Merge commit 'refs/merge-requests/55' of git://gitorious.org/mediagoblin/mediagoblin...

[mediagoblin.git] / mediagoblin / plugins / piwigo / views.py

diff --git a/mediagoblin/plugins/piwigo/views.py b/mediagoblin/plugins/piwigo/views.py
index c348fd54be21a2800e27f5aa8a2b4ad87a1c5664..ca723189416f1f7cfc910d858409f85cdd437e32 100644 (file)
--- a/mediagoblin/plugins/piwigo/views.py
+++ b/mediagoblin/plugins/piwigo/views.py
@@ -23,7 +23,7 @@ from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
 from werkzeug.wrappers import BaseResponse
 
 from mediagoblin.meddleware.csrf import csrf_exempt
-from mediagoblin.auth.lib import fake_login_attempt
+from mediagoblin.auth.tools import check_login_simple
 from mediagoblin.media_types import sniff_media
 from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
     run_process_media, new_upload_entry
@@ -43,15 +43,9 @@ _log = logging.getLogger(__name__)
 def pwg_login(request):
     username = request.form.get("username")
     password = request.form.get("password")
-    user = request.db.User.query.filter_by(username=username).first()
+    user = check_login_simple(username, password)
     if not user:
-        _log.info("User %r not found", username)
-        fake_login_attempt()
         return PwgError(999, 'Invalid username/password')
-    if not user.check_login(password):
-        _log.warn("Wrong password for %r", username)
-        return PwgError(999, 'Invalid username/password')
-    _log.info("Logging %r in", username)
     request.session["user_id"] = user.id
     request.session.save()
     return True
@@ -80,19 +74,20 @@ def pwg_session_getStatus(request):
 
 @CmdTable("pwg.categories.getList")
 def pwg_categories_getList(request):
-    collections = Collection.query.filter_by(
-        get_creator=request.user).order_by(Collection.title)
-
     catlist = [{'id': -29711,
                 'uppercats': "-29711",
                 'name': "All my images"}]
 
-    for c in collections:
-        catlist.append({'id': c.id,
-                        'uppercats': str(c.id),
-                        'name': c.title,
-                        'comment': c.description
-                        })
+    if request.user:
+        collections = Collection.query.filter_by(
+            get_creator=request.user).order_by(Collection.title)
+
+        for c in collections:
+            catlist.append({'id': c.id,
+                            'uppercats': str(c.id),
+                            'name': c.title,
+                            'comment': c.description
+                            })
 
     return {
           'categories': PwgNamedArray(
@@ -125,7 +120,7 @@ def pwg_images_addSimple(request):
     dump = []
     for f in form:
         dump.append("%s=%r" % (f.name, f.data))
-    _log.info("addSimple: %r %s %r", request.form, " ".join(dump), 
+    _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
               request.files)
 
     if not check_file_field(request, 'image'):
@@ -178,7 +173,8 @@ def pwg_images_addSimple(request):
     collection_id = form.category.data
     if collection_id > 0:
         collection = Collection.query.get(collection_id)
-        add_media_to_collection(collection, entry, "")
+        if collection is not None and collection.creator == request.user.id:
+            add_media_to_collection(collection, entry, "")
 
     return {'image_id': entry.id, 'url': entry.url_for_self(request.urlgen,
                                                             qualified=True)}