summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2020-08-04 12:36:03 +0200
committerYorhel <git@yorhel.nl>2020-08-07 12:36:58 +0200
commit53196ed7a121e41c2fbe72aaecf257ca42ea7349 (patch)
treea79227f1970acd6e0c5f85258d1547c71a88e1b2
parentd08487d61c540573eede594c36d07e25c9832a23 (diff)
reviews: Implement review deletion and audit logging
-rw-r--r--elm/Reviews/Edit.elm37
-rw-r--r--lib/VNWeb/Reviews/Edit.pm14
2 files changed, 47 insertions, 4 deletions
diff --git a/elm/Reviews/Edit.elm b/elm/Reviews/Edit.elm
index c66a5445..ae010f1f 100644
--- a/elm/Reviews/Edit.elm
+++ b/elm/Reviews/Edit.elm
@@ -11,6 +11,7 @@ import Lib.Util exposing (..)
import Lib.RDate as RDate
import Gen.Api as GApi
import Gen.ReviewsEdit as GRE
+import Gen.ReviewsDelete as GRD
maxChars = 700
@@ -35,6 +36,8 @@ type alias Model =
, summary : TP.Model
, text : TP.Model
, releases : List GRE.RecvReleases
+ , delete : Bool
+ , delState : Api.State
}
@@ -50,6 +53,8 @@ init d =
, summary = TP.bbcode d.summary
, text = TP.bbcode d.text
, releases = d.releases
+ , delete = False
+ , delState = Api.Normal
}
@@ -72,6 +77,9 @@ type Msg
| Text TP.Msg
| Submit
| Submitted GApi.Response
+ | Delete Bool
+ | DoDelete
+ | Deleted GApi.Response
update : Msg -> Model -> (Model, Cmd Msg)
@@ -87,6 +95,11 @@ update msg model =
Submitted (GApi.Redirect s) -> (model, load s)
Submitted r -> ({ model | state = Api.Error r }, Cmd.none)
+ Delete b -> ({ model | delete = b }, Cmd.none)
+ DoDelete -> ({ model | delState = Api.Loading }, GRD.send ({ id = Maybe.withDefault "" model.id }) Deleted)
+ Deleted GApi.Success -> (model, load <| "/v" ++ String.fromInt model.vid)
+ Deleted r -> ({ model | delState = Api.Error r }, Cmd.none)
+
showrel r = "[" ++ (RDate.format (RDate.expand r.released)) ++ " " ++ (String.join "," r.lang) ++ "] " ++ r.title ++ " (r" ++ String.fromInt r.id ++ ")"
@@ -143,5 +156,27 @@ view model =
]
]
, div [ class "mainbox" ]
- [ fieldset [ class "submit" ] [ submitButton "Submit" model.state (String.length model.summary.data <= maxChars) ] ]
+ [ fieldset [ class "submit" ]
+ [ submitButton "Submit" model.state (String.length model.summary.data <= maxChars)
+ ]
+ ]
+ , if model.id == Nothing then text "" else
+ div [ class "mainbox" ]
+ [ h1 [] [ text "Delete review" ]
+ , table [ class "formtable" ] [ formField ""
+ [ label [] [ inputCheck "" model.delete Delete, text " Delete this review." ]
+ , if not model.delete then text "" else span []
+ [ br [] []
+ , b [ class "standout" ] [ text "WARNING:" ]
+ , text " Deleting this review is a permanent action and can not be reverted!"
+ , br [] []
+ , br [] []
+ , inputButton "Confirm delete" DoDelete []
+ , case model.delState of
+ Api.Loading -> span [ class "spinner" ] []
+ Api.Error e -> b [ class "standout" ] [ text <| Api.showResponse e ]
+ Api.Normal -> text ""
+ ]
+ ] ]
+ ]
]
diff --git a/lib/VNWeb/Reviews/Edit.pm b/lib/VNWeb/Reviews/Edit.pm
index 02423334..8ff5bd3f 100644
--- a/lib/VNWeb/Reviews/Edit.pm
+++ b/lib/VNWeb/Reviews/Edit.pm
@@ -57,9 +57,6 @@ TUWF::get qr{/$RE{wid}/edit}, sub {
return tuwf->resDenied if !can_edit w => $e;
$e->{releases} = _releases $e->{vid};
-
- # TODO: Option to delete the review.
-
framework_ title => "Edit review for $e->{vntitle}", sub {
elm_ 'Reviews.Edit' => $FORM_OUT, $e;
};
@@ -80,6 +77,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub {
if($id) {
$data->{lastmod} = sql 'NOW()';
tuwf->dbExeci('UPDATE reviews SET', $data, 'WHERE id =', \$id) if $id;
+ auth->audit($review->{uid}, 'review edit', "edited $review->{id}") if auth->uid != $review->{uid};
} else {
return elm_Unauth if tuwf->dbVali('SELECT 1 FROM reviews WHERE vid =', \$data->{vid}, 'AND uid =', \auth->uid);
@@ -91,4 +89,14 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub {
};
+elm_api ReviewsDelete => undef, { id => { vndbid => 'w' } }, sub {
+ my($data) = @_;
+ my $review = tuwf->dbRowi('SELECT id, uid FROM reviews WHERE id =', \$data->{id});
+ return elm_Unauth if !can_edit w => $review;
+ auth->audit($review->{uid}, 'review delete', "deleted $review->{id}");
+ tuwf->dbExeci('DELETE FROM reviews WHERE id =', \$data->{id});
+ elm_Success
+};
+
+
1;