diff options
| author | Sebastian Spaeth <Sebastian@SSpaeth.de> | 2013-01-07 16:18:45 +0100 |
|---|---|---|
| committer | Sebastian Spaeth <Sebastian@SSpaeth.de> | 2013-01-09 09:56:53 +0100 |
| commit | abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7 (patch) | |
| tree | 8441d5f29c21bdf880b46727680c91c5f2183aa1 | |
| parent | 6de8b42e4ed1f1cd663501d5f61032ba41ed0285 (diff) | |
| download | mediagoblin-abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7.tar.lz mediagoblin-abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7.tar.xz mediagoblin-abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7.zip | |
Enable /u/USERNAME/edit/ pattern #588
Transition from the inconsistent /edit/profile/?username=FOO to
the nicer /u/FOO/edit/. The old pattern will still work and
redirects to the new URL.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
| -rw-r--r-- | mediagoblin/edit/routing.py | 4 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 26 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/edit/edit_profile.html | 5 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/user_pages/user.html | 9 |
4 files changed, 26 insertions, 18 deletions
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py index 3e6787d2..d382e549 100644 --- a/mediagoblin/edit/routing.py +++ b/mediagoblin/edit/routing.py @@ -16,7 +16,9 @@ from mediagoblin.tools.routing import add_route -add_route('mediagoblin.edit.profile', '/edit/profile/', +add_route('mediagoblin.edit.profile', '/u/<string:user>/edit/', 'mediagoblin.edit.views:edit_profile') +add_route('mediagoblin.edit.legacy_edit_profile', '/edit/profile/', + 'mediagoblin.edit.views:legacy_edit_profile') add_route('mediagoblin.edit.account', '/edit/account/', 'mediagoblin.edit.views:edit_account') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 9de034bb..2f669c66 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -26,8 +26,8 @@ from mediagoblin import mg_globals from mediagoblin.auth import lib as auth_lib from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media -from mediagoblin.decorators import require_active_login, get_user_media_entry, \ - user_may_alter_collection, get_user_collection +from mediagoblin.decorators import (require_active_login, active_user_from_url, + get_user_media_entry, user_may_alter_collection, get_user_collection) from mediagoblin.tools.response import render_to_response, redirect from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.text import ( @@ -167,20 +167,28 @@ def edit_attachments(request, media): else: raise Forbidden("Attachments are disabled") +@require_active_login +def legacy_edit_profile(request): + """redirect the old /edit/profile/?username=USER to /u/USER/edit/""" + username = request.GET.get('username') or request.user.username + return redirect(request, 'mediagoblin.edit.profile', user=username) + @require_active_login -def edit_profile(request): - # admins may edit any user profile given a username in the querystring - edit_username = request.GET.get('username') - if request.user.is_admin and request.user.username != edit_username: - user = request.db.User.find_one({'username': edit_username}) +@active_user_from_url +def edit_profile(request, url_user=None): + # admins may edit any user profile + if request.user.username != url_user.username: + if not request.user.is_admin: + raise Forbidden(_("You can only edit your own profile.")) + # No need to warn again if admin just submitted an edited profile if request.method != 'POST': messages.add_message( request, messages.WARNING, _("You are editing a user's profile. Proceed with caution.")) - else: - user = request.user + + user = url_user form = forms.EditProfileForm(request.form, url=user.get('url'), diff --git a/mediagoblin/templates/mediagoblin/edit/edit_profile.html b/mediagoblin/templates/mediagoblin/edit/edit_profile.html index 2b2fa4fa..163fe186 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_profile.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_profile.html @@ -27,9 +27,8 @@ {% block mediagoblin_content %} - <form action="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{ - user.username }}" - method="POST" enctype="multipart/form-data"> + <form action="{{ request.urlgen('mediagoblin.edit.profile', + user=user.username) }}" method="POST" enctype="multipart/form-data"> <div class="form_box edit_box"> <h1> {%- trans username=user.username -%} diff --git a/mediagoblin/templates/mediagoblin/user_pages/user.html b/mediagoblin/templates/mediagoblin/user_pages/user.html index 65c636b9..76bce1e2 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/user.html +++ b/mediagoblin/templates/mediagoblin/user_pages/user.html @@ -95,9 +95,8 @@ <p> {% trans %}Here's a spot to tell others about yourself.{% endtrans %} </p> - <a href="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{ - user.username }}" - class="button_action"> + <a href="{{ request.urlgen('mediagoblin.edit.profile', + user=user.username) }}" class="button_action"> {%- trans %}Edit profile{% endtrans -%} </a> {% else %} @@ -113,8 +112,8 @@ {% include "mediagoblin/utils/profile.html" %} {% if request.user and (request.user.id == user.id or request.user.is_admin) %} - <a href="{{ request.urlgen('mediagoblin.edit.profile') }}?username={{ - user.username }}"> + <a href="{{ request.urlgen('mediagoblin.edit.profile', + user=user.username) }}"> {%- trans %}Edit profile{% endtrans -%} </a> {% endif %} |