1 files changed, 123 insertions, 8 deletions

diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 685d0d98..8515d091 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -22,25 +22,45 @@ from oauthlib.oauth1 import ResourceEndpoint
 
 from mediagoblin import mg_globals as mgg
 from mediagoblin import messages
-from mediagoblin.db.models import MediaEntry, User
-from mediagoblin.tools.response import json_response, redirect, render_404
+from mediagoblin.db.models import MediaEntry, User, MediaComment
+from mediagoblin.tools.response import (
+    redirect, render_404,
+    render_user_banned, json_response)
 from mediagoblin.tools.translate import pass_to_ugettext as _
 
 from mediagoblin.oauth.tools.request import decode_authorization_header
 from mediagoblin.oauth.oauth import GMGRequestValidator
 
+
+def user_not_banned(controller):
+    """
+    Requires that the user has not been banned. Otherwise redirects to the page
+    explaining why they have been banned
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        if request.user:
+            if request.user.is_banned():
+                return render_user_banned(request)
+        return controller(request, *args, **kwargs)
+
+    return wrapper
+
+
 def require_active_login(controller):
     """
-    Require an active login from the user.
+    Require an active login from the user. If the user is banned, redirects to
+    the "You are Banned" page.
     """
     @wraps(controller)
+    @user_not_banned
     def new_controller_func(request, *args, **kwargs):
         if request.user and \
-                request.user.status == u'needs_email_verification':
+                not request.user.has_privilege(u'active'):
             return redirect(
                 request, 'mediagoblin.user_pages.user_home',
                 user=request.user.username)
-        elif not request.user or request.user.status != u'active':
+        elif not request.user or not request.user.has_privilege(u'active'):
             next_url = urljoin(
                     request.urlgen('mediagoblin.auth.login',
                         qualified=True),
@@ -53,6 +73,34 @@ def require_active_login(controller):
 
     return new_controller_func
 
+
+def user_has_privilege(privilege_name):
+    """
+    Requires that a user have a particular privilege in order to access a page.
+    In order to require that a user have multiple privileges, use this
+    decorator twice on the same view. This decorator also makes sure that the
+    user is not banned, or else it redirects them to the "You are Banned" page.
+
+        :param privilege_name       A unicode object that is that represents
+                                        the privilege object. This object is
+                                        the name of the privilege, as assigned
+                                        in the Privilege.privilege_name column
+    """
+
+    def user_has_privilege_decorator(controller):
+        @wraps(controller)
+        @require_active_login
+        def wrapper(request, *args, **kwargs):
+            user_id = request.user.id
+            if not request.user.has_privilege(privilege_name):
+                raise Forbidden()
+
+            return controller(request, *args, **kwargs)
+
+        return wrapper
+    return user_has_privilege_decorator
+
+
 def active_user_from_url(controller):
     """Retrieve User() from <user> URL pattern and pass in as url_user=...
 
@@ -75,7 +123,7 @@ def user_may_delete_media(controller):
     @wraps(controller)
     def wrapper(request, *args, **kwargs):
         uploader_id = kwargs['media'].uploader
-        if not (request.user.is_admin or
+        if not (request.user.has_privilege(u'admin') or
                 request.user.id == uploader_id):
             raise Forbidden()
 
@@ -92,7 +140,7 @@ def user_may_alter_collection(controller):
     def wrapper(request, *args, **kwargs):
         creator_id = request.db.User.query.filter_by(
             username=request.matchdict['user']).first().id
-        if not (request.user.is_admin or
+        if not (request.user.has_privilege(u'admin') or
                 request.user.id == creator_id):
             raise Forbidden()
 
@@ -256,6 +304,48 @@ def allow_registration(controller):
 
     return wrapper
 
+def allow_reporting(controller):
+    """ Decorator for if reporting is enabled"""
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        if not mgg.app_config["allow_reporting"]:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _('Sorry, reporting is disabled on this instance.'))
+            return redirect(request, 'index')
+
+        return controller(request, *args, **kwargs)
+
+    return wrapper
+
+def get_optional_media_comment_by_id(controller):
+    """
+    Pass in a MediaComment based off of a url component. Because of this decor-
+    -ator's use in filing Media or Comment Reports, it has two valid outcomes.
+
+    :returns        The view function being wrapped with kwarg `comment` set to
+                        the MediaComment who's id is in the URL. If there is a
+                        comment id in the URL and if it is valid.
+    :returns        The view function being wrapped with kwarg `comment` set to
+                        None. If there is no comment id in the URL.
+    :returns        A 404 Error page, if there is a comment if in the URL and it
+                        is invalid.
+    """
+    @wraps(controller)
+    def wrapper(request, *args, **kwargs):
+        if 'comment' in request.matchdict:
+            comment = MediaComment.query.filter_by(
+                    id=request.matchdict['comment']).first()
+
+            if comment is None:
+                return render_404(request)
+
+            return controller(request, comment=comment, *args, **kwargs)
+        else:
+            return controller(request, comment=None, *args, **kwargs)
+    return wrapper
+
 
 def auth_enabled(controller):
     """Decorator for if an auth plugin is enabled"""
@@ -272,6 +362,31 @@ def auth_enabled(controller):
 
     return wrapper
 
+def require_admin_or_moderator_login(controller):
+    """
+    Require a login from an administrator or a moderator.
+    """
+    @wraps(controller)
+    def new_controller_func(request, *args, **kwargs):
+        if request.user and \
+            not request.user.has_privilege(u'admin',u'moderator'):
+
+            raise Forbidden()
+        elif not request.user:
+            next_url = urljoin(
+                    request.urlgen('mediagoblin.auth.login',
+                        qualified=True),
+                    request.url)
+
+            return redirect(request, 'mediagoblin.auth.login',
+                            next=next_url)
+
+        return controller(request, *args, **kwargs)
+
+    return new_controller_func
+
+
+
 def oauth_required(controller):
     """ Used to wrap API endpoints where oauth is required """
     @wraps(controller)
@@ -283,7 +398,7 @@ def oauth_required(controller):
             error = "Missing required parameter."
             return json_response({"error": error}, status=400)
 
-         
+
         request_validator = GMGRequestValidator()
         resource_endpoint = ResourceEndpoint(request_validator)
         valid, request = resource_endpoint.validate_protected_resource_request(