aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/edit/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/edit/views.py')
-rw-r--r--mediagoblin/edit/views.py26
1 files changed, 17 insertions, 9 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 9de034bb..2f669c66 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -26,8 +26,8 @@ from mediagoblin import mg_globals
from mediagoblin.auth import lib as auth_lib
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
-from mediagoblin.decorators import require_active_login, get_user_media_entry, \
- user_may_alter_collection, get_user_collection
+from mediagoblin.decorators import (require_active_login, active_user_from_url,
+ get_user_media_entry, user_may_alter_collection, get_user_collection)
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.text import (
@@ -167,20 +167,28 @@ def edit_attachments(request, media):
else:
raise Forbidden("Attachments are disabled")
+@require_active_login
+def legacy_edit_profile(request):
+ """redirect the old /edit/profile/?username=USER to /u/USER/edit/"""
+ username = request.GET.get('username') or request.user.username
+ return redirect(request, 'mediagoblin.edit.profile', user=username)
+
@require_active_login
-def edit_profile(request):
- # admins may edit any user profile given a username in the querystring
- edit_username = request.GET.get('username')
- if request.user.is_admin and request.user.username != edit_username:
- user = request.db.User.find_one({'username': edit_username})
+@active_user_from_url
+def edit_profile(request, url_user=None):
+ # admins may edit any user profile
+ if request.user.username != url_user.username:
+ if not request.user.is_admin:
+ raise Forbidden(_("You can only edit your own profile."))
+
# No need to warn again if admin just submitted an edited profile
if request.method != 'POST':
messages.add_message(
request, messages.WARNING,
_("You are editing a user's profile. Proceed with caution."))
- else:
- user = request.user
+
+ user = url_user
form = forms.EditProfileForm(request.form,
url=user.get('url'),