opendev/storyboard
Code Issues Proposed changes

Allow superusers to delete comments

Browse Source 
This removes the ability for users to delete their own comments in
favour of allowing superusers to delete any comment.

Change-Id: I0f6f4a0670b32cbadf9d8eb42c619b3a519d70fa
This commit is contained in:
Adam Coldrick 2016-07-06 10:08:42 +00:00
parent 275021af0a
commit 0cc7a72f39
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
storyboard/api/v1/timeline.py
View File

@ -261,7 +261,7 @@ class CommentsController(rest.RestController):
return wmodels.Comment.from_db_model(updated_comment) return wmodels.Comment.from_db_model(updated_comment)
@decorators.db_exceptions @decorators.db_exceptions
@secure(checks.authenticated) @secure(checks.superuser)
@wsme_pecan.wsexpose(wmodels.Comment, int, int, status_code=204) @wsme_pecan.wsexpose(wmodels.Comment, int, int, status_code=204)
def delete(self, story_id, comment_id): def delete(self, story_id, comment_id):
"""Update an existing comment. """Update an existing comment.
@ -270,11 +270,6 @@ class CommentsController(rest.RestController):
:param comment_id: The id of a Comment to be updated. :param comment_id: The id of a Comment to be updated.
""" """
comment = comments_api.comment_get(comment_id)
if request.current_user_id != comment.author_id:
abort(403, _("You are not allowed to delete this comment."))
comments_api.comment_delete(comment_id) comments_api.comment_delete(comment_id)
@decorators.db_exceptions @decorators.db_exceptions