From 3fb96fc97800ae032e599006e3f49ffd69926c88 Mon Sep 17 00:00:00 2001 From: tilly-Q Date: Wed, 3 Jul 2013 14:46:21 -0400 Subject: [PATCH] This was a simple commit. I changed all references to Groups into Privileges so as to not conflict with the new federated groups which are also being written. I also fixed up some of the code in the user_in_group/user_has_privilege decor- ator. Users are now assigned the default privileges when they sign up, and ass- iged active once they are activated. I updated the gmg command makeadmin to use my groups as well. Lastly, I added the decorator to various views, requiring th- at users belong to appropriate groups to access pages. --\ mediagoblin/auth/tools.py --| Added code to assign new users to default privileges --\ mediagoblin/auth/views.py --| Added code to assign users to u'active' privilege once the email | verification is complete --\ mediagoblin/db/migrations.py --| Renamed Group class to Privilege class --\ mediagoblin/db/models.py --| Renamed Group class to Privilege class --\ mediagoblin/decorators.py --| Renamed function based on the Group->Privilege change --| Rewrote the function to be, ya know, functional --\ mediagoblin/gmg_commands/users.py --| Changed the 'makeadmin' command to add the target user to the admin | privilege group as well as affecting 'is_admin' column --\ mediagoblin/submit/views.py --| Added the requirement that a user has the 'uploader' privilege in order | to submit new media. --\ mediagoblin/user_pages/views.py --| Added the requirement that a user has the 'commenter' privilege in order | to make a comment. --| Added the requirement that a user has the 'reporter' privilege in order | to submit new reports. --| Got rid of some vestigial code in the file_a_report function. --- mediagoblin/auth/tools.py | 10 +++++++++- mediagoblin/auth/views.py | 5 ++++- mediagoblin/db/migrations.py | 20 +++++++++---------- mediagoblin/db/models.py | 32 +++++++++++++++---------------- mediagoblin/decorators.py | 20 +++++++++---------- mediagoblin/gmg_commands/users.py | 4 ++++ mediagoblin/submit/views.py | 3 ++- mediagoblin/user_pages/views.py | 9 +++++---- 8 files changed, 59 insertions(+), 44 deletions(-) diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index db6b6e37..39b349de 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -22,7 +22,7 @@ from sqlalchemy import or_ from mediagoblin import mg_globals from mediagoblin.auth import lib as auth_lib -from mediagoblin.db.models import User +from mediagoblin.db.models import User, Privilege from mediagoblin.tools.mail import (normalize_email, send_email, email_debug_message) from mediagoblin.tools.template import render_template @@ -130,6 +130,14 @@ def register_user(request, register_form): user.verification_key = unicode(uuid.uuid4()) user.save() + # give the user the default privileges + default_privileges = [ + Privilege.query.filter(Privilege.privilege_name==u'commenter').first(), + Privilege.query.filter(Privilege.privilege_name==u'uploader').first(), + Privilege.query.filter(Privilege.privilege_name==u'reporter').first()] + user.all_privileges += default_privileges + user.save() + # log the user in request.session['user_id'] = unicode(user.id) request.session.save() diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index bb7bda77..1c346556 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -18,7 +18,7 @@ import uuid import datetime from mediagoblin import messages, mg_globals -from mediagoblin.db.models import User +from mediagoblin.db.models import User, Privilege from mediagoblin.tools.response import render_to_response, redirect, render_404 from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.mail import email_debug_message @@ -124,6 +124,9 @@ def verify_email(request): user.status = u'active' user.email_verified = True user.verification_key = None + user.all_privileges.append( + Privilege.query.filter( + Privilege.privilege_name==u'active').first()) user.save() diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py index 5e9a71d4..053f3db2 100644 --- a/mediagoblin/db/migrations.py +++ b/mediagoblin/db/migrations.py @@ -26,7 +26,7 @@ from sqlalchemy.sql import and_ from migrate.changeset.constraint import UniqueConstraint from mediagoblin.db.migration_tools import RegisterMigration, inspect_table -from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Group +from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Privilege MIGRATIONS = {} @@ -329,23 +329,23 @@ class UserBan_v0(declarative_base()): expiration_date = Column(DateTime) reason = Column(UnicodeText, nullable=False) -class Group_v0(declarative_base()): - __tablename__ = 'core__groups' +class Privilege_v0(declarative_base()): + __tablename__ = 'core__privileges' id = Column(Integer, nullable=False, primary_key=True, unique=True) - group_name = Column(Unicode, nullable=False) + privilege_name = Column(Unicode, nullable=False) -class GroupUserAssociation_v0(declarative_base()): - __tablename__ = 'core__group_user_associations' +class PrivilegeUserAssociation_v0(declarative_base()): + __tablename__ = 'core__privileges_users' group_id = Column( - 'core__group_id', + 'core__privilege_id', Integer, ForeignKey(User.id), primary_key=True) user_id = Column( 'core__user_id', Integer, - ForeignKey(Group.id), + ForeignKey(Privilege.id), primary_key=True) @RegisterMigration(11, MIGRATIONS) @@ -354,8 +354,8 @@ def create_moderation_tables(db): CommentReport_v0.__table__.create(db.bind) MediaReport_v0.__table__.create(db.bind) UserBan_v0.__table__.create(db.bind) - Group_v0.__table__.create(db.bind) - GroupUserAssociation_v0.__table__.create(db.bind) + Privilege_v0.__table__.create(db.bind) + PrivilegeUserAssociation_v0.__table__.create(db.bind) db.commit() diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index 28e01a85..e0419c92 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -559,50 +559,50 @@ class UserBan(Base): reason = Column(UnicodeText, nullable=False) -class Group(Base): - __tablename__ = 'core__groups' +class Privilege(Base): + __tablename__ = 'core__privileges' id = Column(Integer, nullable=False, primary_key=True) - group_name = Column(Unicode, nullable=False, unique=True) + privilege_name = Column(Unicode, nullable=False, unique=True) all_users = relationship( User, - backref='all_groups', - secondary="core__group_user_associations") + backref='all_privileges', + secondary="core__privileges_users") - def __init__(self, group_name): - self.group_name = group_name + def __init__(self, privilege_name): + self.privilege_name = privilege_name def __repr__(self): - return "" % (self.group_name) + return "" % (self.privilege_name) -class GroupUserAssociation(Base): - __tablename__ = 'core__group_user_associations' +class PrivilegeUserAssociation(Base): + __tablename__ = 'core__privileges_users' - group_id = Column( - 'core__group_id', + privilege_id = Column( + 'core__privilege_id', Integer, ForeignKey(User.id), primary_key=True) user_id = Column( 'core__user_id', Integer, - ForeignKey(Group.id), + ForeignKey(Privilege.id), primary_key=True) -group_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']] +privilege_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']] MODELS = [ User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem, MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase, - CommentReport, MediaReport, UserBan, Group, GroupUserAssociation] + CommentReport, MediaReport, UserBan, Privilege, PrivilegeUserAssociation] # Foundations are the default rows that are created immediately after the tables are initialized. Each entry to # this dictionary should be in the format of # ModelObject:List of Rows # (Each Row must be a list of parameters that can create and instance of the ModelObject) # -FOUNDATIONS = {Group:group_foundations} +FOUNDATIONS = {Privilege:privilege_foundations} ###################################################### # Special, migrations-tracking table diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index d54bf050..206957fa 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -21,7 +21,7 @@ from werkzeug.exceptions import Forbidden, NotFound from werkzeug.urls import url_quote from mediagoblin import mg_globals as mgg -from mediagoblin.db.models import MediaEntry, User, MediaComment, Group +from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege from mediagoblin.tools.response import redirect, render_404 @@ -63,25 +63,23 @@ def active_user_from_url(controller): return wrapper -def user_in_group(group_name): +def user_has_privilege(privilege_name): #TODO handle possible errors correctly - def user_in_group_decorator(controller): + def user_has_privilege_decorator(controller): @wraps(controller) - def wrapper(request, *args, **kwargs): user_id = request.user.id - group = Group.query.filter( - Group.group_name==group_name).first() - if not (group.query.filter( - Group.all_users.any( - User.id==user_id)).count()): - + privileges_of_user = Privilege.query.filter( + Privilege.all_users.any( + User.id==user_id)) + if not privileges_of_user.filter( + Privilege.privilege_name==privilege_name).count(): raise Forbidden() return controller(request, *args, **kwargs) return wrapper - return user_in_group_decorator + return user_has_privilege_decorator def user_may_delete_media(controller): diff --git a/mediagoblin/gmg_commands/users.py b/mediagoblin/gmg_commands/users.py index 024c8498..ccc4da73 100644 --- a/mediagoblin/gmg_commands/users.py +++ b/mediagoblin/gmg_commands/users.py @@ -74,6 +74,10 @@ def makeadmin(args): user = db.User.one({'username': unicode(args.username.lower())}) if user: user.is_admin = True + user.all_privileges.append( + db.Privilege.one({ + 'privilege_name':u'admin'}) + ) user.save() print 'The user is now Admin' else: diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py index a70c89b4..11707a03 100644 --- a/mediagoblin/submit/views.py +++ b/mediagoblin/submit/views.py @@ -26,7 +26,7 @@ _log = logging.getLogger(__name__) from mediagoblin.tools.text import convert_to_tag_list_of_dicts from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.response import render_to_response, redirect -from mediagoblin.decorators import require_active_login +from mediagoblin.decorators import require_active_login, user_has_privilege from mediagoblin.submit import forms as submit_forms from mediagoblin.messages import add_message, SUCCESS from mediagoblin.media_types import sniff_media, \ @@ -36,6 +36,7 @@ from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \ @require_active_login +@user_has_privilege(u'uploader') def submit_start(request): """ First view for submitting a file. diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index a0eb67db..abf5e5c1 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -20,7 +20,7 @@ import datetime from mediagoblin import messages, mg_globals from mediagoblin.db.models import (MediaEntry, MediaTag, Collection, CollectionItem, User, MediaComment, - CommentReport, MediaReport, Group) + CommentReport, MediaReport) from mediagoblin.tools.response import render_to_response, render_404, \ redirect, redirect_obj from mediagoblin.tools.translate import pass_to_ugettext as _ @@ -30,7 +30,7 @@ from mediagoblin.user_pages.lib import (send_comment_email, build_report_form, add_media_to_collection) from mediagoblin.decorators import (uses_pagination, get_user_media_entry, - get_media_entry_by_id, user_in_group, + get_media_entry_by_id, user_has_privilege, require_active_login, user_may_delete_media, user_may_alter_collection, get_user_collection, get_user_collection_item, active_user_from_url, get_media_comment_by_id) @@ -152,6 +152,7 @@ def media_home(request, media, page, **kwargs): @get_media_entry_by_id @require_active_login +@user_has_privilege(u'commenter') def media_post_comment(request, media): """ recieves POST from a MediaEntry() comment form, saves the comment. @@ -621,8 +622,8 @@ def processing_panel(request): @require_active_login @get_user_media_entry -@user_in_group(u'reporter') -def file_a_report(request, media, comment=None, required_group=1): +@user_has_privilege(u'reporter') +def file_a_report(request, media, comment=None): if request.method == "POST": report_form = build_report_form(request.form) report_form.save() -- 2.25.1