as to not conflict with the new federated groups which are also being written.
I also fixed up some of the code in the user_in_group/user_has_privilege decor-
ator. Users are now assigned the default privileges when they sign up, and ass-
iged active once they are activated. I updated the gmg command makeadmin to use
my groups as well. Lastly, I added the decorator to various views, requiring th-
at users belong to appropriate groups to access pages.
--\ mediagoblin/auth/tools.py
--| Added code to assign new users to default privileges
--\ mediagoblin/auth/views.py
--| Added code to assign users to u'active' privilege once the email
| verification is complete
--\ mediagoblin/db/migrations.py
--| Renamed Group class to Privilege class
--\ mediagoblin/db/models.py
--| Renamed Group class to Privilege class
--\ mediagoblin/decorators.py
--| Renamed function based on the Group->Privilege change
--| Rewrote the function to be, ya know, functional
--\ mediagoblin/gmg_commands/users.py
--| Changed the 'makeadmin' command to add the target user to the admin
| privilege group as well as affecting 'is_admin' column
--\ mediagoblin/submit/views.py
--| Added the requirement that a user has the 'uploader' privilege in order
| to submit new media.
--\ mediagoblin/user_pages/views.py
--| Added the requirement that a user has the 'commenter' privilege in order
| to make a comment.
--| Added the requirement that a user has the 'reporter' privilege in order
| to submit new reports.
--| Got rid of some vestigial code in the file_a_report function.
from mediagoblin import mg_globals
from mediagoblin.auth import lib as auth_lib
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
from mediagoblin.tools.mail import (normalize_email, send_email,
email_debug_message)
from mediagoblin.tools.template import render_template
user.verification_key = unicode(uuid.uuid4())
user.save()
+ # give the user the default privileges
+ default_privileges = [
+ Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
+ Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
+ Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
+ user.all_privileges += default_privileges
+ user.save()
+
# log the user in
request.session['user_id'] = unicode(user.id)
request.session.save()
import datetime
from mediagoblin import messages, mg_globals
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
from mediagoblin.tools.response import render_to_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.mail import email_debug_message
user.status = u'active'
user.email_verified = True
user.verification_key = None
+ user.all_privileges.append(
+ Privilege.query.filter(
+ Privilege.privilege_name==u'active').first())
user.save()
from migrate.changeset.constraint import UniqueConstraint
from mediagoblin.db.migration_tools import RegisterMigration, inspect_table
-from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Group
+from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Privilege
MIGRATIONS = {}
expiration_date = Column(DateTime)
reason = Column(UnicodeText, nullable=False)
-class Group_v0(declarative_base()):
- __tablename__ = 'core__groups'
+class Privilege_v0(declarative_base()):
+ __tablename__ = 'core__privileges'
id = Column(Integer, nullable=False, primary_key=True, unique=True)
- group_name = Column(Unicode, nullable=False)
+ privilege_name = Column(Unicode, nullable=False)
-class GroupUserAssociation_v0(declarative_base()):
- __tablename__ = 'core__group_user_associations'
+class PrivilegeUserAssociation_v0(declarative_base()):
+ __tablename__ = 'core__privileges_users'
group_id = Column(
- 'core__group_id',
+ 'core__privilege_id',
Integer,
ForeignKey(User.id),
primary_key=True)
user_id = Column(
'core__user_id',
Integer,
- ForeignKey(Group.id),
+ ForeignKey(Privilege.id),
primary_key=True)
@RegisterMigration(11, MIGRATIONS)
CommentReport_v0.__table__.create(db.bind)
MediaReport_v0.__table__.create(db.bind)
UserBan_v0.__table__.create(db.bind)
- Group_v0.__table__.create(db.bind)
- GroupUserAssociation_v0.__table__.create(db.bind)
+ Privilege_v0.__table__.create(db.bind)
+ PrivilegeUserAssociation_v0.__table__.create(db.bind)
db.commit()
reason = Column(UnicodeText, nullable=False)
-class Group(Base):
- __tablename__ = 'core__groups'
+class Privilege(Base):
+ __tablename__ = 'core__privileges'
id = Column(Integer, nullable=False, primary_key=True)
- group_name = Column(Unicode, nullable=False, unique=True)
+ privilege_name = Column(Unicode, nullable=False, unique=True)
all_users = relationship(
User,
- backref='all_groups',
- secondary="core__group_user_associations")
+ backref='all_privileges',
+ secondary="core__privileges_users")
- def __init__(self, group_name):
- self.group_name = group_name
+ def __init__(self, privilege_name):
+ self.privilege_name = privilege_name
def __repr__(self):
- return "<Group %s>" % (self.group_name)
+ return "<Privilege %s>" % (self.privilege_name)
-class GroupUserAssociation(Base):
- __tablename__ = 'core__group_user_associations'
+class PrivilegeUserAssociation(Base):
+ __tablename__ = 'core__privileges_users'
- group_id = Column(
- 'core__group_id',
+ privilege_id = Column(
+ 'core__privilege_id',
Integer,
ForeignKey(User.id),
primary_key=True)
user_id = Column(
'core__user_id',
Integer,
- ForeignKey(Group.id),
+ ForeignKey(Privilege.id),
primary_key=True)
-group_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
+privilege_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
MODELS = [
User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem,
MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase,
- CommentReport, MediaReport, UserBan, Group, GroupUserAssociation]
+ CommentReport, MediaReport, UserBan, Privilege, PrivilegeUserAssociation]
# Foundations are the default rows that are created immediately after the tables are initialized. Each entry to
# this dictionary should be in the format of
# ModelObject:List of Rows
# (Each Row must be a list of parameters that can create and instance of the ModelObject)
#
-FOUNDATIONS = {Group:group_foundations}
+FOUNDATIONS = {Privilege:privilege_foundations}
######################################################
# Special, migrations-tracking table
from werkzeug.urls import url_quote
from mediagoblin import mg_globals as mgg
-from mediagoblin.db.models import MediaEntry, User, MediaComment, Group
+from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege
from mediagoblin.tools.response import redirect, render_404
return wrapper
-def user_in_group(group_name):
+def user_has_privilege(privilege_name):
#TODO handle possible errors correctly
- def user_in_group_decorator(controller):
+ def user_has_privilege_decorator(controller):
@wraps(controller)
-
def wrapper(request, *args, **kwargs):
user_id = request.user.id
- group = Group.query.filter(
- Group.group_name==group_name).first()
- if not (group.query.filter(
- Group.all_users.any(
- User.id==user_id)).count()):
-
+ privileges_of_user = Privilege.query.filter(
+ Privilege.all_users.any(
+ User.id==user_id))
+ if not privileges_of_user.filter(
+ Privilege.privilege_name==privilege_name).count():
raise Forbidden()
return controller(request, *args, **kwargs)
return wrapper
- return user_in_group_decorator
+ return user_has_privilege_decorator
def user_may_delete_media(controller):
user = db.User.one({'username': unicode(args.username.lower())})
if user:
user.is_admin = True
+ user.all_privileges.append(
+ db.Privilege.one({
+ 'privilege_name':u'admin'})
+ )
user.save()
print 'The user is now Admin'
else:
from mediagoblin.tools.text import convert_to_tag_list_of_dicts
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.response import render_to_response, redirect
-from mediagoblin.decorators import require_active_login
+from mediagoblin.decorators import require_active_login, user_has_privilege
from mediagoblin.submit import forms as submit_forms
from mediagoblin.messages import add_message, SUCCESS
from mediagoblin.media_types import sniff_media, \
@require_active_login
+@user_has_privilege(u'uploader')
def submit_start(request):
"""
First view for submitting a file.
from mediagoblin import messages, mg_globals
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
CollectionItem, User, MediaComment,
- CommentReport, MediaReport, Group)
+ CommentReport, MediaReport)
from mediagoblin.tools.response import render_to_response, render_404, \
redirect, redirect_obj
from mediagoblin.tools.translate import pass_to_ugettext as _
add_media_to_collection)
from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
- get_media_entry_by_id, user_in_group,
+ get_media_entry_by_id, user_has_privilege,
require_active_login, user_may_delete_media, user_may_alter_collection,
get_user_collection, get_user_collection_item, active_user_from_url,
get_media_comment_by_id)
@get_media_entry_by_id
@require_active_login
+@user_has_privilege(u'commenter')
def media_post_comment(request, media):
"""
recieves POST from a MediaEntry() comment form, saves the comment.
@require_active_login
@get_user_media_entry
-@user_in_group(u'reporter')
-def file_a_report(request, media, comment=None, required_group=1):
+@user_has_privilege(u'reporter')
+def file_a_report(request, media, comment=None):
if request.method == "POST":
report_form = build_report_form(request.form)
report_form.save()
projects / mediagoblin.git / commitdiff