'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
host=request.host,
uri=request.urlgen('mediagoblin.auth.verify_email'),
- userid=unicode(user['_id']),
+ userid=unicode(user._id),
verification_key=user['verification_key'])})
# TODO: There is no error handling in place
'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
host=request.host,
uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
- userid=unicode(user['_id']),
+ userid=unicode(user._id),
fp_verification_key=user['fp_verification_key'])})
# TODO: There is no error handling in place
user.save(validate=True)
# log the user in
- request.session['user_id'] = unicode(user['_id'])
+ request.session['user_id'] = unicode(user._id)
request.session.save()
# send verification email
if user and user.check_login(request.POST['password']):
# set up login in session
- request.session['user_id'] = unicode(user['_id'])
+ request.session['user_id'] = unicode(user._id)
request.session.save()
if request.POST.get('next'):
def get_comments(self):
return self.db.MediaComment.find({
- 'media_entry': self['_id']}).sort('created', DESCENDING)
+ 'media_entry': self._id}).sort('created', DESCENDING)
def get_display_media(self, media_map,
fetch_order=common.DISPLAY_IMAGE_FETCHING_ORDER):
{'slug': self['slug']})
if duplicate:
- self['slug'] = "%s-%s" % (self['_id'], self['slug'])
+ self['slug'] = "%s-%s" % (self._id, self['slug'])
def url_for_self(self, urlgen):
"""
return urlgen(
'mediagoblin.user_pages.media_home',
user=uploader['username'],
- media=unicode(self['_id']))
+ media=unicode(self._id))
def url_to_prev(self, urlgen):
"""
Provide a url to the previous entry from this user, if there is one
"""
- cursor = self.db.MediaEntry.find({'_id': {"$gt": self['_id']},
+ cursor = self.db.MediaEntry.find({'_id': {"$gt": self._id},
'uploader': self['uploader'],
'state': 'processed'}).sort(
'_id', ASCENDING).limit(1)
"""
Provide a url to the next entry from this user, if there is one
"""
- cursor = self.db.MediaEntry.find({'_id': {"$lt": self['_id']},
+ cursor = self.db.MediaEntry.find({'_id': {"$lt": self._id},
'uploader': self['uploader'],
'state': 'processed'}).sort(
'_id', DESCENDING).limit(1)
uploader = request.db.MediaEntry.find_one(
{'_id': ObjectId(request.matchdict['media'])}).uploader()
if not (request.user['is_admin'] or
- request.user['_id'] == uploader['_id']):
+ request.user._id == uploader._id):
return exc.HTTPForbidden()
return controller(request, *args, **kwargs)
media = request.db.MediaEntry.find_one(
{'slug': request.matchdict['media'],
'state': 'processed',
- 'uploader': user['_id']})
+ 'uploader': user._id})
# no media via slug? Grab it via ObjectId
if not media:
media = request.db.MediaEntry.find_one(
{'_id': ObjectId(request.matchdict['media']),
'state': 'processed',
- 'uploader': user['_id']})
+ 'uploader': user._id})
except InvalidId:
return render_404(request)
def may_edit_media(request, media):
"""Check, if the request's user may edit the media details"""
- if media['uploader'] == request.user['_id']:
+ if media['uploader'] == request.user._id:
return True
if request.user['is_admin']:
return True
existing_user_slug_entries = request.db.MediaEntry.find(
{'slug': request.POST['slug'],
'uploader': media['uploader'],
- '_id': {'$ne': media['_id']}}).count()
+ '_id': {'$ne': media._id}}).count()
if existing_user_slug_entries:
form.slug.errors.append(
location=media.url_for_self(request.urlgen))
if request.user['is_admin'] \
- and media['uploader'] != request.user['_id'] \
+ and media['uploader'] != request.user._id \
and request.method != 'POST':
messages.add_message(
request, messages.WARNING,
attachment_public_filepath \
= mg_globals.public_store.get_unique_filepath(
- ['media_entries', unicode(media['_id']), 'attachment',
+ ['media_entries', unicode(media._id), 'attachment',
secure_filename(request.POST['attachment_file'].filename)])
attachment_public_file = mg_globals.public_store.get_file(
def create_pub_filepath(entry, filename):
return mgg.public_store.get_unique_filepath(
['media_entries',
- unicode(entry['_id']),
+ unicode(entry._id),
filename])
try:
process_image(entry)
except BaseProcessingFail, exc:
- mark_entry_failed(entry[u'_id'], exc)
+ mark_entry_failed(entry._id, exc)
return
entry['state'] = u'processed'
# create entry and save in database
entry = request.db.MediaEntry()
- entry['_id'] = ObjectId()
+ entry._id = ObjectId()
entry['title'] = (
unicode(request.POST['title'])
or unicode(splitext(filename)[0]))
entry['description'])
entry['media_type'] = u'image' # heh
- entry['uploader'] = request.user['_id']
+ entry['uploader'] = request.user._id
# Process the user's folksonomy "tags"
entry['tags'] = convert_to_tag_list_of_dicts(
# Now store generate the queueing related filename
queue_filepath = request.app.queue_store.get_unique_filepath(
['media_entries',
- unicode(entry['_id']),
+ unicode(entry._id),
secure_filename(filename)])
# queue appropriately
# conditions with changes to the document via processing code)
try:
process_media.apply_async(
- [unicode(entry['_id'])], {},
+ [unicode(entry._id)], {},
task_id=task_id)
except BaseException as exc:
# The purpose of this section is because when running in "lazy"
#
# ... not completely the diaper pattern because the
# exception is re-raised :)
- mark_entry_failed(entry[u'_id'], exc)
+ mark_entry_failed(entry._id, exc)
# re-raise the exception
raise
{% for comment in comments %}
{% set comment_author = comment.author() %}
{% if pagination.active_id == comment._id %}
- <div class="comment_wrapper comment_active" id="comment-{{ comment['_id'] }}">
+ <div class="comment_wrapper comment_active" id="comment-{{ comment._id }}">
<a name="comment" id="comment"></a>
{% else %}
- <div class="comment_wrapper" id="comment-{{ comment['_id'] }}">
+ <div class="comment_wrapper" id="comment-{{ comment._id }}">
{% endif %}
<div class="comment_content">{% autoescape False %}{{ comment.content_html }}
{{ comment_author['username'] }}</a>
{% trans %}at{% endtrans %}
<a href="{{ request.urlgen('mediagoblin.user_pages.media_home.view_comment',
- comment = comment['_id'],
+ comment = comment._id,
user = media.uploader().username,
media = media._id) }}#comment">
{{ comment.created.strftime("%I:%M%p %Y-%m-%d") }}
<div class="grid_5 omega">
{% include "mediagoblin/utils/prev_next.html" %}
- {% if media['uploader'] == request.user['_id'] or
+ {% if media['uploader'] == request.user._id or
request.user['is_admin'] %}
<h3>{% trans %}Actions{% endtrans %}</h3>
<p>
{% endif %}
{% if app_config['allow_attachments']
- and (media['uploader'] == request.user['_id']
+ and (media['uploader'] == request.user._id
or request.user['is_admin']) %}
<p>
<a href="{{ request.urlgen('mediagoblin.edit.attachments',
</h1>
{% if not user['url'] and not user['profile'] %}
- {% if request.user['_id'] == user['_id'] %}
+ {% if request.user._id == user._id %}
<div class="grid_6 alpha empty_space">
<p>
{% trans %}Here's a spot to tell others about yourself.{% endtrans %}
{% else %}
<div class="grid_6 alpha">
{% include "mediagoblin/utils/profile.html" %}
- {% if request.user['_id'] == user['_id'] or request.user['is_admin'] %}
+ {% if request.user._id == user._id or request.user['is_admin'] %}
<a href="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{
user.username }}">
{%- trans %}Edit profile{% endtrans -%}
{% include "mediagoblin/utils/feed_link.html" %}
</div>
{% else %}
- {% if request.user['_id'] == user['_id'] %}
+ {% if request.user._id == user._id %}
<div class="grid_10 omega empty_space">
<p>
{% trans -%}
## Make sure user is logged in
request = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']['request']
- assert request.session['user_id'] == unicode(new_user['_id'])
+ assert request.session['user_id'] == unicode(new_user._id)
## Make sure we get email confirmation, and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
### user should have these same parameters
assert parsed_get_params['userid'] == [
- unicode(new_user['_id'])]
+ unicode(new_user._id)]
assert parsed_get_params['token'] == [
new_user['verification_key']]
template.clear_test_template_context()
response = test_app.get(
"/auth/verify_email/?userid=%s&token=total_bs" % unicode(
- new_user['_id']))
+ new_user._id))
response.follow()
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']
# user should have matching parameters
new_user = mg_globals.database.User.find_one({'username': 'happygirl'})
- assert parsed_get_params['userid'] == [unicode(new_user['_id'])]
+ assert parsed_get_params['userid'] == [unicode(new_user._id)]
assert parsed_get_params['token'] == [new_user['fp_verification_key']]
### The forgotten password token should be set to expire in ~ 10 days
template.clear_test_template_context()
response = test_app.get(
"/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
- new_user['_id']), status=400)
+ new_user._id), status=400)
assert response.status == '400 Bad Request'
## Try using an expired token to change password, shouldn't work
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
- assert session['user_id'] == unicode(test_user['_id'])
+ assert session['user_id'] == unicode(test_user._id)
# Successful logout
# -----------------
request.urlgen('mediagoblin.user_pages.media_confirm_delete',
# No work: user=media.uploader().username,
user=self.test_user['username'],
- media=media['_id']),
+ media=media._id),
# no value means no confirm
{})
request.urlgen('mediagoblin.user_pages.media_confirm_delete',
# No work: user=media.uploader().username,
user=self.test_user['username'],
- media=media['_id']),
+ media=media._id),
{'confirm': 'y'})
response.follow()
# Does media entry still exist?
assert_false(
request.db.MediaEntry.find(
- {'_id': media['_id']}).count())
+ {'_id': media._id}).count())
def test_malicious_uploads(self):
# Test non-suppoerted file with non-supported extension
cursor = copy.copy(self.cursor)
for (doc, increment) in izip(cursor, count(0)):
- if doc['_id'] == jump_to_id:
+ if doc._id == jump_to_id:
self.page = 1 + int(floor(increment / self.per_page))
self.active_id = jump_to_id
{'user': user})
cursor = request.db.MediaEntry.find(
- {'uploader': user['_id'],
+ {'uploader': user._id,
'state': 'processed'}).sort('created', DESCENDING)
pagination = Pagination(page, cursor)
return render_404(request)
cursor = request.db.MediaEntry.find(
- {'uploader': user['_id'],
+ {'uploader': user._id,
'state': 'processed'}).sort('created', DESCENDING)
pagination = Pagination(page, cursor)
assert request.method == 'POST'
comment = request.db.MediaComment()
- comment['media_entry'] = media['_id']
- comment['author'] = request.user['_id']
+ comment['media_entry'] = media._id
+ comment['author'] = request.user._id
comment['content'] = unicode(request.POST['comment_content'])
comment['content_html'] = cleaned_markdown_conversion(comment['content'])
location=media.url_for_self(request.urlgen))
if ((request.user[u'is_admin'] and
- request.user[u'_id'] != media.uploader()[u'_id'])):
+ request.user._id != media.uploader()._id)):
messages.add_message(
request, messages.WARNING,
_("You are about to delete another user's media. "
return render_404(request)
cursor = request.db.MediaEntry.find({
- 'uploader': user['_id'],
+ 'uploader': user._id,
'state': 'processed'}) \
.sort('created', DESCENDING) \
.limit(ATOM_DEFAULT_NR_OF_UPDATED_ITEMS)
#
# Make sure we have permission to access this user's panel. Only
# admins and this user herself should be able to do so.
- if not (user[u'_id'] == request.user[u'_id']
+ if not (user._id == request.user._id
or request.user.is_admin):
# No? Let's simply redirect to this user's homepage then.
return redirect(
# Get media entries which are in-processing
processing_entries = request.db.MediaEntry.find(
- {'uploader': user['_id'],
+ {'uploader': user._id,
'state': 'processing'}).sort('created', DESCENDING)
# Get media entries which have failed to process
failed_entries = request.db.MediaEntry.find(
- {'uploader': user['_id'],
+ {'uploader': user._id,
'state': 'failed'}).sort('created', DESCENDING)
# Render to response
projects / mediagoblin.git / commitdiff