aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mediagoblin/auth/views.py11
-rw-r--r--mediagoblin/decorators.py17
-rw-r--r--mediagoblin/edit/views.py11
-rw-r--r--mediagoblin/routing.py1
-rw-r--r--mediagoblin/storage.py3
-rw-r--r--mediagoblin/submit/views.py4
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/media.html17
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html48
-rw-r--r--mediagoblin/templates/mediagoblin/utils/prev_next.html50
-rw-r--r--mediagoblin/tests/test_submission.py61
-rw-r--r--mediagoblin/user_pages/forms.py7
-rw-r--r--mediagoblin/user_pages/routing.py3
-rw-r--r--mediagoblin/user_pages/views.py44
-rw-r--r--mediagoblin/util.py15
14 files changed, 246 insertions, 46 deletions
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 4c4a34fd..48c5937c 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -44,11 +44,12 @@ def register(request):
if request.method == 'POST' and register_form.validate():
# TODO: Make sure the user doesn't exist already
-
+ username = unicode(request.POST['username'].lower())
+ email = unicode(request.POST['email'].lower())
users_with_username = request.db.User.find(
- {'username': request.POST['username'].lower()}).count()
+ {'username': username}).count()
users_with_email = request.db.User.find(
- {'email': request.POST['email'].lower()}).count()
+ {'email': email}).count()
extra_validation_passes = True
@@ -64,8 +65,8 @@ def register(request):
if extra_validation_passes:
# Create the user
user = request.db.User()
- user['username'] = request.POST['username'].lower()
- user['email'] = request.POST['email'].lower()
+ user['username'] = username
+ user['email'] = email
user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
request.POST['password'])
user.save(validate=True)
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index c66049ca..f1b5d229 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -52,6 +52,22 @@ def require_active_login(controller):
return _make_safe(new_controller_func, controller)
+def user_may_delete_media(controller):
+ """
+ Require user ownership of the MediaEntry to delete.
+ """
+ def wrapper(request, *args, **kwargs):
+ uploader = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media'])}).uploader()
+ if not (request.user['is_admin'] or
+ request.user['_id'] == uploader['_id']):
+ return exc.HTTPForbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
def uses_pagination(controller):
"""
Check request GET 'page' key for wrong values
@@ -122,3 +138,4 @@ def get_media_entry_by_id(controller):
return controller(request, media=media, *args, **kwargs)
return _make_safe(wrapper, controller)
+
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index b0145a04..f766afdc 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import uuid
from webob import exc
from string import split
@@ -64,8 +65,8 @@ def edit_media(request, media):
form.slug.errors.append(
_(u'An entry with that slug already exists for this user.'))
else:
- media['title'] = request.POST['title']
- media['description'] = request.POST.get('description')
+ media['title'] = unicode(request.POST['title'])
+ media['description'] = unicode(request.POST.get('description'))
media['tags'] = convert_to_tag_list_of_dicts(
request.POST.get('tags'))
@@ -80,7 +81,7 @@ def edit_media(request, media):
and 'y' == request.POST['attachment_delete']:
del media['attachment_files'][0]
- media['slug'] = request.POST['slug']
+ media['slug'] = unicode(request.POST['slug'])
media.save()
return redirect(request, "mediagoblin.user_pages.media_home",
@@ -171,8 +172,8 @@ def edit_profile(request):
bio=user.get('bio'))
if request.method == 'POST' and form.validate():
- user['url'] = request.POST['url']
- user['bio'] = request.POST['bio']
+ user['url'] = unicode(request.POST['url'])
+ user['bio'] = unicode(request.POST['bio'])
user['bio_html'] = cleaned_markdown_conversion(user['bio'])
diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py
index 1340da60..f78658c5 100644
--- a/mediagoblin/routing.py
+++ b/mediagoblin/routing.py
@@ -21,6 +21,7 @@ from mediagoblin.submit.routing import submit_routes
from mediagoblin.user_pages.routing import user_routes
from mediagoblin.edit.routing import edit_routes
from mediagoblin.listings.routing import tag_routes
+from mediagoblin.confirm.routing import confirm_routes
def get_mapper():
diff --git a/mediagoblin/storage.py b/mediagoblin/storage.py
index 7ada95e1..82b7a5ff 100644
--- a/mediagoblin/storage.py
+++ b/mediagoblin/storage.py
@@ -281,7 +281,8 @@ class CloudFilesStorage(StorageInterface):
def delete_file(self, filepath):
# TODO: Also delete unused directories if empty (safely, with
# checks to avoid race conditions).
- self.container.delete_object(filepath)
+ self.container.delete_object(
+ self._resolve_filepath(filepath))
def file_url(self, filepath):
return '/'.join([
diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py
index 4481adeb..b9395145 100644
--- a/mediagoblin/submit/views.py
+++ b/mediagoblin/submit/views.py
@@ -55,10 +55,10 @@ def submit_start(request):
entry = request.db.MediaEntry()
entry['_id'] = ObjectId()
entry['title'] = (
- request.POST['title']
+ unicode(request.POST['title'])
or unicode(splitext(filename)[0]))
- entry['description'] = request.POST.get('description')
+ entry['description'] = unicode(request.POST.get('description'))
entry['description_html'] = cleaned_markdown_conversion(
entry['description'])
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 0425500e..6f00b40b 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -121,15 +121,22 @@
request.user['is_admin'] %}
<h3>Temporary button holder</h3>
<p>
- <a href="{{ request.urlgen('mediagoblin.edit.edit_media',
+ {% set edit_url = request.urlgen('mediagoblin.edit.edit_media',
user= media.uploader().username,
- media= media._id) }}"
+ media= media._id) %}
+ <a href="{{ edit_url }}"
><img src="{{ request.staticdirect('/images/icon_edit.png') }}"
- class="media_icon" />edit</a>
+ class="media_icon" /></a>
+ <a href="{{ edit_url }}">{% trans %}edit{% endtrans %}</a>
</p>
<p>
- <img src="{{ request.staticdirect('/images/icon_delete.png') }}"
- class="media_icon" />{% trans %}delete{% endtrans %}
+ {% set delete_url = request.urlgen('mediagoblin.user_pages.media_confirm_delete',
+ user= media.uploader().username,
+ media= media._id) %}
+ <a href="{{ delete_url }}"
+ ><img src="{{ request.staticdirect('/images/icon_delete.png') }}"
+ class="media_icon" /></a>
+ <a href="{{ delete_url }}">{% trans %}delete{% endtrans %}</a>
</p>
{% endif %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
new file mode 100644
index 00000000..87a3ad81
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
@@ -0,0 +1,48 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 Free Software Foundation, Inc
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block mediagoblin_content %}
+
+ <form action="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
+ user=media.uploader().username,
+ media=media._id) }}"
+ method="POST" enctype="multipart/form-data">
+ <div class="grid_8 prefix_1 suffix_1 edit_box form_box">
+ <h1>
+ {%- trans title=media['title'] -%}
+ Really delete {{ title }}?
+ {%- endtrans %}
+ </h1>
+ <p>
+ <em>
+ {%- trans -%}
+ If you choose yes, the media entry will be deleted <strong>permanently.</strong>
+ {%- endtrans %}
+ </em>
+ </p>
+
+ {{ wtforms_util.render_divs(form) }}
+ <div class="form_submit_buttons">
+ <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+ </div>
+ </div>
+ </form>
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/utils/prev_next.html b/mediagoblin/templates/mediagoblin/utils/prev_next.html
index 7cf8d2a4..8c0cee02 100644
--- a/mediagoblin/templates/mediagoblin/utils/prev_next.html
+++ b/mediagoblin/templates/mediagoblin/utils/prev_next.html
@@ -20,27 +20,29 @@
{% set prev_entry_url = media.url_to_prev(request.urlgen) %}
{% set next_entry_url = media.url_to_next(request.urlgen) %}
-<div>
- {# There are no previous entries for the very first media entry #}
- {% if prev_entry_url %}
- <a class="navigation_button navigation_left" href="{{ prev_entry_url }}">
- <img src="/mgoblin_static/images/navigation_left.png" alt="Previous image" />
- </a>
- {% else %}
- {# This is the first entry. display greyed-out 'previous' image #}
- <p class="navigation_button navigation_left">
- <img src="/mgoblin_static/images/navigation_end.png" alt="No previous images" />
- </p>
- {% endif %}
- {# Likewise, this could be the very last media entry #}
- {% if next_entry_url %}
- <a class="navigation_button" href="{{ next_entry_url }}">
- <img src="/mgoblin_static/images/navigation_right.png" alt="Next image" />
- </a>
- {% else %}
- {# This is the last entry. display greyed-out 'next' image #}
- <p class="navigation_button">
- <img src="/mgoblin_static/images/navigation_end.png" alt="No following images" />
- </p>
- {% endif %}
-</div>
+{% if prev_entry_url or next_entry_url %}
+ <div class="grid_5 alpha omega">
+ {# There are no previous entries for the very first media entry #}
+ {% if prev_entry_url %}
+ <a class="navigation_button navigation_left" href="{{ prev_entry_url }}">
+ <img src="/mgoblin_static/images/navigation_left.png" alt="Previous image" />
+ </a>
+ {% else %}
+ {# This is the first entry. display greyed-out 'previous' image #}
+ <p class="navigation_button navigation_left">
+ <img src="/mgoblin_static/images/navigation_end.png" alt="No previous images" />
+ </p>
+ {% endif %}
+ {# Likewise, this could be the very last media entry #}
+ {% if next_entry_url %}
+ <a class="navigation_button" href="{{ next_entry_url }}">
+ <img src="/mgoblin_static/images/navigation_right.png" alt="Next image" />
+ </a>
+ {% else %}
+ {# This is the last entry. display greyed-out 'next' image #}
+ <p class="navigation_button">
+ <img src="/mgoblin_static/images/navigation_end.png" alt="No following images" />
+ </p>
+ {% endif %}
+ </div>
+{% endif %}
diff --git a/mediagoblin/tests/test_submission.py b/mediagoblin/tests/test_submission.py
index 9ae129cd..43a81f02 100644
--- a/mediagoblin/tests/test_submission.py
+++ b/mediagoblin/tests/test_submission.py
@@ -17,7 +17,7 @@
import urlparse
import pkg_resources
-from nose.tools import assert_equal
+from nose.tools import assert_equal, assert_true, assert_false
from mediagoblin.auth import lib as auth_lib
from mediagoblin.tests.tools import setup_fresh_app, get_test_app
@@ -53,6 +53,8 @@ class TestSubmission:
test_user['pw_hash'] = auth_lib.bcrypt_gen_password_hash('toast')
test_user.save()
+ self.test_user = test_user
+
self.test_app.post(
'/auth/login/', {
'username': u'chris',
@@ -150,6 +152,63 @@ class TestSubmission:
u'Tags must be shorter than 50 characters. Tags that are too long'\
': ffffffffffffffffffffffffffuuuuuuuuuuuuuuuuuuuuuuuuuu']
+ def test_delete(self):
+ util.clear_test_template_context()
+ response = self.test_app.post(
+ '/submit/', {
+ 'title': 'Balanced Goblin',
+ }, upload_files=[(
+ 'file', GOOD_JPG)])
+
+ # Post image
+ response.follow()
+
+ request = util.TEMPLATE_TEST_CONTEXT[
+ 'mediagoblin/user_pages/user.html']['request']
+
+ media = request.db.MediaEntry.find({'title': 'Balanced Goblin'})[0]
+
+ # Does media entry exist?
+ assert_true(media)
+
+ # Do not confirm deletion
+ # ---------------------------------------------------
+ response = self.test_app.post(
+ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
+ # No work: user=media.uploader().username,
+ user=self.test_user['username'],
+ media=media['_id']),
+ {'confirm': 'False'})
+
+ response.follow()
+
+ request = util.TEMPLATE_TEST_CONTEXT[
+ 'mediagoblin/user_pages/user.html']['request']
+
+ media = request.db.MediaEntry.find({'title': 'Balanced Goblin'})[0]
+
+ # Does media entry still exist?
+ assert_true(media)
+
+ # Confirm deletion
+ # ---------------------------------------------------
+ response = self.test_app.post(
+ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
+ # No work: user=media.uploader().username,
+ user=self.test_user['username'],
+ media=media['_id']),
+ {'confirm': 'True'})
+
+ response.follow()
+
+ request = util.TEMPLATE_TEST_CONTEXT[
+ 'mediagoblin/user_pages/user.html']['request']
+
+ # Does media entry still exist?
+ assert_false(
+ request.db.MediaEntry.find(
+ {'_id': media['_id']}).count())
+
def test_malicious_uploads(self):
# Test non-suppoerted file with non-supported extension
# -----------------------------------------------------
diff --git a/mediagoblin/user_pages/forms.py b/mediagoblin/user_pages/forms.py
index 25001019..4a79bedd 100644
--- a/mediagoblin/user_pages/forms.py
+++ b/mediagoblin/user_pages/forms.py
@@ -23,3 +23,10 @@ class MediaCommentForm(wtforms.Form):
comment_content = wtforms.TextAreaField(
_('Comment'),
[wtforms.validators.Required()])
+
+
+class ConfirmDeleteForm(wtforms.Form):
+ confirm = wtforms.RadioField('Confirm',
+ default='False',
+ choices=[('False', 'No, I made a mistake!'),
+ ('True', 'Yes, delete it!')])
diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py
index 65c0fa64..ffa6f969 100644
--- a/mediagoblin/user_pages/routing.py
+++ b/mediagoblin/user_pages/routing.py
@@ -32,6 +32,9 @@ user_routes = [
Route('mediagoblin.edit.attachments',
'/{user}/m/{media}/attachments/',
controller="mediagoblin.edit.views:edit_attachments"),
+ Route('mediagoblin.user_pages.media_confirm_delete',
+ "/{user}/m/{media}/confirm-delete/",
+ controller="mediagoblin.user_pages.views:media_confirm_delete"),
Route('mediagoblin.user_pages.atom_feed', '/{user}/atom/',
controller="mediagoblin.user_pages.views:atom_feed"),
Route('mediagoblin.user_pages.media_post_comment',
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 2d9bcd21..06b0be5b 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -20,11 +20,12 @@ from mediagoblin import messages, mg_globals
from mediagoblin.db.util import DESCENDING, ObjectId
from mediagoblin.util import (
Pagination, render_to_response, redirect, cleaned_markdown_conversion,
- render_404)
+ render_404, delete_media_files)
+from mediagoblin.util import pass_to_ugettext as _
from mediagoblin.user_pages import forms as user_forms
from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
- require_active_login)
+ require_active_login, user_may_delete_media)
from werkzeug.contrib.atom import AtomFeed
@@ -130,7 +131,7 @@ def media_post_comment(request):
comment = request.db.MediaComment()
comment['media_entry'] = ObjectId(request.matchdict['media'])
comment['author'] = request.user['_id']
- comment['content'] = request.POST['comment_content']
+ comment['content'] = unicode(request.POST['comment_content'])
comment['content_html'] = cleaned_markdown_conversion(comment['content'])
@@ -145,6 +146,43 @@ def media_post_comment(request):
user = request.matchdict['user'])
+@get_user_media_entry
+@require_active_login
+@user_may_delete_media
+def media_confirm_delete(request, media):
+
+ form = user_forms.ConfirmDeleteForm(request.POST)
+
+ if request.method == 'POST' and form.validate():
+ if request.POST.get('confirm') == 'True':
+ username = media.uploader()['username']
+
+ # Delete all files on the public storage
+ delete_media_files(media)
+
+ media.delete()
+
+ return redirect(request, "mediagoblin.user_pages.user_home",
+ user=username)
+ else:
+ return redirect(request, "mediagoblin.user_pages.media_home",
+ user=media.uploader()['username'],
+ media=media['slug'])
+
+ if ((request.user[u'is_admin'] and
+ request.user[u'_id'] != media.uploader()[u'_id'])):
+ messages.add_message(
+ request, messages.WARNING,
+ _("You are about to delete another user's media. "
+ "Proceed with caution."))
+
+ return render_to_response(
+ request,
+ 'mediagoblin/user_pages/media_confirm_delete.html',
+ {'media': media,
+ 'form': form})
+
+
ATOM_DEFAULT_NR_OF_UPDATED_ITEMS = 15
def atom_feed(request):
diff --git a/mediagoblin/util.py b/mediagoblin/util.py
index ba4ac01e..27c81f3a 100644
--- a/mediagoblin/util.py
+++ b/mediagoblin/util.py
@@ -681,3 +681,18 @@ def render_404(request):
"""
return render_to_response(
request, 'mediagoblin/404.html', {}, status=400)
+
+def delete_media_files(media):
+ """
+ Delete all files associated with a MediaEntry
+
+ Arguments:
+ - media: A MediaEntry document
+ """
+ for handle, listpath in media['media_files'].items():
+ mg_globals.public_store.delete_file(
+ listpath)
+
+ for attachment in media['attachment_files']:
+ mg_globals.public_store.delete_file(
+ attachment['filepath'])
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 15:33:23 +0000