Replace media.get_uploader()._id by media.uploader

media.get_uploader()._id loads a complete user object
without actually needing it, because media.uploader already
has the id!

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 229664d79cd2bc6963326c0d9c076dc3ca0a6a5f..4cf14a707505ec22c91f7b99df13d8d5f908b52a 100644 (file)
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -57,10 +57,10 @@ def user_may_delete_media(controller):
     Require user ownership of the MediaEntry to delete.
     """
     def wrapper(request, *args, **kwargs):
-        uploader = request.db.MediaEntry.find_one(
-            {'_id': ObjectId(request.matchdict['media'])}).get_uploader()
+        uploader_id = request.db.MediaEntry.find_one(
+            {'_id': ObjectId(request.matchdict['media'])}).uploader
         if not (request.user.is_admin or
-                request.user._id == uploader._id):
+                request.user._id == uploader_id):
             return exc.HTTPForbidden()
 
         return controller(request, *args, **kwargs)

diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 87b82c7487045ccd60e5b4c4592c4cfb580b2827..449e3b1c4e4230dbd2293a264dc718f6ea8a4c7e 100644 (file)
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -192,7 +192,7 @@ def media_confirm_delete(request, media):
                 location=media.url_for_self(request.urlgen))
 
     if ((request.user.is_admin and
-         request.user._id != media.get_uploader()._id)):
+         request.user._id != media.uploader)):
         messages.add_message(
             request, messages.WARNING,
             _("You are about to delete another user's media. "