From 9739292ed8e11e5c875151a95f5dafdf8eb1c1b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Tue, 1 Oct 2024 09:32:29 +0200 Subject: [PATCH] chg: [website] Admins are now notified when a new comment is awaiting moderation. --- website/notifications/notifications.py | 23 ++++++++++++++++--- website/web/api/v1/comment.py | 8 +++++++ .../templates/emails/comment_moderation.txt | 7 ++++++ website/web/views/user.py | 2 +- 4 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 website/web/templates/emails/comment_moderation.txt diff --git a/website/notifications/notifications.py b/website/notifications/notifications.py index fdc93d89..0245683c 100644 --- a/website/notifications/notifications.py +++ b/website/notifications/notifications.py @@ -28,7 +28,7 @@ def account_recovery(user: User) -> None: emails.send( to=user.email, - subject="[Vulnerability lookup] Account recovery", + subject="[Vulnerability Lookup] Account recovery", plaintext=plaintext, ) @@ -40,7 +40,7 @@ def new_password_notification(user: User, password: str) -> None: plaintext = render_template("emails/new_password.txt", user=user, password=password) emails.send( to=user.email, - subject="[Vulnerability lookup] New password", + subject="[Vulnerability Lookup] New password", plaintext=plaintext, ) @@ -64,6 +64,23 @@ def confirm_account(user: User) -> None: emails.send( to=user.email, - subject="[Vulnerability lookup] Account creation", + subject="[Vulnerability Lookup] Account creation", + plaintext=plaintext, + ) + + +def new_comment_to_moderate(user: User) -> None: + """ + Notify the admin when a comment is awaiting moderation. + """ + plaintext = render_template( + "emails/comment_moderation.txt", + user=user, + platform_url=application.config["PLATFORM_URL"], + ) + + emails.send( + to=application.config.get("ADMIN_EMAIL", ""), + subject="[Vulnerability Lookup] New comment awaiting moderation", plaintext=plaintext, ) diff --git a/website/web/api/v1/comment.py b/website/web/api/v1/comment.py index eccad0cd..371405bf 100644 --- a/website/web/api/v1/comment.py +++ b/website/web/api/v1/comment.py @@ -17,6 +17,7 @@ from website.lib.utils import find_cve_ids from website.lib.utils import find_ghsa_ids from website.lib.utils import find_pysec_ids +from website.notifications import notifications from website.web.bootstrap import application from website.web.bootstrap import db from website.validators import validate_json @@ -272,5 +273,12 @@ def post(self) -> Tuple[ResultType, int]: except TypeError: abort(400, "Comment creation failed.") + if not current_user.is_admin: + # Send a notification to the admin + try: + notifications.new_comment_to_moderate(current_user) + except Exception: + logger.warning("Problem when sending notification of new comment to moderate.") + db.session.commit() return result, 201 diff --git a/website/web/templates/emails/comment_moderation.txt b/website/web/templates/emails/comment_moderation.txt new file mode 100644 index 00000000..2517672a --- /dev/null +++ b/website/web/templates/emails/comment_moderation.txt @@ -0,0 +1,7 @@ +Hello, + +A new comment is awaiting moderation. + +{{ platform_url }}/admin/comments + +Kind regards, diff --git a/website/web/views/user.py b/website/web/views/user.py index c7a292b9..b3d93bd5 100644 --- a/website/web/views/user.py +++ b/website/web/views/user.py @@ -197,7 +197,7 @@ def toggle_2FA() -> WerkzeugResponse: @login_required # type: ignore[misc] def delete_account() -> WerkzeugResponse: """Delete the account of the authenticated user. - In fact, it sets the value of is_active to True and delte the session.""" + In fact, it sets the value of is_active to False and delete the session.""" user = User.query.filter(User.id == current_user.id).first() if user is None: abort(404)