From: Chris Fulljames <christianfulljames@gmail.com>
Date: Sun, 26 Jan 2025 23:56:39 +0000 (-0500)
Subject: Implement comment deletion
X-Git-Url: https://littlesong.place/gitweb/?a=commitdiff_plain;h=ee8e257e23766466a7c8702b2808cf2c3141d68f;p=littlesongplace.git

Implement comment deletion
---

diff --git a/main.py b/main.py
index 244d889..ee256a7 100644
--- a/main.py
+++ b/main.py
@@ -492,6 +492,8 @@ def comment_get():
     if "replytoid" in request.args:
         replytoid = request.args["replytoid"]
         comment = query_db("select * from song_comments inner join users on song_comments.userid == users.userid where commentid = ?", [replytoid], one=True)
+        if not comment:
+            abort(404) # Invalid comment
 
     session["previous_page"] = request.referrer
     return render_template("comment.html", song=song, comment=comment)
@@ -506,6 +508,9 @@ def comment_post():
     except ValueError:
         abort(404) # Invald songid
 
+    if not "userid" in session:
+        abort(401) # Must be logged in
+
     comment = None
     if "replytoid" in request.args:
         replytoid = request.args["replytoid"]
@@ -513,9 +518,6 @@ def comment_post():
         if not comment:
             abort(404) # Invalid comment
 
-    if not "userid" in session:
-        abort(401) # Must be logged in
-
     # Add new comment
     timestamp = datetime.now(timezone.utc).isoformat()
     content = request.form["content"]
@@ -532,6 +534,24 @@ def comment_post():
     else:
         return redirect("/")
 
+@app.get("/delete-comment/<int:commentid>")
+def comment_delete(commentid):
+    comment = query_db("select c.userid as comment_user, s.userid as song_user from song_comments as c inner join songs as s on c.songid == s.songid where commentid = ?", [commentid], one=True)
+    print(dict(comment))
+    if not comment:
+        abort(404) # Invalid comment
+
+    if not (
+        ("userid" in session)
+        and ((comment["comment_user"] == session["userid"])
+            or (comment["song_user"] == session["userid"]))):
+        abort(401)
+
+    query_db("delete from song_comments where (commentid = ?) or (replytoid = ?)", [commentid, commentid])
+    get_db().commit()
+
+    return redirect(request.referrer)
+
 @app.get("/site-news")
 def site_news():
     return render_template("news.html")
diff --git a/templates/comment.html b/templates/comment.html
index 2ed0100..c385ebe 100644
--- a/templates/comment.html
+++ b/templates/comment.html
@@ -7,7 +7,7 @@
 <h1>Write a Comment</h1>
 
 <p>
-Commenting on {{ song.title }}
+Commenting on {{ song.title }} by <a href="/users/{{ song.username }}" class="profile-link">{{ song.username }}</a>
 </p>
 
 {% if comment %}
diff --git a/todo.txt b/todo.txt
index 48f88e5..bbb073d 100644
--- a/todo.txt
+++ b/todo.txt
@@ -1,6 +1,5 @@
 - Comments:
-    - Leave comment
-    - Delete comment
+    - Edit comment
     - Notifications
 - YouTube importer
 - Autoplay toggle