punkweb-bb 0.1.4__py3-none-any.whl → 0.2.0__py3-none-any.whl

punkweb_bb/templates/punkweb_bb/subcategory_update.html

@@ -0,0 +1,56 @@
+{% extends 'punkweb_bb/base.html' %}
+{% load static %}
+
+{% block title_prefix %}Edit Subcategory | {% endblock %}
+
+{% block extra_head %}
+{{form.media.css}}
+<link rel="stylesheet" href="{% static 'punkweb_bb/css/subcategory-form.css' %}" />
+{% endblock %}
+
+{% block content %}
+
+<nav>
+  <ul class="pw-breadcrumb">
+    <li class="pw-breadcrumb-item">
+      <a href="{% url 'punkweb_bb:index' %}">Home</a>
+    </li>
+    <li class="pw-breadcrumb-item">
+      <a href="{{subcategory.category.get_absolute_url}}">{{subcategory.category.name}}</a>
+    </li>
+    <li class="pw-breadcrumb-item">
+      <a href="{{subcategory.get_absolute_url}}">{{subcategory.name}}</a>
+    </li>
+    <li class="pw-breadcrumb-item active">
+      Edit
+    </li>
+  </ul>
+</nav>
+
+<div class="pw-card fluid">
+  <div class="pw-card-header">Edit Subcategory</div>
+  <div class="pw-card-content">
+    <form class="subcategoryForm" action="{% url 'punkweb_bb:subcategory_update' subcategory.slug %}" method="post">
+      {% csrf_token %}
+      {% for field in form %}
+      <div class="subcategoryForm__field">
+        <label class="pw-input-label" for="{{ field.id_for_label }}">{{ field.label }}</label>
+        {{ field }}
+      </div>
+      {% endfor %}
+      {% if form.non_field_errors %}
+      {{ form.non_field_errors }}
+      {% endif %}
+      <div class="subcategoryForm__actions">
+        <a class="pw-button default" href="{{subcategory.get_absolute_url}}">Cancel</a>
+        <button class="pw-button raised primary" type="submit">Save</button>
+      </div>
+    </form>
+  </div>
+</div>
+
+{% endblock %}
+
+{% block extra_script %}
+{{form.media.js}}
+{% endblock %}

punkweb_bb/templates/punkweb_bb/thread.html

@@ -1,5 +1,5 @@
 {% extends 'punkweb_bb/base.html' %}
-{% load static %}
+{% load static can_delete can_edit can_post %}
 
 {% block title_prefix %}{{thread.title}} | {% endblock %}
 
@@ -67,6 +67,13 @@
           <div class="thread__user__info__value">{{thread.user.profile.post_count}}</div>
         </div>
       </div>
+      {% if thread.user.groups.all|length > 0 %}
+      <div class="thread__user__groups">
+        {% for group in thread.user.groups.all %}
+        <div class="thread__user__group">{{group.name}}</div>
+        {% endfor %}
+      </div>
+      {% endif %}
     </div>
     <div class="thread__main">
       <div class="thread__content">
@@ -77,13 +84,17 @@
         {{thread.user.profile.signature.rendered}}
       </div>
       {% endif %}
-      {% if thread.user == request.user %}
+      {% if thread|can_delete:request.user or thread|can_edit:request.user %}
       <div class="thread__actions">
+        {% if thread|can_edit:request.user %}
         <a class="pw-button ghost sm" href="{% url 'punkweb_bb:thread_update' thread.id %}">Edit</a>
+        {% endif %}
+        {% if thread|can_delete:request.user %}
         <a class="pw-button ghost danger sm" hx-get="{% url 'punkweb_bb:thread_delete' thread.id %}"
           hx-target="#modal-portal">
           Delete
         </a>
+        {% endif %}
       </div>
       {% endif %}
     </div>
@@ -128,6 +139,13 @@
           <div class="thread__user__info__value">{{post.user.profile.post_count}}</div>
         </div>
       </div>
+      {% if post.user.groups.all|length > 0 %}
+      <div class="thread__user__groups">
+        {% for group in post.user.groups.all %}
+        <div class="thread__user__group">{{group.name}}</div>
+        {% endfor %}
+      </div>
+      {% endif %}
     </div>
     <div class="thread__main">
       <div class="thread__content">
@@ -138,13 +156,17 @@
         {{post.user.profile.signature.rendered}}
       </div>
       {% endif %}
-      {% if post.user == request.user %}
+      {% if post|can_delete:request.user or post|can_edit:request.user %}
       <div class="thread__actions">
+        {% if post|can_edit:request.user %}
         <a class="pw-button ghost sm" hx-get="{% url 'punkweb_bb:post_update' post.id %}" hx-target="#modal-portal">Edit</a>
+        {% endif %}
+        {% if post|can_delete:request.user %}
         <a class="pw-button ghost danger sm" hx-get="{% url 'punkweb_bb:post_delete' post.id %}"
           hx-target="#modal-portal">
           Delete
         </a>
+        {% endif %}
       </div>
       {% endif %}
     </div>
@@ -198,8 +220,7 @@
 </nav>
 {% endif %}
 
-{% if request.user.is_authenticated %}
-{% if not thread.is_closed %}
+{% if thread|can_post:request.user %}
 <div class="pw-card fluid margin">
   <div class="pw-card-header">Reply to thread</div>
   <div class="pw-card-content">
@@ -229,6 +250,5 @@
   </div>
 </div>
 {% endif %}
-{% endif %}
 
 {% endblock %}

punkweb_bb/templates/punkweb_bb/thread_create.html

@@ -42,6 +42,7 @@
       {{ form.non_field_errors }}
       {% endif %}
       <div class="threadForm__actions">
+        <a class="pw-button default" href="{{subcategory.get_absolute_url}}" type="submit">Cancel</a>
         <button class="pw-button raised primary" type="submit">Create Thread</button>
       </div>
     </form>

punkweb_bb/templatetags/can_delete.py

@@ -0,0 +1,8 @@
+from django import template
+
+register = template.Library()
+
+
+@register.filter
+def can_delete(obj, user):
+    return obj.can_delete(user)

punkweb_bb/templatetags/can_edit.py

@@ -0,0 +1,8 @@
+from django import template
+
+register = template.Library()
+
+
+@register.filter
+def can_edit(obj, user):
+    return obj.can_edit(user)

punkweb_bb/templatetags/can_post.py

@@ -0,0 +1,8 @@
+from django import template
+
+register = template.Library()
+
+
+@register.filter
+def can_post(obj, user):
+    return obj.can_post(user)

punkweb_bb/tests.py

@@ -474,7 +474,7 @@ class ThreadCreateViewTestCase(TestCase):
         self.client.force_login(self.user)
         response = self.client.get(self.staff_only_url)
 
-        self.assertRedirects(response, self.staff_subcategory.get_absolute_url())
+        self.assertEqual(response.status_code, 403)
 
 
 class ThreadViewTestCase(TestCase):
@@ -522,7 +522,7 @@ class ThreadUpdateViewTestCase(TestCase):
     def test_is_author(self):
         self.client.force_login(self.other_user)
         response = self.client.get(self.url)
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 403)
 
         self.client.force_login(self.user)
         response = self.client.get(self.url)
@@ -571,7 +571,7 @@ class ThreadDeleteViewTestCase(TestCase):
     def test_is_author(self):
         self.client.force_login(self.other_user)
         response = self.client.get(self.url)
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 403)
 
         self.client.force_login(self.user)
         response = self.client.get(self.url)
@@ -653,7 +653,7 @@ class PostUpdateViewTestCase(TestCase):
     def test_is_author(self):
         self.client.force_login(self.other_user)
         response = self.client.get(self.url)
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 403)
 
         self.client.force_login(self.user)
         response = self.client.get(self.url)
@@ -703,7 +703,7 @@ class PostDeleteViewTestCase(TestCase):
     def test_is_author(self):
         self.client.force_login(self.other_user)
         response = self.client.get(self.url)
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 403)
 
         self.client.force_login(self.user)
         response = self.client.get(self.url)

punkweb_bb/urls.py

@@ -11,11 +11,37 @@ urlpatterns = [
     path("settings/", views.settings_view, name="settings"),
     path("members/", views.members_view, name="members"),
     path("members/<path:user_id>/", views.profile_view, name="profile"),
+    path("create-category/", views.category_create_view, name="category_create"),
+    path(
+        "category/<str:category_slug>/update/",
+        views.category_update_view,
+        name="category_update",
+    ),
+    path(
+        "category/<str:category_slug>/delete/",
+        views.category_delete_view,
+        name="category_delete",
+    ),
     path(
         "subcategory/<str:subcategory_slug>/",
         views.subcategory_view,
         name="subcategory",
     ),
+    path(
+        "category/<str:category_slug>/create-subcategory/",
+        views.subcategory_create_view,
+        name="subcategory_create",
+    ),
+    path(
+        "subcategory/<str:subcategory_slug>/update/",
+        views.subcategory_update_view,
+        name="subcategory_update",
+    ),
+    path(
+        "subcategory/<str:subcategory_slug>/delete/",
+        views.subcategory_delete_view,
+        name="subcategory_delete",
+    ),
     path(
         "subcategory/<str:subcategory_slug>/create-thread/",
         views.thread_create_view,
@@ -37,5 +63,6 @@ urlpatterns = [
     path("post/<str:post_id>/update/", views.post_update_view, name="post_update"),
     path("shout-list/", views.shout_list_view, name="shout_list"),
     path("shout-create/", views.shout_create_view, name="shout_create"),
+    path("shout/<str:shout_id>/delete/", views.shout_delete_view, name="shout_delete"),
     path("bbcode/", views.bbcode_view, name="bbcode"),
 ]

punkweb_bb/utils.py

@@ -0,0 +1,17 @@
+from django.utils.text import slugify
+
+
+def get_unique_slug(model, field):
+    base_slug = slugify(field)
+    slug = base_slug
+    unique_slug_exists = True
+
+    counter = 1
+    while unique_slug_exists:
+        if model.objects.filter(slug=slug).exists():
+            slug = f"{base_slug}-{counter}"
+            counter += 1
+        else:
+            unique_slug_exists = False
+
+    return slug

punkweb_bb/views.py

@@ -4,54 +4,46 @@ from django.contrib.auth import authenticate, get_user_model, login, logout
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponseForbidden
 from django.shortcuts import get_object_or_404, redirect, render
+from django.urls import reverse
 from django.utils import timezone
 
-from punkweb_bb.guests import guest_list
 from punkweb_bb.forms import (
     BoardProfileModelForm,
+    CategoryModelForm,
     LoginForm,
     PostModelForm,
     ShoutModelForm,
     SignUpForm,
+    SubcategoryModelForm,
     ThreadModelForm,
 )
+from punkweb_bb.guests import guest_list
 from punkweb_bb.models import Category, Post, Shout, Subcategory, Thread
 from punkweb_bb.pagination import paginate_qs
 from punkweb_bb.response import htmx_redirect
+from punkweb_bb.utils import get_unique_slug
 
 User = get_user_model()
 
 
-def index_view(request):
-    categories = Category.objects.all()
-
-    recent_threads = Thread.objects.all().order_by("-created_at")[:5]
+def signup_view(request):
+    if request.user.is_authenticated:
+        return redirect("punkweb_bb:index")
 
-    thread_count = Thread.objects.count()
-    post_count = Post.objects.count()
+    if request.method == "POST":
+        form = SignUpForm(request.POST)
 
-    users = User.objects.select_related("profile").all()
-    newest_user = users.order_by("-profile__created_at").first()
+        if form.is_valid():
+            form.save()
 
-    users_online = [user for user in users if user.profile.is_online]
-    members_online = [user for user in users_online if not user.is_staff]
-    staff_online = [user for user in users_online if user.is_staff]
-    guests_online = guest_list.length()
-    total_online = len(members_online) + len(staff_online) + guests_online
+            return redirect("punkweb_bb:login")
+    else:
+        form = SignUpForm()
 
     context = {
-        "categories": categories,
-        "recent_threads": recent_threads,
-        "thread_count": thread_count,
-        "post_count": post_count,
-        "users": users,
-        "newest_user": newest_user,
-        "members_online": members_online,
-        "staff_online": staff_online,
-        "guests_online": guests_online,
-        "total_online": total_online,
+        "form": form,
     }
-    return render(request, "punkweb_bb/index.html", context=context)
+    return render(request, "punkweb_bb/signup.html", context)
 
 
 def login_view(request):
@@ -85,24 +77,36 @@ def logout_view(request):
     return redirect("punkweb_bb:login")
 
 
-def signup_view(request):
-    if request.user.is_authenticated:
-        return redirect("punkweb_bb:index")
+def index_view(request):
+    categories = Category.objects.all()
 
-    if request.method == "POST":
-        form = SignUpForm(request.POST)
+    recent_threads = Thread.objects.all().order_by("-created_at")[:5]
 
-        if form.is_valid():
-            form.save()
+    thread_count = Thread.objects.count()
+    post_count = Post.objects.count()
 
-            return redirect("punkweb_bb:login")
-    else:
-        form = SignUpForm()
+    users = User.objects.select_related("profile").all()
+    newest_user = users.order_by("-profile__created_at").first()
+
+    users_online = [user for user in users if user.profile.is_online]
+    members_online = [user for user in users_online if not user.is_staff]
+    staff_online = [user for user in users_online if user.is_staff]
+    guests_online = guest_list.length()
+    total_online = len(members_online) + len(staff_online) + guests_online
 
     context = {
-        "form": form,
+        "categories": categories,
+        "recent_threads": recent_threads,
+        "thread_count": thread_count,
+        "post_count": post_count,
+        "users": users,
+        "newest_user": newest_user,
+        "members_online": members_online,
+        "staff_online": staff_online,
+        "guests_online": guests_online,
+        "total_online": total_online,
     }
-    return render(request, "punkweb_bb/signup.html", context)
+    return render(request, "punkweb_bb/index.html", context=context)
 
 
 def profile_view(request, user_id):
@@ -148,6 +152,72 @@ def settings_view(request):
     return render(request, "punkweb_bb/settings.html", context=context)
 
 
+@login_required(login_url="/login/")
+def category_create_view(request):
+    if not request.user.has_perm("punkweb_bb.add_category"):
+        return HttpResponseForbidden("You do not have permission to create categories.")
+
+    if request.method == "POST":
+        form = CategoryModelForm(request.POST)
+
+        if form.is_valid():
+            category = form.save(commit=False)
+            category.slug = get_unique_slug(Category, category.name)
+            category.save()
+
+            return redirect(category)
+    else:
+        form = CategoryModelForm()
+
+    context = {
+        "form": form,
+    }
+    return render(request, "punkweb_bb/category_create.html", context=context)
+
+
+@login_required(login_url="/login/")
+def category_update_view(request, category_slug):
+    if not request.user.has_perm("punkweb_bb.change_category"):
+        return HttpResponseForbidden("You do not have permission to change categories.")
+
+    category = get_object_or_404(Category, slug=category_slug)
+
+    if request.method == "POST":
+        form = CategoryModelForm(request.POST, instance=category)
+
+        if form.is_valid():
+            category = form.save()
+
+            return redirect(category)
+    else:
+        form = CategoryModelForm(instance=category)
+
+    context = {
+        "category": category,
+        "form": form,
+    }
+    return render(request, "punkweb_bb/category_update.html", context=context)
+
+
+@login_required(login_url="/login/")
+def category_delete_view(request, category_slug):
+    if not request.user.has_perm("punkweb_bb.delete_category"):
+        return HttpResponseForbidden("You do not have permission to delete categories.")
+
+    category = get_object_or_404(Category, slug=category_slug)
+
+    if request.method == "DELETE":
+        category.delete()
+
+        return htmx_redirect(reverse("punkweb_bb:index"))
+
+    context = {
+        "category": category,
+    }
+
+    return render(request, "punkweb_bb/partials/category_delete.html", context=context)
+
+
 def subcategory_view(request, subcategory_slug):
     subcategory = get_object_or_404(Subcategory, slug=subcategory_slug)
 
@@ -160,12 +230,92 @@ def subcategory_view(request, subcategory_slug):
     return render(request, "punkweb_bb/subcategory.html", context=context)
 
 
+@login_required(login_url="/login/")
+def subcategory_create_view(request, category_slug):
+    if not request.user.has_perm("punkweb_bb.add_subcategory"):
+        return HttpResponseForbidden(
+            "You do not have permission to create subcategories."
+        )
+
+    category = get_object_or_404(Category, slug=category_slug)
+
+    if request.method == "POST":
+        form = SubcategoryModelForm(request.POST)
+
+        if form.is_valid():
+            subcategory = form.save(commit=False)
+            subcategory.category = category
+            subcategory.slug = get_unique_slug(Subcategory, subcategory.name)
+            subcategory.save()
+
+            return redirect(subcategory)
+    else:
+        form = SubcategoryModelForm()
+
+    context = {
+        "category": category,
+        "form": form,
+    }
+    return render(request, "punkweb_bb/subcategory_create.html", context=context)
+
+
+@login_required(login_url="/login/")
+def subcategory_update_view(request, subcategory_slug):
+    if not request.user.has_perm("punkweb_bb.change_subcategory"):
+        return HttpResponseForbidden(
+            "You do not have permission to change subcategories."
+        )
+
+    subcategory = get_object_or_404(Subcategory, slug=subcategory_slug)
+
+    if request.method == "POST":
+        form = SubcategoryModelForm(request.POST, instance=subcategory)
+
+        if form.is_valid():
+            subcategory = form.save()
+
+            return redirect(subcategory)
+    else:
+        form = SubcategoryModelForm(instance=subcategory)
+
+    context = {
+        "subcategory": subcategory,
+        "form": form,
+    }
+    return render(request, "punkweb_bb/subcategory_update.html", context=context)
+
+
+@login_required(login_url="/login/")
+def subcategory_delete_view(request, subcategory_slug):
+    if not request.user.has_perm("punkweb_bb.delete_subcategory"):
+        return HttpResponseForbidden(
+            "You do not have permission to delete subcategories."
+        )
+
+    subcategory = get_object_or_404(Subcategory, slug=subcategory_slug)
+
+    if request.method == "DELETE":
+        subcategory.delete()
+
+        return htmx_redirect(subcategory.category.get_absolute_url())
+
+    context = {
+        "subcategory": subcategory,
+    }
+
+    return render(
+        request, "punkweb_bb/partials/subcategory_delete.html", context=context
+    )
+
+
 @login_required(login_url="/login/")
 def thread_create_view(request, subcategory_slug):
     subcategory = get_object_or_404(Subcategory, slug=subcategory_slug)
 
-    if subcategory.staff_post_only and not request.user.is_staff:
-        return redirect(subcategory)
+    if not subcategory.can_post(request.user):
+        return HttpResponseForbidden(
+            "You do not have permission to post in this subcategory."
+        )
 
     if request.method == "POST":
         form = ThreadModelForm(request.POST)
@@ -211,7 +361,12 @@ def thread_view(request, thread_id):
 
 @login_required(login_url="/login/")
 def thread_update_view(request, thread_id):
-    thread = get_object_or_404(Thread, pk=thread_id, user=request.user)
+    thread = get_object_or_404(Thread, pk=thread_id)
+
+    if not thread.can_edit(request.user):
+        return HttpResponseForbidden(
+            "You do not have permission to change this thread."
+        )
 
     if request.method == "POST":
         form = ThreadModelForm(request.POST, instance=thread)
@@ -232,7 +387,12 @@ def thread_update_view(request, thread_id):
 
 @login_required(login_url="/login/")
 def thread_delete_view(request, thread_id):
-    thread = get_object_or_404(Thread, pk=thread_id, user=request.user)
+    thread = get_object_or_404(Thread, pk=thread_id)
+
+    if not thread.can_delete(request.user):
+        return HttpResponseForbidden(
+            "You do not have permission to delete this thread."
+        )
 
     if request.method == "DELETE":
         thread.delete()
@@ -250,8 +410,10 @@ def thread_delete_view(request, thread_id):
 def post_create_view(request, thread_id):
     thread = get_object_or_404(Thread, pk=thread_id)
 
-    if thread.is_closed:
-        return HttpResponseForbidden("Cannot add posts to a closed thread.")
+    if not thread.can_post(request.user):
+        return HttpResponseForbidden(
+            "You do not have permission to post in this thread."
+        )
 
     form = PostModelForm(request.POST)
 
@@ -266,7 +428,10 @@ def post_create_view(request, thread_id):
 
 @login_required(login_url="/login/")
 def post_update_view(request, post_id):
-    post = get_object_or_404(Post, pk=post_id, user=request.user)
+    post = get_object_or_404(Post, pk=post_id)
+
+    if not post.can_edit(request.user):
+        return HttpResponseForbidden("You do not have permission to change this post.")
 
     if request.method == "POST":
         form = PostModelForm(request.POST, instance=post)
@@ -288,7 +453,10 @@ def post_update_view(request, post_id):
 
 @login_required(login_url="/login/")
 def post_delete_view(request, post_id):
-    post = get_object_or_404(Post, pk=post_id, user=request.user)
+    post = get_object_or_404(Post, pk=post_id)
+
+    if not post.can_delete(request.user):
+        return HttpResponseForbidden("You do not have permission to delete this post.")
 
     if request.method == "DELETE":
         post.delete()
@@ -340,6 +508,25 @@ def shout_create_view(request):
             )
 
 
+@login_required(login_url="/login/")
+def shout_delete_view(request, shout_id):
+    shout = get_object_or_404(Shout, pk=shout_id)
+
+    if not shout.can_delete(request.user):
+        return HttpResponseForbidden("You do not have permission to delete this shout.")
+
+    if request.method == "DELETE":
+        shout.delete()
+
+        return htmx_redirect(reverse("punkweb_bb:index"))
+
+    context = {
+        "shout": shout,
+    }
+
+    return render(request, "punkweb_bb/partials/shout_delete.html", context=context)
+
+
 def bbcode_view(request):
     codes = (
         ("Bold", "[b]Bold Text[/b]"),