From cfa922295e5ddfaab336a3c2c0403422f77758b6 Mon Sep 17 00:00:00 2001
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
Date: Sun, 23 Dec 2012 11:58:51 +0100
Subject: [PATCH] Convert return HttpException to raise HttpException

controllers (view function) raise HttpException's and do not return them.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
---
 mediagoblin/admin/views.py       | 7 ++++---
 mediagoblin/decorators.py        | 4 ++--
 mediagoblin/edit/views.py        | 4 ++--
 mediagoblin/meddleware/csrf.py   | 4 ++--
 mediagoblin/plugins/api/tools.py | 4 ++--
 mediagoblin/plugins/api/views.py | 6 +++---
 6 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/mediagoblin/admin/views.py b/mediagoblin/admin/views.py
index 9c14c55c..d0665151 100644
--- a/mediagoblin/admin/views.py
+++ b/mediagoblin/admin/views.py
@@ -14,10 +14,11 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from werkzeug.exceptions import Forbidden
+
 from mediagoblin.db.util import DESCENDING
 from mediagoblin.decorators import require_active_login
-from mediagoblin.tools.response import (render_to_response, render_403,
-                                        render_404)
+from mediagoblin.tools.response import render_to_response
 
 @require_active_login
 def admin_processing_panel(request):
@@ -26,7 +27,7 @@ def admin_processing_panel(request):
     '''
     # TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
     if not request.user.is_admin:
-        return render_403(request)
+        raise Forbidden()
 
     processing_entries = request.db.MediaEntry.find(
         {'state': u'processing'}).sort('created', DESCENDING)
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index e45d3272..0903dd41 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -74,7 +74,7 @@ def user_may_delete_media(controller):
             {'id': ObjectId(request.matchdict['media'])}).uploader
         if not (request.user.is_admin or
                 request.user.id == uploader_id):
-            return Forbidden()
+            raise Forbidden()
 
         return controller(request, *args, **kwargs)
 
@@ -91,7 +91,7 @@ def user_may_alter_collection(controller):
             {'username': request.matchdict['user']}).id
         if not (request.user.is_admin or
                 request.user.id == creator_id):
-            return Forbidden()
+            raise Forbidden()
 
         return controller(request, *args, **kwargs)
 
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 8840f36f..9de034bb 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -41,7 +41,7 @@ import mimetypes
 @require_active_login
 def edit_media(request, media):
     if not may_edit_media(request, media):
-        return Forbidden("User may not edit this media")
+        raise Forbidden("User may not edit this media")
 
     defaults = dict(
         title=media.title,
@@ -165,7 +165,7 @@ def edit_attachments(request, media):
             {'media': media,
              'form': form})
     else:
-        return Forbidden("Attachments are disabled")
+        raise Forbidden("Attachments are disabled")
 
 
 @require_active_login
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index 65db9827..2984ebb9 100644
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -130,7 +130,7 @@ class CsrfMeddleware(BaseMeddleware):
             # the CSRF cookie must be present in the request
             errstr = 'CSRF cookie not present'
             _log.error(errstr)
-            return Forbidden(errstr)
+            raise Forbidden(errstr)
 
         # get the form token and confirm it matches
         form = CsrfForm(request.form)
@@ -145,4 +145,4 @@ class CsrfMeddleware(BaseMeddleware):
         # present; either way, the request is denied
         errstr = 'CSRF validation failed'
         _log.error(errstr)
-        return Forbidden(errstr)
+        raise Forbidden(errstr)
diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index 0ef91127..03f528ce 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -142,7 +142,7 @@ def api_auth(controller):
         # If we can't find any authentication methods, we should not let them
         # pass.
         if not auth_candidates:
-            return Forbidden()
+            raise Forbidden()
 
         # For now, just select the first one in the list
         auth = auth_candidates[0]
@@ -156,7 +156,7 @@ def api_auth(controller):
                         'status': 403,
                         'errors': auth.errors})
 
-            return Forbidden()
+            raise Forbidden()
 
         return controller(request, *args, **kw)
 
diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py
index 8e02d7bd..3d9437e0 100644
--- a/mediagoblin/plugins/api/views.py
+++ b/mediagoblin/plugins/api/views.py
@@ -48,13 +48,13 @@ def post_entry(request):
 
     if request.method != 'POST':
         _log.debug('Must POST against post_entry')
-        return BadRequest()
+        raise BadRequest()
 
     if not 'file' in request.files \
             or not isinstance(request.files['file'], FileStorage) \
             or not request.files['file'].stream:
         _log.debug('File field not found')
-        return BadRequest()
+        raise BadRequest()
 
     media_file = request.files['file']
 
@@ -130,7 +130,7 @@ def post_entry(request):
 @api_auth
 def api_test(request):
     if not request.user:
-        return Forbidden()
+        raise Forbidden()
 
     user_data = {
             'username': request.user.username,
-- 
2.25.1