# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from bson.errors import InvalidId
from webob import exc
-from mediagoblin.db.util import ObjectId
+from mediagoblin.util import redirect, render_404
+from mediagoblin.db.util import ObjectId, InvalidId
def _make_safe(decorator, original):
Require an active login from the user.
"""
def new_controller_func(request, *args, **kwargs):
- if request.user and request.user.get('status') == u'needs_email_verification':
- return exc.HTTPFound(
- location = request.urlgen('mediagoblin.auth.verify_email_notice'))
+ if request.user and \
+ request.user.get('status') == u'needs_email_verification':
+ return redirect(
+ request, 'mediagoblin.user_pages.user_home',
+ user=request.user['username'])
elif not request.user or request.user.get('status') != u'active':
return exc.HTTPFound(
location="%s?next=%s" % (
return _make_safe(new_controller_func, controller)
+def user_may_delete_media(controller):
+ """
+ Require user ownership of the MediaEntry to delete.
+ """
+ def wrapper(request, *args, **kwargs):
+ uploader = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media'])}).uploader()
+ if not (request.user['is_admin'] or
+ request.user['_id'] == uploader['_id']):
+ return exc.HTTPForbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
def uses_pagination(controller):
"""
Check request GET 'page' key for wrong values
try:
page = int(request.GET.get('page', 1))
if page < 0:
- return exc.HTTPNotFound()
+ return render_404(request)
except ValueError:
- return exc.HTTPNotFound()
+ return render_404(request)
return controller(request, page=page, *args, **kwargs)
{'username': request.matchdict['user']})
if not user:
- return exc.HTTPNotFound()
+ return render_404(request)
media = request.db.MediaEntry.find_one(
{'slug': request.matchdict['media'],
'state': 'processed',
'uploader': user['_id']})
except InvalidId:
- return exc.HTTPNotFound()
+ return render_404(request)
# Still no media? Okay, 404.
if not media:
- return exc.HTTPNotFound()
+ return render_404(request)
return controller(request, media=media, *args, **kwargs)
return _make_safe(wrapper, controller)
+
+def get_media_entry_by_id(controller):
+ """
+ Pass in a MediaEntry based off of a url component
+ """
+ def wrapper(request, *args, **kwargs):
+ try:
+ media = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media']),
+ 'state': 'processed'})
+ except InvalidId:
+ return render_404(request)
+
+ # Still no media? Okay, 404.
+ if not media:
+ return render_404(request)
+
+ return controller(request, media=media, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+