List blogs by URL user rather than request user

The blog_post_listing function in mediagoblin/media_types/blow/views.py
attempts to access blogs based on the requesting user rather than the url
user. This results in server errors when an unauthenticated user attempts to
follow a link from another user's blog post listing, and 404 errors when an
authenticated user attempts to follow a link from another user's blog post
listing.

This change bases blog post listings on the URL user rather than the request
user.

diff --git a/mediagoblin/media_types/blog/views.py b/mediagoblin/media_types/blog/views.py
index a367bef857550228438d3daff42ebcb5e83028b5..62806c3cfb45b0cf56c11eb48e3e5bf7f41ee044 100644 (file)
--- a/mediagoblin/media_types/blog/views.py
+++ b/mediagoblin/media_types/blog/views.py
@@ -260,7 +260,7 @@ def blog_post_listing(request, page, url_user=None):
     Page, listing all the blog posts of a particular blog.
     """
     blog_slug = request.matchdict.get('blog_slug', None)
-    blog = get_blog_by_slug(request, blog_slug, author=request.user.id)
+    blog = get_blog_by_slug(request, blog_slug, author=url_user.id)
     if not blog:
         return render_404(request)