diff options
| author | tilly-Q <nattilypigeonfowl@gmail.com> | 2013-08-13 18:38:00 -0400 |
|---|---|---|
| committer | tilly-Q <nattilypigeonfowl@gmail.com> | 2013-08-13 18:38:00 -0400 |
| commit | 8394febbe1408030d1afa8f3961d92341eefa474 (patch) | |
| tree | 6eab6a2c14a7e44504060539ff7f88b90e6a8114 | |
| parent | 9d6e453f8fd337813c2933835aedff2949193fbe (diff) | |
| download | mediagoblin-8394febbe1408030d1afa8f3961d92341eefa474.tar.lz mediagoblin-8394febbe1408030d1afa8f3961d92341eefa474.tar.xz mediagoblin-8394febbe1408030d1afa8f3961d92341eefa474.zip | |
This has been an update to clean out the code a little bit. The primary change
I made was I added the method has_privilege (which takes a variable amount of
unicode privilege names as an argument) to the User model. This method allowed
for much cleaner checks as to whether or not a user has a privilege. Other-
wise, I also made it impossible for moderators to punish admins. I created a
new url path and three new pages for Users to look at filed reports and the
code of conduct for the mg instance.
=== Made reports on admins not resolvable by moderators:
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/moderation/report.html
=== Created new files for the new pages:
--\ mediagoblin/meta/__init__.py
--\ mediagoblin/meta/routing.py
--\ mediagoblin/meta/views.py
--\ mediagoblin/templates/mediagoblin/meta/code_of_conduct.html
--\ mediagoblin/templates/mediagoblin/meta/reports_details.html
--\ mediagoblin/templates/mediagoblin/meta/reports_panel.html
--\ mediagoblin/routing.py
--\ mediagoblin/static/css/base.css
=== Replaced vestigial methods of checking a user's privilege with the more
====== effective method has_privilege(u'privilege_name'):
--\ mediagoblin/db/models.py
--| Added in the has_privilege method to the User class
--\ mediagoblin/db/migrations.py
--\ mediagoblin/db/models.py
--\ mediagoblin/decorators.py
--\ mediagoblin/edit/lib.py
--\ mediagoblin/edit/views.py
--\ mediagoblin/gmg_commands/users.py
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/base.html
--\ mediagoblin/templates/mediagoblin/user_pages/collection.html
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--\ mediagoblin/templates/mediagoblin/user_pages/user.html
--\ mediagoblin/templates/mediagoblin/utils/collection_gallery.html
--\ mediagoblin/user_pages/views.py
=== Minor UI changes
--\ mediagoblin/templates/mediagoblin/moderation/report_panel.html
--\ mediagoblin/templates/mediagoblin/moderation/user.html
=== Other Bugs:
--\ mediagoblin/tools/response.py
--\ mediagoblin/db/migrations.py
25 files changed, 219 insertions, 63 deletions
diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py index 972908be..e15b4ad3 100644 --- a/mediagoblin/db/migrations.py +++ b/mediagoblin/db/migrations.py @@ -410,7 +410,7 @@ class ArchivedReport_v0(ReportBase_v0): __tablename__ = 'core__reports_archived' __mapper_args__ = {'polymorphic_identity': 'archived_report'} - id = Column('id',Integer, ForeignKey('core__reports.id')) + id = Column('id',Integer, ForeignKey('core__reports.id'), primary_key=True) media_entry_id = Column(Integer, ForeignKey(MediaEntry.id)) comment_id = Column(Integer, ForeignKey(MediaComment.id)) resolver_id = Column(Integer, ForeignKey(User.id), nullable=False) diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index 32d3135f..54b8f739 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -106,6 +106,16 @@ class User(Base, UserMixin): super(User, self).delete(**kwargs) _log.info('Deleted user "{0}" account'.format(self.username)) + def has_privilege(self,*priv_names): + if len(priv_names) == 1: + priv = Privilege.query.filter( + Privilege.privilege_name==priv_names[0]).one() + return (priv in self.all_privileges) + elif len(priv_names) > 1: + return self.has_privilege(priv_names[0]) or \ + self.has_privilege(*priv_names[1:]) + return False + class MediaEntry(Base, MediaEntryMixin): """ diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 79b582c9..d3a9647e 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -35,11 +35,11 @@ def require_active_login(controller): @wraps(controller) def new_controller_func(request, *args, **kwargs): if request.user and \ - request.user.status == u'needs_email_verification': + not request.user.has_privilege(u'active'): return redirect( request, 'mediagoblin.user_pages.user_home', user=request.user.username) - elif not request.user or request.user.status != u'active': + elif not request.user or not request.user.has_privilege(u'active'): next_url = urljoin( request.urlgen('mediagoblin.auth.login', qualified=True), @@ -72,13 +72,9 @@ def user_has_privilege(privilege_name): @wraps(controller) def wrapper(request, *args, **kwargs): user_id = request.user.id - privileges_of_user = Privilege.query.filter( - Privilege.all_users.any( - User.id==user_id)) if UserBan.query.filter(UserBan.user_id==user_id).count(): return render_user_banned(request) - elif not privileges_of_user.filter( - Privilege.privilege_name==privilege_name).count(): + elif not request.user.has_privilege(privilege_name): raise Forbidden() return controller(request, *args, **kwargs) @@ -94,7 +90,7 @@ def user_may_delete_media(controller): @wraps(controller) def wrapper(request, *args, **kwargs): uploader_id = kwargs['media'].uploader - if not (request.user.is_admin or + if not (request.user.has_privilege(u'admin') or request.user.id == uploader_id): raise Forbidden() @@ -111,7 +107,7 @@ def user_may_alter_collection(controller): def wrapper(request, *args, **kwargs): creator_id = request.db.User.query.filter_by( username=request.matchdict['user']).first().id - if not (request.user.is_admin or + if not (request.user.has_privilege(u'admin') or request.user.id == creator_id): raise Forbidden() @@ -309,13 +305,8 @@ def require_admin_or_moderator_login(controller): """ @wraps(controller) def new_controller_func(request, *args, **kwargs): - admin_privilege = Privilege.query.filter( - Privilege.privilege_name==u'admin').one() - moderator_privilege = Privilege.query.filter( - Privilege.privilege_name==u'moderator').one() if request.user and \ - not admin_privilege in request.user.all_privileges and \ - not moderator_privilege in request.user.all_privileges: + not request.user.has_privilege(u'admin',u'moderator'): raise Forbidden() elif not request.user: diff --git a/mediagoblin/edit/lib.py b/mediagoblin/edit/lib.py index aab537a0..6acebc96 100644 --- a/mediagoblin/edit/lib.py +++ b/mediagoblin/edit/lib.py @@ -19,6 +19,6 @@ def may_edit_media(request, media): """Check, if the request's user may edit the media details""" if media.uploader == request.user.id: return True - if request.user.is_admin: + if request.user.has_privilege(u'admin'): return True return False diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 6aa2acd9..c6c3c03e 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -83,7 +83,7 @@ def edit_media(request, media): return redirect_obj(request, media) - if request.user.is_admin \ + if request.user.has_privilege(u'admin') \ and media.uploader != request.user.id \ and request.method != 'POST': messages.add_message( @@ -184,7 +184,7 @@ def legacy_edit_profile(request): def edit_profile(request, url_user=None): # admins may edit any user profile if request.user.username != url_user.username: - if not request.user.is_admin: + if not request.user.has_privilege(u'admin'): raise Forbidden(_("You can only edit your own profile.")) # No need to warn again if admin just submitted an edited profile @@ -326,7 +326,7 @@ def edit_collection(request, collection): return redirect_obj(request, collection) - if request.user.is_admin \ + if request.user.has_privilege(u'admin') \ and collection.creator != request.user.id \ and request.method != 'POST': messages.add_message( diff --git a/mediagoblin/gmg_commands/users.py b/mediagoblin/gmg_commands/users.py index 7e6fc5bc..0002daad 100644 --- a/mediagoblin/gmg_commands/users.py +++ b/mediagoblin/gmg_commands/users.py @@ -85,7 +85,6 @@ def makeadmin(args): user = db.User.query.filter_by( username=unicode(args.username.lower())).one() if user: - user.is_admin = True user.all_privileges.append( db.Privilege.query.filter( db.Privilege.privilege_name==u'admin').one() diff --git a/mediagoblin/meta/__init__.py b/mediagoblin/meta/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/mediagoblin/meta/__init__.py diff --git a/mediagoblin/meta/routing.py b/mediagoblin/meta/routing.py new file mode 100644 index 00000000..e61bc065 --- /dev/null +++ b/mediagoblin/meta/routing.py @@ -0,0 +1,27 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +meta_routes = [ + ('mediagoblin.meta.code_of_conduct', + '/coc/', + 'mediagoblin.meta.views:code_of_conduct'), + ('mediagoblin.meta.reports_panel', + '/reports/', + 'mediagoblin.meta.views:public_reports_panel'), + ('mediagoblin.meta.reports_detail', + '/reports/<int:report_id>', + 'mediagoblin.meta.views:public_reports_details') +] diff --git a/mediagoblin/meta/views.py b/mediagoblin/meta/views.py new file mode 100644 index 00000000..3df0688c --- /dev/null +++ b/mediagoblin/meta/views.py @@ -0,0 +1,33 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from mediagoblin.tools.response import render_to_response + + +def code_of_conduct(request): + return render_to_response(request, + 'mediagoblin/meta/code_of_conduct.html', + {}) + +def public_reports_panel(request): + return render_to_response(request, + 'mediagoblin/meta/reports_panel.html', + {}) + +def public_reports_details(request): + return render_to_response(request, + 'mediagoblin/meta/reports_details.html', + {}) diff --git a/mediagoblin/moderation/views.py b/mediagoblin/moderation/views.py index 041cf5b3..d82eca7d 100644 --- a/mediagoblin/moderation/views.py +++ b/mediagoblin/moderation/views.py @@ -74,15 +74,12 @@ def moderation_users_detail(request): ReportBase.discriminator=='archived_report').all() privileges = Privilege.query user_banned = UserBan.query.get(user.id) - user_privileges = user_privileges_to_dictionary(user.id) - requesting_user_privileges = user_privileges_to_dictionary(request.user.id) return render_to_response( request, 'mediagoblin/moderation/user.html', {'user':user, 'privileges': privileges, - 'requesting_user_privileges':requesting_user_privileges, 'reports':active_reports, 'user_banned':user_banned}) @@ -121,7 +118,10 @@ def moderation_reports_detail(request): for s in report.reported_user.all_privileges ] - if request.method == "POST" and form.validate(): + if request.method == "POST" and form.validate() and not ( + not request.user.has_privilege(u'admin') and + report.reported_user.has_privilege(u'admin')): + user = User.query.get(form.targeted_user.data) return take_punitive_actions(request, form, report, user) diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py index c9377ad4..9686d103 100644 --- a/mediagoblin/routing.py +++ b/mediagoblin/routing.py @@ -20,6 +20,7 @@ from mediagoblin.tools.routing import add_route, mount, url_map from mediagoblin.tools.pluginapi import PluginManager from mediagoblin.moderation.routing import moderation_routes from mediagoblin.auth.routing import auth_routes +from mediagoblin.meta.routing import meta_routes _log = logging.getLogger(__name__) @@ -29,6 +30,7 @@ def get_url_map(): add_route('index', '/', 'mediagoblin.views:root_view') mount('/auth', auth_routes) mount('/mod', moderation_routes) + mount('/meta', meta_routes) import mediagoblin.submit.routing import mediagoblin.user_pages.routing @@ -37,6 +39,7 @@ def get_url_map(): import mediagoblin.listings.routing import mediagoblin.notifications.routing + for route in PluginManager().get_routes(): add_route(*route) diff --git a/mediagoblin/static/css/base.css b/mediagoblin/static/css/base.css index 338828d2..1293086d 100644 --- a/mediagoblin/static/css/base.css +++ b/mediagoblin/static/css/base.css @@ -220,6 +220,7 @@ footer { color: #283F35; } + .button_form { min-width: 99px; margin: 10px 0px 10px 15px; @@ -615,7 +616,7 @@ table.media_panel th { text-align: left; } -/* admin panels */ +/* moderator panels */ table.admin_panel { width: 100% @@ -655,6 +656,21 @@ table td.user_without_privilege { margin-left: 10px; } +/* code of conduct */ + +#code_of_conduct_list { + margin-left:25px; + margin-bottom: 10px; +} +#code_of_conduct_list li { + margin-top:5px; +} +ol.nested_sublist{ + margin: 5px 0 10px 25px; + font-size:80%; +} + + /* ASCII art and code */ @font-face { diff --git a/mediagoblin/templates/mediagoblin/base.html b/mediagoblin/templates/mediagoblin/base.html index 31f0f0c3..6eaad70b 100644 --- a/mediagoblin/templates/mediagoblin/base.html +++ b/mediagoblin/templates/mediagoblin/base.html @@ -109,9 +109,9 @@ <a class="button_action" href="{{ request.urlgen('mediagoblin.submit.collection') }}"> {%- trans %}Create new collection{% endtrans -%} </a> - {% if request.user.is_admin %} + {% if request.user.has_privilege('admin','moderator') %} <p> - <span class="dropdown_title">Admin powers:</span> + <span class="dropdown_title">Moderation powers:</span> <a href="{{ request.urlgen('mediagoblin.moderation.media_panel') }}"> {%- trans %}Media processing panel{% endtrans -%} </a> diff --git a/mediagoblin/templates/mediagoblin/meta/code_of_conduct.html b/mediagoblin/templates/mediagoblin/meta/code_of_conduct.html new file mode 100644 index 00000000..e8233ad3 --- /dev/null +++ b/mediagoblin/templates/mediagoblin/meta/code_of_conduct.html @@ -0,0 +1,46 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +#} +{% extends "mediagoblin/base.html" %} + +{% block title %} + Code of Conduct +{% endblock %} + +{% block mediagoblin_content -%} +<h2>{% trans %}Code of Conduct for this Website{% endtrans %}</h2> + +{# Suggested layout for this page: +<ol id="code_of_conduct_list"> + <li> Item #1 </li> + <li> + Item #2 + <ol class="nested_sublist"> + <li>Sub-Item #1</li> + <li>Sub-Item #2</li> + <li> + Sub-Item #3 + <ol class="nested_sublist"> + <li>Sub-Subitem #1</li> + </ol> + </li> + </ol> + </li> + <li>Item #3 </li> +</ol> +#} +{% endblock -%} diff --git a/mediagoblin/templates/mediagoblin/meta/reports_details.html b/mediagoblin/templates/mediagoblin/meta/reports_details.html new file mode 100644 index 00000000..6fa5ae59 --- /dev/null +++ b/mediagoblin/templates/mediagoblin/meta/reports_details.html @@ -0,0 +1,17 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +#} diff --git a/mediagoblin/templates/mediagoblin/meta/reports_panel.html b/mediagoblin/templates/mediagoblin/meta/reports_panel.html new file mode 100644 index 00000000..6fa5ae59 --- /dev/null +++ b/mediagoblin/templates/mediagoblin/meta/reports_panel.html @@ -0,0 +1,17 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +#} diff --git a/mediagoblin/templates/mediagoblin/moderation/report.html b/mediagoblin/templates/mediagoblin/moderation/report.html index b912c712..04788f05 100644 --- a/mediagoblin/templates/mediagoblin/moderation/report.html +++ b/mediagoblin/templates/mediagoblin/moderation/report.html @@ -122,7 +122,7 @@ {{ report.report_content }} </div> </div> - {% if not report.is_archived_report() %} + {% if not report.is_archived_report() and not (report.reported_user.has_privilege('admin') and not request.user.has_privilege('admin')) %} <input type=button value=Resolve id=open_resolution_form /> <form action="" method="POST" id=resolution_form> {{ wtforms_util.render_divs(form) }} @@ -163,19 +163,6 @@ $(document).ready(function() { $('#'+name).hide(); }); }); -/* $.each(hidden_input_names, function(key,name){ - if ($.inArray(key, $('ul#action_to_resolve li input:checked').val())){ - $.each(hidden_input_names[key], function(index,name){ - $('#'+name).show(); - $('label[for='+name+']').show(); - }); - } else { - $.each(hidden_input_names[key], function(index,name){ - $('#'+name).hide(); - $('label[for='+name+']').hide(); - }); - } - });*/ }); $("#user_banned_until").focus(function() { $(this).val(""); @@ -188,7 +175,7 @@ $(document).ready(function() { }); }); </script> - {% else %} + {% elif not (report.reported_user.has_privilege('admin')) %} <h2><img src="{{ request.staticdirect('/images/icon_clipboard.png') }}" alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license. Distributed by the GNOME project http://www.gnome.org" /> @@ -199,6 +186,9 @@ $(document).ready(function() { {% autoescape False %} <p>{{ report.result }}</p> {% endautoescape %} + {% else %} + <input type=button disabled=disabled value="Resolve This Report"/> + <p>You cannot take action against an administrator</p> {% endif %} {% endif %} {% endblock %} diff --git a/mediagoblin/templates/mediagoblin/moderation/report_panel.html b/mediagoblin/templates/mediagoblin/moderation/report_panel.html index f3840e29..2818eb80 100644 --- a/mediagoblin/templates/mediagoblin/moderation/report_panel.html +++ b/mediagoblin/templates/mediagoblin/moderation/report_panel.html @@ -112,7 +112,7 @@ <td>{{ report.reported_user.username }}</td> <td>{{ report.created.strftime("%F %R") }}</td> <td>{{ report.reporter.username }}</td> - <td>{{ report.report_content }}</td> + <td>{{ report.report_content[:15] }}...</td> </tr> {% endfor %} </table> diff --git a/mediagoblin/templates/mediagoblin/moderation/user.html b/mediagoblin/templates/mediagoblin/moderation/user.html index 3fb65063..d8454d2d 100644 --- a/mediagoblin/templates/mediagoblin/moderation/user.html +++ b/mediagoblin/templates/mediagoblin/moderation/user.html @@ -33,12 +33,10 @@ {# If no user... #} {% if not user %} <p>{% trans %}Sorry, no such user found.{% endtrans %}</p> - {# User exists, but needs verification #} {% elif user.status == "needs_email_verification" %} <div class="form_box"> <h1>{% trans %}Email verification needed{% endtrans %}</h1> - <p> {% trans -%} Someone has registered an account with this username, but it still has @@ -56,6 +54,10 @@ {# Active(?) (or at least verified at some point) user, horray! #} {% else %} + <a href="{{ request.urlgen('mediagoblin.moderation.users') }}" + class="return_to_panel button_action" + title="Return to Users Panel"> + {% trans %}Return to Users Panel{% endtrans %}</a> <h1> {%- trans username=user.username %}{{ username }}'s profile{% endtrans -%} {% if user_banned and user_banned.expiration_date %} @@ -64,7 +66,6 @@ — Banned Indefinitely {% endif %} </h1> - {% if not user.url and not user.bio %} <div class="profile_sidebar empty_space"> <p> @@ -76,7 +77,7 @@ <div class="profile_sidebar"> {% include "mediagoblin/utils/profile.html" %} {% if request.user and - (request.user.id == user.id or request.user.is_admin) %} + (request.user.id == user.id or request.user.has_privilege('admin')) %} <a href="{{ request.urlgen('mediagoblin.edit.profile', user=user.username) }}"> {%- trans %}Edit profile{% endtrans -%} @@ -145,13 +146,19 @@ <td class="user_without_privilege"> No{% endif %} </td> - {% if requesting_user_privileges.admin%} - <td>{% if privilege in user.all_privileges %} - <input type=submit id="{{ privilege.privilege_name }}" class=submit_button value ="-" />{% else %} - <input type=submit id="{{ privilege.privilege_name }}" class=submit_button value ="+" />{% endif %} + {% if request.user.has_privilege('admin') %} + <td> + {% if privilege in user.all_privileges %} + <input type=submit id="{{ privilege.privilege_name }}" + class="submit_button button_action" + value =" -" /> + {% else %} + <input type=submit id="{{ privilege.privilege_name }}" + class="submit_button button_action" + value ="+" /> + {% endif %} </td> {% endif %} - </tr> {% endfor %} </table> diff --git a/mediagoblin/templates/mediagoblin/user_pages/collection.html b/mediagoblin/templates/mediagoblin/user_pages/collection.html index 5a7baadd..87635dcb 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/collection.html +++ b/mediagoblin/templates/mediagoblin/user_pages/collection.html @@ -45,7 +45,7 @@ {%- endtrans %} </h1> {% if request.user and (collection.creator == request.user.id or - request.user.is_admin) %} + request.user.has_privilege(u'admin')) %} {% set edit_url = request.urlgen('mediagoblin.edit.edit_collection', user=collection.get_creator.username, collection=collection.slug) %} diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html index b10ef3be..441452f2 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/media.html +++ b/mediagoblin/templates/mediagoblin/user_pages/media.html @@ -72,7 +72,7 @@ </h2> {% if request.user and (media.uploader == request.user.id or - request.user.is_admin) %} + request.user.has_privilege('admin')) %} {% set edit_url = request.urlgen('mediagoblin.edit.edit_media', user= media.get_uploader.username, media_id=media.id) %} @@ -198,7 +198,7 @@ {%- if app_config['allow_attachments'] and request.user and (media.uploader == request.user.id - or request.user.is_admin) %} + or request.user.has_privilege('admin')) %} {%- if not media.attachment_files|count %} <h3>{% trans %}Attachments{% endtrans %}</h3> {%- endif %} diff --git a/mediagoblin/templates/mediagoblin/user_pages/user.html b/mediagoblin/templates/mediagoblin/user_pages/user.html index 71acd66c..de92fb5e 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/user.html +++ b/mediagoblin/templates/mediagoblin/user_pages/user.html @@ -111,7 +111,7 @@ <div class="profile_sidebar"> {% include "mediagoblin/utils/profile.html" %} {% if request.user and - (request.user.id == user.id or request.user.is_admin) %} + (request.user.id == user.id or request.user.has_privilege('admin')) %} <a href="{{ request.urlgen('mediagoblin.edit.profile', user=user.username) }}"> {%- trans %}Edit profile{% endtrans -%} diff --git a/mediagoblin/templates/mediagoblin/utils/collection_gallery.html b/mediagoblin/templates/mediagoblin/utils/collection_gallery.html index dcc59244..24bf6832 100644 --- a/mediagoblin/templates/mediagoblin/utils/collection_gallery.html +++ b/mediagoblin/templates/mediagoblin/utils/collection_gallery.html @@ -39,7 +39,7 @@ {% endif %} {% if request.user and (item.in_collection.creator == request.user.id or - request.user.is_admin) %} + request.user.has_privilege(u'admin')) %} {%- set remove_url=request.urlgen( 'mediagoblin.user_pages.collection_item_confirm_remove', user=item.in_collection.get_creator.username, diff --git a/mediagoblin/tools/response.py b/mediagoblin/tools/response.py index 8d9c02d4..54905a0e 100644 --- a/mediagoblin/tools/response.py +++ b/mediagoblin/tools/response.py @@ -72,7 +72,7 @@ def render_user_banned(request): if datetime.now()>user_ban.expiration_date: user_ban.delete() redirect(request, - 'mediagoblin.index') + 'index') return render_to_response(request, 'mediagoblin/banned.html', {'reason':user_ban.reason, diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 161a47e2..6c0bada2 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -299,7 +299,7 @@ def media_confirm_delete(request, media): _("The media was not deleted because you didn't check that you were sure.")) return redirect_obj(request, media) - if ((request.user.is_admin and + if ((request.user.has_privilege(u'admin') and request.user.id != media.uploader)): messages.add_message( request, messages.WARNING, @@ -385,7 +385,7 @@ def collection_item_confirm_remove(request, collection_item): return redirect_obj(request, collection) - if ((request.user.is_admin and + if ((request.user.has_privilege(u'admin') and request.user.id != collection_item.in_collection.creator)): messages.add_message( request, messages.WARNING, @@ -433,7 +433,7 @@ def collection_confirm_delete(request, collection): return redirect_obj(request, collection) - if ((request.user.is_admin and + if ((request.user.has_privilege(u'admin') and request.user.id != collection.creator)): messages.add_message( request, messages.WARNING, @@ -594,7 +594,7 @@ def processing_panel(request): # # Make sure we have permission to access this user's panel. Only # admins and this user herself should be able to do so. - if not (user.id == request.user.id or request.user.is_admin): + if not (user.id == request.user.id or request.user.has_privilege(u'admin')): # No? Simply redirect to this user's homepage. return redirect( request, 'mediagoblin.user_pages.user_home', |