Allow superuser to delete all user's comments (#296)

* allow superuser to delete all user's comments * fix lint * fix lint * fix lint --------- Co-authored-by: Le Duy Thuc <[email protected]>
VNOI-Admin · May 2, 2023 · d9169b4 · d9169b4
1 parent 7c4221c
commit d9169b4
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/judge/views/user.py b/judge/views/user.py
@@ -23,6 +23,7 @@
 from django.shortcuts import get_object_or_404, render
 from django.urls import reverse
 from django.utils import timezone
+from django.utils.decorators import method_decorator
 from django.utils.formats import date_format
 from django.utils.functional import cached_property
 from django.utils.safestring import mark_safe
@@ -286,9 +287,23 @@ def get_context_data(self, **kwargs):
 
         return context
 
+    @method_decorator(require_POST)
+    def delete_comments(self, request, *args, **kwargs):
+        if not request.user.is_superuser:
+            raise PermissionDenied()
+
+        user_id = User.objects.get(username=kwargs['user']).id
+        user = Profile.objects.get(user=user_id)
+        for comment in Comment.get_newest_visible_comments(viewer=request.user, author=user,
+                                                           batch=2 * self.paginate_by):
+            comment.get_descendants(include_self=True).update(hidden=True)
+        return HttpResponseRedirect(reverse('user_comment', args=(user.user.username,)))
+
     def dispatch(self, request, *args, **kwargs):
         if not self.request.user.is_superuser:
             raise PermissionDenied()
+        if request.method == 'POST':
+            return self.delete_comments(request, *args, **kwargs)
         return super().dispatch(request, *args, **kwargs)
 
 

diff --git a/templates/user/comment.html b/templates/user/comment.html
@@ -13,6 +13,10 @@
 
 {% block body %}
     {% block before_comments %}{% endblock %}
+        <form action="{{url('user_comment', user.username)}}" method="post">
+            {% csrf_token %}
+            <button type="submit">Delete all comments</button>
+        </form>
         <ul class="comments top-level-comments new-comments">
             {% set logged_in = request.user.is_authenticated %}
             {% for comment in comments %}