diff --git a/judge/migrations/0196_view_all_user_comment_permission.py b/judge/migrations/0196_view_all_user_comment_permission.py new file mode 100644 index 000000000..2a6e53eb4 --- /dev/null +++ b/judge/migrations/0196_view_all_user_comment_permission.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.21 on 2023-09-20 13:41 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('judge', '0195_post_pin_global_permissions'), + ] + + operations = [ + migrations.AlterModelOptions( + name='comment', + options={'permissions': (('view_all_user_comment', 'View all comments by a user'),), 'verbose_name': 'comment', 'verbose_name_plural': 'comments'}, + ), + ] diff --git a/judge/models/comment.py b/judge/models/comment.py index 392cc1972..d1d373838 100644 --- a/judge/models/comment.py +++ b/judge/models/comment.py @@ -38,6 +38,9 @@ class Comment(MPTTModel): revisions = models.IntegerField(verbose_name=_('revisions'), default=0) class Meta: + permissions = ( + ('view_all_user_comment', _('View all comments by a user')), + ) verbose_name = _('comment') verbose_name_plural = _('comments') diff --git a/judge/views/user.py b/judge/views/user.py index 7ba0c9116..884e56055 100644 --- a/judge/views/user.py +++ b/judge/views/user.py @@ -309,7 +309,7 @@ def get_context_data(self, **kwargs): @method_decorator(require_POST) def delete_comments(self, request, *args, **kwargs): - if not request.user.is_superuser: + if not request.user.has_perm('judge.change_comment'): raise PermissionDenied() user_id = User.objects.get(username=kwargs['user']).id @@ -320,7 +320,7 @@ def delete_comments(self, request, *args, **kwargs): return HttpResponseRedirect(reverse('user_comment', args=(user.user.username,))) def dispatch(self, request, *args, **kwargs): - if not self.request.user.is_superuser: + if not request.user.has_perm('judge.view_all_user_comment'): raise PermissionDenied() if request.method == 'POST': return self.delete_comments(request, *args, **kwargs) diff --git a/templates/user/comment.html b/templates/user/comment.html index a23124809..191c99323 100644 --- a/templates/user/comment.html +++ b/templates/user/comment.html @@ -13,10 +13,12 @@ {% block body %} {% block before_comments %}{% endblock %} + {% if request.user.has_perm('judge.change_comment') %}
{% csrf_token %}
+ {% endif %}