8 files changed, 59 insertions, 44 deletions

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index db6b6e37..39b349de 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -22,7 +22,7 @@ from sqlalchemy import or_
 
 from mediagoblin import mg_globals
 from mediagoblin.auth import lib as auth_lib
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
 from mediagoblin.tools.mail import (normalize_email, send_email,
                                     email_debug_message)
 from mediagoblin.tools.template import render_template
@@ -130,6 +130,14 @@ def register_user(request, register_form):
         user.verification_key = unicode(uuid.uuid4())
         user.save()
 
+        # give the user the default privileges
+        default_privileges = [ 
+            Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
+            Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
+            Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
+        user.all_privileges += default_privileges
+        user.save()
+        
         # log the user in
         request.session['user_id'] = unicode(user.id)
         request.session.save()
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index bb7bda77..1c346556 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -18,7 +18,7 @@ import uuid
 import datetime
 
 from mediagoblin import messages, mg_globals
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
 from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.mail import email_debug_message
@@ -124,6 +124,9 @@ def verify_email(request):
         user.status = u'active'
         user.email_verified = True
         user.verification_key = None
+        user.all_privileges.append(
+            Privilege.query.filter(
+            Privilege.privilege_name==u'active').first())
 
         user.save()
 
diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py
index 5e9a71d4..053f3db2 100644
--- a/mediagoblin/db/migrations.py
+++ b/mediagoblin/db/migrations.py
@@ -26,7 +26,7 @@ from sqlalchemy.sql import and_
 from migrate.changeset.constraint import UniqueConstraint
 
 from mediagoblin.db.migration_tools import RegisterMigration, inspect_table
-from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Group
+from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Privilege
 
 MIGRATIONS = {}
 
@@ -329,23 +329,23 @@ class UserBan_v0(declarative_base()):
     expiration_date = Column(DateTime)
     reason = Column(UnicodeText, nullable=False)
 
-class Group_v0(declarative_base()):
-    __tablename__ = 'core__groups'
+class Privilege_v0(declarative_base()):
+    __tablename__ = 'core__privileges'
     id = Column(Integer, nullable=False, primary_key=True, unique=True)
-    group_name = Column(Unicode, nullable=False)
+    privilege_name = Column(Unicode, nullable=False)
 
-class GroupUserAssociation_v0(declarative_base()):
-    __tablename__ = 'core__group_user_associations'
+class PrivilegeUserAssociation_v0(declarative_base()):
+    __tablename__ = 'core__privileges_users'
 
     group_id = Column(
-        'core__group_id', 
+        'core__privilege_id', 
         Integer, 
         ForeignKey(User.id), 
         primary_key=True)
     user_id = Column(
         'core__user_id', 
         Integer, 
-        ForeignKey(Group.id), 
+        ForeignKey(Privilege.id), 
         primary_key=True)
 
 @RegisterMigration(11, MIGRATIONS)
@@ -354,8 +354,8 @@ def create_moderation_tables(db):
     CommentReport_v0.__table__.create(db.bind)
     MediaReport_v0.__table__.create(db.bind)
     UserBan_v0.__table__.create(db.bind)
-    Group_v0.__table__.create(db.bind)
-    GroupUserAssociation_v0.__table__.create(db.bind)
+    Privilege_v0.__table__.create(db.bind)
+    PrivilegeUserAssociation_v0.__table__.create(db.bind)
     db.commit()
 
 
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py
index 28e01a85..e0419c92 100644
--- a/mediagoblin/db/models.py
+++ b/mediagoblin/db/models.py
@@ -559,50 +559,50 @@ class UserBan(Base):
     reason = Column(UnicodeText, nullable=False)
 
 
-class Group(Base):
-    __tablename__ = 'core__groups'
+class Privilege(Base):
+    __tablename__ = 'core__privileges'
 
     id = Column(Integer, nullable=False, primary_key=True)
-    group_name = Column(Unicode, nullable=False, unique=True)
+    privilege_name = Column(Unicode, nullable=False, unique=True)
     all_users = relationship(
         User, 
-        backref='all_groups', 
-        secondary="core__group_user_associations")
+        backref='all_privileges', 
+        secondary="core__privileges_users")
 
-    def __init__(self, group_name):
-        self.group_name = group_name
+    def __init__(self, privilege_name):
+        self.privilege_name = privilege_name
 
     def __repr__(self):
-        return "<Group %s>" % (self.group_name)
+        return "<Privilege %s>" % (self.privilege_name)
 
-class GroupUserAssociation(Base):
-    __tablename__ = 'core__group_user_associations'
+class PrivilegeUserAssociation(Base):
+    __tablename__ = 'core__privileges_users'
 
-    group_id = Column(
-        'core__group_id', 
+    privilege_id = Column(
+        'core__privilege_id', 
         Integer, 
         ForeignKey(User.id), 
         primary_key=True)
     user_id = Column(
         'core__user_id', 
         Integer, 
-        ForeignKey(Group.id), 
+        ForeignKey(Privilege.id), 
         primary_key=True)
 
 
-group_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
+privilege_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
 
 MODELS = [
     User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem, 
     MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase,
-    CommentReport, MediaReport, UserBan, Group, GroupUserAssociation]
+    CommentReport, MediaReport, UserBan, Privilege, PrivilegeUserAssociation]
 
 # Foundations are the default rows that are created immediately after the tables are initialized. Each entry to
 #   this dictionary should be in the format of 
 #                                               ModelObject:List of Rows
 #                                         (Each Row must be a list of parameters that can create and instance of the ModelObject)
 #   
-FOUNDATIONS = {Group:group_foundations}
+FOUNDATIONS = {Privilege:privilege_foundations}
 
 ######################################################
 # Special, migrations-tracking table
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index d54bf050..206957fa 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -21,7 +21,7 @@ from werkzeug.exceptions import Forbidden, NotFound
 from werkzeug.urls import url_quote
 
 from mediagoblin import mg_globals as mgg
-from mediagoblin.db.models import MediaEntry, User, MediaComment, Group
+from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege
 from mediagoblin.tools.response import redirect, render_404
 
 
@@ -63,25 +63,23 @@ def active_user_from_url(controller):
 
     return wrapper
 
-def user_in_group(group_name):
+def user_has_privilege(privilege_name):
 #TODO handle possible errors correctly
-    def user_in_group_decorator(controller):
+    def user_has_privilege_decorator(controller):
         @wraps(controller)
-
         def wrapper(request, *args, **kwargs):
             user_id = request.user.id
-            group = Group.query.filter(
-                Group.group_name==group_name).first()
-            if not (group.query.filter(
-                Group.all_users.any(
-                    User.id==user_id)).count()):
-
+            privileges_of_user = Privilege.query.filter(
+                Privilege.all_users.any(
+                User.id==user_id))
+            if not privileges_of_user.filter(
+                Privilege.privilege_name==privilege_name).count():
                 raise Forbidden()
 
             return controller(request, *args, **kwargs)
 
         return wrapper
-    return user_in_group_decorator
+    return user_has_privilege_decorator
 
 
 def user_may_delete_media(controller):
diff --git a/mediagoblin/gmg_commands/users.py b/mediagoblin/gmg_commands/users.py
index 024c8498..ccc4da73 100644
--- a/mediagoblin/gmg_commands/users.py
+++ b/mediagoblin/gmg_commands/users.py
@@ -74,6 +74,10 @@ def makeadmin(args):
     user = db.User.one({'username': unicode(args.username.lower())})
     if user:
         user.is_admin = True
+        user.all_privileges.append(
+            db.Privilege.one({
+                'privilege_name':u'admin'})
+            )
         user.save()
         print 'The user is now Admin'
     else:
diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py
index a70c89b4..11707a03 100644
--- a/mediagoblin/submit/views.py
+++ b/mediagoblin/submit/views.py
@@ -26,7 +26,7 @@ _log = logging.getLogger(__name__)
 from mediagoblin.tools.text import convert_to_tag_list_of_dicts
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.response import render_to_response, redirect
-from mediagoblin.decorators import require_active_login
+from mediagoblin.decorators import require_active_login, user_has_privilege
 from mediagoblin.submit import forms as submit_forms
 from mediagoblin.messages import add_message, SUCCESS
 from mediagoblin.media_types import sniff_media, \
@@ -36,6 +36,7 @@ from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
 
 
 @require_active_login
+@user_has_privilege(u'uploader')
 def submit_start(request):
     """
     First view for submitting a file.
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index a0eb67db..abf5e5c1 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -20,7 +20,7 @@ import datetime
 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
                                    CollectionItem, User, MediaComment,
-                                   CommentReport, MediaReport, Group)
+                                   CommentReport, MediaReport)
 from mediagoblin.tools.response import render_to_response, render_404, \
     redirect, redirect_obj
 from mediagoblin.tools.translate import pass_to_ugettext as _
@@ -30,7 +30,7 @@ from mediagoblin.user_pages.lib import (send_comment_email, build_report_form,
     add_media_to_collection)
 
 from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
-    get_media_entry_by_id, user_in_group,
+    get_media_entry_by_id, user_has_privilege,
     require_active_login, user_may_delete_media, user_may_alter_collection,
     get_user_collection, get_user_collection_item, active_user_from_url,
     get_media_comment_by_id)
@@ -152,6 +152,7 @@ def media_home(request, media, page, **kwargs):
 
 @get_media_entry_by_id
 @require_active_login
+@user_has_privilege(u'commenter')
 def media_post_comment(request, media):
     """
     recieves POST from a MediaEntry() comment form, saves the comment.
@@ -621,8 +622,8 @@ def processing_panel(request):
 
 @require_active_login
 @get_user_media_entry
-@user_in_group(u'reporter')
-def file_a_report(request, media, comment=None, required_group=1):
+@user_has_privilege(u'reporter')
+def file_a_report(request, media, comment=None):
     if request.method == "POST":
         report_form = build_report_form(request.form)
         report_form.save()