vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge pull request #10906 from Thunderbottom/comment-login-and-limit

Browse source 
fix: limit commenting to logged in accounts
This commit is contained in:
mergify[bot] 2020-07-08 10:45:38 +00:00 committed by GitHub
commit 20a1546574
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 60 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
frappe/templates/includes/comments/comments.html
View file

@ -9,10 +9,10 @@
{% endif %}
<div itemscope itemtype="http://schema.org/UserComments" id="comment-list">
{% for comment in comment_list %}
<div class="my-3">
{% include "templates/includes/comments/comment.html" %}
</div>
{% for comment in comment_list %}
<div class="my-3">
{% include "templates/includes/comments/comment.html" %}
</div>
{% endfor %}
</div>
</div>
@ -25,26 +25,22 @@
<div class="comment-form-wrapper">
<a class="add-comment btn btn-light btn-sm">{{ _("Add Comment") }}</a>
<div style="display: none;" id="comment-form">
<div style="display: none;" id="comment-form">
<p>{{ _("Leave a Comment") }}</p>
<div class="alert" style="display:none;"></div>
<form>
<fieldset>
<div class="row {% if _login_required %} hidden {% endif %}"
style="margin-bottom: 15px;">
<div class="row" style="margin-bottom: 15px;">
<div class="col-sm-6">
<input class="form-control comment_by" name="comment_by"
placeholder="{{ _("Your Name") }}" type="text">
<input class="form-control comment_by" name="comment_by" placeholder="{{ _("Your Name") }}" type="text">
</div>
<div class="col-sm-6">
<input class="form-control comment_email" name="comment_email"
placeholder="{{ _("Your Email Address") }}" type="email">
<input class="form-control comment_email" name="comment_email" placeholder="{{ _("Your Email Address") }}" type="email">
</div>
</div>
<p><textarea class="form-control" name="comment" rows=10
placeholder="{{ _("Comment") }}"></textarea></p>
<button class="btn btn-primary btn-sm" id="submit-comment" style="margin-top:10px">
{{ _("Submit") }}</button>
placeholder="{{ _("Comment") }}"></textarea></p>
<button class="btn btn-primary btn-sm" id="submit-comment" style="margin-top:10px">{{ _("Submit") }}</button>
</fieldset>
</form>
</div>
@ -53,13 +49,9 @@
{% endif %}
<script>
frappe.ready(function() {
var login_required = {{ login_required and 1 or 0 }};
if (login_required && !frappe.is_user_logged_in()) {
if (!frappe.is_user_logged_in()) {
$(".login-required, .comment-form-wrapper").toggleClass("hidden");
}
if(frappe.is_user_logged_in()) {
} else {
$('input.comment_by').prop("disabled", true);
$('input.comment_email').prop("disabled", true);
}
@ -75,18 +67,18 @@
}
$(".add-comment").click(function() {
$(this).toggle(false);
$("#comment-form").toggle();
var full_name = "", user_id = "";
if(frappe.is_user_logged_in()) {
full_name = frappe.get_cookie("full_name");
user_id = frappe.get_cookie("user_id");
if(user_id != "Guest") {
$("[name='comment_email']").val(user_id);
$("[name='comment_by']").val(full_name);
}
}
$("#comment-form").toggle();
var full_name = "", user_id = "";
if(frappe.is_user_logged_in()) {
full_name = frappe.get_cookie("full_name");
user_id = frappe.get_cookie("user_id");
if(user_id != "Guest") {
$("[name='comment_email']").val(user_id);
$("[name='comment_by']").val(full_name);
}
}
$("#comment-form textarea").val("");
})
})
$("#submit-comment").click(function() {
var args = {
@ -99,13 +91,8 @@
route: "{{ pathname }}",
}
if(!args.comment_by || !args.comment_email || !args.comment) {
frappe.msgprint("{{ _("All fields are necessary to submit the comment.") }}");
return false;
}
if (args.comment_email!=='Administrator' && !validate_email(args.comment_email)) {
frappe.msgprint("{{ _("Please enter a valid email address.") }}");
if(!args.comment || !args.comment.trim()) {
frappe.msgprint("{{ _("Please add a valid comment.") }}");
return false;
}
@ -121,15 +108,12 @@
} else {
if (r.message) {
$(r.message).appendTo("#comment-list");
} else {
// probably spam
frappe.msgprint('{{ _("Thank you for your comment. It will be published after approval") }}');
$(".add-comment").text(__("Add Another Comment"));
}
$(".no-comment, .add-comment").toggle(false);
$("#comment-form").toggle();
$(".add-comment").toggle();
}
$(".add-comment").text(__("Add Another Comment"));
$(".add-comment").toggle();
}
})

54
frappe/templates/includes/comments/comments.py
View file

@ -3,29 +3,44 @@
from __future__ import unicode_literals
import frappe
import frappe.utils
import re
from frappe.website.render import clear_cache
from frappe.utils import add_to_date, now
from frappe import _
@frappe.whitelist(allow_guest=True)
@frappe.whitelist()
def add_comment(comment, comment_email, comment_by, reference_doctype, reference_name, route):
doc = frappe.get_doc(reference_doctype, reference_name)
if len(comment) < 10:
frappe.msgprint(_('Comment Should be atleast 10 characters'))
return ''
if not comment.strip():
frappe.msgprint(_('The comment cannot be empty'))
return False
blacklist = ['http://', 'https://', '@gmail.com']
url_regex = re.compile(r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+", re.IGNORECASE)
email_regex = re.compile(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", re.IGNORECASE)
if any([b in comment for b in blacklist]):
if url_regex.search(comment) or email_regex.search(comment):
frappe.msgprint(_('Comments cannot have links or email addresses'))
return ''
return False
if not comment_email == frappe.session.user:
comment_email = frappe.session.user
comments_count = frappe.db.count("Comment", {
"comment_type": "Comment",
"comment_email": frappe.session.user,
"creation": (">", add_to_date(now(), hours=-1))
})
if comments_count > 20:
frappe.msgprint(_('Hourly comment limit reached for: {0}').format(frappe.bold(frappe.session.user)))
return False
comment = doc.add_comment(
text = comment,
comment_email = comment_email,
comment_by = comment_by)
text=comment,
comment_email=comment_email,
comment_by=comment_by)
comment.db_set('published', 1)
@ -40,18 +55,13 @@ def add_comment(comment, comment_email, comment_by, reference_doctype, reference
# notify creator
frappe.sendmail(
recipients = frappe.db.get_value('User', doc.owner, 'email') or doc.owner,
subject = _('New Comment on {0}: {1}').format(doc.doctype, doc.name),
message = content,
recipients=frappe.db.get_value('User', doc.owner, 'email') or doc.owner,
subject=_('New Comment on {0}: {1}').format(doc.doctype, doc.name),
message=content,
reference_doctype=doc.doctype,
reference_name=doc.name
)
if comment.published:
# revert with template if all clear (no backlinks)
template = frappe.get_template("templates/includes/comments/comment.html")
return template.render({"comment": comment.as_dict()})
else:
return ''
# revert with template if all clear (no backlinks)
template = frappe.get_template("templates/includes/comments/comment.html")
return template.render({"comment": comment.as_dict()})

6
frappe/website/doctype/web_form/web_form.py
View file

@ -122,10 +122,6 @@ def get_context(context):
'''Build context to render the `web_form.html` template'''
self.set_web_form_module()
context._login_required = False
if self.login_required and frappe.session.user == "Guest":
context._login_required = True
doc, delimeter = make_route_string(frappe.form_dict)
context.doc = doc
context.delimeter = delimeter
@ -142,7 +138,7 @@ def get_context(context):
if self.is_standard:
self.use_meta_fields()
if not context._login_required:
if not frappe.session.user == "Guest":
if self.allow_edit:
if self.allow_multiple:
if not frappe.form_dict.name and not frappe.form_dict.new: