admin Posts (NOTE_UNLOCK): readonly input + 'No response needed' placeholder + secUser focus glow + buddy btn suppressed + view POST 403 + Line.admin_solicited listener nukes errant writes; share Lines: drop ts suffix, author = sharer (adman fallback for anon legacy), silent no-op on re-share — TDD
- billboard/0005 adds Line.admin_solicited (BooleanField default False); RunPython backfills existing note_unlock Lines to True. Note.grant_if_new sets admin_solicited=True on its system prose.
- billboard.models post_save signal: any Line saved on a Post.kind=NOTE_UNLOCK without admin_solicited=True is deleted (defense-in-depth alongside the view guard).
- billboard.views.view_post hard-rejects POST on NOTE_UNLOCK kind (HTTP 403) — clean view-level contract; the post_save listener is the safety net for ORM/API paths that bypass it.
- templates/apps/billboard/post.html: NOTE_UNLOCK branch renders the input as readonly w. 'No response needed at this time' placeholder + no method/action; user_post branch keeps the regular composer. Buddy panel include guarded behind `{% if post.kind != 'note_unlock' %}` — friend invites don't apply to admin threads.
- SCSS: .post-line-form input.form-control[readonly]:focus uses --secUser glow (cooler than the regular --terUser composer focus).
- share_post: drop the iso-timestamp suffix on Line.text (just 'Shared with {email}'); author = request.user (anon legacy fallback to adman so AnonymousUser doesn't break the FK); re-share of an already-in-shared_with recipient is a silent no-op (no second Line, brief: null in JSON response). Buddy panel JS now reads data-sharer-name from server-rendered display_name so the optimistic _appendLine matches the post-refresh state.
- new ITs: test_admin_posts (PostRejectsAdminWritesTest, UnsolicitedLineListenerTest, NoteGrantSetsAdminSolicitedTest) — 7 tests; share_post tests rewritten for the new contract (drop ts, author=sharer, silent re-share dedup) — 12 tests; new FT test_admin_post_readonly w. AdminPostInputReadonlyTest + AdminPostHasNoBuddyBtnTest + UserPostInputUnaffectedTest — 4 tests. 827 ITs + 18 buddy/sharing FTs green.
Code architected by Disco DeDisco <discodedisco@outlook.com>
Git commit message Co-Authored-By:
Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Disco DeDisco
34
src/apps/billboard/migrations/0005_line_admin_solicited.py
Normal file
34
src/apps/billboard/migrations/0005_line_admin_solicited.py
Normal file
@@ -0,0 +1,34 @@
|
||||
# Adds Line.admin_solicited (BooleanField) to discriminate
|
||||
# system-authored Lines (Note.grant_if_new) from user writes on
|
||||
# NOTE_UNLOCK Posts. The post_save signal nukes any Line on a
|
||||
# NOTE_UNLOCK Post that lacks admin_solicited=True — defense-in-depth
|
||||
# alongside the view_post POST guard. Backfill: existing NOTE_UNLOCK
|
||||
# Lines (the only system-authored kind at this point) get True; all
|
||||
# others default False.
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
def backfill(apps, schema_editor):
|
||||
Line = apps.get_model("billboard", "Line")
|
||||
Line.objects.filter(post__kind="note_unlock").update(admin_solicited=True)
|
||||
|
||||
|
||||
def reverse_noop(apps, schema_editor):
|
||||
pass
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("billboard", "0004_post_title_line_author_created_at"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="line",
|
||||
name="admin_solicited",
|
||||
field=models.BooleanField(default=False),
|
||||
),
|
||||
migrations.RunPython(backfill, reverse_noop),
|
||||
]
|
||||
Reference in New Issue
Block a user