comment(request):
"""Any custom logic for whether a user is allowed
to comment lives here
"""
if request.user.is_anonymous:
return False
if request.user.is_superuser:
return True
# Default is "all"
if not hasattr(settings, "CAN_COMMENT") or settings.CAN_COMMENT == "all":
return True
elif settings.CAN_COMMENT == "email_verified":
if request.user.email_is_verified:
return True
elif settings.CAN_COMMENT == "advancedUser":
if request.user.advancedUser:
return True
return False

4
cms/settings.py
View File

@ -15,6 +15,10 @@ TIME_ZONE = "Europe/London"
# valid options include 'all', 'email_verified', 'advancedUser' # valid options include 'all', 'email_verified', 'advancedUser'
CAN_ADD_MEDIA = "all" CAN_ADD_MEDIA = "all"
# who can comment
# valid options include 'all', 'email_verified', 'advancedUser'
CAN_COMMENT = "all"
# valid choices here are 'public', 'private', 'unlisted # valid choices here are 'public', 'private', 'unlisted
PORTAL_WORKFLOW = "public" PORTAL_WORKFLOW = "public"

9
files/views.py
View File

@ -24,7 +24,12 @@ from rest_framework.views import APIView
from actions.models import USER_MEDIA_ACTIONS, MediaAction from actions.models import USER_MEDIA_ACTIONS, MediaAction
from cms.custom_pagination import FastPaginationWithoutCount from cms.custom_pagination import FastPaginationWithoutCount
from cms.permissions import IsAuthorizedToAdd, IsUserOrEditor, user_allowed_to_upload from cms.permissions import (
IsAuthorizedToAdd,
IsAuthorizedToAddComment,
IsUserOrEditor,
user_allowed_to_upload,
)
from users.models import User from users.models import User
from .forms import ContactForm, MediaForm, SubtitleForm from .forms import ContactForm, MediaForm, SubtitleForm
@ -1204,7 +1209,7 @@ class CommentDetail(APIView):
Delete comment (DELETE) Delete comment (DELETE)
""" """
permission_classes = (IsAuthorizedToAdd,) permission_classes = (IsAuthorizedToAddComment,)
parser_classes = (JSONParser, MultiPartParser, FormParser, FileUploadParser) parser_classes = (JSONParser, MultiPartParser, FormParser, FileUploadParser)
def get_object(self, friendly_token): def get_object(self, friendly_token):