chg: [website] Admins are now notified when a new comment is awaiting…

… moderation.
cve-search · Oct 1, 2024 · 9739292 · 9739292
1 parent 69ddf5c
commit 9739292
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 4 deletions.
diff --git a/website/notifications/notifications.py b/website/notifications/notifications.py
@@ -28,7 +28,7 @@ def account_recovery(user: User) -> None:
 
  emails.send(
  to=user.email,
- subject="[Vulnerability lookup] Account recovery",
+ subject="[Vulnerability Lookup] Account recovery",
  plaintext=plaintext,
  )
 
@@ -40,7 +40,7 @@ def new_password_notification(user: User, password: str) -> None:
  plaintext = render_template("emails/new_password.txt", user=user, password=password)
  emails.send(
  to=user.email,
- subject="[Vulnerability lookup] New password",
+ subject="[Vulnerability Lookup] New password",
  plaintext=plaintext,
  )
 
@@ -64,6 +64,23 @@ def confirm_account(user: User) -> None:
 
  emails.send(
  to=user.email,
- subject="[Vulnerability lookup] Account creation",
+ subject="[Vulnerability Lookup] Account creation",
+ plaintext=plaintext,
+ )
+
+
+def new_comment_to_moderate(user: User) -> None:
+ """
+ Notify the admin when a comment is awaiting moderation.
+ """
+ plaintext = render_template(
+ "emails/comment_moderation.txt",
+ user=user,
+ platform_url=application.config["PLATFORM_URL"],
+ )
+
+ emails.send(
+ to=application.config.get("ADMIN_EMAIL", ""),
+ subject="[Vulnerability Lookup] New comment awaiting moderation",
  plaintext=plaintext,
  )
diff --git a/website/web/api/v1/comment.py b/website/web/api/v1/comment.py
@@ -17,6 +17,7 @@
 from website.lib.utils import find_cve_ids
 from website.lib.utils import find_ghsa_ids
 from website.lib.utils import find_pysec_ids
+from website.notifications import notifications
 from website.web.bootstrap import application
 from website.web.bootstrap import db
 from website.validators import validate_json
@@ -272,5 +273,12 @@ def post(self) -> Tuple[ResultType, int]:
  except TypeError:
  abort(400, "Comment creation failed.")
 
+ if not current_user.is_admin:
+ # Send a notification to the admin
+ try:
+ notifications.new_comment_to_moderate(current_user)
+ except Exception:
+ logger.warning("Problem when sending notification of new comment to moderate.")
+
  db.session.commit()
  return result, 201
diff --git a/website/web/templates/emails/comment_moderation.txt b/website/web/templates/emails/comment_moderation.txt
@@ -0,0 +1,7 @@
+Hello,
+
+A new comment is awaiting moderation.
+
+{{ platform_url }}/admin/comments
+
+Kind regards,
diff --git a/website/web/views/user.py b/website/web/views/user.py
@@ -197,7 +197,7 @@ def toggle_2FA() -> WerkzeugResponse:
 @login_required # type: ignore[misc]
 def delete_account() -> WerkzeugResponse:
  """Delete the account of the authenticated user.
- In fact, it sets the value of is_active to True and delte the session."""
+ In fact, it sets the value of is_active to False and delete the session."""
  user = User.query.filter(User.id == current_user.id).first()
  if user is None:
  abort(404)