Make media_confirm_delete to work for failed media entries too.

author Aditi <aditi.iitr@gmail.com>

Thu, 8 Aug 2013 15:17:43 +0000 (20:47 +0530)

committer Aditi <aditi.iitr@gmail.com>

Thu, 8 Aug 2013 15:17:43 +0000 (20:47 +0530)
author Aditi <aditi.iitr@gmail.com>
Thu, 8 Aug 2013 15:17:43 +0000 (20:47 +0530)
committer Aditi <aditi.iitr@gmail.com>
Thu, 8 Aug 2013 15:17:43 +0000 (20:47 +0530)
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py

index 596d4c20b6111c1496f49ec3b576edffe7e889d0..e593082672f4ee623affc83c61e6f0eb7c891806 100644 (file)
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -271,11 +271,25 @@ def media_collect(request, media):
  
  
  #TODO: Why does @user_may_delete_media not implicate @require_active_login?
-@get_media_entry_by_id
-@require_active_login
-@user_may_delete_media
-def media_confirm_delete(request, media):
  
+@require_active_login
+def media_confirm_delete(request):
+    
+    allowed_state = [u'processed', u'failed']
+    for media_state in allowed_state:
+        media = request.db.MediaEntry.query.filter_by(id=request.matchdict['media_id'], state=media_state).first()
+    if not media:
+        return render_404(request)
+        
+    given_username = request.matchdict.get('user')
+    if given_username and (given_username != media.get_uploader.username):
+        return render_404(request)
+    
+    uploader_id = media.uploader
+    if not (request.user.is_admin or
+            request.user.id == uploader_id):
+        raise Forbidden()
+    
      form = user_forms.ConfirmDeleteForm(request.form)
  
      if request.method == 'POST' and form.validate():
author	Aditi <aditi.iitr@gmail.com>
	Thu, 8 Aug 2013 15:17:43 +0000 (20:47 +0530)
committer	Aditi <aditi.iitr@gmail.com>
	Thu, 8 Aug 2013 15:17:43 +0000 (20:47 +0530)