1 files changed, 61 insertions, 24 deletions

diff --git a/activities/views/posts.py b/activities/views/posts.py
index 59b1f56..5d7b0c9 100644
--- a/activities/views/posts.py
+++ b/activities/views/posts.py
@@ -1,6 +1,8 @@
 from django import forms
-from django.http import Http404, JsonResponse
+from django.core.exceptions import PermissionDenied
+from django.http import JsonResponse
 from django.shortcuts import get_object_or_404, redirect, render
+from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views.generic import FormView, TemplateView, View
 
@@ -143,11 +145,11 @@ class Delete(TemplateView):
     template_name = "activities/post_delete.html"
 
     def dispatch(self, request, handle, post_id):
+        # Make sure the request identity owns the post!
+        if handle != request.identity.handle:
+            raise PermissionDenied("Post author is not requestor")
         self.identity = by_handle_or_404(self.request, handle, local=False)
         self.post_obj = get_object_or_404(self.identity.posts, pk=post_id)
-        # Make sure the request identity owns the post!
-        if self.post_obj.author != request.identity:
-            raise Http404("Post author is not requestor")
         return super().dispatch(request)
 
     def get_context_data(self):
@@ -164,6 +166,10 @@ class Compose(FormView):
     template_name = "activities/compose.html"
 
     class form_class(forms.Form):
+        id = forms.IntegerField(
+            required=False,
+            widget=forms.HiddenInput(),
+        )
 
         text = forms.CharField(
             widget=forms.Textarea(
@@ -206,33 +212,64 @@ class Compose(FormView):
 
     def get_initial(self):
         initial = super().get_initial()
-        initial[
-            "visibility"
-        ] = self.request.identity.config_identity.default_post_visibility
-        if self.reply_to:
-            initial["reply_to"] = self.reply_to.pk
-            initial["visibility"] = self.reply_to.visibility
-            initial["text"] = f"@{self.reply_to.author.handle} "
+        if self.post_obj:
+            initial.update(
+                {
+                    "id": self.post_obj.id,
+                    "reply_to": self.reply_to.pk if self.reply_to else "",
+                    "visibility": self.post_obj.visibility,
+                    "text": self.post_obj.content,
+                    "content_warning": self.post_obj.summary,
+                }
+            )
+        else:
+            initial[
+                "visibility"
+            ] = self.request.identity.config_identity.default_post_visibility
+            if self.reply_to:
+                initial["reply_to"] = self.reply_to.pk
+                initial["visibility"] = self.reply_to.visibility
+                initial["text"] = f"@{self.reply_to.author.handle} "
         return initial
 
     def form_valid(self, form):
-        post = Post.create_local(
-            author=self.request.identity,
-            content=form.cleaned_data["text"],
-            summary=form.cleaned_data.get("content_warning"),
-            visibility=form.cleaned_data["visibility"],
-            reply_to=self.reply_to,
-        )
-        # Add their own timeline event for immediate visibility
-        TimelineEvent.add_post(self.request.identity, post)
+        post_id = form.cleaned_data.get("id")
+        if post_id:
+            post = get_object_or_404(self.request.identity.posts, pk=post_id)
+            post.edited = timezone.now()
+            post.content = form.cleaned_data["text"]
+            post.summary = form.cleaned_data.get("content_warning")
+            post.visibility = form.cleaned_data["visibility"]
+            post.save()
+
+            # Should there be a timeline event for edits?
+            # E.g. "@user edited #123"
+
+            post.transition_perform(PostStates.edited)
+        else:
+            post = Post.create_local(
+                author=self.request.identity,
+                content=form.cleaned_data["text"],
+                summary=form.cleaned_data.get("content_warning"),
+                visibility=form.cleaned_data["visibility"],
+                reply_to=self.reply_to,
+            )
+            # Add their own timeline event for immediate visibility
+            TimelineEvent.add_post(self.request.identity, post)
         return redirect("/")
 
-    def dispatch(self, request, *args, **kwargs):
+    def dispatch(self, request, handle=None, post_id=None, *args, **kwargs):
+        self.post_obj = None
+        if handle and post_id:
+            # Make sure the request identity owns the post!
+            if handle != request.identity.handle:
+                raise PermissionDenied("Post author is not requestor")
+
+            self.post_obj = get_object_or_404(request.identity.posts, pk=post_id)
+
         # Grab the reply-to post info now
         self.reply_to = None
-        reply_to_id = self.request.POST.get("reply_to") or self.request.GET.get(
-            "reply_to"
-        )
+        reply_to_id = request.POST.get("reply_to") or request.GET.get("reply_to")
         if reply_to_id:
             try:
                 self.reply_to = Post.objects.get(pk=reply_to_id)