use href='javascript:;' instead of href='#notifications', etc

[mediagoblin.git] / mediagoblin / decorators.py

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index ad36f37628f9840f4e12316a340a85f6ee0e5eef..685d0d98205e3a11908671e9c2177c273a86a8c1 100644 (file)
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -26,8 +26,8 @@ from mediagoblin.db.models import MediaEntry, User
 from mediagoblin.tools.response import json_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 
-from mediagoblin.federation.tools.request import decode_authorization_header
-from mediagoblin.federation.oauth import GMGRequestValidator
+from mediagoblin.oauth.tools.request import decode_authorization_header
+from mediagoblin.oauth.oauth import GMGRequestValidator
 
 def require_active_login(controller):
     """
@@ -90,8 +90,8 @@ def user_may_alter_collection(controller):
     """
     @wraps(controller)
     def wrapper(request, *args, **kwargs):
-        creator_id = request.db.User.find_one(
-            {'username': request.matchdict['user']}).id
+        creator_id = request.db.User.query.filter_by(
+            username=request.matchdict['user']).first().id
         if not (request.user.is_admin or
                 request.user.id == creator_id):
             raise Forbidden()
@@ -165,15 +165,15 @@ def get_user_collection(controller):
     """
     @wraps(controller)
     def wrapper(request, *args, **kwargs):
-        user = request.db.User.find_one(
-            {'username': request.matchdict['user']})
+        user = request.db.User.query.filter_by(
+            username=request.matchdict['user']).first()
 
         if not user:
             return render_404(request)
 
-        collection = request.db.Collection.find_one(
-            {'slug': request.matchdict['collection'],
-             'creator': user.id})
+        collection = request.db.Collection.query.filter_by(
+            slug=request.matchdict['collection'],
+            creator=user.id).first()
 
         # Still no collection?  Okay, 404.
         if not collection:
@@ -190,14 +190,14 @@ def get_user_collection_item(controller):
     """
     @wraps(controller)
     def wrapper(request, *args, **kwargs):
-        user = request.db.User.find_one(
-            {'username': request.matchdict['user']})
+        user = request.db.User.query.filter_by(
+            username=request.matchdict['user']).first()
 
         if not user:
             return render_404(request)
 
-        collection_item = request.db.CollectionItem.find_one(
-            {'id': request.matchdict['collection_item'] })
+        collection_item = request.db.CollectionItem.query.filter_by(
+            id=request.matchdict['collection_item']).first()
 
         # Still no collection item?  Okay, 404.
         if not collection_item:
@@ -292,8 +292,10 @@ def oauth_required(controller):
                 body=request.get_data(),
                 headers=dict(request.headers),
                 )
-        #print "[VALID] %s" % valid
-        #print "[REQUEST] %s" % request
+
+        if not valid:
+            error = "Invalid oauth prarameter."
+            return json_response({"error": error}, status=400)
 
         return controller(request, *args, **kwargs)