diff options
| -rw-r--r-- | mediagoblin/db/models.py | 71 | ||||
| -rw-r--r-- | mediagoblin/decorators.py | 109 | ||||
| -rw-r--r-- | mediagoblin/moderation/forms.py | 67 | ||||
| -rw-r--r-- | mediagoblin/moderation/tools.py | 34 | ||||
| -rw-r--r-- | mediagoblin/moderation/views.py | 7 | ||||
| -rw-r--r-- | mediagoblin/submit/views.py | 1 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/base.html | 2 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/moderation/user.html | 4 | ||||
| -rw-r--r-- | mediagoblin/tests/test_auth.py | 14 | ||||
| -rw-r--r-- | mediagoblin/tests/test_privileges.py | 6 | ||||
| -rw-r--r-- | mediagoblin/tests/test_submission.py | 2 | ||||
| -rw-r--r-- | mediagoblin/tools/response.py | 4 | ||||
| -rw-r--r-- | mediagoblin/user_pages/lib.py | 22 | ||||
| -rw-r--r-- | mediagoblin/user_pages/routing.py | 2 | ||||
| -rw-r--r-- | mediagoblin/user_pages/views.py | 29 |
15 files changed, 277 insertions, 97 deletions
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index 1e8d0a0c..f25dc32c 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -105,6 +105,17 @@ class User(Base, UserMixin): _log.info('Deleted user "{0}" account'.format(self.username)) def has_privilege(self,*priv_names): + """ + This method checks to make sure a user has all the correct privileges + to access a piece of content. + + :param priv_names A variable number of unicode objects which rep- + -resent the different privileges which may give + the user access to this content. If you pass + multiple arguments, the user will be granted + access if they have ANY of the privileges + passed. + """ if len(priv_names) == 1: priv = Privilege.query.filter( Privilege.privilege_name==priv_names[0]).one() @@ -114,6 +125,16 @@ class User(Base, UserMixin): self.has_privilege(*priv_names[1:]) return False + def is_banned(self): + """ + Checks if this user is banned. + + :returns True if self is banned + :returns False if self is not + """ + return UserBan.query.get(self.id) is not None + + class Client(Base): """ Model representing a client - Used for API Auth @@ -655,15 +676,21 @@ with_polymorphic( class ReportBase(Base): """ - This is the basic report table which the other reports are based off of. - :keyword reporter_id - :keyword report_content - :keyword reported_user_id - :keyword created - :keyword resolved - :keyword result - :keyword discriminator - + This is the basic report object which the other reports are based off of. + + :keyword reporter_id Holds the id of the user who created + the report, as an Integer column. + :keyword report_content Hold the explanation left by the repor- + -ter to indicate why they filed the + report in the first place, as a + Unicode column. + :keyword reported_user_id Holds the id of the user who created + the content which was reported, as + an Integer column. + :keyword created Holds a datetime column of when the re- + -port was filed. + :keyword discriminator This column distinguishes between the + different types of reports. """ __tablename__ = 'core__reports' id = Column(Integer, primary_key=True) @@ -698,7 +725,9 @@ class ReportBase(Base): class CommentReport(ReportBase): """ - A class to keep track of reports that have been filed on comments + Reports that have been filed on comments. + :keyword comment_id Holds the integer value of the reported + comment's ID """ __tablename__ = 'core__reports_on_comments' __mapper_args__ = {'polymorphic_identity': 'comment_report'} @@ -713,7 +742,9 @@ class CommentReport(ReportBase): class MediaReport(ReportBase): """ - A class to keep track of reports that have been filed on media entries + Reports that have been filed on media entries + :keyword media_entry_id Holds the integer value of the reported + media entry's ID """ __tablename__ = 'core__reports_on_media' __mapper_args__ = {'polymorphic_identity': 'media_report'} @@ -729,7 +760,23 @@ class MediaReport(ReportBase): class ArchivedReport(ReportBase): """ - A table to keep track of reports that have been resolved + Reports that have been resolved. The media_entry and comment columns must + be optional so that if the media entry/comment is deleted, the archive can + still exist. + :keyword comment_id Holds the Integer value of the reported + comment's ID. This column is optio- + -nal. + :keyword media_entry_id Holds the Integer value of the reported + media entry's ID. This column is + optional. + :keyword resolver_id Holds the id of the moderator/admin who + resolved the report. + :keyword resolved Holds the DateTime object which descri- + -bes when this report was resolved + :keyword result Holds the UnicodeText column of the + resolver's reasons for resolving + the report this way. Some of this + is auto-generated """ __tablename__ = 'core__reports_archived' __mapper_args__ = {'polymorphic_identity': 'archived_report'} diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 1a8b124b..d5a10db1 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -31,11 +31,29 @@ from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.oauth.tools.request import decode_authorization_header from mediagoblin.oauth.oauth import GMGRequestValidator + +def user_not_banned(controller): + """ + Requires that the user has not been banned. Otherwise redirects to the page + explaining why they have been banned + """ + @wraps(controller) + def wrapper(request, *args, **kwargs): + if request.user: + if request.user.is_banned(): + return render_user_banned(request) + return controller(request, *args, **kwargs) + + return wrapper + + def require_active_login(controller): """ - Require an active login from the user. + Require an active login from the user. If the user is banned, redirects to + the "You are Banned" page. """ @wraps(controller) + @user_not_banned def new_controller_func(request, *args, **kwargs): if request.user and \ not request.user.has_privilege(u'active'): @@ -55,29 +73,26 @@ def require_active_login(controller): return new_controller_func -def active_user_from_url(controller): - """Retrieve User() from <user> URL pattern and pass in as url_user=... - - Returns a 404 if no such active user has been found""" - @wraps(controller) - def wrapper(request, *args, **kwargs): - user = User.query.filter_by(username=request.matchdict['user']).first() - if user is None: - return render_404(request) - - return controller(request, *args, url_user=user, **kwargs) - - return wrapper def user_has_privilege(privilege_name): + """ + Requires that a user have a particular privilege in order to access a page. + In order to require that a user have multiple privileges, use this + decorator twice on the same view. This decorator also makes sure that the + user is not banned, or else it redirects them to the "You are Banned" page. + + :param privilege_name A unicode object that is that represents + the privilege object. This object is + the name of the privilege, as assigned + in the Privilege.privilege_name column + """ def user_has_privilege_decorator(controller): @wraps(controller) + @require_active_login def wrapper(request, *args, **kwargs): user_id = request.user.id - if UserBan.query.filter(UserBan.user_id==user_id).count(): - return render_user_banned(request) - elif not request.user.has_privilege(privilege_name): + if not request.user.has_privilege(privilege_name): raise Forbidden() return controller(request, *args, **kwargs) @@ -86,6 +101,21 @@ def user_has_privilege(privilege_name): return user_has_privilege_decorator +def active_user_from_url(controller): + """Retrieve User() from <user> URL pattern and pass in as url_user=... + + Returns a 404 if no such active user has been found""" + @wraps(controller) + def wrapper(request, *args, **kwargs): + user = User.query.filter_by(username=request.matchdict['user']).first() + if user is None: + return render_404(request) + + return controller(request, *args, url_user=user, **kwargs) + + return wrapper + + def user_may_delete_media(controller): """ Require user ownership of the MediaEntry to delete. @@ -274,20 +304,31 @@ def allow_registration(controller): return wrapper -def get_media_comment_by_id(controller): +def get_optional_media_comment_by_id(controller): """ - Pass in a MediaComment based off of a url component + Pass in a MediaComment based off of a url component. Because of this decor- + -ator's use in filing Media or Comment Reports, it has two valid outcomes. + + :returns The view function being wrapped with kwarg `comment` set to + the MediaComment who's id is in the URL. If there is a + comment id in the URL and if it is valid. + :returns The view function being wrapped with kwarg `comment` set to + None. If there is no comment id in the URL. + :returns A 404 Error page, if there is a comment if in the URL and it + is invalid. """ @wraps(controller) def wrapper(request, *args, **kwargs): - comment = MediaComment.query.filter_by( - id=request.matchdict['comment']).first() - # Still no media? Okay, 404. - if not comment: - return render_404(request) + if 'comment' in request.matchdict: + comment = MediaComment.query.filter_by( + id=request.matchdict['comment']).first() - return controller(request, comment=comment, *args, **kwargs) + if comment is None: + return render_404(request) + return controller(request, comment=comment, *args, **kwargs) + else: + return controller(request, comment=None, *args, **kwargs) return wrapper @@ -308,7 +349,7 @@ def auth_enabled(controller): def require_admin_or_moderator_login(controller): """ - Require an login from an administrator or a moderator. + Require a login from an administrator or a moderator. """ @wraps(controller) def new_controller_func(request, *args, **kwargs): @@ -330,22 +371,6 @@ def require_admin_or_moderator_login(controller): return new_controller_func -def user_not_banned(controller): - """ - Requires that the user has not been banned. Otherwise redirects to the page - explaining why they have been banned - """ - @wraps(controller) - def wrapper(request, *args, **kwargs): - if request.user: - user_banned = UserBan.query.get(request.user.id) - if user_banned: - return render_user_banned(request) - return controller(request, *args, **kwargs) - - return wrapper - - def oauth_required(controller): """ Used to wrap API endpoints where oauth is required """ diff --git a/mediagoblin/moderation/forms.py b/mediagoblin/moderation/forms.py index bcb2fc77..7e225fb6 100644 --- a/mediagoblin/moderation/forms.py +++ b/mediagoblin/moderation/forms.py @@ -35,10 +35,19 @@ class MultiCheckboxField(wtforms.SelectMultipleField): option_widget = wtforms.widgets.CheckboxInput() +# ============ Forms for mediagoblin.moderation.user page ================== # + class PrivilegeAddRemoveForm(wtforms.Form): + """ + This form is used by an admin to give/take away a privilege directly from + their user page. + """ privilege_name = wtforms.HiddenField('',[wtforms.validators.required()]) class BanForm(wtforms.Form): + """ + This form is used by an admin to ban a user directly from their user page. + """ user_banned_until = wtforms.DateField( _(u'User will be banned until:'), format='%Y-%m-%d', @@ -47,7 +56,54 @@ class BanForm(wtforms.Form): _(u'Why are you banning this User?'), validators=[wtforms.validators.optional()]) +# =========== Forms for mediagoblin.moderation.report page ================= # + class ReportResolutionForm(wtforms.Form): + """ + This form carries all the information necessary to take punitive actions + against a user who created content that has been reported. + + :param action_to_resolve A list of Unicode objects representing + a choice from the ACTION_CHOICES const- + -ant. Every choice passed affects what + punitive actions will be taken against + the user. + + :param targeted_user A HiddenField object that holds the id + of the user that was reported. + + :param take_away_privileges A list of Unicode objects which repres- + -ent the privileges that are being tak- + -en away. This field is optional and + only relevant if u'takeaway' is in the + `action_to_resolve` list. + + :param user_banned_until A DateField object that holds the date + that the user will be unbanned. This + field is optional and only relevant if + u'userban' is in the action_to_resolve + list. If the user is being banned and + this field is blank, the user is banned + indefinitely. + + :param why_user_was_banned A TextArea object that holds the + reason that a user was banned, to disp- + -lay to them when they try to log in. + This field is optional and only relevant + if u'userban' is in the + `action_to_resolve` list. + + :param message_to_user A TextArea object that holds a message + which will be emailed to the user. This + is only relevant if the u'sendmessage' + option is in the `action_to_resolve` + list. + + :param resolution_content A TextArea object that is required for + every report filed. It represents the + reasons that the moderator/admin resol- + -ved the report in such a way. + """ action_to_resolve = MultiCheckboxField( _(u'What action will you take to resolve the report?'), validators=[wtforms.validators.optional()], @@ -67,7 +123,18 @@ class ReportResolutionForm(wtforms.Form): validators=[wtforms.validators.optional()]) resolution_content = wtforms.TextAreaField() +# ======== Forms for mediagoblin.moderation.report_panel page ============== # + class ReportPanelSortingForm(wtforms.Form): + """ + This form is used for sorting and filtering through different reports in + the mediagoblin.moderation.reports_panel view. + + Parameters that start with 'active_' refer to a sort/filter for the active + reports. + Parameters that start with 'closed_' refer to a sort/filter for the closed + reports. + """ active_p = wtforms.IntegerField( _(u'Page'), validators=[wtforms.validators.optional()]) diff --git a/mediagoblin/moderation/tools.py b/mediagoblin/moderation/tools.py index 79a6e3f5..355ffa99 100644 --- a/mediagoblin/moderation/tools.py +++ b/mediagoblin/moderation/tools.py @@ -131,6 +131,23 @@ def take_punitive_actions(request, form, report, user): report_id=report.id) def take_away_privileges(user,*privileges): + """ + Take away all of the privileges passed as arguments. + + :param user A Unicode object representing the target user's + User.username value. + + :param privileges A variable number of Unicode objects describing + the privileges being taken away. + + + :returns True If ALL of the privileges were taken away + successfully. + + :returns False If ANY of the privileges were not taken away + successfully. This means the user did not have + (one of) the privilege(s) to begin with. + """ if len(privileges) == 1: privilege = Privilege.query.filter( Privilege.privilege_name==privileges[0]).first() @@ -146,6 +163,23 @@ def take_away_privileges(user,*privileges): take_away_privileges(user, *privileges[1:])) def give_privileges(user,*privileges): + """ + Take away all of the privileges passed as arguments. + + :param user A Unicode object representing the target user's + User.username value. + + :param privileges A variable number of Unicode objects describing + the privileges being granted. + + + :returns True If ALL of the privileges were granted successf- + -ully. + + :returns False If ANY of the privileges were not granted succ- + essfully. This means the user already had (one + of) the privilege(s) to begin with. + """ if len(privileges) == 1: privilege = Privilege.query.filter( Privilege.privilege_name==privileges[0]).first() diff --git a/mediagoblin/moderation/views.py b/mediagoblin/moderation/views.py index 35c586ea..f09f4c99 100644 --- a/mediagoblin/moderation/views.py +++ b/mediagoblin/moderation/views.py @@ -169,7 +169,8 @@ def moderation_reports_detail(request): @active_user_from_url def give_or_take_away_privilege(request, url_user): ''' - A form action to give or take away a particular privilege from a user + A form action to give or take away a particular privilege from a user. + Can only be used by an admin. ''' form = moderation_forms.PrivilegeAddRemoveForm(request.form) if request.method == "POST" and form.validate(): @@ -193,10 +194,10 @@ def ban_or_unban(request, url_user): A page to ban or unban a user. Only can be used by an admin. """ form = moderation_forms.BanForm(request.form) - print "accessed page" if request.method == "POST" and form.validate(): already_banned = unban_user(url_user.id) - if not already_banned: + same_as_requesting_user = (request.user.id == url_user.id) + if not already_banned and not same_as_requesting_user: user_ban = ban_user(url_user.id, expiration_date = form.user_banned_until.data, reason = form.why_user_was_banned.data) diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py index 0700f933..8640b8de 100644 --- a/mediagoblin/submit/views.py +++ b/mediagoblin/submit/views.py @@ -125,7 +125,6 @@ def submit_start(request): @require_active_login -@user_not_banned def add_collection(request, media=None): """ View to create a new collection diff --git a/mediagoblin/templates/mediagoblin/base.html b/mediagoblin/templates/mediagoblin/base.html index 7d53585b..278cebb6 100644 --- a/mediagoblin/templates/mediagoblin/base.html +++ b/mediagoblin/templates/mediagoblin/base.html @@ -59,7 +59,7 @@ {% block mediagoblin_header_title %}{% endblock %} <div class="header_right"> {%- if request.user %} - {% if request.user and request.user.status == 'active' %} + {% if request.user and request.user.status == 'active' and not request.user.is_banned() %} {% set notification_count = get_notification_count(request.user.id) %} {% if notification_count %} diff --git a/mediagoblin/templates/mediagoblin/moderation/user.html b/mediagoblin/templates/mediagoblin/moderation/user.html index a8befa81..1be9dd80 100644 --- a/mediagoblin/templates/mediagoblin/moderation/user.html +++ b/mediagoblin/templates/mediagoblin/moderation/user.html @@ -193,7 +193,9 @@ $(document).ready(function(){ $('#hidden_privilege_name').val($(this).attr('id')); }); init_user_banned_form(); - $('.ban_user_submit').click(function(){submit_user_banned_form()}); + $('#ban_user_submit').click(function(){ + submit_user_banned_form() + }); }); </script> {% endblock %} diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py index 6cf05444..edbd27ee 100644 --- a/mediagoblin/tests/test_auth.py +++ b/mediagoblin/tests/test_auth.py @@ -99,6 +99,12 @@ def test_register_views(test_app): assert new_user.status == u'needs_email_verification' assert new_user.email_verified == False + ## Make sure that the proper privileges are granted on registration + + assert new_user.has_privilege(u'commenter') + assert new_user.has_privilege(u'uploader') + assert new_user.has_privilege(u'reporter') + assert not new_user.has_privilege(u'active') ## Make sure user is logged in request = template.TEMPLATE_TEST_CONTEXT[ 'mediagoblin/user_pages/user.html']['request'] @@ -330,14 +336,6 @@ def test_authentication_views(test_app): 'next' : '/u/chris/'}) assert urlparse.urlsplit(response.location)[2] == '/u/chris/' -def test_basic_privileges_granted_on_registration(test_app): - user = User.query.filter(User.username==u'angrygirl').first() - - assert User.has_privilege(u'commenter') - assert User.has_privilege(u'uploader') - assert User.has_privilege(u'reporter') - assert not User.has_privilege(u'active') - @pytest.fixture() def authentication_disabled_app(request): return get_app( diff --git a/mediagoblin/tests/test_privileges.py b/mediagoblin/tests/test_privileges.py index ced87b7f..9ae523f8 100644 --- a/mediagoblin/tests/test_privileges.py +++ b/mediagoblin/tests/test_privileges.py @@ -15,7 +15,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import pytest -from datetime import datetime, timedelta +from datetime import date, timedelta from webtest import AppError from mediagoblin.tests.tools import fixture_add_user, fixture_media_entry @@ -88,7 +88,7 @@ class TestPrivilegeFunctionality: user_ban.delete() user_ban = UserBan(user_id=uid, reason=u'Testing whether user is banned', - expiration_date= datetime.now() + timedelta(days=20)) + expiration_date= date.today() + timedelta(days=20)) user_ban.save() response = self.test_app.get('/') @@ -100,7 +100,7 @@ class TestPrivilegeFunctionality: #---------------------------------------------------------------------- user_ban = UserBan.query.get(uid) user_ban.delete() - exp_date = datetime.now() - timedelta(days=20) + exp_date = date.today() - timedelta(days=20) user_ban = UserBan(user_id=uid, reason=u'Testing whether user is banned', expiration_date= exp_date) diff --git a/mediagoblin/tests/test_submission.py b/mediagoblin/tests/test_submission.py index d10957d7..d8cb9827 100644 --- a/mediagoblin/tests/test_submission.py +++ b/mediagoblin/tests/test_submission.py @@ -46,7 +46,7 @@ class TestSubmission: # TODO: Possibly abstract into a decorator like: # @as_authenticated_user('chris') - fixture_add_user(privileges=[u'active',u'uploader']) + fixture_add_user(privileges=[u'active',u'uploader', u'commenter']) self.login() diff --git a/mediagoblin/tools/response.py b/mediagoblin/tools/response.py index 3884de45..cd99a230 100644 --- a/mediagoblin/tools/response.py +++ b/mediagoblin/tools/response.py @@ -22,7 +22,7 @@ from mediagoblin.tools.template import render_template from mediagoblin.tools.translate import (lazy_pass_to_ugettext as _, pass_to_ugettext) from mediagoblin.db.models import UserBan, User -from datetime import datetime +from datetime import date class Response(wz_Response): """Set default response mimetype to HTML, otherwise we get text/plain""" @@ -80,7 +80,7 @@ def render_user_banned(request): """ user_ban = UserBan.query.get(request.user.id) if (user_ban.expiration_date is not None and - datetime.now()>user_ban.expiration_date): + date.today()>user_ban.expiration_date): user_ban.delete() return redirect(request, diff --git a/mediagoblin/user_pages/lib.py b/mediagoblin/user_pages/lib.py index f29c1796..80eb30bd 100644 --- a/mediagoblin/user_pages/lib.py +++ b/mediagoblin/user_pages/lib.py @@ -83,12 +83,22 @@ def build_report_object(report_form, media_entry=None, comment=None): This function is used to convert a form object (from a User filing a report) into either a MediaReport or CommentReport object. - :param report_form should be a MediaReportForm or a CommentReportForm - object - :param - - :returns either of MediaReport or a CommentReport object that has not been - saved. In case of an improper form_dict, returns None + :param report_form A MediaReportForm or a CommentReportForm object + with valid information from a POST request. + :param media_entry A MediaEntry object. The MediaEntry being repo- + -rted by a MediaReport. In a CommentReport, + this will be None. + :param comment A MediaComment object. The MediaComment being + reported by a CommentReport. In a MediaReport + this will be None. + + :returns A MediaReport object if a valid MediaReportForm is + passed as kwarg media_entry. This MediaReport has + not been saved. + :returns A CommentReport object if a valid CommentReportForm + is passed as kwarg comment. This CommentReport + has not been saved. + :returns None if the form_dict is invalid. """ if report_form.validate() and comment is not None: diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py index b535bbf2..f0f4d8b7 100644 --- a/mediagoblin/user_pages/routing.py +++ b/mediagoblin/user_pages/routing.py @@ -50,7 +50,7 @@ add_route('mediagoblin.user_pages.media_home.view_comment', add_route('mediagoblin.user_pages.media_home.report_comment', '/u/<string:user>/m/<string:media>/c/<int:comment>/report/', - 'mediagoblin.user_pages.views:file_a_comment_report') + 'mediagoblin.user_pages.views:file_a_report') # User's tags gallery add_route('mediagoblin.user_pages.user_tag_gallery', diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 83aecf31..931b740c 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -34,10 +34,10 @@ from mediagoblin.notifications import trigger_notification, \ add_comment_subscription, mark_comment_notification_seen from mediagoblin.decorators import (uses_pagination, get_user_media_entry, - get_media_entry_by_id, user_has_privilege, + get_media_entry_by_id, user_has_privilege, user_not_banned, require_active_login, user_may_delete_media, user_may_alter_collection, get_user_collection, get_user_collection_item, active_user_from_url, - get_media_comment_by_id, user_not_banned) + get_optional_media_comment_by_id) from werkzeug.contrib.atom import AtomFeed from werkzeug.exceptions import MethodNotAllowed @@ -161,7 +161,6 @@ def media_home(request, media, page, **kwargs): @get_media_entry_by_id -@require_active_login @user_has_privilege(u'commenter') def media_post_comment(request, media): """ @@ -291,7 +290,6 @@ def media_collect(request, media): #TODO: Why does @user_may_delete_media not implicate @require_active_login? -@user_not_banned @get_media_entry_by_id @require_active_login @user_may_delete_media @@ -380,7 +378,6 @@ def collection_list(request, url_user=None): @get_user_collection_item @require_active_login @user_may_alter_collection -@user_not_banned def collection_item_confirm_remove(request, collection_item): form = user_forms.ConfirmCollectionItemRemoveForm(request.form) @@ -420,7 +417,7 @@ def collection_item_confirm_remove(request, collection_item): {'collection_item': collection_item, 'form': form}) -@user_not_banned + @get_user_collection @require_active_login @user_may_alter_collection @@ -604,7 +601,6 @@ def collection_atom_feed(request): return feed.get_response() -@user_not_banned @require_active_login def processing_panel(request): """ @@ -649,21 +645,27 @@ def processing_panel(request): 'failed_entries': failed_entries, 'processed_entries': processed_entries}) -@require_active_login @get_user_media_entry @user_has_privilege(u'reporter') -def file_a_report(request, media, comment=None): +@get_optional_media_comment_by_id +def file_a_report(request, media, comment): + """ + This view handles the filing of a MediaReport or a CommentReport. + """ if comment is not None: + if not comment.get_media_entry.id == media.id: + return render_404(request) + form = user_forms.CommentReportForm(request.form) - form.reporter_id.data = request.user.id context = {'media': media, 'comment':comment, 'form':form} else: form = user_forms.MediaReportForm(request.form) - form.reporter_id.data = request.user.id context = {'media': media, 'form':form} + form.reporter_id.data = request.user.id + if request.method == "POST": report_object = build_report_object(form, @@ -683,8 +685,3 @@ def file_a_report(request, media, comment=None): 'mediagoblin/user_pages/report.html', context) -@require_active_login -@get_user_media_entry -@get_media_comment_by_id -def file_a_comment_report(request, media, comment): - return file_a_report(request, comment=comment) |