Fossil

Check-in [b14cf3bc]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:When deleting a user via /setup_uedit, also disapprove any pending-moderation entries for users which are no longer in the user table. This is programmatically simpler than only removing entries for the removed user but (potential corner case) would also disapprove pending modreq entries if a user account is renamed while moderation of their content is pending.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | moderate-disapprove-on-user-delete
Files: files | file ages | folders
SHA3-256: b14cf3bc68d8dca2138331eb051b828508369730a08760b293e199380a545aa5
User & Date: stephan 2019-05-17 07:27:00
Context
2019-05-17
11:52
Automatically disapprove pending moderation requests when deleting a user. This makes it easier to deal with spam-robots. check-in: 0211e8c4 user: drh tags: trunk
07:27
When deleting a user via /setup_uedit, also disapprove any pending-moderation entries for users which are no longer in the user table. This is programmatically simpler than only removing entries for the removed user but (potential corner case) would also disapprove pending modreq entries if a user account is renamed while moderation of their content is pending. Closed-Leaf check-in: b14cf3bc user: stephan tags: moderate-disapprove-on-user-delete
06:48
Create new branch named "moderate-disapprove-on-user-delete" (ooops - all these years and i never realized that "branch new" automatically creates a new empty commit!) check-in: a0595089 user: stephan tags: moderate-disapprove-on-user-delete
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/moderate.c.

187
188
189
190
191
192
193

































    );
    db_prepare(&q, "%s", blob_sql_text(&sql));
    www_print_timeline(&q, 0, 0, 0, 0, 0);
    db_finalize(&q);
  }
  style_footer();
}








































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
    );
    db_prepare(&q, "%s", blob_sql_text(&sql));
    www_print_timeline(&q, 0, 0, 0, 0, 0);
    db_finalize(&q);
  }
  style_footer();
}

/*
** Disapproves any entries in the modreq table which belong to any
** user whose name is no longer found in the user table. This is only
** intended to be called after user deletion via /setup_uedit.
**
** To figure out whether a name exists it cross-references
** coalesce(event.euser, event.user) with user.login, limiting the
** selection to event entries where objid matches an entry in the
** modreq table.
**
** This is a no-op if called without g.perm.Admin permissions or if
** moderation_table_exists() returns false.
*/
void moderation_disapprove_for_missing_users(){
  Stmt q;
  if( !g.perm.Admin || !moderation_table_exists() ){
    return;
  }
  db_begin_transaction();
  db_prepare(&q,
    "SELECT objid FROM event WHERE objid IN "
    "(SELECT objid FROM modreq) "
    "AND coalesce(euser,user) NOT IN "
    "(SELECT login FROM user)"
  );
  while( db_step(&q)==SQLITE_ROW ){
    int const objid = db_column_int(&q, 0);
    moderation_disapprove(objid);
  }
  db_finalize(&q);
  db_end_transaction(0);
}

Changes to src/setupuser.c.

295
296
297
298
299
300
301

302
303
304
305
306
307
308

  /* Check for requests to delete the user */
  if( P("delete") && cgi_csrf_safe(1) ){
    int n;
    if( P("verifydelete") ){
      /* Verified delete user request */
      db_multi_exec("DELETE FROM user WHERE uid=%d", uid);

      admin_log("Deleted user [%s] (uid %d).",
                PD("login","???")/*safe-for-%s*/, uid);
      cgi_redirect(cgi_referer("setup_ulist"));
      return;
    }
    n = db_int(0, "SELECT count(*) FROM event"
                  " WHERE user=%Q AND objid NOT IN private",







>







295
296
297
298
299
300
301
302
303
304
305
306
307
308
309

  /* Check for requests to delete the user */
  if( P("delete") && cgi_csrf_safe(1) ){
    int n;
    if( P("verifydelete") ){
      /* Verified delete user request */
      db_multi_exec("DELETE FROM user WHERE uid=%d", uid);
      moderation_disapprove_for_missing_users();
      admin_log("Deleted user [%s] (uid %d).",
                PD("login","???")/*safe-for-%s*/, uid);
      cgi_redirect(cgi_referer("setup_ulist"));
      return;
    }
    n = db_int(0, "SELECT count(*) FROM event"
                  " WHERE user=%Q AND objid NOT IN private",