-# GNU MediaGoblin -- federated, autonomous media hosting
+
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
from mediagoblin.decorators import (require_active_login, active_user_from_url,
get_media_entry_by_id, user_may_alter_collection,
get_user_collection, user_has_privilege,
- user_not_banned)
+ user_not_banned, user_may_delete_media)
from mediagoblin.tools.crypto import get_timed_signer_url
from mediagoblin.tools.metadata import (compact_and_validate, DEFAULT_CHECKER,
DEFAULT_SCHEMA)
@get_media_entry_by_id
@require_active_login
def edit_media(request, media):
+ # If media is not processed, return NotFound.
+ if not media.state == u'processed':
+ return render_404(request)
+
if not may_edit_media(request, media):
raise Forbidden("User may not edit this media")
license=media.license)
form = forms.EditForm(
- request.form,
+ request.method=='POST' and request.form or None,
**defaults)
if request.method == 'POST' and form.validate():
return redirect_obj(request, media)
if request.user.has_privilege(u'admin') \
- and media.uploader != request.user.id \
+ and media.actor != request.user.id \
and request.method != 'POST':
messages.add_message(
- request, messages.WARNING,
+ request,
+ messages.WARNING,
_("You are editing another user's media. Proceed with caution."))
return render_to_response(
@get_media_entry_by_id
@require_active_login
def edit_attachments(request, media):
+ # If media is not processed, return NotFound.
+ if not media.state == u'processed':
+ return render_404(request)
+
if mg_globals.app_config['allow_attachments']:
form = forms.EditAttachmentsForm()
media.save()
messages.add_message(
- request, messages.SUCCESS,
- _("You added the attachment %s!") \
- % (form.attachment_name.data
- or request.files['attachment_file'].filename))
+ request,
+ messages.SUCCESS,
+ _("You added the attachment %s!") %
+ (form.attachment_name.data or
+ request.files['attachment_file'].filename))
return redirect(request,
location=media.url_for_self(request.urlgen))
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
- request, messages.WARNING,
+ request,
+ messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
user = url_user
else:
location = user.get_location.name
- form = forms.EditProfileForm(request.form,
+ form = forms.EditProfileForm(
+ request.method == 'POST' and request.form or None,
url=user.url,
bio=user.bio,
location=location)
location = user.get_location
location.name = six.text_type(form.location.data)
location.save()
+ else:
+ user.location = None
user.save()
- messages.add_message(request,
- messages.SUCCESS,
- _("Profile changes saved"))
+ messages.add_message(
+ request,
+ messages.SUCCESS,
+ _("Profile changes saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
@require_active_login
def edit_account(request):
user = request.user
- form = forms.EditAccountForm(request.form,
+ form = forms.EditAccountForm(
+ request.method == 'POST' and request.form or None,
wants_comment_notification=user.wants_comment_notification,
license_preference=user.license_preference,
wants_notifications=user.wants_notifications)
user.license_preference = form.license_preference.data
user.save()
- messages.add_message(request,
- messages.SUCCESS,
- _("Account settings saved"))
+ messages.add_message(
+ request,
+ messages.SUCCESS,
+ _("Account settings saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
else: # Did not check the confirmation box...
messages.add_message(
- request, messages.WARNING,
+ request,
+ messages.WARNING,
_('You need to confirm the deletion of your account.'))
# No POST submission or not confirmed, just show page
description=collection.description)
form = forms.EditCollectionForm(
- request.form,
+ request.method == 'POST' and request.form or None,
**defaults)
if request.method == 'POST' and form.validate():
if existing_collection and existing_collection.id != collection.id:
messages.add_message(
- request, messages.ERROR,
- _('You already have a collection called "%s"!') % \
+ request,
+ messages.ERROR,
+ _('You already have a collection called "%s"!') %
form.title.data)
elif slug_used:
form.slug.errors.append(
and collection.actor != request.user.id \
and request.method != 'POST':
messages.add_message(
- request, messages.WARNING,
- _("You are editing another user's collection. Proceed with caution."))
+ request,
+ messages.WARNING,
+ _("You are editing another user's collection. "
+ "Proceed with caution."))
return render_to_response(
request,
user=user.username)
+@require_active_login
def change_email(request):
""" View to change the user's email """
- form = forms.ChangeEmailForm(request.form)
+ form = forms.ChangeEmailForm(
+ request.method == 'POST' and request.form or None)
user = request.user
# If no password authentication, no need to enter a password
@require_active_login
@get_media_entry_by_id
def edit_metadata(request, media):
- form = forms.EditMetaDataForm(request.form)
+ # If media is not processed, return NotFound.
+ if not media.state == u'processed':
+ return render_404(request)
+
+ form = forms.EditMetaDataForm(
+ request.method == 'POST' and request.form or None)
if request.method == "POST" and form.validate():
metadata_dict = dict([(row['identifier'],row['value'])
for row in form.media_metadata.data])
request,
'mediagoblin/edit/metadata.html',
{'form':form,
- 'media':media})
+ 'media':media})
\ No newline at end of file