diff options
| author | Sebastian Spaeth <Sebastian@SSpaeth.de> | 2013-01-07 16:18:45 +0100 |
|---|---|---|
| committer | Sebastian Spaeth <Sebastian@SSpaeth.de> | 2013-01-09 09:56:53 +0100 |
| commit | abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7 (patch) | |
| tree | 8441d5f29c21bdf880b46727680c91c5f2183aa1 /mediagoblin/edit/views.py | |
| parent | 6de8b42e4ed1f1cd663501d5f61032ba41ed0285 (diff) | |
| download | mediagoblin-abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7.tar.lz mediagoblin-abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7.tar.xz mediagoblin-abc4da2927be02fb21d2f2bd1effea7b5ee6b9c7.zip | |
Enable /u/USERNAME/edit/ pattern #588
Transition from the inconsistent /edit/profile/?username=FOO to
the nicer /u/FOO/edit/. The old pattern will still work and
redirects to the new URL.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Diffstat (limited to 'mediagoblin/edit/views.py')
| -rw-r--r-- | mediagoblin/edit/views.py | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 9de034bb..2f669c66 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -26,8 +26,8 @@ from mediagoblin import mg_globals from mediagoblin.auth import lib as auth_lib from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media -from mediagoblin.decorators import require_active_login, get_user_media_entry, \ - user_may_alter_collection, get_user_collection +from mediagoblin.decorators import (require_active_login, active_user_from_url, + get_user_media_entry, user_may_alter_collection, get_user_collection) from mediagoblin.tools.response import render_to_response, redirect from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.text import ( @@ -167,20 +167,28 @@ def edit_attachments(request, media): else: raise Forbidden("Attachments are disabled") +@require_active_login +def legacy_edit_profile(request): + """redirect the old /edit/profile/?username=USER to /u/USER/edit/""" + username = request.GET.get('username') or request.user.username + return redirect(request, 'mediagoblin.edit.profile', user=username) + @require_active_login -def edit_profile(request): - # admins may edit any user profile given a username in the querystring - edit_username = request.GET.get('username') - if request.user.is_admin and request.user.username != edit_username: - user = request.db.User.find_one({'username': edit_username}) +@active_user_from_url +def edit_profile(request, url_user=None): + # admins may edit any user profile + if request.user.username != url_user.username: + if not request.user.is_admin: + raise Forbidden(_("You can only edit your own profile.")) + # No need to warn again if admin just submitted an edited profile if request.method != 'POST': messages.add_message( request, messages.WARNING, _("You are editing a user's profile. Proceed with caution.")) - else: - user = request.user + + user = url_user form = forms.EditProfileForm(request.form, url=user.get('url'), |