diff options
| author | Elrond <elrond+mediagoblin.org@samba-tng.org> | 2011-06-02 14:25:31 +0200 |
|---|---|---|
| committer | Elrond <elrond+mediagoblin.org@samba-tng.org> | 2011-06-02 14:26:53 +0200 |
| commit | c849e690925cb656b8c00ccbeda12aeab22c2fdd (patch) | |
| tree | f7326dd919e1910dd6ea2ba12323db377b22bcab | |
| parent | 98857207ccb432117709f64137ca20f81635f288 (diff) | |
| download | mediagoblin-c849e690925cb656b8c00ccbeda12aeab22c2fdd.tar.lz mediagoblin-c849e690925cb656b8c00ccbeda12aeab22c2fdd.tar.xz mediagoblin-c849e690925cb656b8c00ccbeda12aeab22c2fdd.zip | |
Check for edit permission.
You need to own the media, or be an admin to use the edit form.
As simple as that, for now.
| -rw-r--r-- | mediagoblin/edit/views.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 050ece4e..e5dccc81 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -5,9 +5,22 @@ from webob import Response, exc from mediagoblin.edit import forms from mediagoblin.decorators import require_active_login, get_media_entry_by_id + +def may_edit_media(request, media): + """Check, if the request's user may edit the media details""" + if media['uploader'] == request.user['_id']: + return True + if request.user['is_admin']: + return True + return False + + @get_media_entry_by_id @require_active_login def edit_media(request, media): + if not may_edit_media(request, media): + return exc.HTTPForbidden() + form = forms.EditForm(request.POST, title = media['title'], slug = media['slug'], |