X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fdecorators.py;h=0eb1361dc0ae4c8c9c669c522dc0a9b3b0dee6c0;hb=325e9bc418b746e5dd281331bfac6f6ac13b045d;hp=081eda623f08c0d386d903bfbc9e4234aed4dba4;hpb=3efdd97c2e3e3af3b9c74e6ab217fd57088e9dfa;p=mediagoblin.git

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 081eda62..0eb1361d 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -1,5 +1,5 @@
 # GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -14,110 +14,123 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from functools import wraps
 
 from webob import exc
 
-from mediagoblin.util import redirect
 from mediagoblin.db.util import ObjectId, InvalidId
-
-
-def _make_safe(decorator, original):
-    """
-    Copy the function data from the old function to the decorator.
-    """
-    decorator.__name__ = original.__name__
-    decorator.__dict__ = original.__dict__
-    decorator.__doc__ = original.__doc__
-    return decorator
+from mediagoblin.tools.response import redirect, render_404
 
 
 def require_active_login(controller):
     """
     Require an active login from the user.
     """
+    @wraps(controller)
     def new_controller_func(request, *args, **kwargs):
         if request.user and \
                 request.user.get('status') == u'needs_email_verification':
-            return redirect(request,
-                    'mediagoblin.auth.verify_email_notice')
+            return redirect(
+                request, 'mediagoblin.user_pages.user_home',
+                user=request.user.username)
         elif not request.user or request.user.get('status') != u'active':
             return exc.HTTPFound(
                 location="%s?next=%s" % (
                     request.urlgen("mediagoblin.auth.login"),
-                    request.path_info))
+                    request.full_path))
+
+        return controller(request, *args, **kwargs)
+
+    return new_controller_func
+
+
+def user_may_delete_media(controller):
+    """
+    Require user ownership of the MediaEntry to delete.
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        uploader_id = request.db.MediaEntry.find_one(
+            {'_id': ObjectId(request.matchdict['media'])}).uploader
+        if not (request.user.is_admin or
+                request.user._id == uploader_id):
+            return exc.HTTPForbidden()
 
         return controller(request, *args, **kwargs)
 
-    return _make_safe(new_controller_func, controller)
+    return wrapper
 
 
 def uses_pagination(controller):
     """
     Check request GET 'page' key for wrong values
     """
+    @wraps(controller)
     def wrapper(request, *args, **kwargs):
         try:
             page = int(request.GET.get('page', 1))
             if page < 0:
-                return exc.HTTPNotFound()
+                return render_404(request)
         except ValueError:
-            return exc.HTTPNotFound()
+            return render_404(request)
 
         return controller(request, page=page, *args, **kwargs)
 
-    return _make_safe(wrapper, controller)
+    return wrapper
 
 
 def get_user_media_entry(controller):
     """
     Pass in a MediaEntry based off of a url component
     """
+    @wraps(controller)
     def wrapper(request, *args, **kwargs):
         user = request.db.User.find_one(
             {'username': request.matchdict['user']})
 
         if not user:
-            return exc.HTTPNotFound()
-
+            return render_404(request)
         media = request.db.MediaEntry.find_one(
             {'slug': request.matchdict['media'],
-             'state': 'processed',
-             'uploader': user['_id']})
+             'state': u'processed',
+             'uploader': user._id})
 
         # no media via slug?  Grab it via ObjectId
         if not media:
             try:
                 media = request.db.MediaEntry.find_one(
                     {'_id': ObjectId(request.matchdict['media']),
-                     'state': 'processed',
-                     'uploader': user['_id']})
+                     'state': u'processed',
+                     'uploader': user._id})
             except InvalidId:
-                return exc.HTTPNotFound()
+                return render_404(request)
 
             # Still no media?  Okay, 404.
             if not media:
-                return exc.HTTPNotFound()
+                return render_404(request)
 
         return controller(request, media=media, *args, **kwargs)
 
-    return _make_safe(wrapper, controller)
+    return wrapper
+
 
 def get_media_entry_by_id(controller):
     """
     Pass in a MediaEntry based off of a url component
     """
+    @wraps(controller)
     def wrapper(request, *args, **kwargs):
         try:
             media = request.db.MediaEntry.find_one(
                 {'_id': ObjectId(request.matchdict['media']),
-                 'state': 'processed'})
+                 'state': u'processed'})
         except InvalidId:
-            return exc.HTTPNotFound()
+            return render_404(request)
 
         # Still no media?  Okay, 404.
         if not media:
-            return exc.HTTPNotFound()
+            return render_404(request)
 
         return controller(request, media=media, *args, **kwargs)
 
-    return _make_safe(wrapper, controller)
+    return wrapper