mediagoblin/decorators.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17
  18 from webob import exc
  19
  20 from mediagoblin.util import redirect, render_404
  21 from mediagoblin.db.util import ObjectId, InvalidId
  22
  23
  24 def _make_safe(decorator, original):
  25     """
  26     Copy the function data from the old function to the decorator.
  27     """
  28     decorator.__name__ = original.__name__
  29     decorator.__dict__ = original.__dict__
  30     decorator.__doc__ = original.__doc__
  31     return decorator
  32
  33
  34 def require_active_login(controller):
  35     """
  36     Require an active login from the user.
  37     """
  38     def new_controller_func(request, *args, **kwargs):
  39         if request.user and \
  40                 request.user.get('status') == u'needs_email_verification':
  41             return redirect(
  42                 request, 'mediagoblin.user_pages.user_home',
  43                 user=request.user['username'])
  44         elif not request.user or request.user.get('status') != u'active':
  45             return exc.HTTPFound(
  46                 location="%s?next=%s" % (
  47                     request.urlgen("mediagoblin.auth.login"),
  48                     request.path_info))
  49
  50         return controller(request, *args, **kwargs)
  51
  52     return _make_safe(new_controller_func, controller)
  53
  54
  55 def user_may_delete_media(controller):
  56     """
  57     Require user ownership of the MediaEntry to delete.
  58     """
  59     def wrapper(request, *args, **kwargs):
  60         uploader = request.db.MediaEntry.find_one(
  61             {'_id': ObjectId(request.matchdict['media'])}).uploader()
  62         if not (request.user['is_admin'] or
  63                 request.user['_id'] == uploader['_id']):
  64             return exc.HTTPForbidden()
  65
  66         return controller(request, *args, **kwargs)
  67
  68     return _make_safe(wrapper, controller)
  69
  70
  71 def uses_pagination(controller):
  72     """
  73     Check request GET 'page' key for wrong values
  74     """
  75     def wrapper(request, *args, **kwargs):
  76         try:
  77             page = int(request.GET.get('page', 1))
  78             if page < 0:
  79                 return render_404(request)
  80         except ValueError:
  81             return render_404(request)
  82
  83         return controller(request, page=page, *args, **kwargs)
  84
  85     return _make_safe(wrapper, controller)
  86
  87
  88 def get_user_media_entry(controller):
  89     """
  90     Pass in a MediaEntry based off of a url component
  91     """
  92     def wrapper(request, *args, **kwargs):
  93         user = request.db.User.find_one(
  94             {'username': request.matchdict['user']})
  95
  96         if not user:
  97             return render_404(request)
  98
  99         media = request.db.MediaEntry.find_one(
 100             {'slug': request.matchdict['media'],
 101              'state': 'processed',
 102              'uploader': user['_id']})
 103
 104         # no media via slug?  Grab it via ObjectId
 105         if not media:
 106             try:
 107                 media = request.db.MediaEntry.find_one(
 108                     {'_id': ObjectId(request.matchdict['media']),
 109                      'state': 'processed',
 110                      'uploader': user['_id']})
 111             except InvalidId:
 112                 return render_404(request)
 113
 114             # Still no media?  Okay, 404.
 115             if not media:
 116                 return render_404(request)
 117
 118         return controller(request, media=media, *args, **kwargs)
 119
 120     return _make_safe(wrapper, controller)
 121
 122
 123 def get_media_entry_by_id(controller):
 124     """
 125     Pass in a MediaEntry based off of a url component
 126     """
 127     def wrapper(request, *args, **kwargs):
 128         try:
 129             media = request.db.MediaEntry.find_one(
 130                 {'_id': ObjectId(request.matchdict['media']),
 131                  'state': 'processed'})
 132         except InvalidId:
 133             return render_404(request)
 134
 135         # Still no media?  Okay, 404.
 136         if not media:
 137             return render_404(request)
 138
 139         return controller(request, media=media, *args, **kwargs)
 140
 141     return _make_safe(wrapper, controller)