from werkzeug.wrappers import BaseResponse
from mediagoblin.meddleware.csrf import csrf_exempt
-from mediagoblin.auth.lib import fake_login_attempt
+from mediagoblin.auth.tools import check_login_simple
from mediagoblin.media_types import sniff_media
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media, new_upload_entry
def pwg_login(request):
username = request.form.get("username")
password = request.form.get("password")
- user = request.db.User.query.filter_by(username=username).first()
+ user = check_login_simple(username, password)
if not user:
- _log.info("User %r not found", username)
- fake_login_attempt()
return PwgError(999, 'Invalid username/password')
- if not user.check_login(password):
- _log.warn("Wrong password for %r", username)
- return PwgError(999, 'Invalid username/password')
- _log.info("Logging %r in", username)
request.session["user_id"] = user.id
request.session.save()
return True
@CmdTable("pwg.categories.getList")
def pwg_categories_getList(request):
- collections = Collection.query.filter_by(
- get_creator=request.user).order_by(Collection.title)
-
catlist = [{'id': -29711,
'uppercats': "-29711",
'name': "All my images"}]
- for c in collections:
- catlist.append({'id': c.id,
- 'uppercats': str(c.id),
- 'name': c.title,
- 'comment': c.description
- })
+ if request.user:
+ collections = Collection.query.filter_by(
+ get_creator=request.user).order_by(Collection.title)
+
+ for c in collections:
+ catlist.append({'id': c.id,
+ 'uppercats': str(c.id),
+ 'name': c.title,
+ 'comment': c.description
+ })
return {
'categories': PwgNamedArray(
dump = []
for f in form:
dump.append("%s=%r" % (f.name, f.data))
- _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
+ _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
request.files)
if not check_file_field(request, 'image'):
collection_id = form.category.data
if collection_id > 0:
collection = Collection.query.get(collection_id)
- add_media_to_collection(collection, entry, "")
+ if collection is not None and collection.creator == request.user.id:
+ add_media_to_collection(collection, entry, "")
return {'image_id': entry.id, 'url': entry.url_for_self(request.urlgen,
qualified=True)}