Start to use the media_id in "admin" URLs.

We have a bunch of URLs that are more for internal use. At
least they're definitely not intended to be posted
somewhere for long term useage.

When those things affect a media, it's much better to
reference the media by its id. This can't change, ever.
This is better for races.
Like someone posting a comment while the owner
corrects a typo in the slug.

1 files changed, 3 insertions, 2 deletions

diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index f115c3b8..a3327a9e 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -28,6 +28,7 @@ from mediagoblin.user_pages import forms as user_forms
 from mediagoblin.user_pages.lib import send_comment_email
 
 from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
+    get_media_entry_by_id,
     require_active_login, user_may_delete_media, user_may_alter_collection,
     get_user_collection, get_user_collection_item, active_user_from_url)
 
@@ -138,7 +139,7 @@ def media_home(request, media, page, **kwargs):
          'app_config': mg_globals.app_config})
 
 
-@get_user_media_entry
+@get_media_entry_by_id
 @require_active_login
 def media_post_comment(request, media):
     """
@@ -258,7 +259,7 @@ def media_collect(request, media):
 
 
 #TODO: Why does @user_may_delete_media not implicate @require_active_login?
-@get_user_media_entry
+@get_media_entry_by_id
 @require_active_login
 @user_may_delete_media
 def media_confirm_delete(request, media):