API to moderate and delete news

com/api.py

@@ -5,6 +5,8 @@ from django.http import Http404
 from ninja_extra import ControllerBase, api_controller, route
 
 from com.calendar import IcsCalendar
+from com.models import News
+from core.auth.api_permissions import HasPerm
 from core.views.files import send_raw_file
 
 
@@ -17,7 +19,7 @@ class CalendarController(ControllerBase):
         """Return the ICS file of the AE Google Calendar
 
         Because of Google's cors rules, we can't just do a request to google ics
-        from the frontend. Google is blocking CORS request in it's responses headers.
+        from the frontend. Google is blocking CORS request in its responses headers.
         The only way to do it from the frontend is to use Google Calendar API with an API key
         This is not especially desirable as your API key is going to be provided to the frontend.
 
@@ -30,3 +32,26 @@ class CalendarController(ControllerBase):
     @route.get("/internal.ics", url_name="calendar_internal")
     def calendar_internal(self):
         return send_raw_file(IcsCalendar.get_internal())
+
+
+@api_controller("/news")
+class NewsController(ControllerBase):
+    @route.patch(
+        "/{news_id}/moderate",
+        permissions=[HasPerm("com.moderate_news")],
+        url_name="moderate_news",
+    )
+    def moderate_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        if not news.is_moderated:
+            news.is_moderated = True
+            news.save()
+
+    @route.delete(
+        "/{news_id}",
+        permissions=[HasPerm("com.delete_news")],
+        url_name="delete_news",
+    )
+    def delete_news(self, news_id: int):
+        news = self.get_object_or_exception(News, id=news_id)
+        news.delete()