diff options
Diffstat (limited to 'mediagoblin/edit/views.py')
| -rw-r--r-- | mediagoblin/edit/views.py | 58 |
1 files changed, 39 insertions, 19 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 15edfdd6..673409bd 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -25,14 +25,16 @@ from werkzeug.utils import secure_filename from mediagoblin import messages from mediagoblin import mg_globals -from mediagoblin.util import ( - render_to_response, redirect, clean_html, convert_to_tag_list_of_dicts, - media_tags_as_string, cleaned_markdown_conversion) -from mediagoblin.util import pass_to_ugettext as _ + +from mediagoblin.auth import lib as auth_lib from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import require_active_login, get_user_media_entry - +from mediagoblin.tools.response import render_to_response, redirect +from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.tools.text import ( + clean_html, convert_to_tag_list_of_dicts, + media_tags_as_string, cleaned_markdown_conversion) @get_user_media_entry @require_active_login @@ -56,7 +58,7 @@ def edit_media(request, media): existing_user_slug_entries = request.db.MediaEntry.find( {'slug': request.POST['slug'], 'uploader': media['uploader'], - '_id': {'$ne': media['_id']}}).count() + '_id': {'$ne': media._id}}).count() if existing_user_slug_entries: form.slug.errors.append( @@ -77,7 +79,7 @@ def edit_media(request, media): location=media.url_for_self(request.urlgen)) if request.user['is_admin'] \ - and media['uploader'] != request.user['_id'] \ + and media['uploader'] != request.user._id \ and request.method != 'POST': messages.add_message( request, messages.WARNING, @@ -103,7 +105,7 @@ def edit_attachments(request, media): attachment_public_filepath \ = mg_globals.public_store.get_unique_filepath( - ['media_entries', unicode(media['_id']), 'attachment', + ['media_entries', unicode(media._id), 'attachment', secure_filename(request.POST['attachment_file'].filename)]) attachment_public_file = mg_globals.public_store.get_file( @@ -119,7 +121,7 @@ def edit_attachments(request, media): name=request.POST['attachment_name'] \ or request.POST['attachment_file'].filename, filepath=attachment_public_filepath, - created=datetime.utcnow() + created=datetime.utcnow(), )) media.save() @@ -160,19 +162,37 @@ def edit_profile(request): bio=user.get('bio')) if request.method == 'POST' and form.validate(): - user['url'] = unicode(request.POST['url']) - user['bio'] = unicode(request.POST['bio']) + password_matches = auth_lib.bcrypt_check_password( + request.POST['old_password'], + user['pw_hash']) + + if (request.POST['old_password'] or request.POST['new_password']) and not \ + password_matches: + form.old_password.errors.append(_('Wrong password')) + + return render_to_response( + request, + 'mediagoblin/edit/edit_profile.html', + {'user': user, + 'form': form}) + + user['url'] = unicode(request.POST['url']) + user['bio'] = unicode(request.POST['bio']) + + if password_matches: + user['pw_hash'] = auth_lib.bcrypt_gen_password_hash( + request.POST['new_password']) - user['bio_html'] = cleaned_markdown_conversion(user['bio']) + user['bio_html'] = cleaned_markdown_conversion(user['bio']) - user.save() + user.save() - messages.add_message(request, - messages.SUCCESS, - 'Profile edited!') - return redirect(request, - 'mediagoblin.user_pages.user_home', - user=edit_username) + messages.add_message(request, + messages.SUCCESS, + _("Profile edited!")) + return redirect(request, + 'mediagoblin.user_pages.user_home', + user=user['username']) return render_to_response( request, |