aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/decorators.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/decorators.py')
-rw-r--r--mediagoblin/decorators.py64
1 files changed, 39 insertions, 25 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 8515d091..daeddb3f 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -16,13 +16,15 @@
from functools import wraps
-from urlparse import urljoin
from werkzeug.exceptions import Forbidden, NotFound
from oauthlib.oauth1 import ResourceEndpoint
+from six.moves.urllib.parse import urljoin
+
from mediagoblin import mg_globals as mgg
from mediagoblin import messages
-from mediagoblin.db.models import MediaEntry, User, MediaComment
+from mediagoblin.db.models import MediaEntry, LocalUser, TextComment, \
+ AccessToken, Comment
from mediagoblin.tools.response import (
redirect, render_404,
render_user_banned, json_response)
@@ -74,7 +76,7 @@ def require_active_login(controller):
return new_controller_func
-def user_has_privilege(privilege_name):
+def user_has_privilege(privilege_name, allow_admin=True):
"""
Requires that a user have a particular privilege in order to access a page.
In order to require that a user have multiple privileges, use this
@@ -85,14 +87,17 @@ def user_has_privilege(privilege_name):
the privilege object. This object is
the name of the privilege, as assigned
in the Privilege.privilege_name column
+
+ :param allow_admin If this is true then if the user is an admin
+ it will allow the user even if the user doesn't
+ have the privilage given in privilage_name.
"""
def user_has_privilege_decorator(controller):
@wraps(controller)
@require_active_login
def wrapper(request, *args, **kwargs):
- user_id = request.user.id
- if not request.user.has_privilege(privilege_name):
+ if not request.user.has_privilege(privilege_name, allow_admin):
raise Forbidden()
return controller(request, *args, **kwargs)
@@ -102,12 +107,12 @@ def user_has_privilege(privilege_name):
def active_user_from_url(controller):
- """Retrieve User() from <user> URL pattern and pass in as url_user=...
+ """Retrieve LocalUser() from <user> URL pattern and pass in as url_user=...
Returns a 404 if no such active user has been found"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- user = User.query.filter_by(username=request.matchdict['user']).first()
+ user = LocalUser.query.filter_by(username=request.matchdict['user']).first()
if user is None:
return render_404(request)
@@ -122,7 +127,7 @@ def user_may_delete_media(controller):
"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- uploader_id = kwargs['media'].uploader
+ uploader_id = kwargs['media'].actor
if not (request.user.has_privilege(u'admin') or
request.user.id == uploader_id):
raise Forbidden()
@@ -138,7 +143,7 @@ def user_may_alter_collection(controller):
"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- creator_id = request.db.User.query.filter_by(
+ creator_id = request.db.LocalUser.query.filter_by(
username=request.matchdict['user']).first().id
if not (request.user.has_privilege(u'admin') or
request.user.id == creator_id):
@@ -173,7 +178,7 @@ def get_user_media_entry(controller):
"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- user = User.query.filter_by(username=request.matchdict['user']).first()
+ user = LocalUser.query.filter_by(username=request.matchdict['user']).first()
if not user:
raise NotFound()
@@ -188,7 +193,7 @@ def get_user_media_entry(controller):
media = MediaEntry.query.filter_by(
id=int(media_slug[3:]),
state=u'processed',
- uploader=user.id).first()
+ actor=user.id).first()
except ValueError:
raise NotFound()
else:
@@ -196,7 +201,7 @@ def get_user_media_entry(controller):
media = MediaEntry.query.filter_by(
slug=media_slug,
state=u'processed',
- uploader=user.id).first()
+ actor=user.id).first()
if not media:
# Didn't find anything? Okay, 404.
@@ -213,7 +218,7 @@ def get_user_collection(controller):
"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- user = request.db.User.query.filter_by(
+ user = request.db.LocalUser.query.filter_by(
username=request.matchdict['user']).first()
if not user:
@@ -221,7 +226,7 @@ def get_user_collection(controller):
collection = request.db.Collection.query.filter_by(
slug=request.matchdict['collection'],
- creator=user.id).first()
+ actor=user.id).first()
# Still no collection? Okay, 404.
if not collection:
@@ -238,7 +243,7 @@ def get_user_collection_item(controller):
"""
@wraps(controller)
def wrapper(request, *args, **kwargs):
- user = request.db.User.query.filter_by(
+ user = request.db.LocalUser.query.filter_by(
username=request.matchdict['user']).first()
if not user:
@@ -270,7 +275,7 @@ def get_media_entry_by_id(controller):
return render_404(request)
given_username = request.matchdict.get('user')
- if given_username and (given_username != media.get_uploader.username):
+ if given_username and (given_username != media.get_actor.username):
return render_404(request)
return controller(request, media=media, *args, **kwargs)
@@ -321,11 +326,11 @@ def allow_reporting(controller):
def get_optional_media_comment_by_id(controller):
"""
- Pass in a MediaComment based off of a url component. Because of this decor-
- -ator's use in filing Media or Comment Reports, it has two valid outcomes.
+ Pass in a Comment based off of a url component. Because of this decor-
+ -ator's use in filing Reports, it has two valid outcomes.
:returns The view function being wrapped with kwarg `comment` set to
- the MediaComment who's id is in the URL. If there is a
+ the Comment who's id is in the URL. If there is a
comment id in the URL and if it is valid.
:returns The view function being wrapped with kwarg `comment` set to
None. If there is no comment id in the URL.
@@ -335,8 +340,9 @@ def get_optional_media_comment_by_id(controller):
@wraps(controller)
def wrapper(request, *args, **kwargs):
if 'comment' in request.matchdict:
- comment = MediaComment.query.filter_by(
- id=request.matchdict['comment']).first()
+ comment = Comment.query.filter_by(
+ id=request.matchdict['comment']
+ ).first()
if comment is None:
return render_404(request)
@@ -369,7 +375,8 @@ def require_admin_or_moderator_login(controller):
@wraps(controller)
def new_controller_func(request, *args, **kwargs):
if request.user and \
- not request.user.has_privilege(u'admin',u'moderator'):
+ not (request.user.has_privilege(u'admin')
+ or request.user.has_privilege(u'moderator')):
raise Forbidden()
elif not request.user:
@@ -401,17 +408,24 @@ def oauth_required(controller):
request_validator = GMGRequestValidator()
resource_endpoint = ResourceEndpoint(request_validator)
- valid, request = resource_endpoint.validate_protected_resource_request(
+ valid, r = resource_endpoint.validate_protected_resource_request(
uri=request.url,
http_method=request.method,
- body=request.get_data(),
+ body=request.data,
headers=dict(request.headers),
)
if not valid:
- error = "Invalid oauth prarameter."
+ error = "Invalid oauth parameter."
return json_response({"error": error}, status=400)
+ # Fill user if not already
+ token = authorization[u"oauth_token"]
+ request.access_token = AccessToken.query.filter_by(token=token).first()
+ if request.access_token is not None and request.user is None:
+ user_id = request.access_token.actor
+ request.user = LocalUser.query.filter_by(id=user_id).first()
+
return controller(request, *args, **kwargs)
return wrapper