+
+
+def user_may_delete_media(controller):
+ """
+ Require user ownership of the MediaEntry to delete.
+ """
+ def wrapper(request, *args, **kwargs):
+ uploader_id = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media'])}).uploader
+ if not (request.user.is_admin or
+ request.user._id == uploader_id):
+ return exc.HTTPForbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
+def uses_pagination(controller):
+ """
+ Check request GET 'page' key for wrong values
+ """
+ def wrapper(request, *args, **kwargs):
+ try:
+ page = int(request.GET.get('page', 1))
+ if page < 0:
+ return render_404(request)
+ except ValueError:
+ return render_404(request)
+
+ return controller(request, page=page, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
+def get_user_media_entry(controller):
+ """
+ Pass in a MediaEntry based off of a url component
+ """
+ def wrapper(request, *args, **kwargs):
+ user = request.db.User.find_one(
+ {'username': request.matchdict['user']})
+
+ if not user:
+ return render_404(request)
+ media = request.db.MediaEntry.find_one(
+ {'slug': request.matchdict['media'],
+ 'state': 'processed',
+ 'uploader': user._id})
+
+ # no media via slug? Grab it via ObjectId
+ if not media:
+ try:
+ media = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media']),
+ 'state': 'processed',
+ 'uploader': user._id})
+ except InvalidId:
+ return render_404(request)
+
+ # Still no media? Okay, 404.
+ if not media:
+ return render_404(request)
+
+ return controller(request, media=media, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
+def get_media_entry_by_id(controller):
+ """
+ Pass in a MediaEntry based off of a url component
+ """
+ def wrapper(request, *args, **kwargs):
+ try:
+ media = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media']),
+ 'state': 'processed'})
+ except InvalidId:
+ return render_404(request)
+
+ # Still no media? Okay, 404.
+ if not media:
+ return render_404(request)
+
+ return controller(request, media=media, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)