aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/decorators.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/decorators.py')
-rw-r--r--mediagoblin/decorators.py19
1 files changed, 18 insertions, 1 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index c66049ca..7d5978fc 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -1,5 +1,5 @@
# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
+# Copyright (C) 2011 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@@ -52,6 +52,22 @@ def require_active_login(controller):
return _make_safe(new_controller_func, controller)
+def user_may_delete_media(controller):
+ """
+ Require user ownership of the MediaEntry to delete.
+ """
+ def wrapper(request, *args, **kwargs):
+ uploader = request.db.MediaEntry.find_one(
+ {'_id': ObjectId(request.matchdict['media'])}).uploader()
+ if not (request.user['is_admin'] or
+ request.user['_id'] == uploader['_id']):
+ return exc.HTTPForbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return _make_safe(wrapper, controller)
+
+
def uses_pagination(controller):
"""
Check request GET 'page' key for wrong values
@@ -122,3 +138,4 @@ def get_media_entry_by_id(controller):
return controller(request, media=media, *args, **kwargs)
return _make_safe(wrapper, controller)
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 22:57:27 +0000