Added role control when removing group msg

2025-08-27 19:20:53 +00:00 · 2012-10-18 13:55:24 +08:00 · 2012-10-18 13:55:24 +08:00 · ff1aa89f35
commit ff1aa89f35
parent faba380ebe
2 changed files with 19 additions and 3 deletions
--- a/group/templates/group/group_info.html
+++ b/group/templates/group/group_info.html
@ -149,7 +149,9 @@
                </p>
                <button class="reply op" data="{% url 'msg_reply' msg.id %}"><span class="reply-cnt">{% if msg.reply_cnt != 0 %}{{ msg.reply_cnt }} {% endif %}</span>回复</button>
                <button class="replyclose op hide">收起回复</button>
+                {% if is_staff or msg.from_email == request.user.username %}
                <button class="msg-delete op" href="#" data="{% url 'group_message_remove' group.id msg.id %}">删除</button>
+                {% endif %}
                <div class="reply-bd"></div>
            </div>
        </div>
@ -203,6 +205,14 @@ $('.download').click(function() {
    {% include 'snippets/repo_create_js.html' %}
 {% endwith %}

+$('.msg-delete').hover(
+    function() {
+        $(this).css('color', '#f93');
+    },
+    function() {
+        $(this).css('color', '#080');
+    }
+);
 addConfirmTo($('.msg-delete'));

 </script>
--- a/group/views.py
+++ b/group/views.py
@ -374,10 +374,16 @@ def group_message_remove(request, group_id, msg_id):
    try:
        gm = GroupMessage.objects.get(id=msg_id)
    except GroupMessage.DoesNotExist:
-        messages.success(request, u'删除失败')
+        messages.error(request, u'删除失败')
    else:
-        gm.delete()
-        messages.success(request, u'删除成功')
+        # Test whether user is group admin or message owner.
+        if check_group_staff(group_id, request.user) or \
+                gm.from_email == request.user.username:
+            gm.delete()
+            messages.success(request, u'删除成功')
+        else:
+            messages.error(request, u'删除失败：权限不足')
+            
    return HttpResponseRedirect(reverse('group_info', args=[group_id]))

@login_required