Signed-off-by: zry <admin@z-touhou.org>

templates/home/ajax.comment.html

@@ -1,4 +1,5 @@
 {% load staticres %}
+{% load crypto %}
 <ul class="list-group">
 	{% for i in lPage %}
 	<li class="list-group-item">
@@ -32,7 +33,7 @@
 			&nbsp;
 			{{ i.time|date:"Y-m-d H:i:s" }}
 			{% if owner%}
-			<a role="button" class="btn btn-danger btn-xs" href="javascript:dellm('{{i.cmid}}');">删除</a>
+			<a role="button" class="btn btn-danger btn-xs" href="javascript:dellm('{{i.cmid}}','{% tiihash i.fromuser i.fromuser %}');">删除</a>
 			{% if i.reviewed %}
 			<a role="button" class="btn btn-warning btn-xs" href="javascript:reviewedCancel('{{i.cmid}}');">取消审核</a>
 			{% else %}

templates/home/ajax.leavemsg.html

@@ -1,10 +1,11 @@
 {% load staticres %}
+{% load crypto %}
 <ul class="list-group">
 	{% for i in lPage %}
 	<li class="list-group-item">
 		<h4 class="list-group-item-heading">
 			{% if owner%}
-			<a role="button" class="btn btn-danger btn-xs" href="javascript:dellm('{{i.cmid}}');">删除</a>
+			<a role="button" class="btn btn-danger btn-xs" href="javascript:dellm('{{i.cmid}}','{% tiihash i.title i.fromuser %}');">删除</a>
 			{% if i.reviewed %}
 			<a role="button" class="btn btn-warning btn-xs" href="javascript:reviewedCancel('{{i.cmid}}');">取消审核</a>
 			{% else %}

templates/home/leave.msg.html

@@ -83,6 +83,7 @@
 
 <script type="text/javascript">
 function LoadComment(page){
+  window.thispagenum = page;
   $("#commentBox").html("载入中...");
   $("#commentBox").load("{% url 'pichublog_lmshow' %}?page="+page);
 }
@@ -95,6 +96,39 @@ function newCaptcha(){
   var url = urlsource + uuid + ".png";
   $("#captcha_box").attr("src",url);
 }
+function dellm(cmid,vcode){
+  var urlsource = "{% url 'pichublog_lmdel' '23333' %}";
+  var url = urlsource.replace(/23333/,cmid) + "?veryfycode="+vcode;
+  $.get(url,function(data){
+    if(data['stat'] == 'ok'){
+      LoadComment(window.thispagenum);
+    }else{
+      alert('删除失败：'+data['type']);
+    }
+  })
+}
+function reviewedCancel(cmid){
+  var urlsource = "{% url 'pichublog_lmsr' '23333' %}";
+  var url = urlsource.replace(/23333/,cmid) + "?val=false";
+  $.get(url,function(data){
+    if(data['stat'] == 'ok'){
+      LoadComment(window.thispagenum);
+    }else{
+      alert('取消审核失败：'+data['type']);
+    }
+  })
+}
+function reviewedOK(cmid){
+  var urlsource = "{% url 'pichublog_lmsr' '23333' %}";
+  var url = urlsource.replace(/23333/,cmid) + "?val=true";
+  $.get(url,function(data){
+    if(data['stat'] == 'ok'){
+      LoadComment(window.thispagenum);
+    }else{
+      alert('审核失败：'+data['type']);
+    }
+  })
+}
 LoadComment(1);
 newCaptcha();
 </script>

templates/home/post.view.html

@@ -129,6 +129,7 @@
 
 <script type="text/javascript">
 function LoadComment(page){
+  window.thispagenum = page;
   $("#commentBox").html("载入中...");
   $("#commentBox").load("{% url 'pichublog_cmtshow' bpo.id %}?page="+page);
 }
@@ -141,6 +142,39 @@ function newCaptcha(){
   var url = urlsource + uuid + ".png";
   $("#captcha_box").attr("src",url);
 }
+function dellm(cmid,vcode){
+  var urlsource = "{% url 'pichublog_cmtdel' '23333' %}";
+  var url = urlsource.replace(/23333/,cmid) + "?veryfycode="+vcode;
+  $.get(url,function(data){
+    if(data['stat'] == 'ok'){
+      LoadComment(window.thispagenum);
+    }else{
+      alert('删除失败：'+data['type']);
+    }
+  })
+}
+function reviewedCancel(cmid){
+  var urlsource = "{% url 'pichublog_cmtsr' '23333' %}";
+  var url = urlsource.replace(/23333/,cmid) + "?val=false";
+  $.get(url,function(data){
+    if(data['stat'] == 'ok'){
+      LoadComment(window.thispagenum);
+    }else{
+      alert('取消审核失败：'+data['type']);
+    }
+  })
+}
+function reviewedOK(cmid){
+  var urlsource = "{% url 'pichublog_cmtsr' '23333' %}";
+  var url = urlsource.replace(/23333/,cmid) + "?val=true";
+  $.get(url,function(data){
+    if(data['stat'] == 'ok'){
+      LoadComment(window.thispagenum);
+    }else{
+      alert('审核失败：'+data['type']);
+    }
+  })
+}
 LoadComment(1);
 newCaptcha();
 </script>

urls.py

@@ -6,6 +6,8 @@ urlpatterns = patterns('pichublog.views',
 	url(r'^msgboard/$', 'home.LeaveMsgPage', name='pichublog_msgboard'),
 	url(r'^msgboard/ajax/show/$', 'home.AjaxShowLeaveMsg', name='pichublog_lmshow'),
 	url(r'^msgboard/add/$', 'home.LeaveMsgAdd', name='pichublog_lmadd'),
+	url(r'^msgboard/del/(?P<cmid>[0-9]+)/$', 'home.LeaveMsgDel', name='pichublog_lmdel'),
+	url(r'^msgboard/review/(?P<cmid>[0-9]+)/$', 'home.LeaveMsgSetReview', name='pichublog_lmsr'),
 
 	url(r'^pichu/sysconf/$', 'home.SysConf', name='pichublog_sysconf'),
 	url(r'^pichu/sysconf/var/$', 'home.SysVarConf', name='pichublog_sysvarconf'),
@@ -32,6 +34,8 @@ urlpatterns = patterns('pichublog.views',
 	url(r'^p/(?P<ID>\d+)/del/$', 'posts.PostDel', name='pichublog_postdel'),
 	url(r'^p/(?P<ID>\d+)/comments/ajax/show/$', 'posts.AjaxShowComments', name='pichublog_cmtshow'),
 	url(r'^p/(?P<ID>\d+)/comments/add/$', 'posts.AddComments', name='pichublog_cmtadd'),
+	url(r'^comments/del/(?P<cmid>[0-9]+)/$', 'posts.DelComments', name='pichublog_cmtdel'),
+	url(r'^comments/rev/(?P<cmid>[0-9]+)/$', 'posts.SetCommentsReview', name='pichublog_cmtsr'),
 	url(r'^pichu/post/list/$', 'posts.PostABkList', name='pichublog_postabklist'),
 	
 )

views/home.py

@@ -9,7 +9,7 @@ from django.conf import settings
 from django.core.urlresolvers import reverse
 from django.contrib import messages
 from django.db.models import Max as DbMax
-from siteutil.DataConvert import str2int,CheckPOST,str2long,BigIntUniqueID
+from siteutil.DataConvert import str2int,CheckPOST,str2long,BigIntUniqueID,TIIHASH
 from siteutil.CommonPaginator import SelfPaginator
 from siteutil.redisconf import RedisConfigHandler
 from zlogin.common.JsonResponse import JsonResponse
@@ -66,6 +66,30 @@ def AjaxShowLeaveMsg(request):
 	}
 	return render_to_response('home/ajax.leavemsg.html',kwvars,RequestContext(request))
 
+@PermNeed('pichublog','Admin')
+def LeaveMsgDel(request,cmid):
+	try:
+		lmo = LeaveMsg.objects.get(cmid=cmid)
+	except LeaveMsg.DoesNotExist:
+		return JsonResponse({"stat":"err","type":"DoesNotExist"})
+	if request.GET.get('veryfycode') == TIIHASH(lmo.title,lmo.fromuser):
+		lmo.delete()
+	else:
+		return JsonResponse({"stat":"err","type":"VerificationError"})
+	return JsonResponse({"stat":"ok","type":"OK"})
+
+@PermNeed('pichublog','Admin')
+def LeaveMsgSetReview(request,cmid):
+	try:
+		lmo = LeaveMsg.objects.get(cmid=cmid)
+	except LeaveMsg.DoesNotExist:
+		return JsonResponse({"stat":"err","type":"DoesNotExist"})
+	logic = request.GET.get('val')
+	bl = (logic == "true")
+	lmo.reviewed = bl
+	lmo.save()
+	return JsonResponse({"stat":"ok","type":"OK"})
+
 def LeaveMsgAdd(request):
 	if request.method == "POST":
 		if request.auth.islogin:

views/posts.py

@@ -8,7 +8,7 @@ from django.conf import settings
 from django.views.decorators.csrf import csrf_exempt
 from django.core.urlresolvers import reverse
 from django.contrib import messages
-from siteutil.DataConvert import str2int,CheckPOST,str2long,BigIntUniqueID,MakeSummary
+from siteutil.DataConvert import str2int,CheckPOST,str2long,BigIntUniqueID,MakeSummary,TIIHASH
 from siteutil.CommonPaginator import SelfPaginator
 from siteutil.CommonFilter import CommonFilter,FilterCondition
 from siteutil.htmlutil import renderPichuMarkDown as renderMarkdownSafety
@@ -253,6 +253,7 @@ def PostPreview(request,ID):
 	}
 	return render_to_response('home/post.view.html',kwvars,RequestContext(request))
 
+@PermNeed('pichublog','Admin')
 def PostEdit(request,ID):
 	try:
 		bpo = BlogPost.objects.get(id=ID)
@@ -284,7 +285,7 @@ def PostEdit(request,ID):
 	}
 	return render_to_response('home/post.edit.html',kwvars,RequestContext(request))
 
-
+@PermNeed('pichublog','Admin')
 def PostGrant(request,ID):
 	try:
 		bpo = BlogPost.objects.get(id=ID)
@@ -312,6 +313,7 @@ def PostGrant(request,ID):
 	}
 	return render_to_response('home/post.grant.html',kwvars,RequestContext(request))
 
+@PermNeed('pichublog','Admin')
 def PostHidden(request,ID):
 	try:
 		bpo = BlogPost.objects.get(id=ID)
@@ -332,6 +334,7 @@ def PostHidden(request,ID):
 	else:
 		return HttpResponseRedirect(reverse('pichublog_postabklist'))
 
+@PermNeed('pichublog','Admin')
 def PostDel(request,ID):
 	try:
 		bpo = BlogPost.objects.get(id=ID)
@@ -378,6 +381,30 @@ def AjaxShowComments(request,ID):
 	}
 	return render_to_response('home/ajax.comment.html',kwvars,RequestContext(request))
 
+@PermNeed('pichublog','Admin')
+def DelComments(request,cmid):
+	try:
+		lmo = BlogComment.objects.get(cmid=cmid)
+	except BlogComment.DoesNotExist:
+		return JsonResponse({"stat":"err","type":"DoesNotExist"})
+	if request.GET.get('veryfycode') == TIIHASH(lmo.fromuser,lmo.fromuser):
+		lmo.delete()
+	else:
+		return JsonResponse({"stat":"err","type":"VerificationError"})
+	return JsonResponse({"stat":"ok","type":"OK"})
+
+@PermNeed('pichublog','Admin')
+def SetCommentsReview(request,cmid):
+	try:
+		lmo = BlogComment.objects.get(cmid=cmid)
+	except BlogComment.DoesNotExist:
+		return JsonResponse({"stat":"err","type":"DoesNotExist"})
+	logic = request.GET.get('val')
+	bl = (logic == "true")
+	lmo.reviewed = bl
+	lmo.save()
+	return JsonResponse({"stat":"ok","type":"OK"})
+
 def AddComments(request,ID):
 	try:
 		bpo = BlogPost.objects.get(id=ID)