Whew. This is a big update. I did some significant keeping work. I moved all of

the folders and enpoints labeled 'admin' to the more accurate term of 'moderat- ion.' I also created the ability for admins and moderators to add or remove pr- ivileges or to ban a user in response to a report. This also meant implementing the UserBan class in various places. I also had to add a column called result to the ReportBase table. This allows the moderator/admin to leave comments when they respond to a report, allowing for archiving of what responses they do/n't take. --\ mediagoblin/db/migrations.py --| Added result column to ReportBase --\ mediagoblin/db/models.py --| Added result column to ReportBase --| Added documentation to tables I had made previously --\ mediagoblin/decorators.py --| Editted the user_has_privilege decorator to check whether a user has been | banned or not --| Created a seperate user_not_banned decorator to prevent banned users from | accessing any pages --| Changed require_admin_login into require_admin_or_moderator login --\ mediagoblin/gmg_commands/users.py --| Made the gmg command `adduser` create a user w/ the appropriate privileges --\ mediagoblin/moderation/routing.py << formerly mediagoblin/admin/routing.py --| Renamed all of the routes from admin -> moderation --\ mediagoblin/routing.py --| Renamed all of the routes from admin -> moderation --\ mediagoblin/moderation/views.py << formerly mediagoblin/admin/views.py --| Renamed all of the routes & functions from admin -> moderation --| Expanded greatly on the moderation_reports_detail view and functionality --| Added in the give_or_take_away_privilege form, however this might be a use- | -less function which I could remove (because privilege changes should happe- | n in response to a report so they can be archived and visible) --\ mediagoblin/static/css/base.css --| Added in a style for the reports_detail page --\ mediagoblin/templates/mediagoblin/base.html --| Renamed all of the routes from admin -> moderation --\ mediagoblin/templates/mediagoblin/moderation/report.html --| Added form to allow moderators and admins to respond to reports. --\ mediagoblin/templates/mediagoblin/moderation/reports_panel.html --| Fixed the table for closed reports --\ mediagoblin/templates/mediagoblin/moderation/user.html --| Added in a table w/ all of the user's privileges and the option to add or | remove them. Again, this is probably vestigial --| Renamed all of the routes from admin -> moderation --\ mediagoblin/templates/mediagoblin/moderation/user_panel.html --| Renamed all of the routes from admin -> moderation --\ mediagoblin/tools/response.py --| Added function render_user_banned, this is the view function for the redir- | -ect that happens when a user tries to access the site whilst banned --\ mediagoblin/user_pages/forms.py --| Added important translate function where I had text --\ mediagoblin/user_pages/lib.py --| Renamed functiion for clarity --\ mediagoblin/user_pages/views.py --| Added the user_not_banned decorator to every view --\ mediagoblin/views.py --| Added the user_not_banned decorator --\ mediagoblin/moderation/forms.py --| Created this new file --\ mediagoblin/templates/mediagoblin/banned.html --| Created this new file --| This is the page which people are redirected to when they access the site | while banned
author: tilly-Q <nattilypigeonfowl@gmail.com> 2013-07-17 16:16:07 -0400
committer: tilly-Q <nattilypigeonfowl@gmail.com> 2013-07-17 16:16:07 -0400
commit: 6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7 (patch)
tree: e72b59ff0f0b749739c3b38c84699fd43464343d /mediagoblin/decorators.py
parent: 650a0aa90dacd97286a081b0b7c11abb04ba8767 (diff)
download: mediagoblin-6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7.tar.lz
mediagoblin-6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7.tar.xz
mediagoblin-6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7.zip
1 files changed, 29 insertions, 6 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index fefbccef..b39b36f5 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -21,8 +21,9 @@ from werkzeug.exceptions import Forbidden, NotFound
 from werkzeug.urls import url_quote
 
 from mediagoblin import mg_globals as mgg
-from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege
-from mediagoblin.tools.response import redirect, render_404
+from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege, \
+                            UserBan
+from mediagoblin.tools.response import redirect, render_404, render_user_banned
 
 
 def require_active_login(controller):
@@ -64,6 +65,7 @@ def active_user_from_url(controller):
     return wrapper
 
 def user_has_privilege(privilege_name):
+
     def user_has_privilege_decorator(controller):
         @wraps(controller)
         def wrapper(request, *args, **kwargs):
@@ -71,7 +73,9 @@ def user_has_privilege(privilege_name):
             privileges_of_user = Privilege.query.filter(
                 Privilege.all_users.any(
                 User.id==user_id))
-            if not privileges_of_user.filter(
+            if UserBan.query.filter(UserBan.user_id==user_id).count():
+                return render_user_banned(request)
+            elif not privileges_of_user.filter(
                 Privilege.privilege_name==privilege_name).count():
                 raise Forbidden()
 
@@ -271,14 +275,18 @@ def get_workbench(func):
 
     return new_func
 
-def require_admin_login(controller):
+def require_admin_or_moderator_login(controller):
     """
-    Require an login from an administrator.
+    Require an login from an administrator or a moderator.
     """
     @wraps(controller)
     def new_controller_func(request, *args, **kwargs):
+        admin_privilege = Privilege.one({'privilege_name':u'admin'})
+        moderator_privilege = Privilege.one({'privilege_name':u'moderator'})
         if request.user and \
-                not request.user.is_admin:
+            not admin_privilege in request.user.all_privileges and \
+                 not moderator_privilege in request.user.all_privileges:
+
             raise Forbidden()
         elif not request.user:
             next_url = urljoin(
@@ -293,3 +301,18 @@ def require_admin_login(controller):
 
     return new_controller_func
 
+def user_not_banned(controller):
+    """
+    Requires that the user has not been banned. Otherwise redirects to the page
+    explaining why they have been banned
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        if request.user:
+            user_banned = UserBan.query.get(request.user.id)
+            if user_banned:
+                return render_user_banned(request)
+        return controller(request, *args, **kwargs)
+
+    return wrapper
+
author	tilly-Q <nattilypigeonfowl@gmail.com>	2013-07-17 16:16:07 -0400
committer	tilly-Q <nattilypigeonfowl@gmail.com>	2013-07-17 16:16:07 -0400
commit	6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7 (patch)
tree	e72b59ff0f0b749739c3b38c84699fd43464343d /mediagoblin/decorators.py
parent	650a0aa90dacd97286a081b0b7c11abb04ba8767 (diff)
download	mediagoblin-6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7.tar.lz mediagoblin-6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7.tar.xz mediagoblin-6bba33d7e6fbb0cedc39f9a11f816fe5bd372ae7.zip