diff options
| author | tilly-Q <nattilypigeonfowl@gmail.com> | 2013-07-03 14:46:21 -0400 |
|---|---|---|
| committer | tilly-Q <nattilypigeonfowl@gmail.com> | 2013-07-03 14:46:21 -0400 |
| commit | 3fb96fc97800ae032e599006e3f49ffd69926c88 (patch) | |
| tree | 93c19ff89864f065cb8fea5a313d76a1f8c09c0b /mediagoblin/decorators.py | |
| parent | 9b8ef022ef874304fb3d5aead612ec3b8fb23e9a (diff) | |
| download | mediagoblin-3fb96fc97800ae032e599006e3f49ffd69926c88.tar.lz mediagoblin-3fb96fc97800ae032e599006e3f49ffd69926c88.tar.xz mediagoblin-3fb96fc97800ae032e599006e3f49ffd69926c88.zip | |
This was a simple commit. I changed all references to Groups into Privileges so
as to not conflict with the new federated groups which are also being written.
I also fixed up some of the code in the user_in_group/user_has_privilege decor-
ator. Users are now assigned the default privileges when they sign up, and ass-
iged active once they are activated. I updated the gmg command makeadmin to use
my groups as well. Lastly, I added the decorator to various views, requiring th-
at users belong to appropriate groups to access pages.
--\ mediagoblin/auth/tools.py
--| Added code to assign new users to default privileges
--\ mediagoblin/auth/views.py
--| Added code to assign users to u'active' privilege once the email
| verification is complete
--\ mediagoblin/db/migrations.py
--| Renamed Group class to Privilege class
--\ mediagoblin/db/models.py
--| Renamed Group class to Privilege class
--\ mediagoblin/decorators.py
--| Renamed function based on the Group->Privilege change
--| Rewrote the function to be, ya know, functional
--\ mediagoblin/gmg_commands/users.py
--| Changed the 'makeadmin' command to add the target user to the admin
| privilege group as well as affecting 'is_admin' column
--\ mediagoblin/submit/views.py
--| Added the requirement that a user has the 'uploader' privilege in order
| to submit new media.
--\ mediagoblin/user_pages/views.py
--| Added the requirement that a user has the 'commenter' privilege in order
| to make a comment.
--| Added the requirement that a user has the 'reporter' privilege in order
| to submit new reports.
--| Got rid of some vestigial code in the file_a_report function.
Diffstat (limited to 'mediagoblin/decorators.py')
| -rw-r--r-- | mediagoblin/decorators.py | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index d54bf050..206957fa 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -21,7 +21,7 @@ from werkzeug.exceptions import Forbidden, NotFound from werkzeug.urls import url_quote from mediagoblin import mg_globals as mgg -from mediagoblin.db.models import MediaEntry, User, MediaComment, Group +from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege from mediagoblin.tools.response import redirect, render_404 @@ -63,25 +63,23 @@ def active_user_from_url(controller): return wrapper -def user_in_group(group_name): +def user_has_privilege(privilege_name): #TODO handle possible errors correctly - def user_in_group_decorator(controller): + def user_has_privilege_decorator(controller): @wraps(controller) - def wrapper(request, *args, **kwargs): user_id = request.user.id - group = Group.query.filter( - Group.group_name==group_name).first() - if not (group.query.filter( - Group.all_users.any( - User.id==user_id)).count()): - + privileges_of_user = Privilege.query.filter( + Privilege.all_users.any( + User.id==user_id)) + if not privileges_of_user.filter( + Privilege.privilege_name==privilege_name).count(): raise Forbidden() return controller(request, *args, **kwargs) return wrapper - return user_in_group_decorator + return user_has_privilege_decorator def user_may_delete_media(controller): |