Merge branch '1706979461-49' into 'master'

[#49] Material: User Review (Admin Moderation)

See merge request !111

app/templates/app/detail_materi.html

@@ -435,6 +435,12 @@ div.review {
                             {{ review.timestamp|naturaltime }}
                         </p>
                     </div>
+                    {% if user.is_admin %}
+                    <a class="ml-auto p-1 bd-highlight close"
+                        href="{% url 'delete-review' materi_data.id review.id %}">
+                        <span aria-hidden="true">&times;</span>
+                    </a>
+                    {% endif %}
                 </div>
                 <div  class = 'review'>
                 <p class="paragraph">{{review.review}}</p>

app/tests.py

@@ -858,6 +858,44 @@ class DetailMateriTest(TestCase):
         self.client.post(url, {"review": "This is new review by Anonymous"})
         response = self.client.get(url)
         self.assertContains(response, "Anonymous")
+
+    def create_and_delete_review(self, is_admin=False, is_contributor=False):
+        url = self.url
+        self.client.login(**self.admin_credential)
+        self.client.post(url, {"review": "A review by Anonymous"})
+        delete_url = "/review/delete/" + str(self.materi1.id) + "/" + str(
+            Review.objects.get(review="A review by Anonymous").id)
+        if is_admin:
+            self.client.login(**self.admin_credential)
+        if is_contributor:
+            self.client.login(**self.contributor_credential)
+        if not is_admin and not is_contributor:
+            self.client.login(**self.anonymous_credential)
+        response = self.client.get(delete_url)
+        return response
+    
+    def test_delete_review_by_admin(self):
+        self.create_and_delete_review(is_admin=True)
+        count = Review.objects.all().filter(review="A review by Anonymous").count()
+        self.assertEqual(count, 0)
+
+    def test_delete_review_by_contributor(self):
+        response = self.create_and_delete_review(is_contributor=True)
+
+        self.assertRaises(PermissionDenied)
+        self.assertEqual(response.status_code, 403)
+
+        count = Review.objects.all().filter(review="A review by Anonymous").count()
+        self.assertEqual(count, 1)
+
+    def test_delete_review_by_regular_user(self):
+        response = self.create_and_delete_review()
+
+        self.assertRaises(PermissionDenied)
+        self.assertEqual(response.status_code, 403)
+
+        count = Review.objects.all().filter(review="A review by Anonymous").count()
+        self.assertEqual(count, 1)
     
     def test_detail_materi_contains_review_count(self):
         url = self.url

app/urls.py

@@ -15,6 +15,8 @@ urlpatterns = [
     path("materi/like/", views.toggle_like, name="PostLikeToggle"),
     path("delete/<int:pk_materi>/<int:pk_comment>",
          views.delete_comment, name="delete-comment"),
+    path("review/delete/<int:pk_materi>/<int:pk_review>",
+        views.delete_review, name="delete-review"),
     path("comment/like/", views.toggle_like_comment, name="comment-like-toggle"),
     path("comment/dislike/", views.toggle_dislike_comment, name="comment-dislike-toggle"),
     path("materi/<int:pk>/delete", views.delete_materi, name="detele-materi"),

app/views.py

@@ -258,6 +258,14 @@ def delete_comment(request, pk_materi, pk_comment):
     comment.delete()
     return HttpResponseRedirect(url)
 
+def delete_review(request, pk_materi, pk_review):
+    if not request.user.is_authenticated or not request.user.is_admin:
+        raise PermissionDenied(request)
+    review = get_object_or_404(Review, pk=pk_review)
+    url_materi = "/materi/" + str(pk_materi) + "/"
+    review.delete()
+    return HttpResponseRedirect(url_materi)
+
 def toggle_like_comment(request):
     comment_id = 0
     if request.method == "POST":
@@ -281,7 +289,6 @@ def toggle_dislike_comment(request):
     else:
         return JsonResponse({"success": False, "msg": UNSUPPORTED_MESSAGE, "comment_id": comment_id})
 
-
 def add_rating_materi(request):
     if request.method == "POST" and request.user.is_authenticated: