aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mediagoblin/admin/views.py7
-rw-r--r--mediagoblin/decorators.py4
-rw-r--r--mediagoblin/edit/views.py4
-rw-r--r--mediagoblin/meddleware/csrf.py4
-rw-r--r--mediagoblin/plugins/api/tools.py4
-rw-r--r--mediagoblin/plugins/api/views.py6
6 files changed, 15 insertions, 14 deletions
diff --git a/mediagoblin/admin/views.py b/mediagoblin/admin/views.py
index 9c14c55c..d0665151 100644
--- a/mediagoblin/admin/views.py
+++ b/mediagoblin/admin/views.py
@@ -14,10 +14,11 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from werkzeug.exceptions import Forbidden
+
from mediagoblin.db.util import DESCENDING
from mediagoblin.decorators import require_active_login
-from mediagoblin.tools.response import (render_to_response, render_403,
- render_404)
+from mediagoblin.tools.response import render_to_response
@require_active_login
def admin_processing_panel(request):
@@ -26,7 +27,7 @@ def admin_processing_panel(request):
'''
# TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
if not request.user.is_admin:
- return render_403(request)
+ raise Forbidden()
processing_entries = request.db.MediaEntry.find(
{'state': u'processing'}).sort('created', DESCENDING)
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index e45d3272..0903dd41 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -74,7 +74,7 @@ def user_may_delete_media(controller):
{'id': ObjectId(request.matchdict['media'])}).uploader
if not (request.user.is_admin or
request.user.id == uploader_id):
- return Forbidden()
+ raise Forbidden()
return controller(request, *args, **kwargs)
@@ -91,7 +91,7 @@ def user_may_alter_collection(controller):
{'username': request.matchdict['user']}).id
if not (request.user.is_admin or
request.user.id == creator_id):
- return Forbidden()
+ raise Forbidden()
return controller(request, *args, **kwargs)
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 8840f36f..9de034bb 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -41,7 +41,7 @@ import mimetypes
@require_active_login
def edit_media(request, media):
if not may_edit_media(request, media):
- return Forbidden("User may not edit this media")
+ raise Forbidden("User may not edit this media")
defaults = dict(
title=media.title,
@@ -165,7 +165,7 @@ def edit_attachments(request, media):
{'media': media,
'form': form})
else:
- return Forbidden("Attachments are disabled")
+ raise Forbidden("Attachments are disabled")
@require_active_login
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index 65db9827..2984ebb9 100644
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -130,7 +130,7 @@ class CsrfMeddleware(BaseMeddleware):
# the CSRF cookie must be present in the request
errstr = 'CSRF cookie not present'
_log.error(errstr)
- return Forbidden(errstr)
+ raise Forbidden(errstr)
# get the form token and confirm it matches
form = CsrfForm(request.form)
@@ -145,4 +145,4 @@ class CsrfMeddleware(BaseMeddleware):
# present; either way, the request is denied
errstr = 'CSRF validation failed'
_log.error(errstr)
- return Forbidden(errstr)
+ raise Forbidden(errstr)
diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index 0ef91127..03f528ce 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -142,7 +142,7 @@ def api_auth(controller):
# If we can't find any authentication methods, we should not let them
# pass.
if not auth_candidates:
- return Forbidden()
+ raise Forbidden()
# For now, just select the first one in the list
auth = auth_candidates[0]
@@ -156,7 +156,7 @@ def api_auth(controller):
'status': 403,
'errors': auth.errors})
- return Forbidden()
+ raise Forbidden()
return controller(request, *args, **kw)
diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py
index 8e02d7bd..3d9437e0 100644
--- a/mediagoblin/plugins/api/views.py
+++ b/mediagoblin/plugins/api/views.py
@@ -48,13 +48,13 @@ def post_entry(request):
if request.method != 'POST':
_log.debug('Must POST against post_entry')
- return BadRequest()
+ raise BadRequest()
if not 'file' in request.files \
or not isinstance(request.files['file'], FileStorage) \
or not request.files['file'].stream:
_log.debug('File field not found')
- return BadRequest()
+ raise BadRequest()
media_file = request.files['file']
@@ -130,7 +130,7 @@ def post_entry(request):
@api_auth
def api_test(request):
if not request.user:
- return Forbidden()
+ raise Forbidden()
user_data = {
'username': request.user.username,
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 17:59:24 +0000