X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fdecorators.py;h=0eb1361dc0ae4c8c9c669c522dc0a9b3b0dee6c0;hb=325e9bc418b746e5dd281331bfac6f6ac13b045d;hp=161d99ffe55a1333fcec866dc870eb615ed4bb32;hpb=af4d0b5cb0de2cbc9dd78a791fd77dab3dbddaa5;p=mediagoblin.git

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 161d99ff..0eb1361d 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -1,5 +1,5 @@
 # GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -14,52 +14,123 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from functools import wraps
 
 from webob import exc
 
-
-def _make_safe(decorator, original):
-    """
-    Copy the function data from the old function to the decorator.
-    """
-    decorator.__name__ = original.__name__
-    decorator.__dict__ = original.__dict__
-    decorator.__doc__ = original.__doc__
-    return decorator
+from mediagoblin.db.util import ObjectId, InvalidId
+from mediagoblin.tools.response import redirect, render_404
 
 
 def require_active_login(controller):
     """
     Require an active login from the user.
     """
+    @wraps(controller)
     def new_controller_func(request, *args, **kwargs):
-        if not request.user or not request.user.get('status') == u'active':
-            # TODO: Indicate to the user that they were redirected
-            # here because an *active* user is required.
+        if request.user and \
+                request.user.get('status') == u'needs_email_verification':
+            return redirect(
+                request, 'mediagoblin.user_pages.user_home',
+                user=request.user.username)
+        elif not request.user or request.user.get('status') != u'active':
             return exc.HTTPFound(
                 location="%s?next=%s" % (
                     request.urlgen("mediagoblin.auth.login"),
-                    request.path_info))
+                    request.full_path))
 
         return controller(request, *args, **kwargs)
 
-    return _make_safe(new_controller_func, controller)
+    return new_controller_func
+
+
+def user_may_delete_media(controller):
+    """
+    Require user ownership of the MediaEntry to delete.
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        uploader_id = request.db.MediaEntry.find_one(
+            {'_id': ObjectId(request.matchdict['media'])}).uploader
+        if not (request.user.is_admin or
+                request.user._id == uploader_id):
+            return exc.HTTPForbidden()
+
+        return controller(request, *args, **kwargs)
+
+    return wrapper
 
 
 def uses_pagination(controller):
     """
     Check request GET 'page' key for wrong values
     """
+    @wraps(controller)
     def wrapper(request, *args, **kwargs):
         try:
-            page = int(request.str_GET['page'])
+            page = int(request.GET.get('page', 1))
             if page < 0:
-                return exc.HTTPNotFound()
+                return render_404(request)
         except ValueError:
-            return exc.HTTPNotFound()
-        except KeyError:
-            request.str_GET['page'] = 1
+            return render_404(request)
+
+        return controller(request, page=page, *args, **kwargs)
+
+    return wrapper
+
+
+def get_user_media_entry(controller):
+    """
+    Pass in a MediaEntry based off of a url component
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        user = request.db.User.find_one(
+            {'username': request.matchdict['user']})
+
+        if not user:
+            return render_404(request)
+        media = request.db.MediaEntry.find_one(
+            {'slug': request.matchdict['media'],
+             'state': u'processed',
+             'uploader': user._id})
+
+        # no media via slug?  Grab it via ObjectId
+        if not media:
+            try:
+                media = request.db.MediaEntry.find_one(
+                    {'_id': ObjectId(request.matchdict['media']),
+                     'state': u'processed',
+                     'uploader': user._id})
+            except InvalidId:
+                return render_404(request)
+
+            # Still no media?  Okay, 404.
+            if not media:
+                return render_404(request)
+
+        return controller(request, media=media, *args, **kwargs)
+
+    return wrapper
+
+
+def get_media_entry_by_id(controller):
+    """
+    Pass in a MediaEntry based off of a url component
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        try:
+            media = request.db.MediaEntry.find_one(
+                {'_id': ObjectId(request.matchdict['media']),
+                 'state': u'processed'})
+        except InvalidId:
+            return render_404(request)
+
+        # Still no media?  Okay, 404.
+        if not media:
+            return render_404(request)
 
-        return controller(request, *args, **kwargs)    
+        return controller(request, media=media, *args, **kwargs)
 
-    return _make_safe(wrapper,controller)
+    return wrapper