X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fdecorators.py;h=4cf14a707505ec22c91f7b99df13d8d5f908b52a;hb=851df6214ee0332eb45282702524934cdb9ebcf7;hp=161d99ffe55a1333fcec866dc870eb615ed4bb32;hpb=af4d0b5cb0de2cbc9dd78a791fd77dab3dbddaa5;p=mediagoblin.git diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 161d99ff..4cf14a70 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -1,5 +1,5 @@ # GNU MediaGoblin -- federated, autonomous media hosting -# Copyright (C) 2011 Free Software Foundation, Inc +# Copyright (C) 2011 MediaGoblin contributors. See AUTHORS. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -17,6 +17,9 @@ from webob import exc +from mediagoblin.tools.response import redirect, render_404 +from mediagoblin.db.util import ObjectId, InvalidId + def _make_safe(decorator, original): """ @@ -33,33 +36,105 @@ def require_active_login(controller): Require an active login from the user. """ def new_controller_func(request, *args, **kwargs): - if not request.user or not request.user.get('status') == u'active': - # TODO: Indicate to the user that they were redirected - # here because an *active* user is required. + if request.user and \ + request.user.get('status') == u'needs_email_verification': + return redirect( + request, 'mediagoblin.user_pages.user_home', + user=request.user.username) + elif not request.user or request.user.get('status') != u'active': return exc.HTTPFound( location="%s?next=%s" % ( request.urlgen("mediagoblin.auth.login"), - request.path_info)) + request.full_path)) return controller(request, *args, **kwargs) return _make_safe(new_controller_func, controller) +def user_may_delete_media(controller): + """ + Require user ownership of the MediaEntry to delete. + """ + def wrapper(request, *args, **kwargs): + uploader_id = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media'])}).uploader + if not (request.user.is_admin or + request.user._id == uploader_id): + return exc.HTTPForbidden() + + return controller(request, *args, **kwargs) + + return _make_safe(wrapper, controller) + + def uses_pagination(controller): """ Check request GET 'page' key for wrong values """ def wrapper(request, *args, **kwargs): try: - page = int(request.str_GET['page']) + page = int(request.GET.get('page', 1)) if page < 0: - return exc.HTTPNotFound() + return render_404(request) except ValueError: - return exc.HTTPNotFound() - except KeyError: - request.str_GET['page'] = 1 + return render_404(request) + + return controller(request, page=page, *args, **kwargs) + + return _make_safe(wrapper, controller) + + +def get_user_media_entry(controller): + """ + Pass in a MediaEntry based off of a url component + """ + def wrapper(request, *args, **kwargs): + user = request.db.User.find_one( + {'username': request.matchdict['user']}) + + if not user: + return render_404(request) + media = request.db.MediaEntry.find_one( + {'slug': request.matchdict['media'], + 'state': 'processed', + 'uploader': user._id}) + + # no media via slug? Grab it via ObjectId + if not media: + try: + media = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media']), + 'state': 'processed', + 'uploader': user._id}) + except InvalidId: + return render_404(request) + + # Still no media? Okay, 404. + if not media: + return render_404(request) + + return controller(request, media=media, *args, **kwargs) + + return _make_safe(wrapper, controller) + + +def get_media_entry_by_id(controller): + """ + Pass in a MediaEntry based off of a url component + """ + def wrapper(request, *args, **kwargs): + try: + media = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media']), + 'state': 'processed'}) + except InvalidId: + return render_404(request) + + # Still no media? Okay, 404. + if not media: + return render_404(request) - return controller(request, *args, **kwargs) + return controller(request, media=media, *args, **kwargs) - return _make_safe(wrapper,controller) + return _make_safe(wrapper, controller)