diff options
-rw-r--r-- | mediagoblin/decorators.py | 26 | ||||
-rw-r--r-- | mediagoblin/routing.py | 1 | ||||
-rw-r--r-- | mediagoblin/storage.py | 3 | ||||
-rw-r--r-- | mediagoblin/templates/mediagoblin/user_pages/media.html | 2 | ||||
-rw-r--r-- | mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html | 48 | ||||
-rw-r--r-- | mediagoblin/tests/test_submission.py | 4 | ||||
-rw-r--r-- | mediagoblin/user_pages/forms.py | 7 | ||||
-rw-r--r-- | mediagoblin/user_pages/routing.py | 4 | ||||
-rw-r--r-- | mediagoblin/user_pages/views.py | 34 | ||||
-rw-r--r-- | mediagoblin/util.py | 15 |
10 files changed, 135 insertions, 9 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index c66049ca..c3d64327 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -51,6 +51,31 @@ def require_active_login(controller): return _make_safe(new_controller_func, controller) +def user_may_delete_media(controller): + """ + Require user ownership of the MediaEntry + + Originally: +def may_delete_media(request, media): + \"\"\" + Check, if the request's user may edit the media details + \"\"\" + if media['uploader'] == request.user['_id']: + return True + if request.user['is_admin']: + return True + return False + """ + def wrapper(request, *args, **kwargs): + if not request.user['_id'] == request.db.MediaEntry.find_one( + {'_id': ObjectId( + request.matchdict['media'])}).uploader()['_id']: + return exc.HTTPForbidden() + + return controller(request, *args, **kwargs) + + return _make_safe(wrapper, controller) + def uses_pagination(controller): """ @@ -122,3 +147,4 @@ def get_media_entry_by_id(controller): return controller(request, media=media, *args, **kwargs) return _make_safe(wrapper, controller) + diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py index 125f7270..f78658c5 100644 --- a/mediagoblin/routing.py +++ b/mediagoblin/routing.py @@ -37,6 +37,5 @@ def get_mapper(): mapping.extend(user_routes, '/u') mapping.extend(edit_routes, '/edit') mapping.extend(tag_routes, '/tag') - mapping.extend(confirm_routes, '/confirm') return mapping diff --git a/mediagoblin/storage.py b/mediagoblin/storage.py index 7ada95e1..82b7a5ff 100644 --- a/mediagoblin/storage.py +++ b/mediagoblin/storage.py @@ -281,7 +281,8 @@ class CloudFilesStorage(StorageInterface): def delete_file(self, filepath): # TODO: Also delete unused directories if empty (safely, with # checks to avoid race conditions). - self.container.delete_object(filepath) + self.container.delete_object( + self._resolve_filepath(filepath)) def file_url(self, filepath): return '/'.join([ diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html index fe953e77..171ea21d 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/media.html +++ b/mediagoblin/templates/mediagoblin/user_pages/media.html @@ -128,7 +128,7 @@ class="media_icon" />edit</a> </p> <p> - <a href="{{ request.urlgen('mediagoblin.confirm.confirm_delete', + <a href="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete', user= media.uploader().username, media= media._id) }}" ><img src="{{ request.staticdirect('/images/icon_delete.png') }}" diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html new file mode 100644 index 00000000..87a3ad81 --- /dev/null +++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html @@ -0,0 +1,48 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011 Free Software Foundation, Inc +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +#} +{% extends "mediagoblin/base.html" %} + +{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %} + +{% block mediagoblin_content %} + + <form action="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete', + user=media.uploader().username, + media=media._id) }}" + method="POST" enctype="multipart/form-data"> + <div class="grid_8 prefix_1 suffix_1 edit_box form_box"> + <h1> + {%- trans title=media['title'] -%} + Really delete {{ title }}? + {%- endtrans %} + </h1> + <p> + <em> + {%- trans -%} + If you choose yes, the media entry will be deleted <strong>permanently.</strong> + {%- endtrans %} + </em> + </p> + + {{ wtforms_util.render_divs(form) }} + <div class="form_submit_buttons"> + <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" /> + </div> + </div> + </form> +{% endblock %} diff --git a/mediagoblin/tests/test_submission.py b/mediagoblin/tests/test_submission.py index b2599d22..43a81f02 100644 --- a/mediagoblin/tests/test_submission.py +++ b/mediagoblin/tests/test_submission.py @@ -174,7 +174,7 @@ class TestSubmission: # Do not confirm deletion # --------------------------------------------------- response = self.test_app.post( - request.urlgen('mediagoblin.confirm.confirm_delete', + request.urlgen('mediagoblin.user_pages.media_confirm_delete', # No work: user=media.uploader().username, user=self.test_user['username'], media=media['_id']), @@ -193,7 +193,7 @@ class TestSubmission: # Confirm deletion # --------------------------------------------------- response = self.test_app.post( - request.urlgen('mediagoblin.confirm.confirm_delete', + request.urlgen('mediagoblin.user_pages.media_confirm_delete', # No work: user=media.uploader().username, user=self.test_user['username'], media=media['_id']), diff --git a/mediagoblin/user_pages/forms.py b/mediagoblin/user_pages/forms.py index 25001019..4a79bedd 100644 --- a/mediagoblin/user_pages/forms.py +++ b/mediagoblin/user_pages/forms.py @@ -23,3 +23,10 @@ class MediaCommentForm(wtforms.Form): comment_content = wtforms.TextAreaField( _('Comment'), [wtforms.validators.Required()]) + + +class ConfirmDeleteForm(wtforms.Form): + confirm = wtforms.RadioField('Confirm', + default='False', + choices=[('False', 'No, I made a mistake!'), + ('True', 'Yes, delete it!')]) diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py index 2c83593f..ffa6f969 100644 --- a/mediagoblin/user_pages/routing.py +++ b/mediagoblin/user_pages/routing.py @@ -32,9 +32,9 @@ user_routes = [ Route('mediagoblin.edit.attachments', '/{user}/m/{media}/attachments/', controller="mediagoblin.edit.views:edit_attachments"), - Route('mediagoblin.confirm.confirm_delete', + Route('mediagoblin.user_pages.media_confirm_delete', "/{user}/m/{media}/confirm-delete/", - controller="mediagoblin.confirm.views:confirm_delete"), + controller="mediagoblin.user_pages.views:media_confirm_delete"), Route('mediagoblin.user_pages.atom_feed', '/{user}/atom/', controller="mediagoblin.user_pages.views:atom_feed"), Route('mediagoblin.user_pages.media_post_comment', diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 080d98d7..2163acf7 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -20,11 +20,11 @@ from mediagoblin import messages, mg_globals from mediagoblin.db.util import DESCENDING, ObjectId from mediagoblin.util import ( Pagination, render_to_response, redirect, cleaned_markdown_conversion, - render_404) + render_404, delete_media_files) from mediagoblin.user_pages import forms as user_forms from mediagoblin.decorators import (uses_pagination, get_user_media_entry, - require_active_login) + require_active_login, user_may_delete_media) from werkzeug.contrib.atom import AtomFeed @@ -145,6 +145,36 @@ def media_post_comment(request): user = request.matchdict['user']) +@get_user_media_entry +@require_active_login +@user_may_delete_media +def media_confirm_delete(request, media): + + form = user_forms.ConfirmDeleteForm(request.POST) + + if request.method == 'POST' and form.validate(): + if request.POST.get('confirm') == 'True': + username = media.uploader()['username'] + + # Delete all files on the public storage + delete_media_files(media) + + media.delete() + + return redirect(request, "mediagoblin.user_pages.user_home", + user=username) + else: + return redirect(request, "mediagoblin.user_pages.media_home", + user=media.uploader()['username'], + media=media['slug']) + + return render_to_response( + request, + 'mediagoblin/user_pages/media_confirm_delete.html', + {'media': media, + 'form': form}) + + ATOM_DEFAULT_NR_OF_UPDATED_ITEMS = 15 def atom_feed(request): diff --git a/mediagoblin/util.py b/mediagoblin/util.py index ba4ac01e..27c81f3a 100644 --- a/mediagoblin/util.py +++ b/mediagoblin/util.py @@ -681,3 +681,18 @@ def render_404(request): """ return render_to_response( request, 'mediagoblin/404.html', {}, status=400) + +def delete_media_files(media): + """ + Delete all files associated with a MediaEntry + + Arguments: + - media: A MediaEntry document + """ + for handle, listpath in media['media_files'].items(): + mg_globals.public_store.delete_file( + listpath) + + for attachment in media['attachment_files']: + mg_globals.public_store.delete_file( + attachment['filepath']) |