X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fedit%2Fviews.py;h=17e37c50193cb0fb272e384cc7c9a63d867743d5;hb=6a3fe50e8fde11f952df671446e13091369cebc3;hp=80590875680379d29baea9a67d579d9fa4f99df9;hpb=408aa9cf3b29d778eb7594e4de1720a6bb158024;p=mediagoblin.git diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 80590875..17e37c50 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -14,11 +14,15 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import six + from datetime import datetime from itsdangerous import BadSignature +from pyld import jsonld from werkzeug.exceptions import Forbidden from werkzeug.utils import secure_filename +from jsonschema import ValidationError, Draft4Validator from mediagoblin import messages from mediagoblin import mg_globals @@ -29,8 +33,11 @@ from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import (require_active_login, active_user_from_url, get_media_entry_by_id, user_may_alter_collection, - get_user_collection) + get_user_collection, user_has_privilege, + user_not_banned, path_subtitle, user_may_delete_media) from mediagoblin.tools.crypto import get_timed_signer_url +from mediagoblin.tools.metadata import (compact_and_validate, DEFAULT_CHECKER, + DEFAULT_SCHEMA) from mediagoblin.tools.mail import email_debug_message from mediagoblin.tools.response import (render_to_response, redirect, redirect_obj, render_404) @@ -40,7 +47,7 @@ from mediagoblin.tools.text import ( convert_to_tag_list_of_dicts, media_tags_as_string) from mediagoblin.tools.url import slugify from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used -from mediagoblin.db.models import User +from mediagoblin.db.models import User, LocalUser, Client, AccessToken, Location import mimetypes @@ -66,7 +73,7 @@ def edit_media(request, media): # Make sure there isn't already a MediaEntry with such a slug # and userid. slug = slugify(form.slug.data) - slug_used = check_media_slug_used(media.uploader, slug, media.id) + slug_used = check_media_slug_used(media.actor, slug, media.id) if slug_used: form.slug.errors.append( @@ -77,17 +84,18 @@ def edit_media(request, media): media.tags = convert_to_tag_list_of_dicts( form.tags.data) - media.license = unicode(form.license.data) or None + media.license = six.text_type(form.license.data) or None media.slug = slug media.save() return redirect_obj(request, media) if request.user.has_privilege(u'admin') \ - and media.uploader != request.user.id \ + and media.actor != request.user.id \ and request.method != 'POST': messages.add_message( - request, messages.WARNING, + request, + messages.WARNING, _("You are editing another user's media. Proceed with caution.")) return render_to_response( @@ -135,7 +143,7 @@ def edit_attachments(request, media): attachment_public_filepath \ = mg_globals.public_store.get_unique_filepath( - ['media_entries', unicode(media.id), 'attachment', + ['media_entries', six.text_type(media.id), 'attachment', public_filename]) attachment_public_file = mg_globals.public_store.get_file( @@ -157,10 +165,11 @@ def edit_attachments(request, media): media.save() messages.add_message( - request, messages.SUCCESS, - _("You added the attachment %s!") \ - % (form.attachment_name.data - or request.files['attachment_file'].filename)) + request, + messages.SUCCESS, + _("You added the attachment %s!") % + (form.attachment_name.data or + request.files['attachment_file'].filename)) return redirect(request, location=media.url_for_self(request.urlgen)) @@ -190,24 +199,41 @@ def edit_profile(request, url_user=None): # No need to warn again if admin just submitted an edited profile if request.method != 'POST': messages.add_message( - request, messages.WARNING, + request, + messages.WARNING, _("You are editing a user's profile. Proceed with caution.")) user = url_user + # Get the location name + if user.location is None: + location = "" + else: + location = user.get_location.name + form = forms.EditProfileForm(request.form, url=user.url, - bio=user.bio) + bio=user.bio, + location=location) if request.method == 'POST' and form.validate(): - user.url = unicode(form.url.data) - user.bio = unicode(form.bio.data) + user.url = six.text_type(form.url.data) + user.bio = six.text_type(form.bio.data) + + # Save location + if form.location.data and user.location is None: + user.get_location = Location(name=six.text_type(form.location.data)) + elif form.location.data: + location = user.get_location + location.name = six.text_type(form.location.data) + location.save() user.save() - messages.add_message(request, - messages.SUCCESS, - _("Profile changes saved")) + messages.add_message( + request, + messages.SUCCESS, + _("Profile changes saved")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) @@ -238,9 +264,10 @@ def edit_account(request): user.license_preference = form.license_preference.data user.save() - messages.add_message(request, - messages.SUCCESS, - _("Account settings saved")) + messages.add_message( + request, + messages.SUCCESS, + _("Account settings saved")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) @@ -251,6 +278,34 @@ def edit_account(request): {'user': user, 'form': form}) +@require_active_login +def deauthorize_applications(request): + """ Deauthroize OAuth applications """ + if request.method == 'POST' and "application" in request.form: + token = request.form["application"] + access_token = AccessToken.query.filter_by(token=token).first() + if access_token is None: + messages.add_message( + request, + messages.ERROR, + _("Unknown application, not able to deauthorize") + ) + else: + access_token.delete() + messages.add_message( + request, + messages.SUCCESS, + _("Application has been deauthorized") + ) + + access_tokens = AccessToken.query.filter_by(actor=request.user.id) + applications = [(a.get_requesttoken, a) for a in access_tokens] + + return render_to_response( + request, + 'mediagoblin/edit/deauthorize_applications.html', + {'applications': applications} + ) @require_active_login def delete_account(request): @@ -264,7 +319,8 @@ def delete_account(request): request.session.delete() # Delete user account and all related media files etc.... - request.user.delete() + user = User.query.filter(User.id==user.id).first() + user.delete() # We should send a message that the user has been deleted # successfully. But we just deleted the session, so we @@ -273,7 +329,8 @@ def delete_account(request): else: # Did not check the confirmation box... messages.add_message( - request, messages.WARNING, + request, + messages.WARNING, _('You need to confirm the deletion of your account.')) # No POST submission or not confirmed, just show page @@ -299,37 +356,40 @@ def edit_collection(request, collection): if request.method == 'POST' and form.validate(): # Make sure there isn't already a Collection with such a slug # and userid. - slug_used = check_collection_slug_used(collection.creator, + slug_used = check_collection_slug_used(collection.actor, form.slug.data, collection.id) # Make sure there isn't already a Collection with this title existing_collection = request.db.Collection.query.filter_by( - creator=request.user.id, + actor=request.user.id, title=form.title.data).first() if existing_collection and existing_collection.id != collection.id: messages.add_message( - request, messages.ERROR, - _('You already have a collection called "%s"!') % \ + request, + messages.ERROR, + _('You already have a collection called "%s"!') % form.title.data) elif slug_used: form.slug.errors.append( _(u'A collection with that slug already exists for this user.')) else: - collection.title = unicode(form.title.data) - collection.description = unicode(form.description.data) - collection.slug = unicode(form.slug.data) + collection.title = six.text_type(form.title.data) + collection.description = six.text_type(form.description.data) + collection.slug = six.text_type(form.slug.data) collection.save() return redirect_obj(request, collection) if request.user.has_privilege(u'admin') \ - and collection.creator != request.user.id \ + and collection.actor != request.user.id \ and request.method != 'POST': messages.add_message( - request, messages.WARNING, - _("You are editing another user's collection. Proceed with caution.")) + request, + messages.WARNING, + _("You are editing another user's collection. " + "Proceed with caution.")) return render_to_response( request, @@ -394,8 +454,9 @@ def change_email(request): if request.method == 'POST' and form.validate(): new_email = form.new_email.data - users_with_email = User.query.filter_by( - email=new_email).count() + users_with_email = User.query.filter( + LocalUser.email==new_email + ).count() if users_with_email: form.new_email.errors.append( @@ -432,3 +493,30 @@ def change_email(request): 'mediagoblin/edit/change_email.html', {'form': form, 'user': user}) + +@user_has_privilege(u'admin') +@require_active_login +@get_media_entry_by_id +def edit_metadata(request, media): + form = forms.EditMetaDataForm(request.form) + if request.method == "POST" and form.validate(): + metadata_dict = dict([(row['identifier'],row['value']) + for row in form.media_metadata.data]) + json_ld_metadata = None + json_ld_metadata = compact_and_validate(metadata_dict) + media.media_metadata = json_ld_metadata + media.save() + return redirect_obj(request, media) + + if len(form.media_metadata) == 0: + for identifier, value in six.iteritems(media.media_metadata): + if identifier == "@context": continue + form.media_metadata.append_entry({ + 'identifier':identifier, + 'value':value}) + + return render_to_response( + request, + 'mediagoblin/edit/metadata.html', + {'form':form, + 'media':media}) \ No newline at end of file