server/comments: add comment deleting

API.md

@@ -43,7 +43,7 @@
         - [Creating comment](#creating-comment)
         - [Updating comment](#updating-comment)
         - ~~Getting comment~~
-        - ~~Deleting comment~~
+        - [Deleting comment](#deleting-comment)
         - ~~Rating comment~~
     - Users
         - [Listing users](#listing-users)
@@ -740,6 +740,27 @@ data.
     Updates an existing comment text.
 
 
+## Deleting comment
+- **Request**
+
+    `DELETE /comment/<id>`
+
+- **Output**
+
+    ```json5
+    {}
+    ```
+
+- **Errors**
+
+    - the comment does not exist
+    - privileges are too low
+
+- **Description**
+
+    Deletes existing comment.
+
+
 ## Listing users
 - **Request**
 

server/szurubooru/api/comment_api.py

@@ -43,4 +43,17 @@ class CommentDetailApi(BaseApi):
         return {'comment': comments.serialize_comment(comment, ctx.user)}
 
     def delete(self, ctx, comment_id):
-        raise NotImplementedError()
+        comment = comments.get_comment_by_id(comment_id)
+        if not comment:
+            raise comments.CommentNotFoundError(
+                'Comment %r not found.' % comment_id)
+
+        if ctx.user.user_id == comment.user_id:
+            infix = 'self'
+        else:
+            infix = 'any'
+
+        auth.verify_privilege(ctx.user, 'comments:delete:%s' % infix)
+        ctx.session.delete(comment)
+        ctx.session.commit()
+        return {}

server/szurubooru/tests/api/test_comment_deleting.py

@@ -0,0 +1,57 @@
+import pytest
+from datetime import datetime
+from szurubooru import api, db, errors
+from szurubooru.func import util, comments
+
+@pytest.fixture
+def test_ctx(config_injector, context_factory, user_factory, comment_factory):
+    config_injector({
+        'privileges': {
+            'comments:delete:self': 'regular_user',
+            'comments:delete:any': 'mod',
+        },
+        'ranks': ['anonymous', 'regular_user', 'mod', 'admin'],
+    })
+    ret = util.dotdict()
+    ret.context_factory = context_factory
+    ret.user_factory = user_factory
+    ret.comment_factory = comment_factory
+    ret.api = api.CommentDetailApi()
+    return ret
+
+def test_deleting_own_comment(test_ctx):
+    user = test_ctx.user_factory()
+    comment = test_ctx.comment_factory(user=user)
+    db.session.add(comment)
+    db.session.commit()
+    result = test_ctx.api.delete(
+        test_ctx.context_factory(user=user), comment.comment_id)
+    assert result == {}
+    assert db.session.query(db.Comment).count() == 0
+
+def test_deleting_someones_else_comment(test_ctx):
+    user1 = test_ctx.user_factory(rank='regular_user')
+    user2 = test_ctx.user_factory(rank='mod')
+    comment = test_ctx.comment_factory(user=user1)
+    db.session.add(comment)
+    db.session.commit()
+    result = test_ctx.api.delete(
+        test_ctx.context_factory(user=user2), comment.comment_id)
+    assert db.session.query(db.Comment).count() == 0
+
+def test_trying_to_delete_someones_else_comment_without_privileges(test_ctx):
+    user1 = test_ctx.user_factory(rank='regular_user')
+    user2 = test_ctx.user_factory(rank='regular_user')
+    comment = test_ctx.comment_factory(user=user1)
+    db.session.add(comment)
+    db.session.commit()
+    with pytest.raises(errors.AuthError):
+        test_ctx.api.delete(
+            test_ctx.context_factory(user=user2), comment.comment_id)
+    assert db.session.query(db.Comment).count() == 1
+
+def test_trying_to_delete_non_existing(test_ctx):
+    with pytest.raises(comments.CommentNotFoundError):
+        test_ctx.api.delete(
+            test_ctx.context_factory(
+                user=test_ctx.user_factory(rank='regular_user')), 1)