журнал (shhh) wrote in changelog,
журнал
shhh
changelog

[livejournal] r21781: LJSUP-11879: LJ.XMLRPC.updatecomments in...

Committer: nnikulochkina
LJSUP-11879: LJ.XMLRPC.updatecomments incorrect working spam comments
Disable 'spam' action in updatecomments.
Add flags 'spam', 'ban', 'delauthor' to deletecomments.
U   trunk/cgi-bin/ljprotocol.pl
Modified: trunk/cgi-bin/ljprotocol.pl
===================================================================
--- trunk/cgi-bin/ljprotocol.pl	2012-04-23 10:01:06 UTC (rev 21780)
+++ trunk/cgi-bin/ljprotocol.pl	2012-04-23 10:36:39 UTC (rev 21781)
@@ -121,6 +121,9 @@
      "325" => E_PERM,
      "326" => E_PERM,
      "327" => E_PERM,
+     "328" => E_PERM,
+     "329" => E_PERM,
+     "330" => E_PERM,
 
      # Limit errors
      "402" => E_TEMP,
@@ -803,12 +806,48 @@
         push @ids, $num;
     }
 
+    my $can_manage = $u->can_manage($journal);
+
+    my (%to_delauthor, %to_ban, %to_mark_spam);
+
     my @comments;
     foreach my $id (@ids) {
         my $comm = LJ::Comment->new($journal, dtalkid => $id);
         return fail($err, 203, 'xmlrpc.des.no_comment_by_param',{'param'=>'dtalkid'}) unless $comm->dtalkid == $id;
         return fail($err, 327, 'dtalkid:'.$comm->dtalkid) if $comm->is_deleted;
         return fail($err, 326, 'dtalkid:'.$comm->dtalkid) unless $comm->user_can_delete($u);
+
+        if($req->{'delauthor'}) {
+
+            # they can delete all comments posted by the same author
+            # if they are the entry author, and the comment being deleted
+            # has not been posted anonymously
+            my $can_delauthor = $comm->poster && ( $can_manage || ( $u->userid == $comm->entry->poster->userid ) );
+            return fail($err, 328, 'dtalkid:'.$comm->dtalkid) unless $can_delauthor; 
+            $to_delauthor{$comm->entry->jitemid}->{$comm->poster->userid} = 1;
+        }
+
+        if($req->{'ban'}) {
+            
+            # they can ban the comment author if they are the journal owner
+            # and there is an author; also, they will not be able to ban
+            # themselves
+            my $can_sweep = ( $u && $comm->poster && $u->can_sweep($journal) );
+            my $can_ban   = ( $can_manage || $can_sweep ) && $comm->poster && ( $u->userid != $comm->poster->userid );
+            return fail($err, 329, 'dtalkid:'.$comm->dtalkid) unless $can_ban;
+            $to_ban{$comm->poster->userid} = $comm->poster;
+        }
+        
+        if($req->{'spam'}) {
+
+            # they can mark as spam unless the comment is their own;
+            # they don't need to be the community maintainer to do that
+            my $can_mark_spam = LJ::Talk::can_mark_spam($u, $journal, $comm->poster, $comm) 
+                && $comm->poster && ( $u->userid != $comm->poster->userid );
+            return fail($err, 330, 'dtalkid:'.$comm->dtalkid) unless $can_mark_spam;
+            $to_mark_spam{$comm->jtalkid} = $comm;
+        }
+
         push @comments, $comm;
     }
 
@@ -831,7 +870,26 @@
 
     # delete all comments
     $_->delete for @to_delete;
+    
+    # delete author comments (only for authors of root comment in thread)
+    foreach my $jitemid (keys %to_delauthor) {
+        foreach my $userid (keys %{$to_delauthor{$jitemid}}) {
+            LJ::Talk::delete_author( $journal, $jitemid, $userid );
+        }
+    }
 
+    # ban authors (only for authors of root comment in thread)
+    $journal->ban_user($_) for values %to_ban;
+
+    # mark comments as spam (only for root comment in thread)
+    foreach my $comment (values %to_mark_spam) {
+        my $poster = $comment->poster;
+        LJ::Talk::mark_comment_as_spam( $journal, $comment->jtalkid );
+        LJ::set_rel($journal, $poster, 'D');
+        $journal->log_event('spam_set', { actiontarget => $poster->{userid}, remote => $u });
+        LJ::run_hook('auto_suspender_for_spam', $poster->{userid});
+    }
+    
     return {
         status => 'OK',
         result => @to_delete + 0,
@@ -879,15 +937,16 @@
 
     my $action = $req->{action};
     return fail($err, 200, "action") unless($action);
-    return fail($err, 203, "action") unless($action =~ /^screen|unscreen|freeze|unfreeze|spam|unspam$/);
+    return fail($err, 203, "action") unless($action =~ /^screen|unscreen|freeze|unfreeze|unspam$/);
 
-    my $can_method = ($action =~ /spam|unspam/ ? ($action eq 'spam' ? "LJ::Talk::can_marked_as_spam" : "LJ::Talk::can_unmark_spam") :  "LJ::Talk::can_$action");
+    my $can_method = ($action =~ /unspam/ ? "LJ::Talk::can_unmark_spam" :  "LJ::Talk::can_$action");
     $can_method = \&{$can_method};
 
     my @comments;
     foreach my $id (@ids) {
         my $comm = LJ::Comment->new($journal, dtalkid => $id);
         return fail($err, 203, 'xmlrpc.des.no_comment_by_param',{'param'=>'dtalkid'}) unless $comm->dtalkid == $id;
+        return fail($err, 327, 'dtalkid:'.$comm->dtalkid) if $comm->is_deleted;
         return fail($err, 326, 'dtalkid:'.$comm->dtalkid) unless $can_method->($u, $journal, $comm->entry->poster, $comm->poster);
         push @comments, $comm;
     }
@@ -905,6 +964,7 @@
             my @comment_tree = $comment->entry->comment_list;
             my @children = ($comment);
             while(my $item = shift @children){
+                next if $item->is_deleted;
                 return fail($err, 326, 'dtalkid:'.$item->dtalkid) unless $can_method->($u, $journal, $item->entry->poster, $item->poster);
                 $map_update{$item->dtalkid} = $item;
                 push @children, grep { $_->{parenttalkid} == $item->{jtalkid} } @comment_tree;
@@ -915,7 +975,7 @@
 
     # process comments
     my $method;
-    if ($action =~ /screen|unscreen|spam|unspam/) {
+    if ($action =~ /screen|unscreen|unspam/) {
         $method = \&{"LJ::Talk::$action".'_comment'};
         $method->($journal, $jitemid, map { $_->{jtalkid} } @to_update);
     } elsif ($action =~ /freeze|unfreeze/) {

Tags: livejournal, nikulochkina, nnikulochkina, pl
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments