[mediagoblin.git] / mediagoblin / decorators.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from functools import wraps

from urlparse import urljoin
from urllib import urlencode

from webob import exc

from mediagoblin.db.util import ObjectId, InvalidId
from mediagoblin.tools.response import redirect, render_404


def require_active_login(controller):
    """
    Require an active login from the user.
    """
    @wraps(controller)
    def new_controller_func(request, *args, **kwargs):
        if request.user and \
                request.user.get('status') == u'needs_email_verification':
            return redirect(
                request, 'mediagoblin.user_pages.user_home',
                user=request.user.username)
        elif not request.user or request.user.get('status') != u'active':
            next_url = urljoin(
                    request.urlgen('mediagoblin.auth.login',
                        qualified=True),
                    request.url)

            return exc.HTTPFound(
                location='?'.join([
                    request.urlgen('mediagoblin.auth.login'),
                    urlencode({
                        'next': next_url})]))

        return controller(request, *args, **kwargs)

    return new_controller_func


def user_may_delete_media(controller):
    """
    Require user ownership of the MediaEntry to delete.
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        uploader_id = request.db.MediaEntry.find_one(
            {'_id': ObjectId(request.matchdict['media'])}).uploader
        if not (request.user.is_admin or
                request.user._id == uploader_id):
            return exc.HTTPForbidden()

        return controller(request, *args, **kwargs)

    return wrapper


def user_may_alter_collection(controller):
    """
    Require user ownership of the Collection to modify.
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        creator_id = request.db.User.find_one(
            {'username': request.matchdict['user']}).id
        if not (request.user.is_admin or
                request.user._id == creator_id):
            return exc.HTTPForbidden()

        return controller(request, *args, **kwargs)

    return wrapper


def uses_pagination(controller):
    """
    Check request GET 'page' key for wrong values
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        try:
            page = int(request.GET.get('page', 1))
            if page < 0:
                return render_404(request)
        except ValueError:
            return render_404(request)

        return controller(request, page=page, *args, **kwargs)

    return wrapper


def get_user_media_entry(controller):
    """
    Pass in a MediaEntry based off of a url component
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        user = request.db.User.find_one(
            {'username': request.matchdict['user']})

        if not user:
            return render_404(request)
        media = request.db.MediaEntry.find_one(
            {'slug': request.matchdict['media'],
             'state': u'processed',
             'uploader': user._id})

        # no media via slug?  Grab it via ObjectId
        if not media:
            try:
                media = request.db.MediaEntry.find_one(
                    {'_id': ObjectId(request.matchdict['media']),
                     'state': u'processed',
                     'uploader': user._id})
            except InvalidId:
                return render_404(request)

            # Still no media?  Okay, 404.
            if not media:
                return render_404(request)

        return controller(request, media=media, *args, **kwargs)

    return wrapper


def get_user_collection(controller):
    """
    Pass in a Collection based off of a url component
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        user = request.db.User.find_one(
            {'username': request.matchdict['user']})

        if not user:
            return render_404(request)

        collection = request.db.Collection.find_one(
            {'slug': request.matchdict['collection'],
             'creator': user._id})

        # Still no collection?  Okay, 404.
        if not collection:
            return render_404(request)

        return controller(request, collection=collection, *args, **kwargs)

    return wrapper


def get_user_collection_item(controller):
    """
    Pass in a CollectionItem based off of a url component
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        user = request.db.User.find_one(
            {'username': request.matchdict['user']})

        if not user:
            return render_404(request)

        collection = request.db.Collection.find_one(
            {'slug': request.matchdict['collection'],
             'creator': user._id})

        collection_item = request.db.CollectionItem.find_one(
            {'_id': request.matchdict['collection_item'] })

        # Still no collection item?  Okay, 404.
        if not collection_item:
            return render_404(request)

        return controller(request, collection_item=collection_item, *args, **kwargs)

    return wrapper


def get_media_entry_by_id(controller):
    """
    Pass in a MediaEntry based off of a url component
    """
    @wraps(controller)
    def wrapper(request, *args, **kwargs):
        try:
            media = request.db.MediaEntry.find_one(
                {'_id': ObjectId(request.matchdict['media']),
                 'state': u'processed'})
        except InvalidId:
            return render_404(request)

        # Still no media?  Okay, 404.
        if not media:
            return render_404(request)

        return controller(request, media=media, *args, **kwargs)

    return wrapper
Commit	Line	Data
bb3eaf20	1	# GNU MediaGoblin -- federated, autonomous media hosting
cf29e8a8	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
bb3eaf20 CAW	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
1e03504e	17	from functools import wraps
bb3eaf20	18
3a199328 JW	19	from urlparse import urljoin
	20	from urllib import urlencode
	21
bb3eaf20 CAW	22	from webob import exc
bb3eaf20 CAW	23
3efdd97c	24	from mediagoblin.db.util import ObjectId, InvalidId
1e03504e	25	from mediagoblin.tools.response import redirect, render_404
bb3eaf20 CAW	26
	27
	28	def require_active_login(controller):
	29	"""
	30	Require an active login from the user.
	31	"""
1e03504e	32	@wraps(controller)
bb3eaf20	33	def new_controller_func(request, args, *kwargs):
a72c504b CAW	34	if request.user and \
a72c504b CAW	35	request.user.get('status') == u'needs_email_verification':
d43b472a CAW	36	return redirect(
d43b472a CAW	37	request, 'mediagoblin.user_pages.user_home',
5a4e3ff1	38	user=request.user.username)
bcec749b	39	elif not request.user or request.user.get('status') != u'active':
3a199328 JW	40	next_url = urljoin(
	41	request.urlgen('mediagoblin.auth.login',
	42	qualified=True),
	43	request.url)
	44
bb3eaf20	45	return exc.HTTPFound(
3a199328 JW	46	location='?'.join([
	47	request.urlgen('mediagoblin.auth.login'),
	48	urlencode({
	49	'next': next_url})]))
bb3eaf20 CAW	50
	51	return controller(request, args, *kwargs)
	52
1e03504e	53	return new_controller_func
3eb6fc4f	54
53c5e0b0	55
502073f2 JW	56	def user_may_delete_media(controller):
502073f2 JW	57	"""
53c5e0b0	58	Require user ownership of the MediaEntry to delete.
502073f2	59	"""
1e03504e	60	@wraps(controller)
502073f2	61	def wrapper(request, args, *kwargs):
4deda94a E	62	uploader_id = request.db.MediaEntry.find_one(
4deda94a E	63	{'_id': ObjectId(request.matchdict['media'])}).uploader
bec591d8	64	if not (request.user.is_admin or
4deda94a	65	request.user._id == uploader_id):
502073f2 JW	66	return exc.HTTPForbidden()
	67
	68	return controller(request, args, *kwargs)
	69
1e03504e	70	return wrapper
502073f2	71
3eb6fc4f	72
be5be115 AW	73	def user_may_alter_collection(controller):
	74	"""
	75	Require user ownership of the Collection to modify.
	76	"""
	77	@wraps(controller)
	78	def wrapper(request, args, *kwargs):
	79	creator_id = request.db.User.find_one(
	80	{'username': request.matchdict['user']}).id
	81	if not (request.user.is_admin or
	82	request.user._id == creator_id):
	83	return exc.HTTPForbidden()
	84
	85	return controller(request, args, *kwargs)
	86
	87	return wrapper
	88
	89
3eb6fc4f BK	90	def uses_pagination(controller):
	91	"""
	92	Check request GET 'page' key for wrong values
	93	"""
1e03504e	94	@wraps(controller)
3eb6fc4f BK	95	def wrapper(request, args, *kwargs):
3eb6fc4f BK	96	try:
1301a8ad	97	page = int(request.GET.get('page', 1))
3eb6fc4f	98	if page < 0:
de12b4e7	99	return render_404(request)
3eb6fc4f	100	except ValueError:
de12b4e7	101	return render_404(request)
3eb6fc4f	102
439e37f7	103	return controller(request, page=page, args, *kwargs)
3eb6fc4f	104
1e03504e	105	return wrapper
724933b1 CAW	106
724933b1 CAW	107
01674e10	108	def get_user_media_entry(controller):
724933b1 CAW	109	"""
	110	Pass in a MediaEntry based off of a url component
	111	"""
1e03504e	112	@wraps(controller)
724933b1	113	def wrapper(request, args, *kwargs):
01674e10 CAW	114	user = request.db.User.find_one(
	115	{'username': request.matchdict['user']})
	116
	117	if not user:
de12b4e7	118	return render_404(request)
724933b1 CAW	119	media = request.db.MediaEntry.find_one(
724933b1 CAW	120	{'slug': request.matchdict['media'],
5bd0adeb	121	'state': u'processed',
eabe6b67	122	'uploader': user._id})
724933b1 CAW	123
	124	# no media via slug? Grab it via ObjectId
	125	if not media:
01674e10 CAW	126	try:
	127	media = request.db.MediaEntry.find_one(
	128	{'_id': ObjectId(request.matchdict['media']),
5bd0adeb	129	'state': u'processed',
eabe6b67	130	'uploader': user._id})
01674e10	131	except InvalidId:
de12b4e7	132	return render_404(request)
724933b1 CAW	133
	134	# Still no media? Okay, 404.
	135	if not media:
de12b4e7	136	return render_404(request)
724933b1 CAW	137
	138	return controller(request, media=media, args, *kwargs)
	139
1e03504e	140	return wrapper
aba81c9f	141
243c3843	142
be5be115 AW	143	def get_user_collection(controller):
	144	"""
	145	Pass in a Collection based off of a url component
	146	"""
	147	@wraps(controller)
	148	def wrapper(request, args, *kwargs):
	149	user = request.db.User.find_one(
	150	{'username': request.matchdict['user']})
	151
	152	if not user:
	153	return render_404(request)
	154
	155	collection = request.db.Collection.find_one(
	156	{'slug': request.matchdict['collection'],
	157	'creator': user._id})
	158
	159	# Still no collection? Okay, 404.
	160	if not collection:
	161	return render_404(request)
	162
	163	return controller(request, collection=collection, args, *kwargs)
	164
	165	return wrapper
	166
	167
	168	def get_user_collection_item(controller):
	169	"""
	170	Pass in a CollectionItem based off of a url component
	171	"""
	172	@wraps(controller)
	173	def wrapper(request, args, *kwargs):
	174	user = request.db.User.find_one(
	175	{'username': request.matchdict['user']})
	176
	177	if not user:
	178	return render_404(request)
	179
	180	collection = request.db.Collection.find_one(
	181	{'slug': request.matchdict['collection'],
	182	'creator': user._id})
	183
	184	collection_item = request.db.CollectionItem.find_one(
	185	{'_id': request.matchdict['collection_item'] })
	186
	187	# Still no collection item? Okay, 404.
	188	if not collection_item:
	189	return render_404(request)
	190
	191	return controller(request, collection_item=collection_item, args, *kwargs)
	192
	193	return wrapper
	194
	195
aba81c9f E	196	def get_media_entry_by_id(controller):
	197	"""
	198	Pass in a MediaEntry based off of a url component
	199	"""
1e03504e	200	@wraps(controller)
aba81c9f E	201	def wrapper(request, args, *kwargs):
	202	try:
	203	media = request.db.MediaEntry.find_one(
	204	{'_id': ObjectId(request.matchdict['media']),
5bd0adeb	205	'state': u'processed'})
aba81c9f	206	except InvalidId:
de12b4e7	207	return render_404(request)
aba81c9f E	208
	209	# Still no media? Okay, 404.
	210	if not media:
de12b4e7	211	return render_404(request)
aba81c9f E	212
	213	return controller(request, media=media, args, *kwargs)
	214
1e03504e	215	return wrapper