1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 from string
import split
21 from cgi
import FieldStorage
22 from datetime
import datetime
24 from werkzeug
.utils
import secure_filename
26 from mediagoblin
import messages
27 from mediagoblin
import mg_globals
29 from mediagoblin
.auth
import lib
as auth_lib
30 from mediagoblin
.edit
import forms
31 from mediagoblin
.edit
.lib
import may_edit_media
32 from mediagoblin
.decorators
import require_active_login
, get_user_media_entry
33 from mediagoblin
.tools
.response
import render_to_response
, redirect
34 from mediagoblin
.tools
.translate
import pass_to_ugettext
as _
35 from mediagoblin
.tools
.text
import (
36 clean_html
, convert_to_tag_list_of_dicts
,
37 media_tags_as_string
, cleaned_markdown_conversion
)
38 from mediagoblin
.tools
.licenses
import SUPPORTED_LICENSES
43 def edit_media(request
, media
):
44 if not may_edit_media(request
, media
):
45 return exc
.HTTPForbidden()
50 description
=media
.description
,
51 tags
=media_tags_as_string(media
.tags
),
52 license
=media
.license
)
54 form
= forms
.EditForm(
58 if request
.method
== 'POST' and form
.validate():
59 # Make sure there isn't already a MediaEntry with such a slug
61 existing_user_slug_entries
= request
.db
.MediaEntry
.find(
62 {'slug': request
.POST
['slug'],
63 'uploader': media
.uploader
,
64 '_id': {'$ne': media
._id
}}).count()
66 if existing_user_slug_entries
:
67 form
.slug
.errors
.append(
68 _(u
'An entry with that slug already exists for this user.'))
70 media
.title
= unicode(request
.POST
['title'])
71 media
.description
= unicode(request
.POST
.get('description'))
72 media
.tags
= convert_to_tag_list_of_dicts(
73 request
.POST
.get('tags'))
75 media
.description_html
= cleaned_markdown_conversion(
78 media
.license
= unicode(request
.POST
.get('license', '')) or None
80 media
.slug
= unicode(request
.POST
['slug'])
85 location
=media
.url_for_self(request
.urlgen
))
87 if request
.user
.is_admin \
88 and media
.uploader
!= request
.user
._id \
89 and request
.method
!= 'POST':
91 request
, messages
.WARNING
,
92 _("You are editing another user's media. Proceed with caution."))
94 return render_to_response(
96 'mediagoblin/edit/edit.html',
101 @get_user_media_entry
102 @require_active_login
103 def edit_attachments(request
, media
):
104 if mg_globals
.app_config
['allow_attachments']:
105 form
= forms
.EditAttachmentsForm()
107 # Add any attachements
108 if ('attachment_file' in request
.POST
109 and isinstance(request
.POST
['attachment_file'], FieldStorage
)
110 and request
.POST
['attachment_file'].file):
112 attachment_public_filepath \
113 = mg_globals
.public_store
.get_unique_filepath(
114 ['media_entries', unicode(media
._id
), 'attachment',
115 secure_filename(request
.POST
['attachment_file'].filename
)])
117 attachment_public_file
= mg_globals
.public_store
.get_file(
118 attachment_public_filepath
, 'wb')
121 attachment_public_file
.write(
122 request
.POST
['attachment_file'].file.read())
124 request
.POST
['attachment_file'].file.close()
126 media
['attachment_files'].append(dict(
127 name
=request
.POST
['attachment_name'] \
128 or request
.POST
['attachment_file'].filename
,
129 filepath
=attachment_public_filepath
,
130 created
=datetime
.utcnow(),
135 messages
.add_message(
136 request
, messages
.SUCCESS
,
137 "You added the attachment %s!" \
138 % (request
.POST
['attachment_name']
139 or request
.POST
['attachment_file'].filename
))
141 return exc
.HTTPFound(
142 location
=media
.url_for_self(request
.urlgen
))
143 return render_to_response(
145 'mediagoblin/edit/attachments.html',
149 return exc
.HTTPForbidden()
152 @require_active_login
153 def edit_profile(request
):
154 # admins may edit any user profile given a username in the querystring
155 edit_username
= request
.GET
.get('username')
156 if request
.user
.is_admin
and request
.user
.username
!= edit_username
:
157 user
= request
.db
.User
.find_one({'username': edit_username
})
158 # No need to warn again if admin just submitted an edited profile
159 if request
.method
!= 'POST':
160 messages
.add_message(
161 request
, messages
.WARNING
,
162 _("You are editing a user's profile. Proceed with caution."))
166 form
= forms
.EditProfileForm(request
.POST
,
170 if request
.method
== 'POST' and form
.validate():
171 user
.url
= unicode(request
.POST
['url'])
172 user
.bio
= unicode(request
.POST
['bio'])
174 user
.bio_html
= cleaned_markdown_conversion(user
.bio
)
178 messages
.add_message(request
,
180 _("Profile changes saved"))
181 return redirect(request
,
182 'mediagoblin.user_pages.user_home',
183 user
=user
['username'])
185 return render_to_response(
187 'mediagoblin/edit/edit_profile.html',
192 @require_active_login
193 def edit_account(request
):
194 edit_username
= request
.GET
.get('username')
197 form
= forms
.EditAccountForm(request
.POST
)
199 if request
.method
== 'POST' and form
.validate():
200 password_matches
= auth_lib
.bcrypt_check_password(
201 request
.POST
['old_password'],
204 if (request
.POST
['old_password'] or request
.POST
['new_password']) and not \
206 form
.old_password
.errors
.append(_('Wrong password'))
208 return render_to_response(
210 'mediagoblin/edit/edit_account.html',
215 user
.pw_hash
= auth_lib
.bcrypt_gen_password_hash(
216 request
.POST
['new_password'])
220 messages
.add_message(request
,
222 _("Account settings saved"))
223 return redirect(request
,
224 'mediagoblin.user_pages.user_home',
227 return render_to_response(
229 'mediagoblin/edit/edit_account.html',