diff options
| author | Aditi <aditi.iitr@gmail.com> | 2013-08-08 20:47:43 +0530 |
|---|---|---|
| committer | Aditi <aditi.iitr@gmail.com> | 2013-08-08 20:47:43 +0530 |
| commit | d0ba136f5552808270e11c7a02029e28fb3ebfcc (patch) | |
| tree | 041a00ef16dba8c8f12d8139491bdb71fcf7efd9 | |
| parent | 64a6e7fc4965e3a5cd81d26e29ef3a3051648482 (diff) | |
| download | mediagoblin-d0ba136f5552808270e11c7a02029e28fb3ebfcc.tar.lz mediagoblin-d0ba136f5552808270e11c7a02029e28fb3ebfcc.tar.xz mediagoblin-d0ba136f5552808270e11c7a02029e28fb3ebfcc.zip | |
Make media_confirm_delete to work for failed media entries too.
| -rw-r--r-- | mediagoblin/user_pages/views.py | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 596d4c20..e5930826 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -271,11 +271,25 @@ def media_collect(request, media): #TODO: Why does @user_may_delete_media not implicate @require_active_login? -@get_media_entry_by_id -@require_active_login -@user_may_delete_media -def media_confirm_delete(request, media): +@require_active_login +def media_confirm_delete(request): + + allowed_state = [u'processed', u'failed'] + for media_state in allowed_state: + media = request.db.MediaEntry.query.filter_by(id=request.matchdict['media_id'], state=media_state).first() + if not media: + return render_404(request) + + given_username = request.matchdict.get('user') + if given_username and (given_username != media.get_uploader.username): + return render_404(request) + + uploader_id = media.uploader + if not (request.user.is_admin or + request.user.id == uploader_id): + raise Forbidden() + form = user_forms.ConfirmDeleteForm(request.form) if request.method == 'POST' and form.validate(): |