Commits

Patrick Samson committed 35e274e

Delete, Undelete or Archive actions on a thread must not affect non accepted received messages

Comments (0)

Files changed (2)

             (models.Q(recipient=user) & models.Q(moderation_status=STATUS_ACCEPTED)) | models.Q(sender=user),
         ).order_by('sent_at')
 
+    def as_recipient(self, user, filter):
+        """
+        Return messages matching a filter AND being visible to a user as the recipient.
+        """
+        return self.filter(filter, recipient=user, moderation_status=STATUS_ACCEPTED)
+
+    def as_sender(self, user, filter):
+        """
+        Return messages matching a filter AND being visible to a user as the sender.
+        """
+        return self.filter(filter, sender=user) # any status is fine
+
     def perms(self, user):
         """
         Return a field-lookups filter as a permission controller for a reply request.
     pks = request.POST.getlist('pks')
     tpks = request.POST.getlist('tpks')
     if pks or tpks:
-        queryset = Message.objects.filter(Q(pk__in=pks) | Q(thread__in=tpks))
         user = request.user
-        recipient_rows = queryset.filter(recipient=user).update(**{'recipient_{0}'.format(field_bit): field_value})
-        sender_rows = queryset.filter(sender=user).update(**{'sender_{0}'.format(field_bit): field_value})
+        filter = Q(pk__in=pks) | Q(thread__in=tpks)
+        recipient_rows = Message.objects.as_recipient(user, filter).update(**{'recipient_{0}'.format(field_bit): field_value})
+        sender_rows = Message.objects.as_sender(user, filter).update(**{'sender_{0}'.format(field_bit): field_value})
         if not (recipient_rows or sender_rows):
             raise Http404 # abnormal enough, like forged ids
         messages.success(request, success_msg, fail_silently=True)