fix: replaced pipe with empty string on helper function

docs
feat: allow commenting by regular users when posting media requires advanced permissions (#1023 )
2025-11-20 21:46:04 -05:00 · 2024-10-02 19:16:18 +03:00 · 2024-10-02 15:57:19 +03:00 · 2024-10-02 15:52:30 +03:00
5 changed files with 50 additions and 3 deletions
--- a/cms/permissions.py
+++ b/cms/permissions.py
@@ -11,6 +11,13 @@ class IsAuthorizedToAdd(permissions.BasePermission):
        return user_allowed_to_upload(request)


+class IsAuthorizedToAddComment(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        return user_allowed_to_comment(request)
+
+
 class IsUserOrManager(permissions.BasePermission):
    """To be used in cases where request.user is either the
    object owner, or anyone amongst MediaCMS managers
@@ -66,3 +73,24 @@ def user_allowed_to_upload(request):
        if request.user.advancedUser:
            return True
    return False
+
+
+def user_allowed_to_comment(request):
+    """Any custom logic for whether a user is allowed
+    to comment lives here
+    """
+    if request.user.is_anonymous:
+        return False
+    if request.user.is_superuser:
+        return True
+
+    # Default is "all"
+    if not hasattr(settings, "CAN_COMMENT") or settings.CAN_COMMENT == "all":
+        return True
+    elif settings.CAN_COMMENT == "email_verified":
+        if request.user.email_is_verified:
+            return True
+    elif settings.CAN_COMMENT == "advancedUser":
+        if request.user.advancedUser:
+            return True
+    return False
--- a/cms/settings.py
+++ b/cms/settings.py
@@ -15,6 +15,10 @@ TIME_ZONE = "Europe/London"
 # valid options include 'all', 'email_verified', 'advancedUser'
 CAN_ADD_MEDIA = "all"

+# who can comment
+# valid options include 'all', 'email_verified', 'advancedUser'
+CAN_COMMENT = "all"
+
 # valid choices here are 'public', 'private', 'unlisted
 PORTAL_WORKFLOW = "public"

--- a/docs/admins_docs.md
+++ b/docs/admins_docs.md
@@ -479,6 +479,16 @@ Whether or not to enable generation of a sitemap file at http://your_installatio
 GENERATE_SITEMAP = False
 ```

+
+### 5.25 Control who can add comments
+
+By default `CAN_COMMENT = "all"` means that all registered users can add comment. Other valid options are:
+
+- **email_verified**, a user not only has to register an account but also verify the email (by clicking the link sent upon registration). Apparently email configuration need to work, otherise users won't receive emails.
+
+- **advancedUser**, only users that are marked as advanced users can add comment. Admins or MediaCMS managers can make users advanced users by editing their profile and selecting advancedUser.
+
+
 ## 6. Manage pages
 to be written

--- a/files/helpers.py
+++ b/files/helpers.py
@@ -367,7 +367,7 @@ def media_file_info(input_file):
            input_file,
        ]
        stdout = run_command(cmd).get("out")
-        stream_size = sum([int(line) for line in stdout.split("\n") if line != ""])
+        stream_size = sum([int(line.replace("|", "")) for line in stdout.split("\n") if line != ""])
        video_bitrate = round((stream_size * 8 / 1024.0) / video_duration, 2)

    if "r_frame_rate" in video_info.keys():
--- a/files/views.py
+++ b/files/views.py
@@ -24,7 +24,12 @@ from rest_framework.views import APIView

 from actions.models import USER_MEDIA_ACTIONS, MediaAction
 from cms.custom_pagination import FastPaginationWithoutCount
-from cms.permissions import IsAuthorizedToAdd, IsUserOrEditor, user_allowed_to_upload
+from cms.permissions import (
+    IsAuthorizedToAdd,
+    IsAuthorizedToAddComment,
+    IsUserOrEditor,
+    user_allowed_to_upload,
+)
 from users.models import User

 from .forms import ContactForm, MediaForm, SubtitleForm
@@ -1204,7 +1209,7 @@ class CommentDetail(APIView):
    Delete comment (DELETE)
    """

-    permission_classes = (IsAuthorizedToAdd,)
+    permission_classes = (IsAuthorizedToAddComment,)
    parser_classes = (JSONParser, MultiPartParser, FormParser, FileUploadParser)

    def get_object(self, friendly_token):
Author	SHA1	Message	Date
Tudorel Oprisan	ef4067cbdd	fix: replaced pipe with empty string on helper function	2024-10-02 19:16:18 +03:00
Markos Gogoulos	8cc3513a8a	docs	2024-10-02 15:57:19 +03:00
Kyle Maas	90e593946d	feat: allow commenting by regular users when posting media requires advanced permissions (#1023 )	2024-10-02 15:52:30 +03:00