gitcoinco · octavioamu · Feb 19, 2020 · Feb 19, 2020
@@ -118,6 +118,7 @@
     url(r'^api/v0.1/profile/settings', dashboard.views.profile_settings, name='profile_settings'),
     url(r'^api/v0.1/profile/backup', dashboard.views.profile_backup, name='profile_backup'),
     path('api/v0.1/activity/<int:activity_id>', townsquare.views.api, name='townsquare_api'),
+    path('api/v0.1/comment/<int:comment_id>', townsquare.views.comment_v1, name='comment_v1'),
     path('api/v0.1/emailsettings/', townsquare.views.emailsettings, name='townsquare_emailsettings'),
     url(r'^api/v0.1/activity', retail.views.create_status_update, name='create_status_update'),
     url(

@@ -345,15 +345,17 @@ $(document).ready(function() {
       $parent.parents('.activity.box').find('.loading').addClass('hidden');
       $target.addClass('filled');
       $target.html('');
-      for (var i = 0; i < response['comments'].length; i++) {
+      for (let i = 0; i < response['comments'].length; i++) {
         let comment = sanitizeAPIResults(response['comments'])[i];
         let the_comment = comment['comment'];
 
         the_comment = urlify(the_comment);
         the_comment = linkify(the_comment);
         the_comment = the_comment.replace(/\r\n|\r|\n/g, '<br />');
-        var timeAgo = timedifferenceCvrt(new Date(comment['created_on']));
-        var show_tip = true;
+        const timeAgo = timedifferenceCvrt(new Date(comment['created_on']));
+        const show_tip = true;
+        const is_comment_owner = document.contxt.github_handle == comment['profile_handle'];
+
         let html = `
         <div class="row comment_row p-2" data-id=${comment['id']}>
           <div class="col-1 activity-avatar mt-1">
@@ -384,8 +386,11 @@ $(document).ready(function() {
               ${the_comment}
             </div>
               <span class="font-smaller-5 float-right">
+              ${is_comment_owner ?
+    `<i data-pk=${comment['id']} class="delete_comment fas fa-trash font-smaller-7 position-relative text-black-70 mr-1 cursor-pointer" style="top:-1px; "></i>| `
+    : ''}
               ${show_tip ? `
-              <span class="action like ${comment['is_liked'] ? 'open' : ''}" data-toggle="tooltip" title="Liked by ${comment['likes']}">
+              <span class="action like px-0 ${comment['is_liked'] ? 'open' : ''}" data-toggle="tooltip" title="Liked by ${comment['likes']}">
                 <i class="far fa-heart grey"></i> <span class=like_count>${comment['like_count']}</span>
               </span> |
               <a href="#" class="tip_on_comment text-dark" data-pk="${comment['id']}" data-username="${comment['profile_handle']}"> <i class="fab fa-ethereum grey"></i> <span class="amount grey">${Math.round(100 * comment['tip_count_eth']) / 100}</span>
@@ -471,6 +476,32 @@ $(document).ready(function() {
     post_comment($target, false);
   });
 
+  $(document).on('click', '.delete_comment', function(e) {
+    e.preventDefault();
+    const comment_id = $(this).data('pk');
+
+    const params = {
+      'method': 'DELETE',
+      'csrfmiddlewaretoken': $('input[name=csrfmiddlewaretoken]').val()
+    };
+
+    const url = '/api/v0.1/comment/' + comment_id;
+
+    $.post(url, params, function(response) {
+      if (response.status <= 204) {
+        _alert('comment successfully deleted.', 'success', 1000);
+        $(`.comment_row[data-id='${comment_id}']`).addClass('hidden');
+        console.log(response);
+      } else {
+        _alert(`Unable to delete commment: ${response.message}`, 'error');
+        console.log(`error deleting commment: ${response.message}`);
+      }
+    }).fail(function(error) {
+      _alert('Unable to delete comment', 'error');
+      console.log(`error deleting commment: ${error.message}`);
+    });
+  });
+
 
   $(document).on('keypress', '.enter-activity-comment', function(e) {
     if (e.which == 13 && !e.shiftKey) {

@@ -339,6 +339,57 @@ def api(request, activity_id):
     return JsonResponse(response)
 
 
+@ratelimit(key='ip', rate='10/m', method=ratelimit.UNSAFE, block=True)
+def comment_v1(request, comment_id):
+    response = {
+        'status': 400,
+        'message': 'error: Bad Request.'
+    }
+
+    if not comment_id:
+        return JsonResponse(response)
+
+    user = request.user if request.user.is_authenticated else None
+
+    if not user:
+        response['message'] = 'user needs to be authenticated to take action'
+        return JsonResponse(response)
+
+    profile = request.user.profile if hasattr(request.user, 'profile') else None
+
+    if not profile:
+        response['message'] = 'no matching profile found'
+        return JsonResponse(response)
+
+    try:
+        comment = Comment.objects.get(pk=comment_id)
+    except:
+        response = {
+            'status': 404,
+            'message': 'unable to find comment'
+        }
+        return JsonResponse(response)
+
+    if comment.profile != profile:
+        response = {
+            'status': 401,
+            'message': 'user not authorized'
+        }
+        return JsonResponse(response)
+
+    method = request.POST.get('method')
+
+    if method == 'DELETE':
+        comment.delete()
+        response = {
+            'status': 204,
+            'message': 'comment successfully deleted'
+        }
+        return JsonResponse(response)
+
+    return JsonResponse(response)
+
+
 def get_offer_and_create_offer_action(profile, offer_id, what, do_not_allow_more_than_one_offeraction=False):
     offer = Offer.objects.current().get(pk=offer_id)
     if do_not_allow_more_than_one_offeraction and profile.offeractions.filter(what=what, offer=offer):