diff options
Diffstat (limited to 'mediagoblin/decorators.py')
| -rw-r--r-- | mediagoblin/decorators.py | 64 |
1 files changed, 39 insertions, 25 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 8515d091..daeddb3f 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -16,13 +16,15 @@ from functools import wraps -from urlparse import urljoin from werkzeug.exceptions import Forbidden, NotFound from oauthlib.oauth1 import ResourceEndpoint +from six.moves.urllib.parse import urljoin + from mediagoblin import mg_globals as mgg from mediagoblin import messages -from mediagoblin.db.models import MediaEntry, User, MediaComment +from mediagoblin.db.models import MediaEntry, LocalUser, TextComment, \ + AccessToken, Comment from mediagoblin.tools.response import ( redirect, render_404, render_user_banned, json_response) @@ -74,7 +76,7 @@ def require_active_login(controller): return new_controller_func -def user_has_privilege(privilege_name): +def user_has_privilege(privilege_name, allow_admin=True): """ Requires that a user have a particular privilege in order to access a page. In order to require that a user have multiple privileges, use this @@ -85,14 +87,17 @@ def user_has_privilege(privilege_name): the privilege object. This object is the name of the privilege, as assigned in the Privilege.privilege_name column + + :param allow_admin If this is true then if the user is an admin + it will allow the user even if the user doesn't + have the privilage given in privilage_name. """ def user_has_privilege_decorator(controller): @wraps(controller) @require_active_login def wrapper(request, *args, **kwargs): - user_id = request.user.id - if not request.user.has_privilege(privilege_name): + if not request.user.has_privilege(privilege_name, allow_admin): raise Forbidden() return controller(request, *args, **kwargs) @@ -102,12 +107,12 @@ def user_has_privilege(privilege_name): def active_user_from_url(controller): - """Retrieve User() from <user> URL pattern and pass in as url_user=... + """Retrieve LocalUser() from <user> URL pattern and pass in as url_user=... Returns a 404 if no such active user has been found""" @wraps(controller) def wrapper(request, *args, **kwargs): - user = User.query.filter_by(username=request.matchdict['user']).first() + user = LocalUser.query.filter_by(username=request.matchdict['user']).first() if user is None: return render_404(request) @@ -122,7 +127,7 @@ def user_may_delete_media(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - uploader_id = kwargs['media'].uploader + uploader_id = kwargs['media'].actor if not (request.user.has_privilege(u'admin') or request.user.id == uploader_id): raise Forbidden() @@ -138,7 +143,7 @@ def user_may_alter_collection(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - creator_id = request.db.User.query.filter_by( + creator_id = request.db.LocalUser.query.filter_by( username=request.matchdict['user']).first().id if not (request.user.has_privilege(u'admin') or request.user.id == creator_id): @@ -173,7 +178,7 @@ def get_user_media_entry(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - user = User.query.filter_by(username=request.matchdict['user']).first() + user = LocalUser.query.filter_by(username=request.matchdict['user']).first() if not user: raise NotFound() @@ -188,7 +193,7 @@ def get_user_media_entry(controller): media = MediaEntry.query.filter_by( id=int(media_slug[3:]), state=u'processed', - uploader=user.id).first() + actor=user.id).first() except ValueError: raise NotFound() else: @@ -196,7 +201,7 @@ def get_user_media_entry(controller): media = MediaEntry.query.filter_by( slug=media_slug, state=u'processed', - uploader=user.id).first() + actor=user.id).first() if not media: # Didn't find anything? Okay, 404. @@ -213,7 +218,7 @@ def get_user_collection(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - user = request.db.User.query.filter_by( + user = request.db.LocalUser.query.filter_by( username=request.matchdict['user']).first() if not user: @@ -221,7 +226,7 @@ def get_user_collection(controller): collection = request.db.Collection.query.filter_by( slug=request.matchdict['collection'], - creator=user.id).first() + actor=user.id).first() # Still no collection? Okay, 404. if not collection: @@ -238,7 +243,7 @@ def get_user_collection_item(controller): """ @wraps(controller) def wrapper(request, *args, **kwargs): - user = request.db.User.query.filter_by( + user = request.db.LocalUser.query.filter_by( username=request.matchdict['user']).first() if not user: @@ -270,7 +275,7 @@ def get_media_entry_by_id(controller): return render_404(request) given_username = request.matchdict.get('user') - if given_username and (given_username != media.get_uploader.username): + if given_username and (given_username != media.get_actor.username): return render_404(request) return controller(request, media=media, *args, **kwargs) @@ -321,11 +326,11 @@ def allow_reporting(controller): def get_optional_media_comment_by_id(controller): """ - Pass in a MediaComment based off of a url component. Because of this decor- - -ator's use in filing Media or Comment Reports, it has two valid outcomes. + Pass in a Comment based off of a url component. Because of this decor- + -ator's use in filing Reports, it has two valid outcomes. :returns The view function being wrapped with kwarg `comment` set to - the MediaComment who's id is in the URL. If there is a + the Comment who's id is in the URL. If there is a comment id in the URL and if it is valid. :returns The view function being wrapped with kwarg `comment` set to None. If there is no comment id in the URL. @@ -335,8 +340,9 @@ def get_optional_media_comment_by_id(controller): @wraps(controller) def wrapper(request, *args, **kwargs): if 'comment' in request.matchdict: - comment = MediaComment.query.filter_by( - id=request.matchdict['comment']).first() + comment = Comment.query.filter_by( + id=request.matchdict['comment'] + ).first() if comment is None: return render_404(request) @@ -369,7 +375,8 @@ def require_admin_or_moderator_login(controller): @wraps(controller) def new_controller_func(request, *args, **kwargs): if request.user and \ - not request.user.has_privilege(u'admin',u'moderator'): + not (request.user.has_privilege(u'admin') + or request.user.has_privilege(u'moderator')): raise Forbidden() elif not request.user: @@ -401,17 +408,24 @@ def oauth_required(controller): request_validator = GMGRequestValidator() resource_endpoint = ResourceEndpoint(request_validator) - valid, request = resource_endpoint.validate_protected_resource_request( + valid, r = resource_endpoint.validate_protected_resource_request( uri=request.url, http_method=request.method, - body=request.get_data(), + body=request.data, headers=dict(request.headers), ) if not valid: - error = "Invalid oauth prarameter." + error = "Invalid oauth parameter." return json_response({"error": error}, status=400) + # Fill user if not already + token = authorization[u"oauth_token"] + request.access_token = AccessToken.query.filter_by(token=token).first() + if request.access_token is not None and request.user is None: + user_id = request.access_token.actor + request.user = LocalUser.query.filter_by(id=user_id).first() + return controller(request, *args, **kwargs) return wrapper |