wip #884: always default to pk=None so unsupported api edges 404 without pk, more work on bulk thread delete

misago/threads/api/threadendpoints/delete.py

@@ -2,6 +2,7 @@ from rest_framework.response import Response
 
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
+from django.http import Http404
 from django.utils.six import text_type
 from django.utils.translation import ugettext as _
 from django.utils.translation import ungettext
@@ -17,18 +18,17 @@ DELETE_LIMIT = settings.MISAGO_THREADS_PER_PAGE + settings.MISAGO_THREADS_TAIL
 def delete_thread(request, thread):
     allow_delete_thread(request.user, thread)
     moderation.delete_thread(request.user, thread)
-
     return Response({})
 
 
 def delete_bulk(request, viewmodel):
-    threads = clean_threads_for_delete(request, viewmodel)
-    raise Exception(threads)
+    threads_ids = clean_threads_ids(request)
 
     errors = []
-    for thread in threads:
+    for thread_id in threads_ids:
         try:
-            allow_delete_thread(request.user, thread)
+            thread = viewmodel(request, thread_id).unwrap()
+            delete_thread(request, thread)
         except PermissionDenied as e:
             errors.append({
                 'thread': {
@@ -37,18 +37,13 @@ def delete_bulk(request, viewmodel):
                 },
                 'error': text_type(e)
             })
+        except Http404:
+            pass # ignore invisible threads
 
-    if errors:
-        return Response(errors, status_code=403)
-
-    for thread in delete:
-        with transaction.atomic():
-            moderation.delete_thread(request.user, thread)
-
-    return Response({})
+    return Response(errors)
 
 
-def clean_threads_for_delete(request, viewmodel):
+def clean_threads_ids(request):
     try:
         threads_ids = list(map(int, request.data or []))
     except (ValueError, TypeError):
@@ -63,14 +58,9 @@ def clean_threads_for_delete(request, viewmodel):
             DELETE_LIMIT,
         )
         raise PermissionDenied(message % {'limit': DELETE_LIMIT})
-
-    threads = [viewmodel(request, pk) for pk in threads_ids]
-    if len(threads) != len(threads_ids):
-        raise PermissionDenied(_("One or more threads to delete could not be found."))
-
-    return threads
+    return set(threads_ids)
 
 
 def allow_delete_thread(user, thread):
-    if thread.acl.get('can_delete') != 2:
+    if thread.acl.get('can_hide') != 2:
         raise PermissionDenied(_("You don't have permission to delete this thread."))

misago/threads/api/threadpoll.py

@@ -81,7 +81,7 @@ class ViewSet(viewsets.ViewSet):
             return Response(serializer.errors, status=400)
 
     @transaction.atomic
-    def update(self, request, thread_pk, pk):
+    def update(self, request, thread_pk, pk=None):
         request.user.lock()
 
         thread = self.get_thread(request, thread_pk)
@@ -101,7 +101,7 @@ class ViewSet(viewsets.ViewSet):
             return Response(serializer.errors, status=400)
 
     @transaction.atomic
-    def delete(self, request, thread_pk, pk):
+    def delete(self, request, thread_pk, pk=None):
         request.user.lock()
 
         thread = self.get_thread(request, thread_pk)
@@ -119,14 +119,14 @@ class ViewSet(viewsets.ViewSet):
         })
 
     @detail_route(methods=['get', 'post'])
-    def votes(self, request, thread_pk, pk):
+    def votes(self, request, thread_pk, pk=None):
         if request.method == 'POST':
             return self.post_votes(request, thread_pk, pk)
         else:
             return self.get_votes(request, thread_pk, pk)
 
     @transaction.atomic
-    def post_votes(self, request, thread_pk, pk):
+    def post_votes(self, request, thread_pk, pk=None):
         request.user.lock()
 
         thread = self.get_thread(request, thread_pk)
@@ -134,7 +134,7 @@ class ViewSet(viewsets.ViewSet):
 
         return poll_vote_create(request, thread, instance)
 
-    def get_votes(self, request, thread_pk, pk):
+    def get_votes(self, request, thread_pk, pk=None):
         poll_pk = get_int_or_404(pk)
 
         try:

misago/threads/api/threadposts.py

@@ -148,7 +148,7 @@ class ViewSet(viewsets.ViewSet):
             return Response(posting.errors, status=400)
 
     @transaction.atomic
-    def partial_update(self, request, thread_pk, pk):
+    def partial_update(self, request, thread_pk, pk=None):
         thread = self.get_thread(request, thread_pk)
         post = self.get_post(request, thread, pk).unwrap()
 
@@ -169,7 +169,7 @@ class ViewSet(viewsets.ViewSet):
 
     @detail_route(methods=['post'])
     @transaction.atomic
-    def read(self, request, thread_pk, pk):
+    def read(self, request, thread_pk, pk=None):
         request.user.lock()
 
         thread = self.get_thread(
@@ -183,7 +183,7 @@ class ViewSet(viewsets.ViewSet):
         return post_read_endpoint(request, thread, post)
 
     @detail_route(methods=['get'], url_path='editor')
-    def post_editor(self, request, thread_pk, pk):
+    def post_editor(self, request, thread_pk, pk=None):
         thread = self.get_thread(request, thread_pk)
         post = self.get_post(request, thread, pk).unwrap()
 
@@ -229,7 +229,7 @@ class ViewSet(viewsets.ViewSet):
             return Response({})
 
     @detail_route(methods=['get', 'post'])
-    def edits(self, request, thread_pk, pk):
+    def edits(self, request, thread_pk, pk=None):
         if request.method == 'GET':
             thread = self.get_thread(request, thread_pk)
             post = self.get_post(request, thread, pk).unwrap()
@@ -246,7 +246,7 @@ class ViewSet(viewsets.ViewSet):
                 return revert_post_endpoint(request, post)
 
     @detail_route(methods=['get'])
-    def likes(self, request, thread_pk, pk):
+    def likes(self, request, thread_pk, pk=None):
         thread = self.get_thread(request, thread_pk)
         post = self.get_post(request, thread, pk).unwrap()
 

misago/threads/api/threads.py

@@ -47,7 +47,7 @@ class ViewSet(viewsets.ViewSet):
         return Response(thread.get_frontend_context())
 
     @transaction.atomic
-    def partial_update(self, request, pk):
+    def partial_update(self, request, pk=None):
         request.user.lock()
         thread = self.get_thread(request, pk).unwrap()
         return thread_patch_endpoint(request, thread)
@@ -56,8 +56,6 @@ class ViewSet(viewsets.ViewSet):
         if pk:
             thread = self.get_thread(request, pk).unwrap()
             return delete_thread(request, thread)
-
-        category = self.category(request)
         return delete_bulk(request, self.thread)
 
 
@@ -96,7 +94,7 @@ class ThreadViewSet(ViewSet):
 
     @detail_route(methods=['post'], url_path='merge')
     @transaction.atomic
-    def thread_merge(self, request, pk):
+    def thread_merge(self, request, pk=None):
         thread = self.get_thread(request, pk).unwrap()
         return thread_merge_endpoint(request, thread, self.thread)