Fossil SCM
When deleting a user via /setup_uedit, also disapprove any pending-moderation entries for users which are no longer in the user table. This is programmatically simpler than only removing entries for the removed user but (potential corner case) would also disapprove pending modreq entries if a user account is renamed while moderation of their content is pending.
Commit
b14cf3bc68d8dca2138331eb051b828508369730a08760b293e199380a545aa5
Parent
a0595089e5b8ea0…
2 files changed
+33
+1
+33
| --- src/moderate.c | ||
| +++ src/moderate.c | ||
| @@ -189,5 +189,38 @@ | ||
| 189 | 189 | www_print_timeline(&q, 0, 0, 0, 0, 0); |
| 190 | 190 | db_finalize(&q); |
| 191 | 191 | } |
| 192 | 192 | style_footer(); |
| 193 | 193 | } |
| 194 | + | |
| 195 | +/* | |
| 196 | +** Disapproves any entries in the modreq table which belong to any | |
| 197 | +** user whose name is no longer found in the user table. This is only | |
| 198 | +** intended to be called after user deletion via /setup_uedit. | |
| 199 | +** | |
| 200 | +** To figure out whether a name exists it cross-references | |
| 201 | +** coalesce(event.euser, event.user) with user.login, limiting the | |
| 202 | +** selection to event entries where objid matches an entry in the | |
| 203 | +** modreq table. | |
| 204 | +** | |
| 205 | +** This is a no-op if called without g.perm.Admin permissions or if | |
| 206 | +** moderation_table_exists() returns false. | |
| 207 | +*/ | |
| 208 | +void moderation_disapprove_for_missing_users(){ | |
| 209 | + Stmt q; | |
| 210 | + if( !g.perm.Admin || !moderation_table_exists() ){ | |
| 211 | + return; | |
| 212 | + } | |
| 213 | + db_begin_transaction(); | |
| 214 | + db_prepare(&q, | |
| 215 | + "SELECT objid FROM event WHERE objid IN " | |
| 216 | + "(SELECT objid FROM modreq) " | |
| 217 | + "AND coalesce(euser,user) NOT IN " | |
| 218 | + "(SELECT login FROM user)" | |
| 219 | + ); | |
| 220 | + while( db_step(&q)==SQLITE_ROW ){ | |
| 221 | + int const objid = db_column_int(&q, 0); | |
| 222 | + moderation_disapprove(objid); | |
| 223 | + } | |
| 224 | + db_finalize(&q); | |
| 225 | + db_end_transaction(0); | |
| 226 | +} | |
| 194 | 227 |
| --- src/moderate.c | |
| +++ src/moderate.c | |
| @@ -189,5 +189,38 @@ | |
| 189 | www_print_timeline(&q, 0, 0, 0, 0, 0); |
| 190 | db_finalize(&q); |
| 191 | } |
| 192 | style_footer(); |
| 193 | } |
| 194 |
| --- src/moderate.c | |
| +++ src/moderate.c | |
| @@ -189,5 +189,38 @@ | |
| 189 | www_print_timeline(&q, 0, 0, 0, 0, 0); |
| 190 | db_finalize(&q); |
| 191 | } |
| 192 | style_footer(); |
| 193 | } |
| 194 | |
| 195 | /* |
| 196 | ** Disapproves any entries in the modreq table which belong to any |
| 197 | ** user whose name is no longer found in the user table. This is only |
| 198 | ** intended to be called after user deletion via /setup_uedit. |
| 199 | ** |
| 200 | ** To figure out whether a name exists it cross-references |
| 201 | ** coalesce(event.euser, event.user) with user.login, limiting the |
| 202 | ** selection to event entries where objid matches an entry in the |
| 203 | ** modreq table. |
| 204 | ** |
| 205 | ** This is a no-op if called without g.perm.Admin permissions or if |
| 206 | ** moderation_table_exists() returns false. |
| 207 | */ |
| 208 | void moderation_disapprove_for_missing_users(){ |
| 209 | Stmt q; |
| 210 | if( !g.perm.Admin || !moderation_table_exists() ){ |
| 211 | return; |
| 212 | } |
| 213 | db_begin_transaction(); |
| 214 | db_prepare(&q, |
| 215 | "SELECT objid FROM event WHERE objid IN " |
| 216 | "(SELECT objid FROM modreq) " |
| 217 | "AND coalesce(euser,user) NOT IN " |
| 218 | "(SELECT login FROM user)" |
| 219 | ); |
| 220 | while( db_step(&q)==SQLITE_ROW ){ |
| 221 | int const objid = db_column_int(&q, 0); |
| 222 | moderation_disapprove(objid); |
| 223 | } |
| 224 | db_finalize(&q); |
| 225 | db_end_transaction(0); |
| 226 | } |
| 227 |
+1
| --- src/setupuser.c | ||
| +++ src/setupuser.c | ||
| @@ -297,10 +297,11 @@ | ||
| 297 | 297 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 298 | 298 | int n; |
| 299 | 299 | if( P("verifydelete") ){ |
| 300 | 300 | /* Verified delete user request */ |
| 301 | 301 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| 302 | + moderation_disapprove_for_missing_users(); | |
| 302 | 303 | admin_log("Deleted user [%s] (uid %d).", |
| 303 | 304 | PD("login","???")/*safe-for-%s*/, uid); |
| 304 | 305 | cgi_redirect(cgi_referer("setup_ulist")); |
| 305 | 306 | return; |
| 306 | 307 | } |
| 307 | 308 |
| --- src/setupuser.c | |
| +++ src/setupuser.c | |
| @@ -297,10 +297,11 @@ | |
| 297 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 298 | int n; |
| 299 | if( P("verifydelete") ){ |
| 300 | /* Verified delete user request */ |
| 301 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| 302 | admin_log("Deleted user [%s] (uid %d).", |
| 303 | PD("login","???")/*safe-for-%s*/, uid); |
| 304 | cgi_redirect(cgi_referer("setup_ulist")); |
| 305 | return; |
| 306 | } |
| 307 |
| --- src/setupuser.c | |
| +++ src/setupuser.c | |
| @@ -297,10 +297,11 @@ | |
| 297 | if( P("delete") && cgi_csrf_safe(1) ){ |
| 298 | int n; |
| 299 | if( P("verifydelete") ){ |
| 300 | /* Verified delete user request */ |
| 301 | db_multi_exec("DELETE FROM user WHERE uid=%d", uid); |
| 302 | moderation_disapprove_for_missing_users(); |
| 303 | admin_log("Deleted user [%s] (uid %d).", |
| 304 | PD("login","???")/*safe-for-%s*/, uid); |
| 305 | cgi_redirect(cgi_referer("setup_ulist")); |
| 306 | return; |
| 307 | } |
| 308 |