| 774 | """ |
| 775 | |
| 776 | def moderate(self, environ, request, id, action, key): |
| 777 | try: |
| 778 | id = self.isso.unsign(key, max_age=2**32) |
| 779 | except (BadSignature, SignatureExpired): |
| 780 | raise Forbidden |
| 781 | |
| 782 | item = self.comments.get(id) |
| 783 | if item is None: |
| 784 | raise NotFound |
| 785 | |
| 786 | thread = self.threads.get(item["tid"]) |
| 787 | link = local("origin") + thread["uri"] + "#isso-%i" % item["id"] |
| 788 | |
| 789 | if request.method == "GET": |
| 790 | modal = ( |
| 791 | "<!DOCTYPE html>" |
| 792 | "<html>" |
| 793 | "<head>" |
| 794 | "<script>" |
| 795 | " if (confirm('%s: Are you sure?')) {" |
| 796 | " xhr = new XMLHttpRequest;" |
| 797 | " xhr.open('POST', window.location.href);" |
| 798 | " xhr.send(null);" |
| 799 | " xhr.onload = function() {" |
| 800 | " window.location.href = %s;" |
| 801 | " };" |
| 802 | " }" |
| 803 | "</script>" % (action.capitalize(), json.dumps(link)) |
| 804 | ) |
| 805 | |
| 806 | return Response(modal, 200, content_type="text/html") |
| 807 | |
| 808 | if action == "activate": |
| 809 | if item["mode"] == 1: |
| 810 | return Response("Already activated", 200) |
| 811 | with self.isso.lock: |
| 812 | self.comments.activate(id) |
| 813 | self.signal("comments.activate", thread, item) |
| 814 | return Response("Comment has been activated", 200) |
| 815 | elif action == "edit": |
| 816 | data = request.json |
| 817 | |
| 818 | for key in set(data.keys()) - set(["text", "author", "website"]): |
| 819 | data.pop(key) |
| 820 | |
| 821 | valid, reason = API.verify(data) |
| 822 | if not valid: |
| 823 | return BadRequest(reason) |
| 824 | |
| 825 | for field in ("author",): |
| 826 | if data.get(field) is not None: |
| 827 | data[field] = escape(data[field], quote=False) |
| 828 | |
| 829 | if data.get("website") is not None: |
| 830 | data["website"] = escape(data["website"], quote=True) |
| 831 | |
| 832 | with self.isso.lock: |
| 833 | rv = self.comments.update(id, data) |