aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/decorators.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/decorators.py')
-rw-r--r--mediagoblin/decorators.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 5533e81d..a40f1d5a 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -69,7 +69,7 @@ def user_may_delete_media(controller):
"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- uploader_id = MediaEntry.query.get(request.matchdict['media']).uploader
+ uploader_id = kwargs['media'].uploader
if not (request.user.is_admin or
request.user.id == uploader_id):
raise Forbidden()
@@ -209,12 +209,16 @@ def get_media_entry_by_id(controller):
@wraps(controller)
def wrapper(request, *args, **kwargs):
media = MediaEntry.query.filter_by(
- id=request.matchdict['media'],
+ id=request.matchdict['media_id'],
state=u'processed').first()
# Still no media? Okay, 404.
if not media:
return render_404(request)
+ given_username = request.matchdict.get('user')
+ if given_username and (given_username != media.get_uploader.username):
+ return render_404(request)
+
return controller(request, media=media, *args, **kwargs)
return wrapper
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 07:52:33 +0000