# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
+# Copyright (C) 2011 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
from webob import exc
-from mediagoblin.util import redirect, render_404
+from mediagoblin.tools.response import redirect, render_404
from mediagoblin.db.util import ObjectId, InvalidId
return exc.HTTPFound(
location="%s?next=%s" % (
request.urlgen("mediagoblin.auth.login"),
- request.path_info))
+ request.full_path))
return controller(request, *args, **kwargs)
return _make_safe(new_controller_func, controller)
+def user_may_delete_media(controller):
+ """
+ Require user ownership of the MediaEntry to delete.
+ """
+ def wrapper(request, *args, **kwargs):
+ uploader = request.db.MediaEntry.find_one(
+ {'slug': request.matchdict['media'] }).uploader()
+ if not (request.user['is_admin'] or
+ request.user._id == uploader._id):
+ return exc.HTTPForbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
def uses_pagination(controller):
"""
Check request GET 'page' key for wrong values
if not user:
return render_404(request)
-
media = request.db.MediaEntry.find_one(
{'slug': request.matchdict['media'],
'state': 'processed',
- 'uploader': user['_id']})
+ 'uploader': user._id})
# no media via slug? Grab it via ObjectId
if not media:
media = request.db.MediaEntry.find_one(
{'_id': ObjectId(request.matchdict['media']),
'state': 'processed',
- 'uploader': user['_id']})
+ 'uploader': user._id})
except InvalidId:
return render_404(request)
return _make_safe(wrapper, controller)
+
def get_media_entry_by_id(controller):
"""
Pass in a MediaEntry based off of a url component
projects / mediagoblin.git / blobdiff