X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fdecorators.py;h=f1b5d2295877205c521ffaac1dcc16d8cfa8519a;hb=7a4c0126dfb9be8756b0d40110a7b76d39e63543;hp=bc12d61c2e28a7644ef83e3264dcb334cf22490d;hpb=bcec749b52c287a6d361fd06bfbd833e03e5b478;p=mediagoblin.git diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index bc12d61c..f1b5d229 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -15,10 +15,10 @@ # along with this program. If not, see . -from bson.errors import InvalidId from webob import exc -from mediagoblin.db.util import ObjectId +from mediagoblin.util import redirect, render_404 +from mediagoblin.db.util import ObjectId, InvalidId def _make_safe(decorator, original): @@ -36,9 +36,11 @@ def require_active_login(controller): Require an active login from the user. """ def new_controller_func(request, *args, **kwargs): - if request.user and request.user.get('status') == u'needs_email_verification': - return exc.HTTPFound( - location = request.urlgen('mediagoblin.auth.verify_email_notice')) + if request.user and \ + request.user.get('status') == u'needs_email_verification': + return redirect( + request, 'mediagoblin.user_pages.user_home', + user=request.user['username']) elif not request.user or request.user.get('status') != u'active': return exc.HTTPFound( location="%s?next=%s" % ( @@ -50,6 +52,22 @@ def require_active_login(controller): return _make_safe(new_controller_func, controller) +def user_may_delete_media(controller): + """ + Require user ownership of the MediaEntry to delete. + """ + def wrapper(request, *args, **kwargs): + uploader = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media'])}).uploader() + if not (request.user['is_admin'] or + request.user['_id'] == uploader['_id']): + return exc.HTTPForbidden() + + return controller(request, *args, **kwargs) + + return _make_safe(wrapper, controller) + + def uses_pagination(controller): """ Check request GET 'page' key for wrong values @@ -58,9 +76,9 @@ def uses_pagination(controller): try: page = int(request.GET.get('page', 1)) if page < 0: - return exc.HTTPNotFound() + return render_404(request) except ValueError: - return exc.HTTPNotFound() + return render_404(request) return controller(request, page=page, *args, **kwargs) @@ -76,7 +94,7 @@ def get_user_media_entry(controller): {'username': request.matchdict['user']}) if not user: - return exc.HTTPNotFound() + return render_404(request) media = request.db.MediaEntry.find_one( {'slug': request.matchdict['media'], @@ -91,12 +109,33 @@ def get_user_media_entry(controller): 'state': 'processed', 'uploader': user['_id']}) except InvalidId: - return exc.HTTPNotFound() + return render_404(request) # Still no media? Okay, 404. if not media: - return exc.HTTPNotFound() + return render_404(request) return controller(request, media=media, *args, **kwargs) return _make_safe(wrapper, controller) + +def get_media_entry_by_id(controller): + """ + Pass in a MediaEntry based off of a url component + """ + def wrapper(request, *args, **kwargs): + try: + media = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media']), + 'state': 'processed'}) + except InvalidId: + return render_404(request) + + # Still no media? Okay, 404. + if not media: + return render_404(request) + + return controller(request, media=media, *args, **kwargs) + + return _make_safe(wrapper, controller) +