-# GNU MediaGoblin -- federated, autonomous media hosting
+
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import six
+
from datetime import datetime
from itsdangerous import BadSignature
+from pyld import jsonld
from werkzeug.exceptions import Forbidden
from werkzeug.utils import secure_filename
+from jsonschema import ValidationError, Draft4Validator
from mediagoblin import messages
from mediagoblin import mg_globals
-from mediagoblin import auth
-from mediagoblin.auth import tools as auth_tools
+from mediagoblin.auth import (check_password,
+ tools as auth_tools)
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
from mediagoblin.decorators import (require_active_login, active_user_from_url,
get_media_entry_by_id, user_may_alter_collection,
- get_user_collection)
+ get_user_collection, user_has_privilege,
+ user_not_banned, user_may_delete_media)
from mediagoblin.tools.crypto import get_timed_signer_url
+from mediagoblin.tools.metadata import (compact_and_validate, DEFAULT_CHECKER,
+ DEFAULT_SCHEMA)
from mediagoblin.tools.mail import email_debug_message
from mediagoblin.tools.response import (render_to_response,
redirect, redirect_obj, render_404)
convert_to_tag_list_of_dicts, media_tags_as_string)
from mediagoblin.tools.url import slugify
from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, LocalUser, Client, AccessToken, Location
import mimetypes
@get_media_entry_by_id
@require_active_login
def edit_media(request, media):
+ # If media is not processed, return NotFound.
+ if not media.state == u'processed':
+ return render_404(request)
+
if not may_edit_media(request, media):
raise Forbidden("User may not edit this media")
license=media.license)
form = forms.EditForm(
- request.form,
+ request.method=='POST' and request.form or None,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a MediaEntry with such a slug
# and userid.
slug = slugify(form.slug.data)
- slug_used = check_media_slug_used(media.uploader, slug, media.id)
+ slug_used = check_media_slug_used(media.actor, slug, media.id)
if slug_used:
form.slug.errors.append(
media.tags = convert_to_tag_list_of_dicts(
form.tags.data)
- media.license = unicode(form.license.data) or None
+ media.license = six.text_type(form.license.data) or None
media.slug = slug
media.save()
return redirect_obj(request, media)
- if request.user.is_admin \
- and media.uploader != request.user.id \
+ if request.user.has_privilege(u'admin') \
+ and media.actor != request.user.id \
and request.method != 'POST':
messages.add_message(
- request, messages.WARNING,
+ request,
+ messages.WARNING,
_("You are editing another user's media. Proceed with caution."))
return render_to_response(
@get_media_entry_by_id
@require_active_login
def edit_attachments(request, media):
+ # If media is not processed, return NotFound.
+ if not media.state == u'processed':
+ return render_404(request)
+
if mg_globals.app_config['allow_attachments']:
form = forms.EditAttachmentsForm()
attachment_public_filepath \
= mg_globals.public_store.get_unique_filepath(
- ['media_entries', unicode(media.id), 'attachment',
+ ['media_entries', six.text_type(media.id), 'attachment',
public_filename])
attachment_public_file = mg_globals.public_store.get_file(
media.save()
messages.add_message(
- request, messages.SUCCESS,
- _("You added the attachment %s!") \
- % (form.attachment_name.data
- or request.files['attachment_file'].filename))
+ request,
+ messages.SUCCESS,
+ _("You added the attachment %s!") %
+ (form.attachment_name.data or
+ request.files['attachment_file'].filename))
return redirect(request,
location=media.url_for_self(request.urlgen))
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
- if not request.user.is_admin:
+ if not request.user.has_privilege(u'admin'):
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
- request, messages.WARNING,
+ request,
+ messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
user = url_user
- form = forms.EditProfileForm(request.form,
+ # Get the location name
+ if user.location is None:
+ location = ""
+ else:
+ location = user.get_location.name
+
+ form = forms.EditProfileForm(
+ request.method == 'POST' and request.form or None,
url=user.url,
- bio=user.bio)
+ bio=user.bio,
+ location=location)
if request.method == 'POST' and form.validate():
- user.url = unicode(form.url.data)
- user.bio = unicode(form.bio.data)
+ user.url = six.text_type(form.url.data)
+ user.bio = six.text_type(form.bio.data)
+
+ # Save location
+ if form.location.data and user.location is None:
+ user.get_location = Location(name=six.text_type(form.location.data))
+ elif form.location.data:
+ location = user.get_location
+ location.name = six.text_type(form.location.data)
+ location.save()
+ else:
+ user.location = None
user.save()
- messages.add_message(request,
- messages.SUCCESS,
- _("Profile changes saved"))
+ messages.add_message(
+ request,
+ messages.SUCCESS,
+ _("Profile changes saved"))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
@require_active_login
def edit_account(request):
user = request.user
- form = forms.EditAccountForm(request.form,
+ form = forms.EditAccountForm(
+ request.method == 'POST' and request.form or None,
wants_comment_notification=user.wants_comment_notification,
- license_preference=user.license_preference)
+ license_preference=user.license_preference,
+ wants_notifications=user.wants_notifications)
if request.method == 'POST' and form.validate():
user.wants_comment_notification = form.wants_comment_notification.data
+ user.wants_notifications = form.wants_notifications.data
user.license_preference = form.license_preference.data
- if form.new_email.data:
- _update_email(request, form, user)
-
- if not form.errors:
- user.save()
- messages.add_message(request,
- messages.SUCCESS,
- _("Account settings saved"))
- return redirect(request,
- 'mediagoblin.user_pages.user_home',
- user=user.username)
+ user.save()
+ messages.add_message(
+ request,
+ messages.SUCCESS,
+ _("Account settings saved"))
+ return redirect(request,
+ 'mediagoblin.user_pages.user_home',
+ user=user.username)
return render_to_response(
request,
{'user': user,
'form': form})
+@require_active_login
+def deauthorize_applications(request):
+ """ Deauthroize OAuth applications """
+ if request.method == 'POST' and "application" in request.form:
+ token = request.form["application"]
+ access_token = AccessToken.query.filter_by(token=token).first()
+ if access_token is None:
+ messages.add_message(
+ request,
+ messages.ERROR,
+ _("Unknown application, not able to deauthorize")
+ )
+ else:
+ access_token.delete()
+ messages.add_message(
+ request,
+ messages.SUCCESS,
+ _("Application has been deauthorized")
+ )
+
+ access_tokens = AccessToken.query.filter_by(actor=request.user.id)
+ applications = [(a.get_requesttoken, a) for a in access_tokens]
+
+ return render_to_response(
+ request,
+ 'mediagoblin/edit/deauthorize_applications.html',
+ {'applications': applications}
+ )
@require_active_login
def delete_account(request):
request.session.delete()
# Delete user account and all related media files etc....
- request.user.delete()
+ user = User.query.filter(User.id==user.id).first()
+ user.delete()
# We should send a message that the user has been deleted
# successfully. But we just deleted the session, so we
else: # Did not check the confirmation box...
messages.add_message(
- request, messages.WARNING,
+ request,
+ messages.WARNING,
_('You need to confirm the deletion of your account.'))
# No POST submission or not confirmed, just show page
description=collection.description)
form = forms.EditCollectionForm(
- request.form,
+ request.method == 'POST' and request.form or None,
**defaults)
if request.method == 'POST' and form.validate():
# Make sure there isn't already a Collection with such a slug
# and userid.
- slug_used = check_collection_slug_used(collection.creator,
+ slug_used = check_collection_slug_used(collection.actor,
form.slug.data, collection.id)
# Make sure there isn't already a Collection with this title
- existing_collection = request.db.Collection.find_one({
- 'creator': request.user.id,
- 'title':form.title.data})
+ existing_collection = request.db.Collection.query.filter_by(
+ actor=request.user.id,
+ title=form.title.data).first()
if existing_collection and existing_collection.id != collection.id:
messages.add_message(
- request, messages.ERROR,
- _('You already have a collection called "%s"!') % \
+ request,
+ messages.ERROR,
+ _('You already have a collection called "%s"!') %
form.title.data)
elif slug_used:
form.slug.errors.append(
_(u'A collection with that slug already exists for this user.'))
else:
- collection.title = unicode(form.title.data)
- collection.description = unicode(form.description.data)
- collection.slug = unicode(form.slug.data)
+ collection.title = six.text_type(form.title.data)
+ collection.description = six.text_type(form.description.data)
+ collection.slug = six.text_type(form.slug.data)
collection.save()
return redirect_obj(request, collection)
- if request.user.is_admin \
- and collection.creator != request.user.id \
+ if request.user.has_privilege(u'admin') \
+ and collection.actor != request.user.id \
and request.method != 'POST':
messages.add_message(
- request, messages.WARNING,
- _("You are editing another user's collection. Proceed with caution."))
+ request,
+ messages.WARNING,
+ _("You are editing another user's collection. "
+ "Proceed with caution."))
return render_to_response(
request,
'form': form})
-@require_active_login
-def change_pass(request):
- # If no password authentication, no need to change your password
- if 'pass_auth' not in request.template_env.globals:
- return redirect(request, 'index')
-
- form = forms.ChangePassForm(request.form)
- user = request.user
-
- if request.method == 'POST' and form.validate():
-
- if not auth.check_password(
- form.old_password.data, user.pw_hash):
- form.old_password.errors.append(
- _('Wrong password'))
-
- return render_to_response(
- request,
- 'mediagoblin/edit/change_pass.html',
- {'form': form,
- 'user': user})
-
- # Password matches
- user.pw_hash = auth.gen_password_hash(
- form.new_password.data)
- user.save()
-
- messages.add_message(
- request, messages.SUCCESS,
- _('Your password was changed successfully'))
-
- return redirect(request, 'mediagoblin.edit.account')
-
- return render_to_response(
- request,
- 'mediagoblin/edit/change_pass.html',
- {'form': form,
- 'user': user})
-
-
def verify_email(request):
"""
Email verification view for changing email address
user=user.username)
-def _update_email(request, form, user):
- new_email = form.new_email.data
- users_with_email = User.query.filter_by(
- email=new_email).count()
-
- if users_with_email:
- form.new_email.errors.append(
- _('Sorry, a user with that email address'
- ' already exists.'))
-
- elif not users_with_email:
- verification_key = get_timed_signer_url(
- 'mail_verification_token').dumps({
- 'user': user.id,
- 'email': new_email})
-
- rendered_email = render_template(
- request, 'mediagoblin/edit/verification.txt',
- {'username': user.username,
- 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
- uri=request.urlgen('mediagoblin.edit.verify_email',
- qualified=True),
- verification_key=verification_key)})
-
- email_debug_message(request)
- auth_tools.send_verification_email(user, request, new_email,
- rendered_email)
+@require_active_login
+def change_email(request):
+ """ View to change the user's email """
+ form = forms.ChangeEmailForm(
+ request.method == 'POST' and request.form or None)
+ user = request.user
+
+ # If no password authentication, no need to enter a password
+ if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
+ form.__delitem__('password')
+
+ if request.method == 'POST' and form.validate():
+ new_email = form.new_email.data
+ users_with_email = User.query.filter(
+ LocalUser.email==new_email
+ ).count()
+
+ if users_with_email:
+ form.new_email.errors.append(
+ _('Sorry, a user with that email address'
+ ' already exists.'))
+
+ if form.password and user.pw_hash and not check_password(
+ form.password.data, user.pw_hash):
+ form.password.errors.append(
+ _('Wrong password'))
+
+ if not form.errors:
+ verification_key = get_timed_signer_url(
+ 'mail_verification_token').dumps({
+ 'user': user.id,
+ 'email': new_email})
+
+ rendered_email = render_template(
+ request, 'mediagoblin/edit/verification.txt',
+ {'username': user.username,
+ 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+ uri=request.urlgen('mediagoblin.edit.verify_email',
+ qualified=True),
+ verification_key=verification_key)})
+
+ email_debug_message(request)
+ auth_tools.send_verification_email(user, request, new_email,
+ rendered_email)
+
+ return redirect(request, 'mediagoblin.edit.account')
+
+ return render_to_response(
+ request,
+ 'mediagoblin/edit/change_email.html',
+ {'form': form,
+ 'user': user})
+
+@user_has_privilege(u'admin')
+@require_active_login
+@get_media_entry_by_id
+def edit_metadata(request, media):
+ # If media is not processed, return NotFound.
+ if not media.state == u'processed':
+ return render_404(request)
+
+ form = forms.EditMetaDataForm(
+ request.method == 'POST' and request.form or None)
+ if request.method == "POST" and form.validate():
+ metadata_dict = dict([(row['identifier'],row['value'])
+ for row in form.media_metadata.data])
+ json_ld_metadata = None
+ json_ld_metadata = compact_and_validate(metadata_dict)
+ media.media_metadata = json_ld_metadata
+ media.save()
+ return redirect_obj(request, media)
+
+ if len(form.media_metadata) == 0:
+ for identifier, value in six.iteritems(media.media_metadata):
+ if identifier == "@context": continue
+ form.media_metadata.append_entry({
+ 'identifier':identifier,
+ 'value':value})
+
+ return render_to_response(
+ request,
+ 'mediagoblin/edit/metadata.html',
+ {'form':form,
+ 'media':media})
\ No newline at end of file