aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mediagoblin/decorators.py26
-rw-r--r--mediagoblin/routing.py1
-rw-r--r--mediagoblin/storage.py3
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/media.html2
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html48
-rw-r--r--mediagoblin/tests/test_submission.py4
-rw-r--r--mediagoblin/user_pages/forms.py7
-rw-r--r--mediagoblin/user_pages/routing.py4
-rw-r--r--mediagoblin/user_pages/views.py34
-rw-r--r--mediagoblin/util.py15
10 files changed, 135 insertions, 9 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index c66049ca..c3d64327 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -51,6 +51,31 @@ def require_active_login(controller):
return _make_safe(new_controller_func, controller)
+def user_may_delete_media(controller):
+ """
+ Require user ownership of the MediaEntry
+
+ Originally:
+def may_delete_media(request, media):
+ \"\"\"
+ Check, if the request's user may edit the media details
+ \"\"\"
+ if media['uploader'] == request.user['_id']:
+ return True
+ if request.user['is_admin']:
+ return True
+ return False
+ """
+ def wrapper(request, *args, **kwargs):
+ if not request.user['_id'] == request.db.MediaEntry.find_one(
+ {'_id': ObjectId(
+ request.matchdict['media'])}).uploader()['_id']:
+ return exc.HTTPForbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
def uses_pagination(controller):
"""
@@ -122,3 +147,4 @@ def get_media_entry_by_id(controller):
return controller(request, media=media, *args, **kwargs)
return _make_safe(wrapper, controller)
+
diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py
index 125f7270..f78658c5 100644
--- a/mediagoblin/routing.py
+++ b/mediagoblin/routing.py
@@ -37,6 +37,5 @@ def get_mapper():
mapping.extend(user_routes, '/u')
mapping.extend(edit_routes, '/edit')
mapping.extend(tag_routes, '/tag')
- mapping.extend(confirm_routes, '/confirm')
return mapping
diff --git a/mediagoblin/storage.py b/mediagoblin/storage.py
index 7ada95e1..82b7a5ff 100644
--- a/mediagoblin/storage.py
+++ b/mediagoblin/storage.py
@@ -281,7 +281,8 @@ class CloudFilesStorage(StorageInterface):
def delete_file(self, filepath):
# TODO: Also delete unused directories if empty (safely, with
# checks to avoid race conditions).
- self.container.delete_object(filepath)
+ self.container.delete_object(
+ self._resolve_filepath(filepath))
def file_url(self, filepath):
return '/'.join([
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index fe953e77..171ea21d 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -128,7 +128,7 @@
class="media_icon" />edit</a>
</p>
<p>
- <a href="{{ request.urlgen('mediagoblin.confirm.confirm_delete',
+ <a href="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
user= media.uploader().username,
media= media._id) }}"
><img src="{{ request.staticdirect('/images/icon_delete.png') }}"
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
new file mode 100644
index 00000000..87a3ad81
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
@@ -0,0 +1,48 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 Free Software Foundation, Inc
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block mediagoblin_content %}
+
+ <form action="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
+ user=media.uploader().username,
+ media=media._id) }}"
+ method="POST" enctype="multipart/form-data">
+ <div class="grid_8 prefix_1 suffix_1 edit_box form_box">
+ <h1>
+ {%- trans title=media['title'] -%}
+ Really delete {{ title }}?
+ {%- endtrans %}
+ </h1>
+ <p>
+ <em>
+ {%- trans -%}
+ If you choose yes, the media entry will be deleted <strong>permanently.</strong>
+ {%- endtrans %}
+ </em>
+ </p>
+
+ {{ wtforms_util.render_divs(form) }}
+ <div class="form_submit_buttons">
+ <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+ </div>
+ </div>
+ </form>
+{% endblock %}
diff --git a/mediagoblin/tests/test_submission.py b/mediagoblin/tests/test_submission.py
index b2599d22..43a81f02 100644
--- a/mediagoblin/tests/test_submission.py
+++ b/mediagoblin/tests/test_submission.py
@@ -174,7 +174,7 @@ class TestSubmission:
# Do not confirm deletion
# ---------------------------------------------------
response = self.test_app.post(
- request.urlgen('mediagoblin.confirm.confirm_delete',
+ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
# No work: user=media.uploader().username,
user=self.test_user['username'],
media=media['_id']),
@@ -193,7 +193,7 @@ class TestSubmission:
# Confirm deletion
# ---------------------------------------------------
response = self.test_app.post(
- request.urlgen('mediagoblin.confirm.confirm_delete',
+ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
# No work: user=media.uploader().username,
user=self.test_user['username'],
media=media['_id']),
diff --git a/mediagoblin/user_pages/forms.py b/mediagoblin/user_pages/forms.py
index 25001019..4a79bedd 100644
--- a/mediagoblin/user_pages/forms.py
+++ b/mediagoblin/user_pages/forms.py
@@ -23,3 +23,10 @@ class MediaCommentForm(wtforms.Form):
comment_content = wtforms.TextAreaField(
_('Comment'),
[wtforms.validators.Required()])
+
+
+class ConfirmDeleteForm(wtforms.Form):
+ confirm = wtforms.RadioField('Confirm',
+ default='False',
+ choices=[('False', 'No, I made a mistake!'),
+ ('True', 'Yes, delete it!')])
diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py
index 2c83593f..ffa6f969 100644
--- a/mediagoblin/user_pages/routing.py
+++ b/mediagoblin/user_pages/routing.py
@@ -32,9 +32,9 @@ user_routes = [
Route('mediagoblin.edit.attachments',
'/{user}/m/{media}/attachments/',
controller="mediagoblin.edit.views:edit_attachments"),
- Route('mediagoblin.confirm.confirm_delete',
+ Route('mediagoblin.user_pages.media_confirm_delete',
"/{user}/m/{media}/confirm-delete/",
- controller="mediagoblin.confirm.views:confirm_delete"),
+ controller="mediagoblin.user_pages.views:media_confirm_delete"),
Route('mediagoblin.user_pages.atom_feed', '/{user}/atom/',
controller="mediagoblin.user_pages.views:atom_feed"),
Route('mediagoblin.user_pages.media_post_comment',
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 080d98d7..2163acf7 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -20,11 +20,11 @@ from mediagoblin import messages, mg_globals
from mediagoblin.db.util import DESCENDING, ObjectId
from mediagoblin.util import (
Pagination, render_to_response, redirect, cleaned_markdown_conversion,
- render_404)
+ render_404, delete_media_files)
from mediagoblin.user_pages import forms as user_forms
from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
- require_active_login)
+ require_active_login, user_may_delete_media)
from werkzeug.contrib.atom import AtomFeed
@@ -145,6 +145,36 @@ def media_post_comment(request):
user = request.matchdict['user'])
+@get_user_media_entry
+@require_active_login
+@user_may_delete_media
+def media_confirm_delete(request, media):
+
+ form = user_forms.ConfirmDeleteForm(request.POST)
+
+ if request.method == 'POST' and form.validate():
+ if request.POST.get('confirm') == 'True':
+ username = media.uploader()['username']
+
+ # Delete all files on the public storage
+ delete_media_files(media)
+
+ media.delete()
+
+ return redirect(request, "mediagoblin.user_pages.user_home",
+ user=username)
+ else:
+ return redirect(request, "mediagoblin.user_pages.media_home",
+ user=media.uploader()['username'],
+ media=media['slug'])
+
+ return render_to_response(
+ request,
+ 'mediagoblin/user_pages/media_confirm_delete.html',
+ {'media': media,
+ 'form': form})
+
+
ATOM_DEFAULT_NR_OF_UPDATED_ITEMS = 15
def atom_feed(request):
diff --git a/mediagoblin/util.py b/mediagoblin/util.py
index ba4ac01e..27c81f3a 100644
--- a/mediagoblin/util.py
+++ b/mediagoblin/util.py
@@ -681,3 +681,18 @@ def render_404(request):
"""
return render_to_response(
request, 'mediagoblin/404.html', {}, status=400)
+
+def delete_media_files(media):
+ """
+ Delete all files associated with a MediaEntry
+
+ Arguments:
+ - media: A MediaEntry document
+ """
+ for handle, listpath in media['media_files'].items():
+ mg_globals.public_store.delete_file(
+ listpath)
+
+ for attachment in media['attachment_files']:
+ mg_globals.public_store.delete_file(
+ attachment['filepath'])