controllers (view function) raise HttpException's and do not return them.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from werkzeug.exceptions import Forbidden
+
from mediagoblin.db.util import DESCENDING
from mediagoblin.decorators import require_active_login
-from mediagoblin.tools.response import (render_to_response, render_403,
- render_404)
+from mediagoblin.tools.response import render_to_response
@require_active_login
def admin_processing_panel(request):
'''
# TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
if not request.user.is_admin:
- return render_403(request)
+ raise Forbidden()
processing_entries = request.db.MediaEntry.find(
{'state': u'processing'}).sort('created', DESCENDING)
{'id': ObjectId(request.matchdict['media'])}).uploader
if not (request.user.is_admin or
request.user.id == uploader_id):
- return Forbidden()
+ raise Forbidden()
return controller(request, *args, **kwargs)
{'username': request.matchdict['user']}).id
if not (request.user.is_admin or
request.user.id == creator_id):
- return Forbidden()
+ raise Forbidden()
return controller(request, *args, **kwargs)
@require_active_login
def edit_media(request, media):
if not may_edit_media(request, media):
- return Forbidden("User may not edit this media")
+ raise Forbidden("User may not edit this media")
defaults = dict(
title=media.title,
{'media': media,
'form': form})
else:
- return Forbidden("Attachments are disabled")
+ raise Forbidden("Attachments are disabled")
@require_active_login
# the CSRF cookie must be present in the request
errstr = 'CSRF cookie not present'
_log.error(errstr)
- return Forbidden(errstr)
+ raise Forbidden(errstr)
# get the form token and confirm it matches
form = CsrfForm(request.form)
# present; either way, the request is denied
errstr = 'CSRF validation failed'
_log.error(errstr)
- return Forbidden(errstr)
+ raise Forbidden(errstr)
# If we can't find any authentication methods, we should not let them
# pass.
if not auth_candidates:
- return Forbidden()
+ raise Forbidden()
# For now, just select the first one in the list
auth = auth_candidates[0]
'status': 403,
'errors': auth.errors})
- return Forbidden()
+ raise Forbidden()
return controller(request, *args, **kw)
if request.method != 'POST':
_log.debug('Must POST against post_entry')
- return BadRequest()
+ raise BadRequest()
if not 'file' in request.files \
or not isinstance(request.files['file'], FileStorage) \
or not request.files['file'].stream:
_log.debug('File field not found')
- return BadRequest()
+ raise BadRequest()
media_file = request.files['file']
@api_auth
def api_test(request):
if not request.user:
- return Forbidden()
+ raise Forbidden()
user_data = {
'username': request.user.username,
projects / mediagoblin.git / commitdiff