[mediagoblin.git] / mediagoblin / edit / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import uuid

from webob import exc
from string import split
from cgi import FieldStorage
from datetime import datetime

from werkzeug.utils import secure_filename

from mediagoblin import messages
from mediagoblin import mg_globals

from mediagoblin.auth import lib as auth_lib
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
from mediagoblin.decorators import require_active_login, get_user_media_entry
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.text import (
    clean_html, convert_to_tag_list_of_dicts,
    media_tags_as_string, cleaned_markdown_conversion)
from mediagoblin.tools.licenses import SUPPORTED_LICENSES

@get_user_media_entry
@require_active_login
def edit_media(request, media):
    if not may_edit_media(request, media):
        return exc.HTTPForbidden()

    defaults = dict(
        title=media.title,
        slug=media.slug,
        description=media.description,
        tags=media_tags_as_string(media.tags),
        license=media.license))

    form = forms.EditForm(
        request.POST,
        **defaults)

    if request.method == 'POST' and form.validate():
        # Make sure there isn't already a MediaEntry with such a slug
        # and userid.
        existing_user_slug_entries = request.db.MediaEntry.find(
            {'slug': request.POST['slug'],
             'uploader': media.uploader,
             '_id': {'$ne': media._id}}).count()

        if existing_user_slug_entries:
            form.slug.errors.append(
                _(u'An entry with that slug already exists for this user.'))
        else:
            media.title = unicode(request.POST['title'])
            media.description = unicode(request.POST.get('description'))
            media['tags'] = convert_to_tag_list_of_dicts(
                                   request.POST.get('tags'))

            media.description_html = cleaned_markdown_conversion(
                media.description)

            media.license = (
                unicode(request.POST.get('license'))
                or '')

            media.slug = unicode(request.POST['slug'])

            media.save()

            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))

    if request.user.is_admin \
            and media.uploader != request.user._id \
            and request.method != 'POST':
        messages.add_message(
            request, messages.WARNING,
            _("You are editing another user's media. Proceed with caution."))

    return render_to_response(
        request,
        'mediagoblin/edit/edit.html',
        {'media': media,
         'form': form})


@get_user_media_entry
@require_active_login
def edit_attachments(request, media):
    if mg_globals.app_config['allow_attachments']:
        form = forms.EditAttachmentsForm()

        # Add any attachements
        if ('attachment_file' in request.POST
            and isinstance(request.POST['attachment_file'], FieldStorage)
            and request.POST['attachment_file'].file):

            attachment_public_filepath \
                = mg_globals.public_store.get_unique_filepath(
                ['media_entries', unicode(media._id), 'attachment',
                 secure_filename(request.POST['attachment_file'].filename)])

            attachment_public_file = mg_globals.public_store.get_file(
                attachment_public_filepath, 'wb')

            try:
                attachment_public_file.write(
                    request.POST['attachment_file'].file.read())
            finally:
                request.POST['attachment_file'].file.close()

            media['attachment_files'].append(dict(
                    name=request.POST['attachment_name'] \
                        or request.POST['attachment_file'].filename,
                    filepath=attachment_public_filepath,
                    created=datetime.utcnow(),
                    ))

            media.save()

            messages.add_message(
                request, messages.SUCCESS,
                "You added the attachment %s!" \
                    % (request.POST['attachment_name']
                       or request.POST['attachment_file'].filename))

            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))
        return render_to_response(
            request,
            'mediagoblin/edit/attachments.html',
            {'media': media,
             'form': form})
    else:
        return exc.HTTPForbidden()


@require_active_login
def edit_profile(request):
    # admins may edit any user profile given a username in the querystring
    edit_username = request.GET.get('username')
    if request.user.is_admin and request.user.username != edit_username:
        user = request.db.User.find_one({'username': edit_username})
        # No need to warn again if admin just submitted an edited profile
        if request.method != 'POST':
            messages.add_message(
                request, messages.WARNING,
                _("You are editing a user's profile. Proceed with caution."))
    else:
        user = request.user

    form = forms.EditProfileForm(request.POST,
        url=user.get('url'),
        bio=user.get('bio'))

    if request.method == 'POST' and form.validate():
        user.url = unicode(request.POST['url'])
        user.bio = unicode(request.POST['bio'])

        user.bio_html = cleaned_markdown_conversion(user.bio)

        user.save()

        messages.add_message(request,
                             messages.SUCCESS,
                             _("Profile changes saved"))
        return redirect(request,
                       'mediagoblin.user_pages.user_home',
                        user=user['username'])

    return render_to_response(
        request,
        'mediagoblin/edit/edit_profile.html',
        {'user': user,
         'form': form})


@require_active_login
def edit_account(request):
    edit_username = request.GET.get('username')
    user = request.user

    form = forms.EditAccountForm(request.POST)

    if request.method == 'POST' and form.validate():
        password_matches = auth_lib.bcrypt_check_password(
            request.POST['old_password'],
            user.pw_hash)

        if (request.POST['old_password'] or request.POST['new_password']) and not \
                password_matches:
            form.old_password.errors.append(_('Wrong password'))

            return render_to_response(
                request,
                'mediagoblin/edit/edit_account.html',
                {'user': user,
                 'form': form})

        if password_matches:
            user.pw_hash = auth_lib.bcrypt_gen_password_hash(
                request.POST['new_password'])

        user.save()

        messages.add_message(request,
                             messages.SUCCESS,
                             _("Account settings saved"))
        return redirect(request,
                       'mediagoblin.user_pages.user_home',
                        user=user.username)

    return render_to_response(
        request,
        'mediagoblin/edit/edit_account.html',
        {'user': user,
         'form': form})
Commit	Line	Data
9bfe1d8e	1	# GNU MediaGoblin -- federated, autonomous media hosting
12a100e4	2	# Copyright (C) 2011 MediaGoblin contributors. See AUTHORS.
9bfe1d8e E	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
aba81c9f	16
08750772	17	import uuid
aba81c9f	18
1c63ad5d	19	from webob import exc
04a95150	20	from string import split
3a8c3a38 JW	21	from cgi import FieldStorage
	22	from datetime import datetime
	23
	24	from werkzeug.utils import secure_filename
aba81c9f	25
d9ed098e	26	from mediagoblin import messages
10d7496d	27	from mediagoblin import mg_globals
152a3bfa	28
4837b2f2	29	from mediagoblin.auth import lib as auth_lib
aba81c9f	30	from mediagoblin.edit import forms
0732236e	31	from mediagoblin.edit.lib import may_edit_media
8cd5d4f8	32	from mediagoblin.decorators import require_active_login, get_user_media_entry
152a3bfa AW	33	from mediagoblin.tools.response import render_to_response, redirect
	34	from mediagoblin.tools.translate import pass_to_ugettext as _
	35	from mediagoblin.tools.text import (
	36	clean_html, convert_to_tag_list_of_dicts,
	37	media_tags_as_string, cleaned_markdown_conversion)
25b48323	38	from mediagoblin.tools.licenses import SUPPORTED_LICENSES
c849e690	39
8cd5d4f8	40	@get_user_media_entry
aba81c9f E	41	@require_active_login
aba81c9f E	42	def edit_media(request, media):
c849e690 E	43	if not may_edit_media(request, media):
	44	return exc.HTTPForbidden()
	45
2c437493	46	defaults = dict(
ec82fbd8	47	title=media.title,
5da0bf90	48	slug=media.slug,
1d939966	49	description=media.description,
a6c49d49 AW	50	tags=media_tags_as_string(media.tags),
a6c49d49 AW	51	license=media.license))
aba81c9f	52
2c437493 JW	53	form = forms.EditForm(
	54	request.POST,
	55	**defaults)
	56
98857207	57	if request.method == 'POST' and form.validate():
d5e90fe4 CAW	58	# Make sure there isn't already a MediaEntry with such a slug
	59	# and userid.
	60	existing_user_slug_entries = request.db.MediaEntry.find(
	61	{'slug': request.POST['slug'],
1ceb4fc8	62	'uploader': media.uploader,
eabe6b67	63	'_id': {'$ne': media._id}}).count()
3a8c3a38	64
d5e90fe4 CAW	65	if existing_user_slug_entries:
d5e90fe4 CAW	66	form.slug.errors.append(
4b1adc13	67	_(u'An entry with that slug already exists for this user.'))
d5e90fe4	68	else:
ec82fbd8	69	media.title = unicode(request.POST['title'])
1d939966	70	media.description = unicode(request.POST.get('description'))
0712a06d CFD	71	media['tags'] = convert_to_tag_list_of_dicts(
0712a06d CFD	72	request.POST.get('tags'))
3a8c3a38	73
1d939966 E	74	media.description_html = cleaned_markdown_conversion(
1d939966 E	75	media.description)
44e2da2f	76
99a270e9	77	media.license = (
25b48323 AW	78	unicode(request.POST.get('license'))
	79	or '')
	80
5da0bf90	81	media.slug = unicode(request.POST['slug'])
99a270e9	82
747623cc	83	media.save()
d5e90fe4	84
8d7b549b E	85	return exc.HTTPFound(
8d7b549b E	86	location=media.url_for_self(request.urlgen))
98857207	87
bec591d8	88	if request.user.is_admin \
1ceb4fc8	89	and media.uploader != request.user._id \
96a2c366 CAW	90	and request.method != 'POST':
	91	messages.add_message(
	92	request, messages.WARNING,
4b1adc13	93	_("You are editing another user's media. Proceed with caution."))
96a2c366	94
9038c9f9 CAW	95	return render_to_response(
9038c9f9 CAW	96	request,
c9c24934 E	97	'mediagoblin/edit/edit.html',
	98	{'media': media,
	99	'form': form})
46fd661e	100
3a8c3a38 JW	101
3a8c3a38 JW	102	@get_user_media_entry
630b57a3	103	@require_active_login
3a8c3a38 JW	104	def edit_attachments(request, media):
	105	if mg_globals.app_config['allow_attachments']:
	106	form = forms.EditAttachmentsForm()
	107
	108	# Add any attachements
	109	if ('attachment_file' in request.POST
	110	and isinstance(request.POST['attachment_file'], FieldStorage)
	111	and request.POST['attachment_file'].file):
	112
	113	attachment_public_filepath \
	114	= mg_globals.public_store.get_unique_filepath(
eabe6b67	115	['media_entries', unicode(media._id), 'attachment',
3a8c3a38 JW	116	secure_filename(request.POST['attachment_file'].filename)])
	117
	118	attachment_public_file = mg_globals.public_store.get_file(
	119	attachment_public_filepath, 'wb')
	120
	121	try:
	122	attachment_public_file.write(
	123	request.POST['attachment_file'].file.read())
	124	finally:
	125	request.POST['attachment_file'].file.close()
	126
	127	media['attachment_files'].append(dict(
	128	name=request.POST['attachment_name'] \
	129	or request.POST['attachment_file'].filename,
	130	filepath=attachment_public_filepath,
243c3843	131	created=datetime.utcnow(),
3a8c3a38	132	))
630b57a3	133
3a8c3a38 JW	134	media.save()
	135
	136	messages.add_message(
	137	request, messages.SUCCESS,
	138	"You added the attachment %s!" \
	139	% (request.POST['attachment_name']
	140	or request.POST['attachment_file'].filename))
	141
8d7b549b E	142	return exc.HTTPFound(
8d7b549b E	143	location=media.url_for_self(request.urlgen))
3a8c3a38 JW	144	return render_to_response(
	145	request,
	146	'mediagoblin/edit/attachments.html',
	147	{'media': media,
	148	'form': form})
	149	else:
	150	return exc.HTTPForbidden()
	151
	152
	153	@require_active_login
	154	def edit_profile(request):
a0cf14fe CFD	155	# admins may edit any user profile given a username in the querystring
a0cf14fe CFD	156	edit_username = request.GET.get('username')
bec591d8	157	if request.user.is_admin and request.user.username != edit_username:
a0cf14fe CFD	158	user = request.db.User.find_one({'username': edit_username})
	159	# No need to warn again if admin just submitted an edited profile
	160	if request.method != 'POST':
	161	messages.add_message(
	162	request, messages.WARNING,
4b1adc13	163	_("You are editing a user's profile. Proceed with caution."))
a0cf14fe CFD	164	else:
	165	user = request.user
	166
630b57a3	167	form = forms.EditProfileForm(request.POST,
3a8c3a38 JW	168	url=user.get('url'),
3a8c3a38 JW	169	bio=user.get('bio'))
630b57a3	170
630b57a3	171	if request.method == 'POST' and form.validate():
c8071fa5 JS	172	user.url = unicode(request.POST['url'])
c8071fa5 JS	173	user.bio = unicode(request.POST['bio'])
4c465852	174
0ab21f98	175	user.bio_html = cleaned_markdown_conversion(user.bio)
4c465852	176
c8071fa5	177	user.save()
630b57a3	178
c8071fa5 JS	179	messages.add_message(request,
	180	messages.SUCCESS,
	181	_("Profile changes saved"))
	182	return redirect(request,
	183	'mediagoblin.user_pages.user_home',
	184	user=user['username'])
630b57a3	185
	186	return render_to_response(
	187	request,
	188	'mediagoblin/edit/edit_profile.html',
	189	{'user': user,
	190	'form': form})
c8071fa5 JS	191
	192
	193	@require_active_login
	194	def edit_account(request):
	195	edit_username = request.GET.get('username')
	196	user = request.user
	197
	198	form = forms.EditAccountForm(request.POST)
	199
630b57a3	200	if request.method == 'POST' and form.validate():
c8ccd23e JK	201	password_matches = auth_lib.bcrypt_check_password(
c8ccd23e JK	202	request.POST['old_password'],
0ab21f98	203	user.pw_hash)
630b57a3	204
4837b2f2 JK	205	if (request.POST['old_password'] or request.POST['new_password']) and not \
4837b2f2 JK	206	password_matches:
c8ccd23e JK	207	form.old_password.errors.append(_('Wrong password'))
	208
	209	return render_to_response(
	210	request,
c8071fa5	211	'mediagoblin/edit/edit_account.html',
c8ccd23e JK	212	{'user': user,
	213	'form': form})
	214
4837b2f2	215	if password_matches:
0ab21f98	216	user.pw_hash = auth_lib.bcrypt_gen_password_hash(
4837b2f2 JK	217	request.POST['new_password'])
4837b2f2 JK	218
4837b2f2 JK	219	user.save()
	220
	221	messages.add_message(request,
	222	messages.SUCCESS,
c8071fa5	223	_("Account settings saved"))
4837b2f2 JK	224	return redirect(request,
4837b2f2 JK	225	'mediagoblin.user_pages.user_home',
0ab21f98	226	user=user.username)
630b57a3	227
	228	return render_to_response(
	229	request,
c8071fa5	230	'mediagoblin/edit/edit_account.html',
630b57a3	231	{'user': user,
630b57a3	232	'form': form})