diff options
author | Yorhel <git@yorhel.nl> | 2020-08-04 12:36:03 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2020-08-07 12:36:58 +0200 |
commit | 53196ed7a121e41c2fbe72aaecf257ca42ea7349 (patch) | |
tree | a79227f1970acd6e0c5f85258d1547c71a88e1b2 | |
parent | d08487d61c540573eede594c36d07e25c9832a23 (diff) |
reviews: Implement review deletion and audit logging
-rw-r--r-- | elm/Reviews/Edit.elm | 37 | ||||
-rw-r--r-- | lib/VNWeb/Reviews/Edit.pm | 14 |
2 files changed, 47 insertions, 4 deletions
diff --git a/elm/Reviews/Edit.elm b/elm/Reviews/Edit.elm index c66a5445..ae010f1f 100644 --- a/elm/Reviews/Edit.elm +++ b/elm/Reviews/Edit.elm @@ -11,6 +11,7 @@ import Lib.Util exposing (..) import Lib.RDate as RDate import Gen.Api as GApi import Gen.ReviewsEdit as GRE +import Gen.ReviewsDelete as GRD maxChars = 700 @@ -35,6 +36,8 @@ type alias Model = , summary : TP.Model , text : TP.Model , releases : List GRE.RecvReleases + , delete : Bool + , delState : Api.State } @@ -50,6 +53,8 @@ init d = , summary = TP.bbcode d.summary , text = TP.bbcode d.text , releases = d.releases + , delete = False + , delState = Api.Normal } @@ -72,6 +77,9 @@ type Msg | Text TP.Msg | Submit | Submitted GApi.Response + | Delete Bool + | DoDelete + | Deleted GApi.Response update : Msg -> Model -> (Model, Cmd Msg) @@ -87,6 +95,11 @@ update msg model = Submitted (GApi.Redirect s) -> (model, load s) Submitted r -> ({ model | state = Api.Error r }, Cmd.none) + Delete b -> ({ model | delete = b }, Cmd.none) + DoDelete -> ({ model | delState = Api.Loading }, GRD.send ({ id = Maybe.withDefault "" model.id }) Deleted) + Deleted GApi.Success -> (model, load <| "/v" ++ String.fromInt model.vid) + Deleted r -> ({ model | delState = Api.Error r }, Cmd.none) + showrel r = "[" ++ (RDate.format (RDate.expand r.released)) ++ " " ++ (String.join "," r.lang) ++ "] " ++ r.title ++ " (r" ++ String.fromInt r.id ++ ")" @@ -143,5 +156,27 @@ view model = ] ] , div [ class "mainbox" ] - [ fieldset [ class "submit" ] [ submitButton "Submit" model.state (String.length model.summary.data <= maxChars) ] ] + [ fieldset [ class "submit" ] + [ submitButton "Submit" model.state (String.length model.summary.data <= maxChars) + ] + ] + , if model.id == Nothing then text "" else + div [ class "mainbox" ] + [ h1 [] [ text "Delete review" ] + , table [ class "formtable" ] [ formField "" + [ label [] [ inputCheck "" model.delete Delete, text " Delete this review." ] + , if not model.delete then text "" else span [] + [ br [] [] + , b [ class "standout" ] [ text "WARNING:" ] + , text " Deleting this review is a permanent action and can not be reverted!" + , br [] [] + , br [] [] + , inputButton "Confirm delete" DoDelete [] + , case model.delState of + Api.Loading -> span [ class "spinner" ] [] + Api.Error e -> b [ class "standout" ] [ text <| Api.showResponse e ] + Api.Normal -> text "" + ] + ] ] + ] ] diff --git a/lib/VNWeb/Reviews/Edit.pm b/lib/VNWeb/Reviews/Edit.pm index 02423334..8ff5bd3f 100644 --- a/lib/VNWeb/Reviews/Edit.pm +++ b/lib/VNWeb/Reviews/Edit.pm @@ -57,9 +57,6 @@ TUWF::get qr{/$RE{wid}/edit}, sub { return tuwf->resDenied if !can_edit w => $e; $e->{releases} = _releases $e->{vid}; - - # TODO: Option to delete the review. - framework_ title => "Edit review for $e->{vntitle}", sub { elm_ 'Reviews.Edit' => $FORM_OUT, $e; }; @@ -80,6 +77,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub { if($id) { $data->{lastmod} = sql 'NOW()'; tuwf->dbExeci('UPDATE reviews SET', $data, 'WHERE id =', \$id) if $id; + auth->audit($review->{uid}, 'review edit', "edited $review->{id}") if auth->uid != $review->{uid}; } else { return elm_Unauth if tuwf->dbVali('SELECT 1 FROM reviews WHERE vid =', \$data->{vid}, 'AND uid =', \auth->uid); @@ -91,4 +89,14 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub { }; +elm_api ReviewsDelete => undef, { id => { vndbid => 'w' } }, sub { + my($data) = @_; + my $review = tuwf->dbRowi('SELECT id, uid FROM reviews WHERE id =', \$data->{id}); + return elm_Unauth if !can_edit w => $review; + auth->audit($review->{uid}, 'review delete', "deleted $review->{id}"); + tuwf->dbExeci('DELETE FROM reviews WHERE id =', \$data->{id}); + elm_Success +}; + + 1; |