# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from bson.errors import InvalidId
from webob import exc
from mediagoblin.db.util import ObjectId
return _make_safe(wrapper, controller)
-def get_media_entry(controller):
+def get_user_media_entry(controller):
"""
Pass in a MediaEntry based off of a url component
"""
def wrapper(request, *args, **kwargs):
+ user = request.db.User.find_one(
+ {'username': request.matchdict['user']})
+
+ if not user:
+ return exc.HTTPNotFound()
+
media = request.db.MediaEntry.find_one(
{'slug': request.matchdict['media'],
- 'state': 'processed'})
+ 'state': 'processed',
+ 'uploader._id': user['_id']})
# no media via slug? Grab it via ObjectId
if not media:
- media = request.db.MediaEntry.find_one(
- {'_id': ObjectId(request.matchdict['media']),
- 'state': 'processed'})
+ try:
+ media = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media']),
+ 'state': 'processed',
+ 'uploader._id': user['_id']})
+ except InvalidId:
+ return exc.HTTPNotFound()
# Still no media? Okay, 404.
if not media:
from mediagoblin.db.util import DESCENDING
from mediagoblin.util import Pagination
-from mediagoblin.decorators import uses_pagination, get_media_entry
+from mediagoblin.decorators import uses_pagination, get_user_media_entry
@uses_pagination
'pagination': pagination}))
-@get_media_entry
+@get_user_media_entry
def media_home(request, media):
"""'Homepage' of a MediaEntry()"""
# Check that media uploader and user correspond.
projects / mediagoblin.git / commitdiff