X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=mediagoblin%2Fdecorators.py;h=804fab7e17e3c3cd8d89d9528feeb84061bb86b9;hb=a89df96132a897b1ac31da8719cd6dc0d621cc13;hp=e45d327266e03cbe740903963e2fd02478e67ce6;hpb=059eaee4dfa40e3c2e67b7d638f49955b68d9c31;p=mediagoblin.git diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index e45d3272..804fab7e 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -17,11 +17,11 @@ from functools import wraps from urlparse import urljoin -from werkzeug.exceptions import Forbidden +from werkzeug.exceptions import Forbidden, NotFound from werkzeug.urls import url_quote -from mediagoblin.db.util import ObjectId, InvalidId -from mediagoblin.db.sql.models import User +from mediagoblin import mg_globals as mgg +from mediagoblin.db.models import MediaEntry, User from mediagoblin.tools.response import redirect, render_404 @@ -70,11 +70,10 @@ def user_may_delete_media(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - uploader_id = request.db.MediaEntry.find_one( - {'id': ObjectId(request.matchdict['media'])}).uploader + uploader_id = kwargs['media'].uploader if not (request.user.is_admin or request.user.id == uploader_id): - return Forbidden() + raise Forbidden() return controller(request, *args, **kwargs) @@ -91,7 +90,7 @@ def user_may_alter_collection(controller): {'username': request.matchdict['user']}).id if not (request.user.is_admin or request.user.id == creator_id): - return Forbidden() + raise Forbidden() return controller(request, *args, **kwargs) @@ -122,29 +121,29 @@ def get_user_media_entry(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - user = request.db.User.find_one( - {'username': request.matchdict['user']}) - + user = User.query.filter_by(username=request.matchdict['user']).first() if not user: - return render_404(request) - media = request.db.MediaEntry.find_one( - {'slug': request.matchdict['media'], - 'state': u'processed', - 'uploader': user.id}) + raise NotFound() + + media = MediaEntry.query.filter_by( + slug = request.matchdict['media'], + state = u'processed', + uploader = user.id).first() - # no media via slug? Grab it via ObjectId if not media: + # no media via slug? Grab it via object id try: - media = request.db.MediaEntry.find_one( - {'id': ObjectId(request.matchdict['media']), - 'state': u'processed', - 'uploader': user.id}) - except InvalidId: - return render_404(request) + media = MediaEntry.query.filter_by( + id = int(request.matchdict['media']), + state = u'processed', + uploader = user.id).first() + except ValueError: + # media "id" was no int + raise NotFound() - # Still no media? Okay, 404. - if not media: - return render_404(request) + if not media: + # no media by that id? Okay, 404. + raise NotFound() return controller(request, media=media, *args, **kwargs) @@ -210,17 +209,28 @@ def get_media_entry_by_id(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - try: - media = request.db.MediaEntry.find_one( - {'id': ObjectId(request.matchdict['media']), - 'state': u'processed'}) - except InvalidId: - return render_404(request) - + media = MediaEntry.query.filter_by( + id=request.matchdict['media_id'], + state=u'processed').first() # Still no media? Okay, 404. if not media: return render_404(request) + given_username = request.matchdict.get('user') + if given_username and (given_username != media.get_uploader.username): + return render_404(request) + return controller(request, media=media, *args, **kwargs) return wrapper + + +def get_workbench(func): + """Decorator, passing in a workbench as kwarg which is cleaned up afterwards""" + + @wraps(func) + def new_func(*args, **kwargs): + with mgg.workbench_manager.create() as workbench: + return func(*args, workbench=workbench, **kwargs) + + return new_func