from functools import wraps
-from urlparse import urljoin
from werkzeug.exceptions import Forbidden, NotFound
from oauthlib.oauth1 import ResourceEndpoint
+from six.moves.urllib.parse import urljoin
+
from mediagoblin import mg_globals as mgg
from mediagoblin import messages
from mediagoblin.db.models import MediaEntry, User, MediaComment, AccessToken
return new_controller_func
-def user_has_privilege(privilege_name):
+def user_has_privilege(privilege_name, allow_admin=True):
"""
Requires that a user have a particular privilege in order to access a page.
In order to require that a user have multiple privileges, use this
the privilege object. This object is
the name of the privilege, as assigned
in the Privilege.privilege_name column
+
+ :param allow_admin If this is true then if the user is an admin
+ it will allow the user even if the user doesn't
+ have the privilage given in privilage_name.
"""
def user_has_privilege_decorator(controller):
@wraps(controller)
@require_active_login
def wrapper(request, *args, **kwargs):
- user_id = request.user.id
- if not request.user.has_privilege(privilege_name):
+ if not request.user.has_privilege(privilege_name, allow_admin):
raise Forbidden()
return controller(request, *args, **kwargs)
@wraps(controller)
def new_controller_func(request, *args, **kwargs):
if request.user and \
- not request.user.has_privilege(u'admin',u'moderator'):
+ not (request.user.has_privilege(u'admin')
+ or request.user.has_privilege(u'moderator')):
raise Forbidden()
elif not request.user: