From 502073f2bf65380be18b349a678ac075777889a4 Mon Sep 17 00:00:00 2001
From: Joar Wandborg <git@wandborg.com>
Date: Tue, 30 Aug 2011 23:16:46 +0200
Subject: [PATCH] Feature #403 - Ability to delete media entries - Fixes
 according to feedback

*   Moved `mediagoblin.confirm` stuff to `mediagoblin.user_pages`,
    templates too.
*   Removed route extension for `mediagoblin.confirm`
*   Created `delete_media_files` which deletes all media files
    on the public_store when the entry is deleted
*   Created a new decorator to check if a user has the permission
     to delete an entry.
---
 mediagoblin/decorators.py                     | 26 ++++++++++
 mediagoblin/routing.py                        |  1 -
 mediagoblin/storage.py                        |  3 +-
 .../mediagoblin/user_pages/media.html         |  2 +-
 .../user_pages/media_confirm_delete.html      | 48 +++++++++++++++++++
 mediagoblin/tests/test_submission.py          |  4 +-
 mediagoblin/user_pages/forms.py               |  7 +++
 mediagoblin/user_pages/routing.py             |  4 +-
 mediagoblin/user_pages/views.py               | 34 ++++++++++++-
 mediagoblin/util.py                           | 15 ++++++
 10 files changed, 135 insertions(+), 9 deletions(-)
 create mode 100644 mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index c66049ca..c3d64327 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -51,6 +51,31 @@ def require_active_login(controller):
 
     return _make_safe(new_controller_func, controller)
 
+def user_may_delete_media(controller):
+    """
+    Require user ownership of the MediaEntry
+
+    Originally:
+def may_delete_media(request, media):
+    \"\"\"
+    Check, if the request's user may edit the media details
+    \"\"\"
+    if media['uploader'] == request.user['_id']:
+        return True
+    if request.user['is_admin']:
+        return True
+    return False
+    """
+    def wrapper(request, *args, **kwargs):
+        if not request.user['_id'] == request.db.MediaEntry.find_one(
+            {'_id': ObjectId(
+                    request.matchdict['media'])}).uploader()['_id']:
+            return exc.HTTPForbidden()
+
+        return controller(request, *args, **kwargs)
+
+    return _make_safe(wrapper, controller)
+
 
 def uses_pagination(controller):
     """
@@ -122,3 +147,4 @@ def get_media_entry_by_id(controller):
         return controller(request, media=media, *args, **kwargs)
 
     return _make_safe(wrapper, controller)
+
diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py
index 125f7270..f78658c5 100644
--- a/mediagoblin/routing.py
+++ b/mediagoblin/routing.py
@@ -37,6 +37,5 @@ def get_mapper():
     mapping.extend(user_routes, '/u')
     mapping.extend(edit_routes, '/edit')
     mapping.extend(tag_routes, '/tag')
-    mapping.extend(confirm_routes, '/confirm')
 
     return mapping
diff --git a/mediagoblin/storage.py b/mediagoblin/storage.py
index 7ada95e1..82b7a5ff 100644
--- a/mediagoblin/storage.py
+++ b/mediagoblin/storage.py
@@ -281,7 +281,8 @@ class CloudFilesStorage(StorageInterface):
     def delete_file(self, filepath):
         # TODO: Also delete unused directories if empty (safely, with
         # checks to avoid race conditions).
-        self.container.delete_object(filepath)
+        self.container.delete_object(
+            self._resolve_filepath(filepath))
 
     def file_url(self, filepath):
         return '/'.join([
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index fe953e77..171ea21d 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -128,7 +128,7 @@
                    class="media_icon" />edit</a>
         </p>
         <p>
-          <a href="{{ request.urlgen('mediagoblin.confirm.confirm_delete',
+          <a href="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
                                      user= media.uploader().username,
                                      media= media._id) }}"
              ><img src="{{ request.staticdirect('/images/icon_delete.png') }}"
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
new file mode 100644
index 00000000..87a3ad81
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
@@ -0,0 +1,48 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 Free Software Foundation, Inc
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block mediagoblin_content %}
+
+  <form action="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
+		                  user=media.uploader().username,
+				  media=media._id) }}"
+        method="POST" enctype="multipart/form-data">
+    <div class="grid_8 prefix_1 suffix_1 edit_box form_box">
+      <h1>
+        {%- trans title=media['title'] -%}
+          Really delete {{ title }}?
+        {%- endtrans %}
+      </h1>
+      <p>
+	<em>
+	  {%- trans -%}
+	    If you choose yes, the media entry will be deleted <strong>permanently.</strong>
+	  {%- endtrans %}
+	</em>
+      </p>
+	  
+      {{ wtforms_util.render_divs(form) }}
+      <div class="form_submit_buttons">
+        <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+      </div>
+    </div>
+  </form>
+{% endblock %}    
diff --git a/mediagoblin/tests/test_submission.py b/mediagoblin/tests/test_submission.py
index b2599d22..43a81f02 100644
--- a/mediagoblin/tests/test_submission.py
+++ b/mediagoblin/tests/test_submission.py
@@ -174,7 +174,7 @@ class TestSubmission:
         # Do not confirm deletion
         # ---------------------------------------------------
         response = self.test_app.post(
-            request.urlgen('mediagoblin.confirm.confirm_delete',
+            request.urlgen('mediagoblin.user_pages.media_confirm_delete',
                            # No work: user=media.uploader().username,
                            user=self.test_user['username'],
                            media=media['_id']),
@@ -193,7 +193,7 @@ class TestSubmission:
         # Confirm deletion
         # ---------------------------------------------------
         response = self.test_app.post(
-            request.urlgen('mediagoblin.confirm.confirm_delete',
+            request.urlgen('mediagoblin.user_pages.media_confirm_delete',
                            # No work: user=media.uploader().username,
                            user=self.test_user['username'],
                            media=media['_id']),
diff --git a/mediagoblin/user_pages/forms.py b/mediagoblin/user_pages/forms.py
index 25001019..4a79bedd 100644
--- a/mediagoblin/user_pages/forms.py
+++ b/mediagoblin/user_pages/forms.py
@@ -23,3 +23,10 @@ class MediaCommentForm(wtforms.Form):
     comment_content = wtforms.TextAreaField(
         _('Comment'),
         [wtforms.validators.Required()])
+
+
+class ConfirmDeleteForm(wtforms.Form):
+    confirm = wtforms.RadioField('Confirm',
+                                 default='False',
+                                 choices=[('False', 'No, I made a mistake!'),
+                                          ('True', 'Yes, delete it!')])
diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py
index 2c83593f..ffa6f969 100644
--- a/mediagoblin/user_pages/routing.py
+++ b/mediagoblin/user_pages/routing.py
@@ -32,9 +32,9 @@ user_routes = [
     Route('mediagoblin.edit.attachments',
           '/{user}/m/{media}/attachments/',
           controller="mediagoblin.edit.views:edit_attachments"),
-    Route('mediagoblin.confirm.confirm_delete',
+    Route('mediagoblin.user_pages.media_confirm_delete',
           "/{user}/m/{media}/confirm-delete/",
-          controller="mediagoblin.confirm.views:confirm_delete"),
+          controller="mediagoblin.user_pages.views:media_confirm_delete"),
     Route('mediagoblin.user_pages.atom_feed', '/{user}/atom/',
         controller="mediagoblin.user_pages.views:atom_feed"),
     Route('mediagoblin.user_pages.media_post_comment',
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 080d98d7..2163acf7 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -20,11 +20,11 @@ from mediagoblin import messages, mg_globals
 from mediagoblin.db.util import DESCENDING, ObjectId
 from mediagoblin.util import (
     Pagination, render_to_response, redirect, cleaned_markdown_conversion,
-    render_404)
+    render_404, delete_media_files)
 from mediagoblin.user_pages import forms as user_forms
 
 from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
-    require_active_login)
+    require_active_login, user_may_delete_media)
 
 from werkzeug.contrib.atom import AtomFeed
 
@@ -145,6 +145,36 @@ def media_post_comment(request):
         user = request.matchdict['user'])
 
 
+@get_user_media_entry
+@require_active_login
+@user_may_delete_media
+def media_confirm_delete(request, media):
+
+    form = user_forms.ConfirmDeleteForm(request.POST)
+
+    if request.method == 'POST' and form.validate():
+        if request.POST.get('confirm') == 'True':
+            username = media.uploader()['username']
+
+            # Delete all files on the public storage
+            delete_media_files(media)
+
+            media.delete()
+
+            return redirect(request, "mediagoblin.user_pages.user_home",
+                user=username)
+        else:
+            return redirect(request, "mediagoblin.user_pages.media_home",
+                            user=media.uploader()['username'],
+                            media=media['slug'])
+
+    return render_to_response(
+        request,
+        'mediagoblin/user_pages/media_confirm_delete.html',
+        {'media': media,
+         'form': form})
+
+
 ATOM_DEFAULT_NR_OF_UPDATED_ITEMS = 15
 
 def atom_feed(request):
diff --git a/mediagoblin/util.py b/mediagoblin/util.py
index ba4ac01e..27c81f3a 100644
--- a/mediagoblin/util.py
+++ b/mediagoblin/util.py
@@ -681,3 +681,18 @@ def render_404(request):
     """
     return render_to_response(
         request, 'mediagoblin/404.html', {}, status=400)
+
+def delete_media_files(media):
+    """
+    Delete all files associated with a MediaEntry
+
+    Arguments:
+     - media: A MediaEntry document
+    """
+    for handle, listpath in media['media_files'].items():
+        mg_globals.public_store.delete_file(
+            listpath)
+
+    for attachment in media['attachment_files']:
+        mg_globals.public_store.delete_file(
+            attachment['filepath'])
-- 
2.25.1