diff options
Diffstat (limited to 'mediagoblin/decorators.py')
-rw-r--r-- | mediagoblin/decorators.py | 36 |
1 files changed, 16 insertions, 20 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 90b36771..0903dd41 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -17,9 +17,8 @@ from functools import wraps from urlparse import urljoin -from urllib import urlencode - -from webob import exc +from werkzeug.exceptions import Forbidden +from werkzeug.urls import url_quote from mediagoblin.db.util import ObjectId, InvalidId from mediagoblin.db.sql.models import User @@ -43,11 +42,8 @@ def require_active_login(controller): qualified=True), request.url) - return exc.HTTPFound( - location='?'.join([ - request.urlgen('mediagoblin.auth.login'), - urlencode({ - 'next': next_url})])) + return redirect(request, 'mediagoblin.auth.login', + next=url_quote(next_url)) return controller(request, *args, **kwargs) @@ -75,10 +71,10 @@ def user_may_delete_media(controller): @wraps(controller) def wrapper(request, *args, **kwargs): uploader_id = request.db.MediaEntry.find_one( - {'_id': ObjectId(request.matchdict['media'])}).uploader + {'id': ObjectId(request.matchdict['media'])}).uploader if not (request.user.is_admin or - request.user._id == uploader_id): - return exc.HTTPForbidden() + request.user.id == uploader_id): + raise Forbidden() return controller(request, *args, **kwargs) @@ -94,8 +90,8 @@ def user_may_alter_collection(controller): creator_id = request.db.User.find_one( {'username': request.matchdict['user']}).id if not (request.user.is_admin or - request.user._id == creator_id): - return exc.HTTPForbidden() + request.user.id == creator_id): + raise Forbidden() return controller(request, *args, **kwargs) @@ -134,15 +130,15 @@ def get_user_media_entry(controller): media = request.db.MediaEntry.find_one( {'slug': request.matchdict['media'], 'state': u'processed', - 'uploader': user._id}) + 'uploader': user.id}) # no media via slug? Grab it via ObjectId if not media: try: media = request.db.MediaEntry.find_one( - {'_id': ObjectId(request.matchdict['media']), + {'id': ObjectId(request.matchdict['media']), 'state': u'processed', - 'uploader': user._id}) + 'uploader': user.id}) except InvalidId: return render_404(request) @@ -169,7 +165,7 @@ def get_user_collection(controller): collection = request.db.Collection.find_one( {'slug': request.matchdict['collection'], - 'creator': user._id}) + 'creator': user.id}) # Still no collection? Okay, 404. if not collection: @@ -194,10 +190,10 @@ def get_user_collection_item(controller): collection = request.db.Collection.find_one( {'slug': request.matchdict['collection'], - 'creator': user._id}) + 'creator': user.id}) collection_item = request.db.CollectionItem.find_one( - {'_id': request.matchdict['collection_item'] }) + {'id': request.matchdict['collection_item'] }) # Still no collection item? Okay, 404. if not collection_item: @@ -216,7 +212,7 @@ def get_media_entry_by_id(controller): def wrapper(request, *args, **kwargs): try: media = request.db.MediaEntry.find_one( - {'_id': ObjectId(request.matchdict['media']), + {'id': ObjectId(request.matchdict['media']), 'state': u'processed'}) except InvalidId: return render_404(request) |