[Ready for Review] Feature: Replace v1 comment routes with v2 routes

api/comments/serializers.py

@@ -4,6 +4,7 @@
 from rest_framework.exceptions import ValidationError, PermissionDenied
 from api.base.exceptions import InvalidModelValueError, Conflict
 from api.base.utils import absolute_reverse
+from api.base.settings import osf_settings
 from api.base.serializers import (JSONAPISerializer,
                                   TargetField,
                                   RelationshipField,
@@ -29,7 +30,7 @@ class CommentSerializer(JSONAPISerializer):
 
     id = IDField(source='_id', read_only=True)
     type = TypeField()
-    content = AuthorizedCharField(source='get_content')
+    content = AuthorizedCharField(source='get_content', max_length=osf_settings.COMMENT_MAXLENGTH)
 
     target = TargetField(link_type='related', meta={'type': 'get_target_type'})
     user = RelationshipField(related_view='users:user-detail', related_view_kwargs={'user_id': '<user._id>'})
@@ -41,19 +42,41 @@ class CommentSerializer(JSONAPISerializer):
     date_modified = ser.DateTimeField(read_only=True)
     modified = ser.BooleanField(read_only=True, default=False)
     deleted = ser.BooleanField(read_only=True, source='is_deleted', default=False)
+    is_abuse = ser.SerializerMethodField(help_text='Whether the current user reported this comment.')
+    has_children = ser.SerializerMethodField(help_text='Whether this comment has any replies.')
+    can_edit = ser.SerializerMethodField(help_text='Whether the current user can edit this comment.')
 
     # LinksField.to_representation adds link to "self"
     links = LinksField({})
 
     class Meta:
         type_ = 'comments'
 
+    def get_is_abuse(self, obj):
+        user = self.context['request'].user
+        if user.is_anonymous():
+            return False
+        return user._id in obj.reports
+
+    def get_can_edit(self, obj):
+        user = self.context['request'].user
+        if user.is_anonymous():
+            return False
+        return obj.user._id == user._id
+
+    def get_has_children(self, obj):
+        return bool(getattr(obj, 'commented', []))
+
     def update(self, comment, validated_data):
         assert isinstance(comment, Comment), 'comment must be a Comment'
         auth = Auth(self.context['request'].user)
         if validated_data:
             if 'get_content' in validated_data:
-                comment.edit(validated_data['get_content'], auth=auth, save=True)
+                content = validated_data.pop('get_content')
+                content = content.strip()
+                if not content:
+                    raise ValidationError('Comment cannot be empty.')
+                comment.edit(content, auth=auth, save=True)
             if validated_data.get('is_deleted', None) is True:
                 comment.delete(auth, save=True)
             elif comment.is_deleted:
@@ -111,7 +134,10 @@ def create(self, validated_data):
                 detail='Invalid comment target \'{}\'.'.format(target_id)
             )
         validated_data['target'] = target
-        validated_data['content'] = validated_data.pop('get_content')
+        content = validated_data.pop('get_content')
+        validated_data['content'] = content.strip()
+        if not validated_data['content']:
+            raise ValidationError('Comment cannot be empty.')
         if node and node.can_comment(auth):
             comment = Comment.create(auth=auth, **validated_data)
         else:

api/comments/views.py

@@ -69,6 +69,9 @@ class CommentRepliesList(JSONAPIBaseView, generics.ListAPIView, CommentMixin, OD
         date_modified  iso8601 timestamp  timestamp when the comment was last updated
         modified       boolean            has this comment been edited?
         deleted        boolean            is this comment deleted?
+        is_abuse       boolean            has this comment been reported by the current user?
+        has_children   boolean            does this comment have replies?
+        can_edit       boolean            can the current user edit this comment?
 
     ##Links
 
@@ -141,6 +144,9 @@ class CommentDetail(JSONAPIBaseView, generics.RetrieveUpdateAPIView, CommentMixi
         date_modified  iso8601 timestamp  timestamp when the comment was last updated
         modified       boolean            has this comment been edited?
         deleted        boolean            is this comment deleted?
+        is_abuse       boolean            has this comment been reported by the current user?
+        has_children   boolean            does this comment have replies?
+        can_edit       boolean            can the current user edit this comment?
 
     ##Relationships
 

api/nodes/views.py

@@ -1770,6 +1770,9 @@ class NodeCommentsList(JSONAPIBaseView, generics.ListCreateAPIView, ODMFilterMix
         date_modified  iso8601 timestamp  timestamp when the comment was last updated
         modified       boolean            has this comment been edited?
         deleted        boolean            is this comment deleted?
+        is_abuse       boolean            has this comment been reported by the current user?
+        has_children   boolean            does this comment have replies?
+        can_edit       boolean            can the current user edit this comment?
 
     ##Links
 

api_tests/comments/views/test_comment_detail.py

@@ -2,6 +2,7 @@
 from nose.tools import *  # flake8: noqa
 
 from api.base.settings.defaults import API_BASE
+from api.base.settings import osf_settings
 from tests.base import ApiTestCase
 from tests.factories import ProjectFactory, AuthUserFactory, CommentFactory, RegistrationFactory
 
@@ -193,6 +194,39 @@ def test_public_node_non_contributor_commenter_can_update_comment(self):
         assert_equal(res.status_code, 200)
         assert_equal(payload['data']['attributes']['content'], res.json['data']['attributes']['content'])
 
+    def test_update_comment_cannot_exceed_max_length(self):
+        self._set_up_private_project_with_comment()
+        payload = {
+            'data': {
+                'id': self.comment._id,
+                'type': 'comments',
+                'attributes': {
+                    'content': ''.join(['c' for c in range(osf_settings.COMMENT_MAXLENGTH + 1)]),
+                    'deleted': False
+                }
+            }
+        }
+        res = self.app.put_json_api(self.private_url, payload, auth=self.user.auth, expect_errors=True)
+        assert_equal(res.status_code, 400)
+        assert_equal(res.json['errors'][0]['detail'],
+                     'Ensure this field has no more than {} characters.'.format(str(osf_settings.COMMENT_MAXLENGTH)))
+
+    def test_update_comment_cannot_be_empty(self):
+        self._set_up_private_project_with_comment()
+        payload = {
+            'data': {
+                'id': self.comment._id,
+                'type': 'comments',
+                'attributes': {
+                    'content': '',
+                    'deleted': False
+                }
+            }
+        }
+        res = self.app.put_json_api(self.private_url, payload, auth=self.user.auth, expect_errors=True)
+        assert_equal(res.status_code, 400)
+        assert_equal(res.json['errors'][0]['detail'], 'This field may not be blank.')
+
     def test_private_node_only_logged_in_contributor_commenter_can_delete_comment(self):
         self._set_up_private_project_with_comment()
         comment = CommentFactory(node=self.private_project, target=self.private_project, user=self.user)

api_tests/nodes/views/test_node_comments_list.py

@@ -4,6 +4,7 @@
 from framework.auth import core
 
 from api.base.settings.defaults import API_BASE
+from api.base.settings import osf_settings
 from tests.base import ApiTestCase
 from tests.factories import (
     ProjectFactory,
@@ -12,6 +13,7 @@
     CommentFactory,
     RetractedRegistrationFactory
 )
+from website.util.sanitize import strip_html
 
 
 class TestNodeCommentsList(ApiTestCase):
@@ -406,6 +408,73 @@ def test_create_comment_no_content(self):
         assert_equal(res.json['errors'][0]['detail'], 'This field may not be blank.')
         assert_equal(res.json['errors'][0]['source']['pointer'], '/data/attributes/content')
 
+    def test_create_comment_trims_whitespace(self):
+        self._set_up_private_project()
+        payload = {
+            'data': {
+                'type': 'comments',
+                'attributes': {
+                    'content': '   '
+                },
+                'relationships': {
+                    'target': {
+                        'data': {
+                            'type': 'nodes',
+                            'id': self.private_project._id
+                        }
+                    }
+                }
+            }
+        }
+        res = self.app.post_json_api(self.private_url, payload, auth=self.user.auth, expect_errors=True)
+        assert_equal(res.status_code, 400)
+        assert_equal(res.json['errors'][0]['detail'], 'Comment cannot be empty.')
+
+    def test_create_comment_sanitizes_input(self):
+        self._set_up_private_project()
+        payload = {
+            'data': {
+                'type': 'comments',
+                'attributes': {
+                    'content': '<em>Cool</em> <strong>Comment</strong>'
+                },
+                'relationships': {
+                    'target': {
+                        'data': {
+                            'type': 'nodes',
+                            'id': self.private_project._id
+                        }
+                    }
+                }
+            }
+        }
+        res = self.app.post_json_api(self.private_url, payload, auth=self.user.auth)
+        assert_equal(res.status_code, 201)
+        assert_equal(res.json['data']['attributes']['content'], strip_html(payload['data']['attributes']['content']))
+
+    def test_create_comment_exceeds_max_length(self):
+        self._set_up_private_project()
+        payload = {
+            'data': {
+                'type': 'comments',
+                'attributes': {
+                    'content': (''.join(['c' for c in range(osf_settings.COMMENT_MAXLENGTH + 1)]))
+                },
+                'relationships': {
+                    'target': {
+                        'data': {
+                            'type': 'nodes',
+                            'id': self.private_project._id
+                        }
+                    }
+                }
+            }
+        }
+        res = self.app.post_json_api(self.private_url, payload, auth=self.user.auth, expect_errors=True)
+        assert_equal(res.status_code, 400)
+        assert_equal(res.json['errors'][0]['detail'],
+                     'Ensure this field has no more than {} characters.'.format(str(osf_settings.COMMENT_MAXLENGTH)))
+
     def test_create_comment_invalid_target_node(self):
         url = '/{}nodes/{}/comments/'.format(API_BASE, 'abcde')
         payload = self._set_up_payload('abcde')

tests/test_models.py

@@ -30,7 +30,7 @@
 from website import filters, language, settings, mailchimp_utils
 from website.exceptions import NodeStateError
 from website.profile.utils import serialize_user
-from website.project.signals import contributor_added
+from website.project.signals import contributor_added, comment_added
 from website.project.model import (
     Comment, Node, NodeLog, Pointer, ensure_schemas, has_anonymous_link,
     get_pointer_parent, Embargo, MetaSchema, DraftRegistration
@@ -4126,6 +4126,17 @@ def test_create(self):
         assert_equal(len(comment.node.logs), 2)
         assert_equal(comment.node.logs[-1].action, NodeLog.COMMENT_ADDED)
 
+    def test_create_sends_comment_added_signal(self):
+        with capture_signals() as mock_signals:
+            comment = Comment.create(
+                auth=self.auth,
+                user=self.comment.user,
+                node=self.comment.node,
+                target=self.comment.target,
+                is_public=True,
+            )
+        assert_equal(mock_signals.signals_sent(), set([comment_added]))
+
     def test_edit(self):
         self.comment.edit(
             auth=self.auth,
@@ -4231,6 +4242,61 @@ def test_get_content_private_project_throws_permissions_error_for_logged_out_use
         with assert_raises(PermissionsError):
             comment.get_content(auth=None)
 
+    def test_find_unread_is_zero_when_no_comments(self):
+        n_unread = Comment.find_unread(user=UserFactory(), node=ProjectFactory())
+        assert_equal(n_unread, 0)
+
+    def test_find_unread_new_comments(self):
+        project = ProjectFactory()
+        user = UserFactory()
+        project.add_contributor(user)
+        project.save()
+        comment = CommentFactory(node=project, user=project.creator)
+        n_unread = Comment.find_unread(user=user, node=project)
+        assert_equal(n_unread, 1)
+
+    def test_find_unread_includes_comment_replies(self):
+        project = ProjectFactory()
+        user = UserFactory()
+        project.add_contributor(user)
+        project.save()
+        comment = CommentFactory(node=project, user=user)
+        reply = CommentFactory(node=project, target=comment, user=project.creator)
+        n_unread = Comment.find_unread(user=user, node=project)
+        assert_equal(n_unread, 1)
+
+    # Regression test for https://openscience.atlassian.net/browse/OSF-5193
+    def test_find_unread_includes_edited_comments(self):
+        project = ProjectFactory()
+        user = AuthUserFactory()
+        project.add_contributor(user)
+        project.save()
+        comment = CommentFactory(node=project, user=project.creator)
+
+        url = project.api_url_for('update_comments_timestamp')
+        res = self.app.put_json(url, auth=user.auth)
+        user.reload()
+        n_unread = Comment.find_unread(user=user, node=project)
+        assert_equal(n_unread, 0)
+
+        # Edit previously read comment
+        comment.edit(
+            auth=Auth(project.creator),
+            content='edited',
+            save=True
+        )
+        n_unread = Comment.find_unread(user=user, node=project)
+        assert_equal(n_unread, 1)
+
+    def test_find_unread_does_not_include_deleted_comments(self):
+        project = ProjectFactory()
+        user = AuthUserFactory()
+        project.add_contributor(user)
+        project.save()
+        comment = CommentFactory(node=project, user=project.creator, is_deleted=True)
+        n_unread = Comment.find_unread(user=user, node=project)
+        assert_equal(n_unread, 0)
+
 
 class TestPrivateLink(OsfTestCase):
 

tests/test_notifications.py

@@ -19,7 +19,7 @@
 from website.notifications.model import NotificationSubscription
 from website.notifications import emails
 from website.notifications import utils
-from website.project.model import Node
+from website.project.model import Node, Comment
 from website import mails
 from website.util import api_url_for
 from website.util import web_url_for
@@ -1089,21 +1089,18 @@ def test_check_user_comment_reply_subscription_if_email_not_sent_to_target_user(
         # user is not subscribed to project comment notifications
         project = factories.ProjectFactory()
 
-        # reply to user
+        # user comments on project
         target = factories.CommentFactory(node=project, user=user)
         content = 'hammer to fall'
 
-        # auth=project.creator.auth
-        url = project.api_url + 'comment/'
-        self.app.post_json(
-            url,
-            {
-                'content': content,
-                'isPublic': 'public',
-                'target': target._id
-
-            },
-            auth=project.creator.auth
+        # reply to user (note: notify is called from Comment.create)
+        reply = Comment.create(
+                auth=Auth(project.creator),
+                user=project.creator,
+                node=project,
+                content=content,
+                target=target,
+                is_public=True,
         )
         assert_true(mock_notify.called)
         assert_equal(mock_notify.call_count, 2)