draft web admin: no action, no security

stacosys/db/dao.py

@@ -29,6 +29,10 @@ def find_not_notified_comments():
     return Comment.select().where(Comment.notified.is_null())
 
 
+def find_not_published_comments():
+    return Comment.select().where(Comment.published.is_null())
+
+
 def find_published_comments_by_url(url):
     return Comment.select(Comment).where((Comment.url == url) & (Comment.published.is_null(False))).order_by(
         +Comment.published)

stacosys/interface/__init__.py

@@ -4,3 +4,6 @@
 from flask import Flask
 
 app = Flask(__name__)
+
+# Set the secret key to some random bytes. Keep this really secret!
+app.secret_key = b'_5#y2L"F4Q8z\n\xec]/'

stacosys/interface/templates/admin_fr.html

@@ -0,0 +1,61 @@
+<!doctype html>
+<html lang="en-US">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Stacosys</title>
+<link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css">
+</head>
+<body>
+  <header>
+    <h1>Modération des commentaires</h1>
+  </header>
+  <main>
+      {% with messages = get_flashed_messages() %}
+      {% if messages %}
+        <blockquote>
+        {% for message in messages %}
+            <p>{{ message }}</p>
+        {% endfor %}
+      </blockquote>
+      {% endif %}
+      {% endwith %}
+    <table>
+    <thead>
+        <tr>
+            <th>Date</th>
+            <th>Auteur</th>
+            <th>Commentaire</th>
+            <th>Article</th>
+            <th>Actions</th>
+        </tr>
+    </thead>
+    <tbody>
+        {% for comment in comments %}
+        <tr>
+            <td>{{ comment.created }}</td>
+            <td>{{ comment.author_name }}</td>
+            <td>{{ comment.content }}</td>
+            <td><a href="{{ baseurl + comment.url }}">{{ comment.url }}</a></td>
+            <td>
+                <form action="/web" method="post">
+                    <input type="hidden" name="comment" value="{{comment.id}}">
+                    <input type="hidden" name="action" value="APPROVE">
+                    <button type="submit">Accepter</button>
+                </form>
+                <form action="/web" method="post">
+                    <input type="hidden" name="comment" value="{{comment.id}}">
+                    <input type="hidden" name="action" value="REJECT">
+                    <button type="submit">Rejeter</button>
+                </form>
+            </td>
+        </tr>
+        {% endfor %}
+    </tbody>
+    </table>
+  </main>
+  <footer>
+    <p>Cette page a été conçue par Yax avec <a href="https://simplecss.org">Simple.css</a>.</p>
+  </footer>
+</body>
+</html>

stacosys/interface/web/admin.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import logging
+
+from flask import request, redirect, flash, render_template
+
+from stacosys.db import dao
+from stacosys.interface import app
+
+logger = logging.getLogger(__name__)
+
+
+@app.route("/web", methods=["GET"])
+def admin_homepage():
+    lang = "fr"
+    comments = dao.find_not_published_comments()
+    return render_template("admin_" + lang + ".html", comments=comments, baseurl=app.config.get("SITE_URL"))
+
+
+@app.route("/web", methods=["POST"])
+def admin_action():
+    flash(request.form.get("comment") + " " + request.form.get("action"))
+    return redirect('/web')

stacosys/interface/webadmin.py

@@ -1,28 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-import logging
-import os
-from stacosys.core.templater import Templater, Template
-
-from flask import jsonify, request
-from flask import render_template
-
-from stacosys.db import dao
-from stacosys.interface import app
-
-logger = logging.getLogger(__name__)
-
-
-current_path = os.path.dirname(__file__)
-template_path = os.path.abspath(os.path.join(current_path, "../templates"))
-templater = Templater(template_path)
-
-@app.route("/web/comment", methods=["GET"])
-def web_comment_approval():
-    lang = "fr"
-    return templater.get_template(lang, Template.WEB_COMMENT_APPROVAL).render(
-        name="Yax")
-
-
-