[mediagoblin.git] / mediagoblin / edit / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import uuid

from webob import exc
from string import split
from cgi import FieldStorage
from datetime import datetime

from werkzeug.utils import secure_filename

from mediagoblin import messages
from mediagoblin import mg_globals

from mediagoblin.auth import lib as auth_lib
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
from mediagoblin.decorators import require_active_login, get_user_media_entry
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.text import (
    clean_html, convert_to_tag_list_of_dicts,
    media_tags_as_string, cleaned_markdown_conversion)

@get_user_media_entry
@require_active_login
def edit_media(request, media):
    if not may_edit_media(request, media):
        return exc.HTTPForbidden()

    defaults = dict(
        title=media['title'],
        slug=media['slug'],
        description=media['description'],
        tags=media_tags_as_string(media['tags']))

    form = forms.EditForm(
        request.POST,
        **defaults)

    if request.method == 'POST' and form.validate():
        # Make sure there isn't already a MediaEntry with such a slug
        # and userid.
        existing_user_slug_entries = request.db.MediaEntry.find(
            {'slug': request.POST['slug'],
             'uploader': media['uploader'],
             '_id': {'$ne': media._id}}).count()

        if existing_user_slug_entries:
            form.slug.errors.append(
                _(u'An entry with that slug already exists for this user.'))
        else:
            media['title'] = unicode(request.POST['title'])
            media['description'] = unicode(request.POST.get('description'))
            media['tags'] = convert_to_tag_list_of_dicts(
                                   request.POST.get('tags'))

            media['description_html'] = cleaned_markdown_conversion(
                media['description'])

            media['slug'] = unicode(request.POST['slug'])
            media.save()

            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))

    if request.user['is_admin'] \
            and media['uploader'] != request.user._id \
            and request.method != 'POST':
        messages.add_message(
            request, messages.WARNING,
            _("You are editing another user's media. Proceed with caution."))

    return render_to_response(
        request,
        'mediagoblin/edit/edit.html',
        {'media': media,
         'form': form})


@get_user_media_entry
@require_active_login
def edit_attachments(request, media):
    if mg_globals.app_config['allow_attachments']:
        form = forms.EditAttachmentsForm()

        # Add any attachements
        if ('attachment_file' in request.POST
            and isinstance(request.POST['attachment_file'], FieldStorage)
            and request.POST['attachment_file'].file):

            attachment_public_filepath \
                = mg_globals.public_store.get_unique_filepath(
                ['media_entries', unicode(media._id), 'attachment',
                 secure_filename(request.POST['attachment_file'].filename)])

            attachment_public_file = mg_globals.public_store.get_file(
                attachment_public_filepath, 'wb')

            try:
                attachment_public_file.write(
                    request.POST['attachment_file'].file.read())
            finally:
                request.POST['attachment_file'].file.close()

            media['attachment_files'].append(dict(
                    name=request.POST['attachment_name'] \
                        or request.POST['attachment_file'].filename,
                    filepath=attachment_public_filepath,
                    created=datetime.utcnow(),
                    ))

            media.save()

            messages.add_message(
                request, messages.SUCCESS,
                "You added the attachment %s!" \
                    % (request.POST['attachment_name']
                       or request.POST['attachment_file'].filename))

            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))
        return render_to_response(
            request,
            'mediagoblin/edit/attachments.html',
            {'media': media,
             'form': form})
    else:
        return exc.HTTPForbidden()


@require_active_login
def edit_profile(request):
    # admins may edit any user profile given a username in the querystring
    edit_username = request.GET.get('username')
    if request.user['is_admin'] and request.user['username'] != edit_username:
        user = request.db.User.find_one({'username': edit_username})
        # No need to warn again if admin just submitted an edited profile
        if request.method != 'POST':
            messages.add_message(
                request, messages.WARNING,
                _("You are editing a user's profile. Proceed with caution."))
    else:
        user = request.user

    form = forms.EditProfileForm(request.POST,
        url=user.get('url'),
        bio=user.get('bio'))

    if request.method == 'POST' and form.validate():
        password_matches = auth_lib.bcrypt_check_password(
            request.POST['old_password'],
            user['pw_hash'])

        if (request.POST['old_password'] or request.POST['new_password']) and not \
                password_matches:
            form.old_password.errors.append(_('Wrong password'))

            return render_to_response(
                request,
                'mediagoblin/edit/edit_profile.html',
                {'user': user,
                 'form': form})

        user['url'] = unicode(request.POST['url'])
        user['bio'] = unicode(request.POST['bio'])

        if password_matches:
            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
                request.POST['new_password'])

        user['bio_html'] = cleaned_markdown_conversion(user['bio'])

        user.save()

        messages.add_message(request,
                             messages.SUCCESS,
                             _("Profile edited!"))
        return redirect(request,
                       'mediagoblin.user_pages.user_home',
                        user=user['username'])

    return render_to_response(
        request,
        'mediagoblin/edit/edit_profile.html',
        {'user': user,
         'form': form})
Commit	Line	Data
9bfe1d8e	1	# GNU MediaGoblin -- federated, autonomous media hosting
12a100e4	2	# Copyright (C) 2011 MediaGoblin contributors. See AUTHORS.
9bfe1d8e E	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
aba81c9f	16
08750772	17	import uuid
aba81c9f	18
1c63ad5d	19	from webob import exc
04a95150	20	from string import split
3a8c3a38 JW	21	from cgi import FieldStorage
	22	from datetime import datetime
	23
	24	from werkzeug.utils import secure_filename
aba81c9f	25
d9ed098e	26	from mediagoblin import messages
10d7496d	27	from mediagoblin import mg_globals
152a3bfa	28
4837b2f2	29	from mediagoblin.auth import lib as auth_lib
aba81c9f	30	from mediagoblin.edit import forms
0732236e	31	from mediagoblin.edit.lib import may_edit_media
8cd5d4f8	32	from mediagoblin.decorators import require_active_login, get_user_media_entry
152a3bfa AW	33	from mediagoblin.tools.response import render_to_response, redirect
	34	from mediagoblin.tools.translate import pass_to_ugettext as _
	35	from mediagoblin.tools.text import (
	36	clean_html, convert_to_tag_list_of_dicts,
	37	media_tags_as_string, cleaned_markdown_conversion)
c849e690	38
8cd5d4f8	39	@get_user_media_entry
aba81c9f E	40	@require_active_login
aba81c9f E	41	def edit_media(request, media):
c849e690 E	42	if not may_edit_media(request, media):
	43	return exc.HTTPForbidden()
	44
2c437493	45	defaults = dict(
3a8c3a38 JW	46	title=media['title'],
	47	slug=media['slug'],
	48	description=media['description'],
	49	tags=media_tags_as_string(media['tags']))
aba81c9f	50
2c437493 JW	51	form = forms.EditForm(
	52	request.POST,
	53	**defaults)
	54
98857207	55	if request.method == 'POST' and form.validate():
d5e90fe4 CAW	56	# Make sure there isn't already a MediaEntry with such a slug
	57	# and userid.
	58	existing_user_slug_entries = request.db.MediaEntry.find(
	59	{'slug': request.POST['slug'],
	60	'uploader': media['uploader'],
eabe6b67	61	'_id': {'$ne': media._id}}).count()
3a8c3a38	62
d5e90fe4 CAW	63	if existing_user_slug_entries:
d5e90fe4 CAW	64	form.slug.errors.append(
4b1adc13	65	_(u'An entry with that slug already exists for this user.'))
d5e90fe4	66	else:
08750772 MH	67	media['title'] = unicode(request.POST['title'])
08750772 MH	68	media['description'] = unicode(request.POST.get('description'))
0712a06d CFD	69	media['tags'] = convert_to_tag_list_of_dicts(
0712a06d CFD	70	request.POST.get('tags'))
3a8c3a38	71
0d91af09 CAW	72	media['description_html'] = cleaned_markdown_conversion(
0d91af09 CAW	73	media['description'])
44e2da2f	74
08750772	75	media['slug'] = unicode(request.POST['slug'])
747623cc	76	media.save()
d5e90fe4	77
8d7b549b E	78	return exc.HTTPFound(
8d7b549b E	79	location=media.url_for_self(request.urlgen))
98857207	80
96a2c366	81	if request.user['is_admin'] \
eabe6b67	82	and media['uploader'] != request.user._id \
96a2c366 CAW	83	and request.method != 'POST':
	84	messages.add_message(
	85	request, messages.WARNING,
4b1adc13	86	_("You are editing another user's media. Proceed with caution."))
96a2c366	87
9038c9f9 CAW	88	return render_to_response(
9038c9f9 CAW	89	request,
c9c24934 E	90	'mediagoblin/edit/edit.html',
	91	{'media': media,
	92	'form': form})
46fd661e	93
3a8c3a38 JW	94
3a8c3a38 JW	95	@get_user_media_entry
630b57a3	96	@require_active_login
3a8c3a38 JW	97	def edit_attachments(request, media):
	98	if mg_globals.app_config['allow_attachments']:
	99	form = forms.EditAttachmentsForm()
	100
	101	# Add any attachements
	102	if ('attachment_file' in request.POST
	103	and isinstance(request.POST['attachment_file'], FieldStorage)
	104	and request.POST['attachment_file'].file):
	105
	106	attachment_public_filepath \
	107	= mg_globals.public_store.get_unique_filepath(
eabe6b67	108	['media_entries', unicode(media._id), 'attachment',
3a8c3a38 JW	109	secure_filename(request.POST['attachment_file'].filename)])
	110
	111	attachment_public_file = mg_globals.public_store.get_file(
	112	attachment_public_filepath, 'wb')
	113
	114	try:
	115	attachment_public_file.write(
	116	request.POST['attachment_file'].file.read())
	117	finally:
	118	request.POST['attachment_file'].file.close()
	119
	120	media['attachment_files'].append(dict(
	121	name=request.POST['attachment_name'] \
	122	or request.POST['attachment_file'].filename,
	123	filepath=attachment_public_filepath,
243c3843	124	created=datetime.utcnow(),
3a8c3a38	125	))
630b57a3	126
3a8c3a38 JW	127	media.save()
	128
	129	messages.add_message(
	130	request, messages.SUCCESS,
	131	"You added the attachment %s!" \
	132	% (request.POST['attachment_name']
	133	or request.POST['attachment_file'].filename))
	134
8d7b549b E	135	return exc.HTTPFound(
8d7b549b E	136	location=media.url_for_self(request.urlgen))
3a8c3a38 JW	137	return render_to_response(
	138	request,
	139	'mediagoblin/edit/attachments.html',
	140	{'media': media,
	141	'form': form})
	142	else:
	143	return exc.HTTPForbidden()
	144
	145
	146	@require_active_login
	147	def edit_profile(request):
a0cf14fe CFD	148	# admins may edit any user profile given a username in the querystring
	149	edit_username = request.GET.get('username')
	150	if request.user['is_admin'] and request.user['username'] != edit_username:
	151	user = request.db.User.find_one({'username': edit_username})
	152	# No need to warn again if admin just submitted an edited profile
	153	if request.method != 'POST':
	154	messages.add_message(
	155	request, messages.WARNING,
4b1adc13	156	_("You are editing a user's profile. Proceed with caution."))
a0cf14fe CFD	157	else:
	158	user = request.user
	159
630b57a3	160	form = forms.EditProfileForm(request.POST,
3a8c3a38 JW	161	url=user.get('url'),
3a8c3a38 JW	162	bio=user.get('bio'))
630b57a3	163
630b57a3	164	if request.method == 'POST' and form.validate():
c8ccd23e JK	165	password_matches = auth_lib.bcrypt_check_password(
	166	request.POST['old_password'],
	167	user['pw_hash'])
630b57a3	168
4837b2f2 JK	169	if (request.POST['old_password'] or request.POST['new_password']) and not \
4837b2f2 JK	170	password_matches:
c8ccd23e JK	171	form.old_password.errors.append(_('Wrong password'))
	172
	173	return render_to_response(
	174	request,
	175	'mediagoblin/edit/edit_profile.html',
	176	{'user': user,
	177	'form': form})
	178
	179	user['url'] = unicode(request.POST['url'])
	180	user['bio'] = unicode(request.POST['bio'])
4837b2f2 JK	181
	182	if password_matches:
	183	user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
	184	request.POST['new_password'])
	185
	186	user['bio_html'] = cleaned_markdown_conversion(user['bio'])
	187
	188	user.save()
	189
	190	messages.add_message(request,
	191	messages.SUCCESS,
	192	_("Profile edited!"))
	193	return redirect(request,
	194	'mediagoblin.user_pages.user_home',
c8ccd23e	195	user=user['username'])
630b57a3	196
	197	return render_to_response(
	198	request,
	199	'mediagoblin/edit/edit_profile.html',
	200	{'user': user,
	201	'form': form})