1 files changed, 88 insertions, 12 deletions

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index ca7be53c..c9a1a78c 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -18,10 +18,12 @@ from functools import wraps
 
 from urlparse import urljoin
 from werkzeug.exceptions import Forbidden, NotFound
+from werkzeug.urls import url_quote
 
 from mediagoblin import mg_globals as mgg
 from mediagoblin import messages
-from mediagoblin.db.models import MediaEntry, User
+from mediagoblin.db.models import MediaEntry, User, MediaComment,
+							UserBan
 from mediagoblin.tools.response import redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 
@@ -64,6 +66,26 @@ def active_user_from_url(controller):
 
     return wrapper
 
+def user_has_privilege(privilege_name):
+
+    def user_has_privilege_decorator(controller):
+        @wraps(controller)
+        def wrapper(request, *args, **kwargs):
+            user_id = request.user.id
+            privileges_of_user = Privilege.query.filter(
+                Privilege.all_users.any(
+                User.id==user_id))
+            if UserBan.query.filter(UserBan.user_id==user_id).count():
+                return render_user_banned(request)
+            elif not privileges_of_user.filter(
+                Privilege.privilege_name==privilege_name).count():
+                raise Forbidden()
+
+            return controller(request, *args, **kwargs)
+
+        return wrapper
+    return user_has_privilege_decorator
+
 
 def user_may_delete_media(controller):
     """
@@ -227,17 +249,6 @@ def get_media_entry_by_id(controller):
     return wrapper
 
 
-def get_workbench(func):
-    """Decorator, passing in a workbench as kwarg which is cleaned up afterwards"""
-
-    @wraps(func)
-    def new_func(*args, **kwargs):
-        with mgg.workbench_manager.create() as workbench:
-            return func(*args, workbench=workbench, **kwargs)
-
-    return new_func
-
-
 def allow_registration(controller):
     """ Decorator for if registration is enabled"""
     @wraps(controller)
@@ -253,6 +264,22 @@ def allow_registration(controller):
 
     return wrapper
 
+def get_media_comment_by_id(controller):
+    """
+    Pass in a MediaComment based off of a url component
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        comment = MediaComment.query.filter_by(
+                id=request.matchdict['comment']).first()
+        # Still no media?  Okay, 404.
+        if not comment:
+            return render_404(request)
+
+        return controller(request, comment=comment, *args, **kwargs)
+
+    return wrapper
+
 
 def auth_enabled(controller):
     """Decorator for if an auth plugin is enabled"""
@@ -264,7 +291,56 @@ def auth_enabled(controller):
                 messages.WARNING,
                 _('Sorry, authentication is disabled on this instance.'))
             return redirect(request, 'index')
+        return controller(request, *args, **kwargs)
+
+    return wrapper
+
+def get_workbench(func):
+    """Decorator, passing in a workbench as kwarg which is cleaned up afterwards"""
+    @wraps(func)
+    def new_func(*args, **kwargs):
+        with mgg.workbench_manager.create() as workbench:
+            return func(*args, workbench=workbench, **kwargs)
+    return new_func
+
+def require_admin_or_moderator_login(controller):
+    """
+    Require an login from an administrator or a moderator.
+    """
+    @wraps(controller)
+    def new_controller_func(request, *args, **kwargs):
+        admin_privilege = Privilege.one({'privilege_name':u'admin'})
+        moderator_privilege = Privilege.one({'privilege_name':u'moderator'})
+        if request.user and \
+            not admin_privilege in request.user.all_privileges and \
+                 not moderator_privilege in request.user.all_privileges:
+
+            raise Forbidden()
+        elif not request.user:
+            next_url = urljoin(
+                    request.urlgen('mediagoblin.auth.login',
+                        qualified=True),
+                    request.url)
+
+            return redirect(request, 'mediagoblin.auth.login',
+                            next=next_url)
 
         return controller(request, *args, **kwargs)
 
+    return new_controller_func
+
+def user_not_banned(controller):
+    """
+    Requires that the user has not been banned. Otherwise redirects to the page
+    explaining why they have been banned
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        if request.user:
+            user_banned = UserBan.query.get(request.user.id)
+            if user_banned:
+                return render_user_banned(request)
+        return controller(request, *args, **kwargs)
+
     return wrapper
+