[mediagoblin.git] / mediagoblin / decorators.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 Free Software Foundation, Inc
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


from webob import exc

from mediagoblin.util import redirect, render_404
from mediagoblin.db.util import ObjectId, InvalidId


def _make_safe(decorator, original):
    """
    Copy the function data from the old function to the decorator.
    """
    decorator.__name__ = original.__name__
    decorator.__dict__ = original.__dict__
    decorator.__doc__ = original.__doc__
    return decorator


def require_active_login(controller):
    """
    Require an active login from the user.
    """
    def new_controller_func(request, *args, **kwargs):
        if request.user and \
                request.user.get('status') == u'needs_email_verification':
            return redirect(
                request, 'mediagoblin.user_pages.user_home',
                user=request.user['username'])
        elif not request.user or request.user.get('status') != u'active':
            return exc.HTTPFound(
                location="%s?next=%s" % (
                    request.urlgen("mediagoblin.auth.login"),
                    request.path_info))

        return controller(request, *args, **kwargs)

    return _make_safe(new_controller_func, controller)

def user_may_delete_media(controller):
    """
    Require user ownership of the MediaEntry

    Originally:
def may_delete_media(request, media):
    \"\"\"
    Check, if the request's user may edit the media details
    \"\"\"
    if media['uploader'] == request.user['_id']:
        return True
    if request.user['is_admin']:
        return True
    return False
    """
    def wrapper(request, *args, **kwargs):
        if not request.user['_id'] == request.db.MediaEntry.find_one(
            {'_id': ObjectId(
                    request.matchdict['media'])}).uploader()['_id']:
            return exc.HTTPForbidden()

        return controller(request, *args, **kwargs)

    return _make_safe(wrapper, controller)


def uses_pagination(controller):
    """
    Check request GET 'page' key for wrong values
    """
    def wrapper(request, *args, **kwargs):
        try:
            page = int(request.GET.get('page', 1))
            if page < 0:
                return render_404(request)
        except ValueError:
            return render_404(request)

        return controller(request, page=page, *args, **kwargs)

    return _make_safe(wrapper, controller)


def get_user_media_entry(controller):
    """
    Pass in a MediaEntry based off of a url component
    """
    def wrapper(request, *args, **kwargs):
        user = request.db.User.find_one(
            {'username': request.matchdict['user']})

        if not user:
            return render_404(request)

        media = request.db.MediaEntry.find_one(
            {'slug': request.matchdict['media'],
             'state': 'processed',
             'uploader': user['_id']})

        # no media via slug?  Grab it via ObjectId
        if not media:
            try:
                media = request.db.MediaEntry.find_one(
                    {'_id': ObjectId(request.matchdict['media']),
                     'state': 'processed',
                     'uploader': user['_id']})
            except InvalidId:
                return render_404(request)

            # Still no media?  Okay, 404.
            if not media:
                return render_404(request)

        return controller(request, media=media, *args, **kwargs)

    return _make_safe(wrapper, controller)

def get_media_entry_by_id(controller):
    """
    Pass in a MediaEntry based off of a url component
    """
    def wrapper(request, *args, **kwargs):
        try:
            media = request.db.MediaEntry.find_one(
                {'_id': ObjectId(request.matchdict['media']),
                 'state': 'processed'})
        except InvalidId:
            return render_404(request)

        # Still no media?  Okay, 404.
        if not media:
            return render_404(request)

        return controller(request, media=media, *args, **kwargs)

    return _make_safe(wrapper, controller)
Commit	Line	Data
bb3eaf20 CAW	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2011 Free Software Foundation, Inc
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17
	18	from webob import exc
	19
de12b4e7	20	from mediagoblin.util import redirect, render_404
3efdd97c	21	from mediagoblin.db.util import ObjectId, InvalidId
724933b1	22
bb3eaf20 CAW	23
	24	def _make_safe(decorator, original):
	25	"""
	26	Copy the function data from the old function to the decorator.
	27	"""
	28	decorator.__name__ = original.__name__
	29	decorator.__dict__ = original.__dict__
	30	decorator.__doc__ = original.__doc__
	31	return decorator
	32
	33
	34	def require_active_login(controller):
	35	"""
	36	Require an active login from the user.
	37	"""
	38	def new_controller_func(request, args, *kwargs):
a72c504b CAW	39	if request.user and \
a72c504b CAW	40	request.user.get('status') == u'needs_email_verification':
d43b472a CAW	41	return redirect(
	42	request, 'mediagoblin.user_pages.user_home',
	43	user=request.user['username'])
bcec749b	44	elif not request.user or request.user.get('status') != u'active':
bb3eaf20	45	return exc.HTTPFound(
7eba0306 CAW	46	location="%s?next=%s" % (
	47	request.urlgen("mediagoblin.auth.login"),
	48	request.path_info))
bb3eaf20 CAW	49
	50	return controller(request, args, *kwargs)
	51
	52	return _make_safe(new_controller_func, controller)
3eb6fc4f	53
502073f2 JW	54	def user_may_delete_media(controller):
	55	"""
	56	Require user ownership of the MediaEntry
	57
	58	Originally:
	59	def may_delete_media(request, media):
	60	\"\"\"
	61	Check, if the request's user may edit the media details
	62	\"\"\"
	63	if media['uploader'] == request.user['_id']:
	64	return True
	65	if request.user['is_admin']:
	66	return True
	67	return False
	68	"""
	69	def wrapper(request, args, *kwargs):
	70	if not request.user['_id'] == request.db.MediaEntry.find_one(
	71	{'_id': ObjectId(
	72	request.matchdict['media'])}).uploader()['_id']:
	73	return exc.HTTPForbidden()
	74
	75	return controller(request, args, *kwargs)
	76
	77	return _make_safe(wrapper, controller)
	78
3eb6fc4f BK	79
	80	def uses_pagination(controller):
	81	"""
	82	Check request GET 'page' key for wrong values
	83	"""
	84	def wrapper(request, args, *kwargs):
	85	try:
1301a8ad	86	page = int(request.GET.get('page', 1))
3eb6fc4f	87	if page < 0:
de12b4e7	88	return render_404(request)
3eb6fc4f	89	except ValueError:
de12b4e7	90	return render_404(request)
3eb6fc4f	91
439e37f7	92	return controller(request, page=page, args, *kwargs)
3eb6fc4f	93
3c2567ac	94	return _make_safe(wrapper, controller)
724933b1 CAW	95
724933b1 CAW	96
01674e10	97	def get_user_media_entry(controller):
724933b1 CAW	98	"""
	99	Pass in a MediaEntry based off of a url component
	100	"""
	101	def wrapper(request, args, *kwargs):
01674e10 CAW	102	user = request.db.User.find_one(
	103	{'username': request.matchdict['user']})
	104
	105	if not user:
de12b4e7	106	return render_404(request)
01674e10	107
724933b1 CAW	108	media = request.db.MediaEntry.find_one(
724933b1 CAW	109	{'slug': request.matchdict['media'],
01674e10	110	'state': 'processed',
16509be1	111	'uploader': user['_id']})
724933b1 CAW	112
	113	# no media via slug? Grab it via ObjectId
	114	if not media:
01674e10 CAW	115	try:
	116	media = request.db.MediaEntry.find_one(
	117	{'_id': ObjectId(request.matchdict['media']),
	118	'state': 'processed',
16509be1	119	'uploader': user['_id']})
01674e10	120	except InvalidId:
de12b4e7	121	return render_404(request)
724933b1 CAW	122
	123	# Still no media? Okay, 404.
	124	if not media:
de12b4e7	125	return render_404(request)
724933b1 CAW	126
	127	return controller(request, media=media, args, *kwargs)
	128
	129	return _make_safe(wrapper, controller)
aba81c9f E	130
	131	def get_media_entry_by_id(controller):
	132	"""
	133	Pass in a MediaEntry based off of a url component
	134	"""
	135	def wrapper(request, args, *kwargs):
	136	try:
	137	media = request.db.MediaEntry.find_one(
	138	{'_id': ObjectId(request.matchdict['media']),
	139	'state': 'processed'})
	140	except InvalidId:
de12b4e7	141	return render_404(request)
aba81c9f E	142
	143	# Still no media? Okay, 404.
	144	if not media:
de12b4e7	145	return render_404(request)
aba81c9f E	146
	147	return controller(request, media=media, args, *kwargs)
	148
	149	return _make_safe(wrapper, controller)
502073f2	150