[mediagoblin.git] / mediagoblin / edit / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import uuid

from webob import exc
from string import split
from cgi import FieldStorage
from datetime import datetime

from werkzeug.utils import secure_filename

from mediagoblin import messages
from mediagoblin import mg_globals

from mediagoblin.auth import lib as auth_lib
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
from mediagoblin.decorators import require_active_login, get_user_media_entry
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.text import (
    clean_html, convert_to_tag_list_of_dicts,
    media_tags_as_string)
from mediagoblin.tools.licenses import SUPPORTED_LICENSES


@get_user_media_entry
@require_active_login
def edit_media(request, media):
    if not may_edit_media(request, media):
        return exc.HTTPForbidden()

    defaults = dict(
        title=media.title,
        slug=media.slug,
        description=media.description,
        tags=media_tags_as_string(media.tags),
        license=media.license)

    form = forms.EditForm(
        request.POST,
        **defaults)

    if request.method == 'POST' and form.validate():
        # Make sure there isn't already a MediaEntry with such a slug
        # and userid.
        existing_user_slug_entries = request.db.MediaEntry.find(
            {'slug': request.POST['slug'],
             'uploader': media.uploader,
             '_id': {'$ne': media._id}}).count()

        if existing_user_slug_entries:
            form.slug.errors.append(
                _(u'An entry with that slug already exists for this user.'))
        else:
            media.title = unicode(request.POST['title'])
            media.description = unicode(request.POST.get('description'))
            media.tags = convert_to_tag_list_of_dicts(
                                   request.POST.get('tags'))

            media.license = unicode(request.POST.get('license', '')) or None

            media.slug = unicode(request.POST['slug'])

            media.save()

            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))

    if request.user.is_admin \
            and media.uploader != request.user._id \
            and request.method != 'POST':
        messages.add_message(
            request, messages.WARNING,
            _("You are editing another user's media. Proceed with caution."))

    return render_to_response(
        request,
        'mediagoblin/edit/edit.html',
        {'media': media,
         'form': form})


@get_user_media_entry
@require_active_login
def edit_attachments(request, media):
    if mg_globals.app_config['allow_attachments']:
        form = forms.EditAttachmentsForm()

        # Add any attachements
        if ('attachment_file' in request.POST
            and isinstance(request.POST['attachment_file'], FieldStorage)
            and request.POST['attachment_file'].file):

            attachment_public_filepath \
                = mg_globals.public_store.get_unique_filepath(
                ['media_entries', unicode(media._id), 'attachment',
                 secure_filename(request.POST['attachment_file'].filename)])

            attachment_public_file = mg_globals.public_store.get_file(
                attachment_public_filepath, 'wb')

            try:
                attachment_public_file.write(
                    request.POST['attachment_file'].file.read())
            finally:
                request.POST['attachment_file'].file.close()

            media.attachment_files.append(dict(
                    name=request.POST['attachment_name'] \
                        or request.POST['attachment_file'].filename,
                    filepath=attachment_public_filepath,
                    created=datetime.utcnow(),
                    ))

            media.save()

            messages.add_message(
                request, messages.SUCCESS,
                "You added the attachment %s!" \
                    % (request.POST['attachment_name']
                       or request.POST['attachment_file'].filename))

            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))
        return render_to_response(
            request,
            'mediagoblin/edit/attachments.html',
            {'media': media,
             'form': form})
    else:
        return exc.HTTPForbidden()


@require_active_login
def edit_profile(request):
    # admins may edit any user profile given a username in the querystring
    edit_username = request.GET.get('username')
    if request.user.is_admin and request.user.username != edit_username:
        user = request.db.User.find_one({'username': edit_username})
        # No need to warn again if admin just submitted an edited profile
        if request.method != 'POST':
            messages.add_message(
                request, messages.WARNING,
                _("You are editing a user's profile. Proceed with caution."))
    else:
        user = request.user

    form = forms.EditProfileForm(request.POST,
        url=user.get('url'),
        bio=user.get('bio'))

    if request.method == 'POST' and form.validate():
        user.url = unicode(request.POST['url'])
        user.bio = unicode(request.POST['bio'])

        user.save()

        messages.add_message(request,
                             messages.SUCCESS,
                             _("Profile changes saved"))
        return redirect(request,
                       'mediagoblin.user_pages.user_home',
                        user=user['username'])

    return render_to_response(
        request,
        'mediagoblin/edit/edit_profile.html',
        {'user': user,
         'form': form})


@require_active_login
def edit_account(request):
    edit_username = request.GET.get('username')
    user = request.user

    form = forms.EditAccountForm(request.POST)

    if request.method == 'POST' and form.validate():
        password_matches = auth_lib.bcrypt_check_password(
            request.POST['old_password'],
            user.pw_hash)

        if (request.POST['old_password'] or request.POST['new_password']) and not \
                password_matches:
            form.old_password.errors.append(_('Wrong password'))

            return render_to_response(
                request,
                'mediagoblin/edit/edit_account.html',
                {'user': user,
                 'form': form})

        if password_matches:
            user.pw_hash = auth_lib.bcrypt_gen_password_hash(
                request.POST['new_password'])

        user.save()

        messages.add_message(request,
                             messages.SUCCESS,
                             _("Account settings saved"))
        return redirect(request,
                       'mediagoblin.user_pages.user_home',
                        user=user.username)

    return render_to_response(
        request,
        'mediagoblin/edit/edit_account.html',
        {'user': user,
         'form': form})
Commit	Line	Data
9bfe1d8e	1	# GNU MediaGoblin -- federated, autonomous media hosting
cf29e8a8	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
9bfe1d8e E	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
aba81c9f	16
08750772	17	import uuid
aba81c9f	18
1c63ad5d	19	from webob import exc
04a95150	20	from string import split
3a8c3a38 JW	21	from cgi import FieldStorage
	22	from datetime import datetime
	23
	24	from werkzeug.utils import secure_filename
aba81c9f	25
d9ed098e	26	from mediagoblin import messages
10d7496d	27	from mediagoblin import mg_globals
152a3bfa	28
4837b2f2	29	from mediagoblin.auth import lib as auth_lib
aba81c9f	30	from mediagoblin.edit import forms
0732236e	31	from mediagoblin.edit.lib import may_edit_media
8cd5d4f8	32	from mediagoblin.decorators import require_active_login, get_user_media_entry
152a3bfa AW	33	from mediagoblin.tools.response import render_to_response, redirect
	34	from mediagoblin.tools.translate import pass_to_ugettext as _
	35	from mediagoblin.tools.text import (
	36	clean_html, convert_to_tag_list_of_dicts,
1e72e075	37	media_tags_as_string)
25b48323	38	from mediagoblin.tools.licenses import SUPPORTED_LICENSES
c849e690	39
97ec97db	40
8cd5d4f8	41	@get_user_media_entry
aba81c9f E	42	@require_active_login
aba81c9f E	43	def edit_media(request, media):
c849e690 E	44	if not may_edit_media(request, media):
	45	return exc.HTTPForbidden()
	46
2c437493	47	defaults = dict(
ec82fbd8	48	title=media.title,
5da0bf90	49	slug=media.slug,
1d939966	50	description=media.description,
a6c49d49	51	tags=media_tags_as_string(media.tags),
97ec97db	52	license=media.license)
aba81c9f	53
2c437493 JW	54	form = forms.EditForm(
	55	request.POST,
	56	**defaults)
	57
98857207	58	if request.method == 'POST' and form.validate():
d5e90fe4 CAW	59	# Make sure there isn't already a MediaEntry with such a slug
	60	# and userid.
	61	existing_user_slug_entries = request.db.MediaEntry.find(
	62	{'slug': request.POST['slug'],
1ceb4fc8	63	'uploader': media.uploader,
eabe6b67	64	'_id': {'$ne': media._id}}).count()
3a8c3a38	65
d5e90fe4 CAW	66	if existing_user_slug_entries:
d5e90fe4 CAW	67	form.slug.errors.append(
4b1adc13	68	_(u'An entry with that slug already exists for this user.'))
d5e90fe4	69	else:
ec82fbd8	70	media.title = unicode(request.POST['title'])
1d939966	71	media.description = unicode(request.POST.get('description'))
de917303	72	media.tags = convert_to_tag_list_of_dicts(
0712a06d	73	request.POST.get('tags'))
3a8c3a38	74
da6206c4	75	media.license = unicode(request.POST.get('license', '')) or None
25b48323	76
5da0bf90	77	media.slug = unicode(request.POST['slug'])
99a270e9	78
747623cc	79	media.save()
d5e90fe4	80
8d7b549b E	81	return exc.HTTPFound(
8d7b549b E	82	location=media.url_for_self(request.urlgen))
98857207	83
bec591d8	84	if request.user.is_admin \
1ceb4fc8	85	and media.uploader != request.user._id \
96a2c366 CAW	86	and request.method != 'POST':
	87	messages.add_message(
	88	request, messages.WARNING,
4b1adc13	89	_("You are editing another user's media. Proceed with caution."))
96a2c366	90
9038c9f9 CAW	91	return render_to_response(
9038c9f9 CAW	92	request,
c9c24934 E	93	'mediagoblin/edit/edit.html',
	94	{'media': media,
	95	'form': form})
46fd661e	96
3a8c3a38 JW	97
3a8c3a38 JW	98	@get_user_media_entry
630b57a3	99	@require_active_login
3a8c3a38 JW	100	def edit_attachments(request, media):
	101	if mg_globals.app_config['allow_attachments']:
	102	form = forms.EditAttachmentsForm()
	103
	104	# Add any attachements
	105	if ('attachment_file' in request.POST
	106	and isinstance(request.POST['attachment_file'], FieldStorage)
	107	and request.POST['attachment_file'].file):
	108
	109	attachment_public_filepath \
	110	= mg_globals.public_store.get_unique_filepath(
eabe6b67	111	['media_entries', unicode(media._id), 'attachment',
3a8c3a38 JW	112	secure_filename(request.POST['attachment_file'].filename)])
	113
	114	attachment_public_file = mg_globals.public_store.get_file(
	115	attachment_public_filepath, 'wb')
	116
	117	try:
	118	attachment_public_file.write(
	119	request.POST['attachment_file'].file.read())
	120	finally:
	121	request.POST['attachment_file'].file.close()
	122
35029581	123	media.attachment_files.append(dict(
3a8c3a38 JW	124	name=request.POST['attachment_name'] \
	125	or request.POST['attachment_file'].filename,
	126	filepath=attachment_public_filepath,
243c3843	127	created=datetime.utcnow(),
3a8c3a38	128	))
630b57a3	129
3a8c3a38 JW	130	media.save()
	131
	132	messages.add_message(
	133	request, messages.SUCCESS,
	134	"You added the attachment %s!" \
	135	% (request.POST['attachment_name']
	136	or request.POST['attachment_file'].filename))
	137
8d7b549b E	138	return exc.HTTPFound(
8d7b549b E	139	location=media.url_for_self(request.urlgen))
3a8c3a38 JW	140	return render_to_response(
	141	request,
	142	'mediagoblin/edit/attachments.html',
	143	{'media': media,
	144	'form': form})
	145	else:
	146	return exc.HTTPForbidden()
	147
	148
	149	@require_active_login
	150	def edit_profile(request):
a0cf14fe CFD	151	# admins may edit any user profile given a username in the querystring
a0cf14fe CFD	152	edit_username = request.GET.get('username')
bec591d8	153	if request.user.is_admin and request.user.username != edit_username:
a0cf14fe CFD	154	user = request.db.User.find_one({'username': edit_username})
	155	# No need to warn again if admin just submitted an edited profile
	156	if request.method != 'POST':
	157	messages.add_message(
	158	request, messages.WARNING,
4b1adc13	159	_("You are editing a user's profile. Proceed with caution."))
a0cf14fe CFD	160	else:
	161	user = request.user
	162
630b57a3	163	form = forms.EditProfileForm(request.POST,
3a8c3a38 JW	164	url=user.get('url'),
3a8c3a38 JW	165	bio=user.get('bio'))
630b57a3	166
630b57a3	167	if request.method == 'POST' and form.validate():
c8071fa5 JS	168	user.url = unicode(request.POST['url'])
c8071fa5 JS	169	user.bio = unicode(request.POST['bio'])
4c465852	170
c8071fa5	171	user.save()
630b57a3	172
c8071fa5 JS	173	messages.add_message(request,
	174	messages.SUCCESS,
	175	_("Profile changes saved"))
	176	return redirect(request,
	177	'mediagoblin.user_pages.user_home',
	178	user=user['username'])
630b57a3	179
	180	return render_to_response(
	181	request,
	182	'mediagoblin/edit/edit_profile.html',
	183	{'user': user,
	184	'form': form})
c8071fa5 JS	185
	186
	187	@require_active_login
	188	def edit_account(request):
	189	edit_username = request.GET.get('username')
	190	user = request.user
	191
	192	form = forms.EditAccountForm(request.POST)
	193
630b57a3	194	if request.method == 'POST' and form.validate():
c8ccd23e JK	195	password_matches = auth_lib.bcrypt_check_password(
c8ccd23e JK	196	request.POST['old_password'],
0ab21f98	197	user.pw_hash)
630b57a3	198
4837b2f2 JK	199	if (request.POST['old_password'] or request.POST['new_password']) and not \
4837b2f2 JK	200	password_matches:
c8ccd23e JK	201	form.old_password.errors.append(_('Wrong password'))
	202
	203	return render_to_response(
	204	request,
c8071fa5	205	'mediagoblin/edit/edit_account.html',
c8ccd23e JK	206	{'user': user,
	207	'form': form})
	208
4837b2f2	209	if password_matches:
0ab21f98	210	user.pw_hash = auth_lib.bcrypt_gen_password_hash(
4837b2f2 JK	211	request.POST['new_password'])
4837b2f2 JK	212
4837b2f2 JK	213	user.save()
	214
	215	messages.add_message(request,
	216	messages.SUCCESS,
c8071fa5	217	_("Account settings saved"))
4837b2f2 JK	218	return redirect(request,
4837b2f2 JK	219	'mediagoblin.user_pages.user_home',
0ab21f98	220	user=user.username)
630b57a3	221
	222	return render_to_response(
	223	request,
c8071fa5	224	'mediagoblin/edit/edit_account.html',
630b57a3	225	{'user': user,
630b57a3	226	'form': form})