# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from webob import exc
from cgi import FieldStorage
from datetime import datetime
+from werkzeug.exceptions import Forbidden
from werkzeug.utils import secure_filename
from mediagoblin import messages
from mediagoblin.auth import lib as auth_lib
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
-from mediagoblin.decorators import require_active_login, get_user_media_entry, \
- user_may_alter_collection, get_user_collection
+from mediagoblin.decorators import (require_active_login, active_user_from_url,
+ get_media_entry_by_id,
+ get_user_media_entry, user_may_alter_collection, get_user_collection)
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.text import (
convert_to_tag_list_of_dicts, media_tags_as_string)
+from mediagoblin.tools.url import slugify
from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used
import mimetypes
-@get_user_media_entry
+@get_media_entry_by_id
@require_active_login
def edit_media(request, media):
if not may_edit_media(request, media):
- return exc.HTTPForbidden()
+ raise Forbidden("User may not edit this media")
defaults = dict(
title=media.title,
if request.method == 'POST' and form.validate():
# Make sure there isn't already a MediaEntry with such a slug
# and userid.
- slug_used = check_media_slug_used(request.db, media.uploader,
- request.form['slug'], media.id)
+ slug = slugify(request.form['slug'])
+ slug_used = check_media_slug_used(media.uploader, slug, media.id)
if slug_used:
form.slug.errors.append(
_(u'An entry with that slug already exists for this user.'))
else:
- media.title = unicode(request.form['title'])
- media.description = unicode(request.form.get('description'))
+ media.title = request.form['title']
+ media.description = request.form.get('description')
media.tags = convert_to_tag_list_of_dicts(
request.form.get('tags'))
media.license = unicode(request.form.get('license', '')) or None
-
- media.slug = unicode(request.form['slug'])
-
+ media.slug = slug
media.save()
- return exc.HTTPFound(
- location=media.url_for_self(request.urlgen))
+ return redirect(request,
+ location=media.url_for_self(request.urlgen))
if request.user.is_admin \
- and media.uploader != request.user._id \
+ and media.uploader != request.user.id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
attachment_public_filepath \
= mg_globals.public_store.get_unique_filepath(
- ['media_entries', unicode(media._id), 'attachment',
+ ['media_entries', unicode(media.id), 'attachment',
public_filename])
attachment_public_file = mg_globals.public_store.get_file(
messages.add_message(
request, messages.SUCCESS,
- "You added the attachment %s!" \
+ _("You added the attachment %s!") \
% (request.form['attachment_name']
or request.files['attachment_file'].filename))
- return exc.HTTPFound(
- location=media.url_for_self(request.urlgen))
+ return redirect(request,
+ location=media.url_for_self(request.urlgen))
return render_to_response(
request,
'mediagoblin/edit/attachments.html',
{'media': media,
'form': form})
else:
- return exc.HTTPForbidden()
+ raise Forbidden("Attachments are disabled")
+
+@require_active_login
+def legacy_edit_profile(request):
+ """redirect the old /edit/profile/?username=USER to /u/USER/edit/"""
+ username = request.GET.get('username') or request.user.username
+ return redirect(request, 'mediagoblin.edit.profile', user=username)
@require_active_login
-def edit_profile(request):
- # admins may edit any user profile given a username in the querystring
- edit_username = request.GET.get('username')
- if request.user.is_admin and request.user.username != edit_username:
- user = request.db.User.find_one({'username': edit_username})
+@active_user_from_url
+def edit_profile(request, url_user=None):
+ # admins may edit any user profile
+ if request.user.username != url_user.username:
+ if not request.user.is_admin:
+ raise Forbidden(_("You can only edit your own profile."))
+
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
- else:
- user = request.user
+
+ user = url_user
form = forms.EditProfileForm(request.form,
- url=user.get('url'),
- bio=user.get('bio'))
+ url=user.url,
+ bio=user.bio)
if request.method == 'POST' and form.validate():
user.url = unicode(request.form['url'])
def edit_account(request):
user = request.user
form = forms.EditAccountForm(request.form,
- wants_comment_notification=user.get('wants_comment_notification'))
+ wants_comment_notification=user.wants_comment_notification,
+ license_preference=user.license_preference)
if request.method == 'POST':
form_validated = form.validate()
- #if the user has not filled in the new or old password fields
- if not form.new_password.data and not form.old_password.data:
- if form.wants_comment_notification.validate(form):
- user.wants_comment_notification = \
- form.wants_comment_notification.data
- user.save()
- messages.add_message(request,
- messages.SUCCESS,
- _("Account settings saved"))
- return redirect(request,
- 'mediagoblin.user_pages.user_home',
- user=user.username)
-
- #so the user has filled in one or both of the password fields
- else:
- if form_validated:
- password_matches = auth_lib.bcrypt_check_password(
- form.old_password.data,
- user.pw_hash)
- if password_matches:
- #the entire form validates and the password matches
- user.pw_hash = auth_lib.bcrypt_gen_password_hash(
- form.new_password.data)
- user.wants_comment_notification = \
- form.wants_comment_notification.data
- user.save()
- messages.add_message(request,
- messages.SUCCESS,
- _("Account settings saved"))
- return redirect(request,
- 'mediagoblin.user_pages.user_home',
- user=user.username)
- else:
- form.old_password.errors.append(_('Wrong password'))
+ if form_validated and \
+ form.wants_comment_notification.validate(form):
+ user.wants_comment_notification = \
+ form.wants_comment_notification.data
+
+ if form_validated and \
+ form.new_password.data or form.old_password.data:
+ password_matches = auth_lib.bcrypt_check_password(
+ form.old_password.data,
+ user.pw_hash)
+ if password_matches:
+ #the entire form validates and the password matches
+ user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+ form.new_password.data)
+ else:
+ form.old_password.errors.append(_('Wrong password'))
+
+ if form_validated and \
+ form.license_preference.validate(form):
+ user.license_preference = \
+ form.license_preference.data
+
+ if form_validated and not form.errors:
+ user.save()
+ messages.add_message(request,
+ messages.SUCCESS,
+ _("Account settings saved"))
+ return redirect(request,
+ 'mediagoblin.user_pages.user_home',
+ user=user.username)
return render_to_response(
request,
'form': form})
+@require_active_login
+def delete_account(request):
+ """Delete a user completely"""
+ user = request.user
+ if request.method == 'POST':
+ if request.form.get(u'confirmed'):
+ # Form submitted and confirmed. Actually delete the user account
+ # Log out user and delete cookies etc.
+ # TODO: Should we be using MG.auth.views.py:logout for this?
+ request.session.delete()
+
+ # Delete user account and all related media files etc....
+ request.user.delete()
+
+ # We should send a message that the user has been deleted
+ # successfully. But we just deleted the session, so we
+ # can't...
+ return redirect(request, 'index')
+
+ else: # Did not check the confirmation box...
+ messages.add_message(
+ request, messages.WARNING,
+ _('You need to confirm the deletion of your account.'))
+
+ # No POST submission or not confirmed, just show page
+ return render_to_response(
+ request,
+ 'mediagoblin/edit/delete_account.html',
+ {'user': user})
+
+
@require_active_login
@user_may_alter_collection
@get_user_collection
# Make sure there isn't already a Collection with this title
existing_collection = request.db.Collection.find_one({
- 'creator': request.user._id,
+ 'creator': request.user.id,
'title':request.form['title']})
if existing_collection and existing_collection.id != collection.id:
collection=collection.slug)
if request.user.is_admin \
- and collection.creator != request.user._id \
+ and collection.creator != request.user.id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
projects / mediagoblin.git / blobdiff