Merge remote-tracking branch 'refs/remotes/tilly-q/OPW-Moderation-Update'

Conflicts:
	mediagoblin/templates/mediagoblin/user_pages/user.html
	mediagoblin/tests/test_auth.py
	mediagoblin/tests/test_submission.py

2 files changed, 24 insertions, 11 deletions

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 20c1f5c2..88716e1c 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -14,12 +14,14 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+
 import logging
 import wtforms
+from sqlalchemy import or_
 
 from mediagoblin import mg_globals
 from mediagoblin.tools.crypto import get_timed_signer_url
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
 from mediagoblin.tools.mail import (normalize_email, send_email,
                                     email_debug_message)
 from mediagoblin.tools.template import render_template
@@ -129,6 +131,14 @@ def register_user(request, register_form):
         # Create the user
         user = auth.create_user(register_form)
 
+        # give the user the default privileges
+        default_privileges = [
+            Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
+            Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
+            Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
+        user.all_privileges += default_privileges
+        user.save()
+
         # log the user in
         request.session['user_id'] = unicode(user.id)
         request.session.save()
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 8563195f..dc03515b 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -17,7 +17,7 @@
 from itsdangerous import BadSignature
 
 from mediagoblin import messages, mg_globals
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
 from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.decorators import auth_enabled, allow_registration
 from mediagoblin.tools.response import render_to_response, redirect, render_404
@@ -147,9 +147,12 @@ def verify_email(request):
 
     user = User.query.filter_by(id=int(token)).first()
 
-    if user and user.email_verified is False:
-        user.status = u'active'
-        user.email_verified = True
+    if user and user.has_privilege(u'active') is False:
+        user.verification_key = None
+        user.all_privileges.append(
+            Privilege.query.filter(
+            Privilege.privilege_name==u'active').first())
+
         user.save()
 
         messages.add_message(
@@ -183,7 +186,7 @@ def resend_activation(request):
 
         return redirect(request, 'mediagoblin.auth.login')
 
-    if request.user.email_verified:
+    if request.user.has_privilege(u'active'):
         messages.add_message(
             request,
             messages.ERROR,
@@ -248,7 +251,7 @@ def forgot_password(request):
         success_message=_("An email has been sent with instructions "
                           "on how to change your password.")
 
-    if user and not(user.email_verified and user.status == 'active'):
+    if user and not(user.has_privilege(u'active')):
         # Don't send reminder because user is inactive or has no verified email
         messages.add_message(request,
             messages.WARNING,
@@ -304,8 +307,8 @@ def verify_forgot_password(request):
         return redirect(
             request, 'index')
 
-    # check if user active and has email verified
-    if user.email_verified and user.status == 'active':
+    # check if user active
+    if user.has_privilege(u'active'):
 
         cp_form = auth_forms.ChangePassForm(formdata_vars)
 
@@ -325,13 +328,13 @@ def verify_forgot_password(request):
                 'mediagoblin/auth/change_fp.html',
                 {'cp_form': cp_form,})
 
-    if not user.email_verified:
+    if not user.has_privilege(u'active'):
         messages.add_message(
             request, messages.ERROR,
             _('You need to verify your email before you can reset your'
               ' password.'))
 
-    if not user.status == 'active':
+    if not user.has_privilege(u'active'):
         messages.add_message(
             request, messages.ERROR,
             _('You are no longer an active user. Please contact the system'