mediagoblin/decorators.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17
  18 from webob import exc
  19
  20 from mediagoblin.tools.response import redirect, render_404
  21 from mediagoblin.db.util import ObjectId, InvalidId
  22
  23
  24 def _make_safe(decorator, original):
  25     """
  26     Copy the function data from the old function to the decorator.
  27     """
  28     decorator.__name__ = original.__name__
  29     decorator.__dict__ = original.__dict__
  30     decorator.__doc__ = original.__doc__
  31     return decorator
  32
  33
  34 def require_active_login(controller):
  35     """
  36     Require an active login from the user.
  37     """
  38     def new_controller_func(request, *args, **kwargs):
  39         if request.user and \
  40                 request.user.get('status') == u'needs_email_verification':
  41             return redirect(
  42                 request, 'mediagoblin.user_pages.user_home',
  43                 user=request.user.username)
  44         elif not request.user or request.user.get('status') != u'active':
  45             return exc.HTTPFound(
  46                 location="%s?next=%s" % (
  47                     request.urlgen("mediagoblin.auth.login"),
  48                     request.full_path))
  49
  50         return controller(request, *args, **kwargs)
  51
  52     return _make_safe(new_controller_func, controller)
  53
  54
  55 def user_may_delete_media(controller):
  56     """
  57     Require user ownership of the MediaEntry to delete.
  58     """
  59     def wrapper(request, *args, **kwargs):
  60         uploader_id = request.db.MediaEntry.find_one(
  61             {'_id': ObjectId(request.matchdict['media'])}).uploader
  62         if not (request.user.is_admin or
  63                 request.user._id == uploader_id):
  64             return exc.HTTPForbidden()
  65
  66         return controller(request, *args, **kwargs)
  67
  68     return _make_safe(wrapper, controller)
  69
  70
  71 def uses_pagination(controller):
  72     """
  73     Check request GET 'page' key for wrong values
  74     """
  75     def wrapper(request, *args, **kwargs):
  76         try:
  77             page = int(request.GET.get('page', 1))
  78             if page < 0:
  79                 return render_404(request)
  80         except ValueError:
  81             return render_404(request)
  82
  83         return controller(request, page=page, *args, **kwargs)
  84
  85     return _make_safe(wrapper, controller)
  86
  87
  88 def get_user_media_entry(controller):
  89     """
  90     Pass in a MediaEntry based off of a url component
  91     """
  92     def wrapper(request, *args, **kwargs):
  93         user = request.db.User.find_one(
  94             {'username': request.matchdict['user']})
  95
  96         if not user:
  97             return render_404(request)
  98         media = request.db.MediaEntry.find_one(
  99             {'slug': request.matchdict['media'],
 100              'state': 'processed',
 101              'uploader': user._id})
 102
 103         # no media via slug?  Grab it via ObjectId
 104         if not media:
 105             try:
 106                 media = request.db.MediaEntry.find_one(
 107                     {'_id': ObjectId(request.matchdict['media']),
 108                      'state': 'processed',
 109                      'uploader': user._id})
 110             except InvalidId:
 111                 return render_404(request)
 112
 113             # Still no media?  Okay, 404.
 114             if not media:
 115                 return render_404(request)
 116
 117         return controller(request, media=media, *args, **kwargs)
 118
 119     return _make_safe(wrapper, controller)
 120
 121
 122 def get_media_entry_by_id(controller):
 123     """
 124     Pass in a MediaEntry based off of a url component
 125     """
 126     def wrapper(request, *args, **kwargs):
 127         try:
 128             media = request.db.MediaEntry.find_one(
 129                 {'_id': ObjectId(request.matchdict['media']),
 130                  'state': 'processed'})
 131         except InvalidId:
 132             return render_404(request)
 133
 134         # Still no media?  Okay, 404.
 135         if not media:
 136             return render_404(request)
 137
 138         return controller(request, media=media, *args, **kwargs)
 139
 140     return _make_safe(wrapper, controller)