mirror of
https://github.com/mediacms-io/mediacms.git
synced 2024-11-22 00:03:28 +01:00
feat: allow commenting by regular users when posting media requires advanced permissions (#1023)
This commit is contained in:
parent
f7136e2a11
commit
90e593946d
@ -11,6 +11,13 @@ class IsAuthorizedToAdd(permissions.BasePermission):
|
||||
return user_allowed_to_upload(request)
|
||||
|
||||
|
||||
class IsAuthorizedToAddComment(permissions.BasePermission):
|
||||
def has_permission(self, request, view):
|
||||
if request.method in permissions.SAFE_METHODS:
|
||||
return True
|
||||
return user_allowed_to_comment(request)
|
||||
|
||||
|
||||
class IsUserOrManager(permissions.BasePermission):
|
||||
"""To be used in cases where request.user is either the
|
||||
object owner, or anyone amongst MediaCMS managers
|
||||
@ -66,3 +73,24 @@ def user_allowed_to_upload(request):
|
||||
if request.user.advancedUser:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def user_allowed_to_comment(request):
|
||||
"""Any custom logic for whether a user is allowed
|
||||
to comment lives here
|
||||
"""
|
||||
if request.user.is_anonymous:
|
||||
return False
|
||||
if request.user.is_superuser:
|
||||
return True
|
||||
|
||||
# Default is "all"
|
||||
if not hasattr(settings, "CAN_COMMENT") or settings.CAN_COMMENT == "all":
|
||||
return True
|
||||
elif settings.CAN_COMMENT == "email_verified":
|
||||
if request.user.email_is_verified:
|
||||
return True
|
||||
elif settings.CAN_COMMENT == "advancedUser":
|
||||
if request.user.advancedUser:
|
||||
return True
|
||||
return False
|
||||
|
@ -15,6 +15,10 @@ TIME_ZONE = "Europe/London"
|
||||
# valid options include 'all', 'email_verified', 'advancedUser'
|
||||
CAN_ADD_MEDIA = "all"
|
||||
|
||||
# who can comment
|
||||
# valid options include 'all', 'email_verified', 'advancedUser'
|
||||
CAN_COMMENT = "all"
|
||||
|
||||
# valid choices here are 'public', 'private', 'unlisted
|
||||
PORTAL_WORKFLOW = "public"
|
||||
|
||||
|
@ -24,7 +24,12 @@ from rest_framework.views import APIView
|
||||
|
||||
from actions.models import USER_MEDIA_ACTIONS, MediaAction
|
||||
from cms.custom_pagination import FastPaginationWithoutCount
|
||||
from cms.permissions import IsAuthorizedToAdd, IsUserOrEditor, user_allowed_to_upload
|
||||
from cms.permissions import (
|
||||
IsAuthorizedToAdd,
|
||||
IsAuthorizedToAddComment,
|
||||
IsUserOrEditor,
|
||||
user_allowed_to_upload,
|
||||
)
|
||||
from users.models import User
|
||||
|
||||
from .forms import ContactForm, MediaForm, SubtitleForm
|
||||
@ -1204,7 +1209,7 @@ class CommentDetail(APIView):
|
||||
Delete comment (DELETE)
|
||||
"""
|
||||
|
||||
permission_classes = (IsAuthorizedToAdd,)
|
||||
permission_classes = (IsAuthorizedToAddComment,)
|
||||
parser_classes = (JSONParser, MultiPartParser, FormParser, FileUploadParser)
|
||||
|
||||
def get_object(self, friendly_token):
|
||||
|
Loading…
Reference in New Issue
Block a user