X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fedit%2Fviews.py;h=51661a21afcbf8ac816235fc9808f7a662ddc08b;hb=5da0bf901be7551e9708dd248319ff57d7b29a57;hp=0b1a98f1d6617fb89b1adc4fc810b0ed28b7695d;hpb=852d5bb2387706c11925fa0c2abe4a1f34708f16;p=mediagoblin.git diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 0b1a98f1..51661a21 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -1,5 +1,5 @@ # GNU MediaGoblin -- federated, autonomous media hosting -# Copyright (C) 2011 Free Software Foundation, Inc +# Copyright (C) 2011 MediaGoblin contributors. See AUTHORS. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -14,20 +14,27 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import uuid from webob import exc from string import split +from cgi import FieldStorage +from datetime import datetime + +from werkzeug.utils import secure_filename from mediagoblin import messages from mediagoblin import mg_globals -from mediagoblin.util import ( - render_to_response, redirect, clean_html, convert_to_tag_list_of_dicts, - media_tags_as_string, cleaned_markdown_conversion) -from mediagoblin.util import pass_to_ugettext as _ + +from mediagoblin.auth import lib as auth_lib from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import require_active_login, get_user_media_entry - +from mediagoblin.tools.response import render_to_response, redirect +from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.tools.text import ( + clean_html, convert_to_tag_list_of_dicts, + media_tags_as_string, cleaned_markdown_conversion) @get_user_media_entry @require_active_login @@ -35,59 +42,112 @@ def edit_media(request, media): if not may_edit_media(request, media): return exc.HTTPForbidden() - form = forms.EditForm(request.POST, - title = media['title'], - slug = media['slug'], - description = media['description'], - tags = media_tags_as_string(media['tags'])) + defaults = dict( + title=media.title, + slug=media.slug, + description=media['description'], + tags=media_tags_as_string(media['tags'])) + + form = forms.EditForm( + request.POST, + **defaults) if request.method == 'POST' and form.validate(): # Make sure there isn't already a MediaEntry with such a slug # and userid. existing_user_slug_entries = request.db.MediaEntry.find( {'slug': request.POST['slug'], - 'uploader': media['uploader'], - '_id': {'$ne': media['_id']}}).count() - + 'uploader': media.uploader, + '_id': {'$ne': media._id}}).count() + if existing_user_slug_entries: form.slug.errors.append( _(u'An entry with that slug already exists for this user.')) else: - media['title'] = request.POST['title'] - media['description'] = request.POST.get('description') + media.title = unicode(request.POST['title']) + media['description'] = unicode(request.POST.get('description')) media['tags'] = convert_to_tag_list_of_dicts( request.POST.get('tags')) - + media['description_html'] = cleaned_markdown_conversion( media['description']) - media['slug'] = request.POST['slug'] + media.slug = unicode(request.POST['slug']) media.save() - return redirect(request, "mediagoblin.user_pages.media_home", - user=media.uploader()['username'], media=media['slug']) + return exc.HTTPFound( + location=media.url_for_self(request.urlgen)) - if request.user['is_admin'] \ - and media['uploader'] != request.user['_id'] \ + if request.user.is_admin \ + and media.uploader != request.user._id \ and request.method != 'POST': messages.add_message( request, messages.WARNING, _("You are editing another user's media. Proceed with caution.")) - return render_to_response( request, 'mediagoblin/edit/edit.html', {'media': media, 'form': form}) - + +@get_user_media_entry @require_active_login -def edit_profile(request): +def edit_attachments(request, media): + if mg_globals.app_config['allow_attachments']: + form = forms.EditAttachmentsForm() + + # Add any attachements + if ('attachment_file' in request.POST + and isinstance(request.POST['attachment_file'], FieldStorage) + and request.POST['attachment_file'].file): + + attachment_public_filepath \ + = mg_globals.public_store.get_unique_filepath( + ['media_entries', unicode(media._id), 'attachment', + secure_filename(request.POST['attachment_file'].filename)]) + + attachment_public_file = mg_globals.public_store.get_file( + attachment_public_filepath, 'wb') + + try: + attachment_public_file.write( + request.POST['attachment_file'].file.read()) + finally: + request.POST['attachment_file'].file.close() + + media['attachment_files'].append(dict( + name=request.POST['attachment_name'] \ + or request.POST['attachment_file'].filename, + filepath=attachment_public_filepath, + created=datetime.utcnow(), + )) + + media.save() + + messages.add_message( + request, messages.SUCCESS, + "You added the attachment %s!" \ + % (request.POST['attachment_name'] + or request.POST['attachment_file'].filename)) + + return exc.HTTPFound( + location=media.url_for_self(request.urlgen)) + return render_to_response( + request, + 'mediagoblin/edit/attachments.html', + {'media': media, + 'form': form}) + else: + return exc.HTTPForbidden() + +@require_active_login +def edit_profile(request): # admins may edit any user profile given a username in the querystring edit_username = request.GET.get('username') - if request.user['is_admin'] and request.user['username'] != edit_username: + if request.user.is_admin and request.user.username != edit_username: user = request.db.User.find_one({'username': edit_username}) # No need to warn again if admin just submitted an edited profile if request.method != 'POST': @@ -98,23 +158,41 @@ def edit_profile(request): user = request.user form = forms.EditProfileForm(request.POST, - url = user.get('url'), - bio = user.get('bio')) + url=user.get('url'), + bio=user.get('bio')) if request.method == 'POST' and form.validate(): - user['url'] = request.POST['url'] - user['bio'] = request.POST['bio'] + password_matches = auth_lib.bcrypt_check_password( + request.POST['old_password'], + user['pw_hash']) + + if (request.POST['old_password'] or request.POST['new_password']) and not \ + password_matches: + form.old_password.errors.append(_('Wrong password')) + + return render_to_response( + request, + 'mediagoblin/edit/edit_profile.html', + {'user': user, + 'form': form}) + + user.url = unicode(request.POST['url']) + user.bio = unicode(request.POST['bio']) + + if password_matches: + user['pw_hash'] = auth_lib.bcrypt_gen_password_hash( + request.POST['new_password']) - user['bio_html'] = cleaned_markdown_conversion(user['bio']) + user.bio_html = cleaned_markdown_conversion(user['bio']) - user.save() + user.save() - messages.add_message(request, - messages.SUCCESS, - 'Profile edited!') - return redirect(request, - 'mediagoblin.user_pages.user_home', - user=edit_username) + messages.add_message(request, + messages.SUCCESS, + _("Profile edited!")) + return redirect(request, + 'mediagoblin.user_pages.user_home', + user=user['username']) return render_to_response( request,