8 files changed, 84 insertions, 3 deletions
diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini
index bbc1f7d6..a82541b6 100644
--- a/mediagoblin/config_spec.ini
+++ b/mediagoblin/config_spec.ini
@@ -37,6 +37,11 @@ local_templates = string()
 # itself)
 celery_setup_elsewhere = boolean(default=False)
 
+# Whether or not users are able to upload files of any filetype with
+# their media entries -- This is useful if you want to provide the
+# source files for a media file but can also be a HUGE security risk.
+allow_attachments = boolean(default=False)
+
 [celery]
 # known booleans
 celery_result_persistent = boolean()
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index a1783a72..37e2349c 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -30,6 +30,10 @@ class EditForm(wtforms.Form):
     tags = wtforms.TextField(
         'Tags',
         [tag_length_validator])
+    attachment_name = wtforms.TextField(
+        'Attachment title')
+    attachment_delete = wtforms.BooleanField(
+        'Delete attachment')
 
 class EditProfileForm(wtforms.Form):
     bio = wtforms.TextAreaField('Bio',
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 5cbaadb5..09aee48b 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -34,12 +34,21 @@ def edit_media(request, media):
     if not may_edit_media(request, media):
         return exc.HTTPForbidden()
 
-    form = forms.EditForm(request.POST,
+
+    defaults = dict(
         title = media['title'],
         slug = media['slug'],
         description = media['description'],
         tags = media_tags_as_string(media['tags']))
 
+    if len(media['attachment_files']):
+        defaults['attachment_name'] = media['attachment_files'][0]['name']
+
+
+    form = forms.EditForm(
+        request.POST,
+        **defaults)
+
     if request.method == 'POST' and form.validate():
         # Make sure there isn't already a MediaEntry with such a slug
         # and userid.
@@ -60,6 +69,12 @@ def edit_media(request, media):
             media['description_html'] = cleaned_markdown_conversion(
                 media['description'])
 
+            if 'attachment_name' in request.POST:
+                media['attachment_files'][0]['name'] = request.POST['attachment_name']
+
+            if 'attachment_delete' in request.POST and 'y' == request.POST['attachment_delete']:
+                del media['attachment_files'][0]
+
             media['slug'] = request.POST['slug']
             media.save()
 
diff --git a/mediagoblin/submit/forms.py b/mediagoblin/submit/forms.py
index f02c95a6..9b35a8c3 100644
--- a/mediagoblin/submit/forms.py
+++ b/mediagoblin/submit/forms.py
@@ -28,3 +28,6 @@ class SubmitStartForm(wtforms.Form):
     tags = wtforms.TextField(
         'Tags',
         [tag_length_validator])
+    attachment = wtforms.FileField(
+        'Attachment',
+        [wtforms.validators.Optional()])
diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py
index 87e57dda..213b2494 100644
--- a/mediagoblin/submit/views.py
+++ b/mediagoblin/submit/views.py
@@ -14,6 +14,10 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+
+import mediagoblin.mg_globals as mg_globals
+from datetime import datetime
+
 from os.path import splitext
 from cgi import FieldStorage
 from string import split
@@ -72,6 +76,31 @@ def submit_start(request):
             # Generate a slug from the title
             entry.generate_slug()
 
+            # Add any attachements
+            if (mg_globals.app_config['allow_attachments']
+                and request.POST.has_key('attachment')
+                and isinstance(request.POST['attachment'], FieldStorage)
+                and request.POST['attachment'].file):
+
+                attachment_public_filepath = mg_globals.public_store.get_unique_filepath(
+                    ['media_entries',
+                     unicode('attachment-%s' % entry['_id']),
+                     secure_filename(request.POST['attachment'].filename)])
+
+                attachment_public_file = mg_globals.public_store.get_file(
+                    attachment_public_filepath, 'wb')
+
+                try:
+                    attachment_public_file.write(request.POST['attachment'].file.read())
+                finally:
+                    request.POST['attachment'].file.close()
+
+                entry['attachment_files'] = [dict(
+                        name=request.POST['attachment'].filename,
+                        filepath=attachment_public_filepath,
+                        created=datetime.utcnow()
+                        )]
+
             # Now store generate the queueing related filename
             queue_filepath = request.app.queue_store.get_unique_filepath(
                 ['media_entries',
@@ -100,4 +129,5 @@ def submit_start(request):
     return render_to_response(
         request,
         'mediagoblin/submit/start.html',
-        {'submit_form': submit_form})
+        {'submit_form': submit_form,
+         'app_config': mg_globals.app_config})
diff --git a/mediagoblin/templates/mediagoblin/edit/edit.html b/mediagoblin/templates/mediagoblin/edit/edit.html
index d19034cb..c834918e 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit.html
@@ -31,7 +31,14 @@
         <img src="{{ request.app.public_store.file_url(
                          media['media_files']['thumb']) }}" />
       </div>
-      {{ wtforms_util.render_divs(form) }}
+      {{ wtforms_util.render_field_div(form.title) }}
+      {{ wtforms_util.render_field_div(form.slug) }}
+      {{ wtforms_util.render_field_div(form.description) }}
+      {{ wtforms_util.render_field_div(form.tags) }}
+      {% if media.attachment_files %}
+        {{ wtforms_util.render_field_div(form.attachment_name) }}
+        {{ wtforms_util.render_field_div(form.attachment_delete) }}
+      {% endif %}
       <div class="form_submit_buttons">
         <a href="{{ media.url_for_self(request.urlgen) }}">Cancel</a>
         <input type="submit" value="Save changes" class="button" />
diff --git a/mediagoblin/templates/mediagoblin/submit/start.html b/mediagoblin/templates/mediagoblin/submit/start.html
index 6d00510c..42bbf724 100644
--- a/mediagoblin/templates/mediagoblin/submit/start.html
+++ b/mediagoblin/templates/mediagoblin/submit/start.html
@@ -28,6 +28,9 @@
       {{ wtforms_util.render_field_div(submit_form.title) }}
       {{ wtforms_util.render_textarea_div(submit_form.description) }}
       {{ wtforms_util.render_field_div(submit_form.tags) }}
+      {% if app_config.allow_attachments %}
+        {{ wtforms_util.render_field_div(submit_form.attachment) }}
+      {% endif %}
       <div class="form_submit_buttons">
       <input type="submit" value="Submit" class="button" />
       </div>
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index a1382518..cc4c3350 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -105,6 +105,20 @@
       {% include "mediagoblin/utils/prev_next.html" %}
       <h3>Sidebar content here!</h3>
 
+      {% if media.attachment_files %}
+      <dl>
+	<dd>Attachments</dd>
+	{% for attachment in media.attachment_files %}
+	<dt>
+	  <a href="{{ request.app.public_store.file_url(
+      attachment.filepath) }}">
+	    {{ attachment.name }}
+	  </a>
+	</dt>
+	{% endfor %}
+      </dl>
+      {% endif %}
+
       <p>
         {% if media['uploader'] == request.user['_id'] or 
                                    request.user['is_admin'] %}