2 files changed, 18 insertions, 16 deletions

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index ecc50364..0ef91127 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -18,9 +18,9 @@ import logging
 import json
 
 from functools import wraps
-from webob import exc, Response
 from urlparse import urljoin
-
+from werkzeug.exceptions import Forbidden
+from werkzeug.wrappers import Response
 from mediagoblin import mg_globals
 from mediagoblin.tools.pluginapi import PluginManager
 from mediagoblin.storage.filestorage import BasicFileStorage
@@ -54,23 +54,22 @@ class Auth(object):
 
 def json_response(serializable, _disable_cors=False, *args, **kw):
     '''
-    Serializes a json objects and returns a webob.Response object with the
+    Serializes a json objects and returns a werkzeug Response object with the
     serialized value as the response body and Content-Type: application/json.
 
     :param serializable: A json-serializable object
 
     Any extra arguments and keyword arguments are passed to the
-    webob.Response.__init__ method.
+    Response.__init__ method.
     '''
-    response = Response(json.dumps(serializable), *args, **kw)
-    response.headers['Content-Type'] = 'application/json'
+    response = Response(json.dumps(serializable), *args, content_type='application/json', **kw)
 
     if not _disable_cors:
         cors_headers = {
                 'Access-Control-Allow-Origin': '*',
                 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
                 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
-        response.headers.update(cors_headers)
+        (response.headers.set(key, value) for key, value in cors_headers)
 
     return response
 
@@ -143,7 +142,7 @@ def api_auth(controller):
         # If we can't find any authentication methods, we should not let them
         # pass.
         if not auth_candidates:
-            return exc.HTTPForbidden()
+            return Forbidden()
 
         # For now, just select the first one in the list
         auth = auth_candidates[0]
@@ -157,7 +156,7 @@ def api_auth(controller):
                         'status': 403,
                         'errors': auth.errors})
 
-            return exc.HTTPForbidden()
+            return Forbidden()
 
         return controller(request, *args, **kw)
 
diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py
index a1b1bcac..8e02d7bd 100644
--- a/mediagoblin/plugins/api/views.py
+++ b/mediagoblin/plugins/api/views.py
@@ -19,9 +19,10 @@ import logging
 import uuid
 
 from os.path import splitext
-from webob import exc, Response
-from werkzeug.utils import secure_filename
 from werkzeug.datastructures import FileStorage
+from werkzeug.exceptions import BadRequest, Forbidden
+from werkzeug.utils import secure_filename
+from werkzeug.wrappers import Response
 from celery import registry
 
 from mediagoblin.db.util import ObjectId
@@ -47,13 +48,13 @@ def post_entry(request):
 
     if request.method != 'POST':
         _log.debug('Must POST against post_entry')
-        return exc.HTTPBadRequest()
+        return BadRequest()
 
     if not 'file' in request.files \
             or not isinstance(request.files['file'], FileStorage) \
             or not request.files['file'].stream:
         _log.debug('File field not found')
-        return exc.HTTPBadRequest()
+        return BadRequest()
 
     media_file = request.files['file']
 
@@ -108,7 +109,7 @@ def post_entry(request):
     process_media = registry.tasks[ProcessMedia.name]
     try:
         process_media.apply_async(
-            [unicode(entry._id)], {},
+            [unicode(entry.id)], {},
             task_id=task_id)
     except BaseException as e:
         # The purpose of this section is because when running in "lazy"
@@ -119,7 +120,7 @@ def post_entry(request):
         #
         # ... not completely the diaper pattern because the
         # exception is re-raised :)
-        mark_entry_failed(entry._id, e)
+        mark_entry_failed(entry.id, e)
         # re-raise the exception
         raise
 
@@ -129,12 +130,14 @@ def post_entry(request):
 @api_auth
 def api_test(request):
     if not request.user:
-        return exc.HTTPForbidden()
+        return Forbidden()
 
     user_data = {
             'username': request.user.username,
             'email': request.user.email}
 
+    # TODO: This is the *only* thing using Response() here, should that
+    # not simply use json_response()?
     return Response(json.dumps(user_data))