aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin')
-rw-r--r--mediagoblin/admin/views.py48
-rw-r--r--mediagoblin/auth/tools.py10
-rw-r--r--mediagoblin/auth/views.py7
-rw-r--r--mediagoblin/db/migrations.py75
-rw-r--r--mediagoblin/db/mixin.py1
-rw-r--r--mediagoblin/db/models.py204
-rw-r--r--mediagoblin/db/util.py20
-rw-r--r--mediagoblin/decorators.py87
-rw-r--r--mediagoblin/edit/lib.py2
-rw-r--r--mediagoblin/edit/views.py6
-rw-r--r--mediagoblin/gmg_commands/users.py16
-rw-r--r--mediagoblin/meta/__init__.py0
-rw-r--r--mediagoblin/meta/routing.py27
-rw-r--r--mediagoblin/meta/views.py33
-rw-r--r--mediagoblin/moderation/__init__.py (renamed from mediagoblin/admin/__init__.py)0
-rw-r--r--mediagoblin/moderation/forms.py60
-rw-r--r--mediagoblin/moderation/routing.py35
-rw-r--r--mediagoblin/moderation/tools.py135
-rw-r--r--mediagoblin/moderation/views.py155
-rw-r--r--mediagoblin/routing.py6
-rw-r--r--mediagoblin/static/css/base.css71
-rw-r--r--mediagoblin/static/images/icon_clipboard.pngbin0 -> 682 bytes
-rw-r--r--mediagoblin/static/images/icon_clipboard_alert.pngbin0 -> 647 bytes
-rw-r--r--mediagoblin/submit/views.py3
-rw-r--r--mediagoblin/templates/mediagoblin/banned.html28
-rw-r--r--mediagoblin/templates/mediagoblin/base.html12
-rw-r--r--mediagoblin/templates/mediagoblin/meta/code_of_conduct.html46
-rw-r--r--mediagoblin/templates/mediagoblin/meta/reports_details.html (renamed from mediagoblin/admin/routing.py)7
-rw-r--r--mediagoblin/templates/mediagoblin/meta/reports_panel.html17
-rw-r--r--mediagoblin/templates/mediagoblin/moderation/media_panel.html (renamed from mediagoblin/templates/mediagoblin/admin/panel.html)0
-rw-r--r--mediagoblin/templates/mediagoblin/moderation/report.html194
-rw-r--r--mediagoblin/templates/mediagoblin/moderation/report_panel.html122
-rw-r--r--mediagoblin/templates/mediagoblin/moderation/user.html186
-rw-r--r--mediagoblin/templates/mediagoblin/moderation/user_panel.html61
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/collection.html2
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/media.html17
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/report.html83
-rw-r--r--mediagoblin/templates/mediagoblin/user_pages/user.html2
-rw-r--r--mediagoblin/templates/mediagoblin/utils/collection_gallery.html2
-rw-r--r--mediagoblin/templates/mediagoblin/utils/report.html33
-rw-r--r--mediagoblin/tests/test_api.py4
-rw-r--r--mediagoblin/tests/test_auth.py34
-rw-r--r--mediagoblin/tests/test_modelmethods.py43
-rw-r--r--mediagoblin/tests/test_oauth2.py3
-rw-r--r--mediagoblin/tests/tools.py13
-rw-r--r--mediagoblin/tools/response.py15
-rw-r--r--mediagoblin/user_pages/forms.py12
-rw-r--r--mediagoblin/user_pages/lib.py35
-rw-r--r--mediagoblin/user_pages/routing.py8
-rw-r--r--mediagoblin/user_pages/views.py90
-rw-r--r--mediagoblin/views.py4
51 files changed, 1923 insertions, 151 deletions
diff --git a/mediagoblin/admin/views.py b/mediagoblin/admin/views.py
deleted file mode 100644
index 22ca74a3..00000000
--- a/mediagoblin/admin/views.py
+++ /dev/null
@@ -1,48 +0,0 @@
-# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-from werkzeug.exceptions import Forbidden
-
-from mediagoblin.db.models import MediaEntry
-from mediagoblin.decorators import require_active_login
-from mediagoblin.tools.response import render_to_response
-
-@require_active_login
-def admin_processing_panel(request):
- '''
- Show the global processing panel for this instance
- '''
- # TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
- if not request.user.is_admin:
- raise Forbidden()
-
- processing_entries = MediaEntry.query.filter_by(state = u'processing').\
- order_by(MediaEntry.created.desc())
-
- # Get media entries which have failed to process
- failed_entries = MediaEntry.query.filter_by(state = u'failed').\
- order_by(MediaEntry.created.desc())
-
- processed_entries = MediaEntry.query.filter_by(state = u'processed').\
- order_by(MediaEntry.created.desc()).limit(10)
-
- # Render to response
- return render_to_response(
- request,
- 'mediagoblin/admin/panel.html',
- {'processing_entries': processing_entries,
- 'failed_entries': failed_entries,
- 'processed_entries': processed_entries})
diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 579775ff..596a4447 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -14,8 +14,10 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
import logging
import wtforms
+from sqlalchemy import or_
from mediagoblin import mg_globals
from mediagoblin.tools.crypto import get_timed_signer_url
@@ -161,6 +163,14 @@ def register_user(request, register_form):
# Create the user
user = auth.create_user(register_form)
+ # give the user the default privileges
+ default_privileges = [
+ Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
+ Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
+ Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
+ user.all_privileges += default_privileges
+ user.save()
+
# log the user in
request.session['user_id'] = unicode(user.id)
request.session.save()
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index dd71d5c1..7d95b81a 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -17,7 +17,7 @@
from itsdangerous import BadSignature
from mediagoblin import messages, mg_globals
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
from mediagoblin.tools.crypto import get_timed_signer_url
from mediagoblin.decorators import auth_enabled, allow_registration
from mediagoblin.tools.response import render_to_response, redirect, render_404
@@ -153,6 +153,11 @@ def verify_email(request):
if user and user.email_verified is False:
user.status = u'active'
user.email_verified = True
+ user.verification_key = None
+ user.all_privileges.append(
+ Privilege.query.filter(
+ Privilege.privilege_name==u'active').first())
+
user.save()
messages.add_message(
diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py
index 374ab4c8..0eedc5d4 100644
--- a/mediagoblin/db/migrations.py
+++ b/mediagoblin/db/migrations.py
@@ -28,7 +28,8 @@ from migrate.changeset.constraint import UniqueConstraint
from mediagoblin.db.extratypes import JSONEncoded
from mediagoblin.db.migration_tools import RegisterMigration, inspect_table
-from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment
+from mediagoblin.db.models import (MediaEntry, Collection, User,
+ MediaComment, Privilege, ReportBase)
MIGRATIONS = {}
@@ -299,6 +300,7 @@ def drop_token_related_User_columns(db):
metadata = MetaData(bind=db.bind)
user_table = inspect_table(metadata, 'core__users')
+
verification_key = user_table.columns['verification_key']
fp_verification_key = user_table.columns['fp_verification_key']
fp_token_expire = user_table.columns['fp_token_expire']
@@ -320,6 +322,7 @@ class CommentSubscription_v0(declarative_base()):
user_id = Column(Integer, ForeignKey(User.id), nullable=False)
+
notify = Column(Boolean, nullable=False, default=True)
send_email = Column(Boolean, nullable=False, default=True)
@@ -380,6 +383,76 @@ def pw_hash_nullable(db):
constraint = UniqueConstraint('username', table=user_table)
constraint.create()
+class ReportBase_v0(declarative_base()):
+ __tablename__ = 'core__reports'
+ id = Column(Integer, primary_key=True)
+ reporter_id = Column(Integer, ForeignKey(User.id), nullable=False)
+ report_content = Column(UnicodeText)
+ reported_user_id = Column(Integer, ForeignKey(User.id), nullable=False)
+ created = Column(DateTime, nullable=False, default=datetime.datetime.now)
+ discriminator = Column('type', Unicode(50))
+ __mapper_args__ = {'polymorphic_on': discriminator}
+
+class CommentReport_v0(ReportBase_v0):
+ __tablename__ = 'core__reports_on_comments'
+ __mapper_args__ = {'polymorphic_identity': 'comment_report'}
+
+ id = Column('id',Integer, ForeignKey('core__reports.id'),
+ primary_key=True)
+ comment_id = Column(Integer, ForeignKey(MediaComment.id), nullable=False)
+
+class MediaReport_v0(ReportBase_v0):
+ __tablename__ = 'core__reports_on_media'
+ __mapper_args__ = {'polymorphic_identity': 'media_report'}
+
+ id = Column('id',Integer, ForeignKey('core__reports.id'), primary_key=True)
+ media_entry_id = Column(Integer, ForeignKey(MediaEntry.id), nullable=False)
+
+class ArchivedReport_v0(ReportBase_v0):
+ __tablename__ = 'core__reports_archived'
+ __mapper_args__ = {'polymorphic_identity': 'archived_report'}
+
+ id = Column('id',Integer, ForeignKey('core__reports.id'), primary_key=True)
+ media_entry_id = Column(Integer, ForeignKey(MediaEntry.id))
+ comment_id = Column(Integer, ForeignKey(MediaComment.id))
+ resolver_id = Column(Integer, ForeignKey(User.id), nullable=False)
+ resolved_time = Column(DateTime)
+ result = Column(UnicodeText)
+
+class UserBan_v0(declarative_base()):
+ __tablename__ = 'core__user_bans'
+ user_id = Column('id',Integer, ForeignKey(User.id), nullable=False,
+ primary_key=True)
+ expiration_date = Column(DateTime)
+ reason = Column(UnicodeText, nullable=False)
+
+class Privilege_v0(declarative_base()):
+ __tablename__ = 'core__privileges'
+ id = Column(Integer, nullable=False, primary_key=True, unique=True)
+ privilege_name = Column(Unicode, nullable=False, unique=True)
+
+class PrivilegeUserAssociation_v0(declarative_base()):
+ __tablename__ = 'core__privileges_users'
+ group_id = Column(
+ 'core__privilege_id',
+ Integer,
+ ForeignKey(User.id),
+ primary_key=True)
+ user_id = Column(
+ 'core__user_id',
+ Integer,
+ ForeignKey(Privilege.id),
+ primary_key=True)
+
+@RegisterMigration(14, MIGRATIONS)
+def create_moderation_tables(db):
+ ReportBase_v0.__table__.create(db.bind)
+ CommentReport_v0.__table__.create(db.bind)
+ MediaReport_v0.__table__.create(db.bind)
+ ArchivedReport_v0.__table__.create(db.bind)
+ UserBan_v0.__table__.create(db.bind)
+ Privilege_v0.__table__.create(db.bind)
+ PrivilegeUserAssociation_v0.__table__.create(db.bind)
db.commit()
diff --git a/mediagoblin/db/mixin.py b/mediagoblin/db/mixin.py
index 57b27d83..25ce6642 100644
--- a/mediagoblin/db/mixin.py
+++ b/mediagoblin/db/mixin.py
@@ -46,7 +46,6 @@ class UserMixin(object):
def bio_html(self):
return cleaned_markdown_conversion(self.bio)
-
class GenerateSlugMixin(object):
"""
Mixin to add a generate_slug method to objects.
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py
index 9cb39ff4..25b4fa8f 100644
--- a/mediagoblin/db/models.py
+++ b/mediagoblin/db/models.py
@@ -104,6 +104,15 @@ class User(Base, UserMixin):
super(User, self).delete(**kwargs)
_log.info('Deleted user "{0}" account'.format(self.username))
+ def has_privilege(self,*priv_names):
+ if len(priv_names) == 1:
+ priv = Privilege.query.filter(
+ Privilege.privilege_name==priv_names[0]).one()
+ return (priv in self.all_privileges)
+ elif len(priv_names) > 1:
+ return self.has_privilege(priv_names[0]) or \
+ self.has_privilege(*priv_names[1:])
+ return False
class Client(Base):
"""
@@ -640,16 +649,195 @@ class ProcessingNotification(Notification):
'polymorphic_identity': 'processing_notification'
}
+class ReportBase(Base):
+ """
+ This is the basic report table which the other reports are based off of.
+ :keyword reporter_id
+ :keyword report_content
+ :keyword reported_user_id
+ :keyword created
+ :keyword resolved
+ :keyword result
+ :keyword discriminator
+
+ """
+ __tablename__ = 'core__reports'
+ id = Column(Integer, primary_key=True)
+ reporter_id = Column(Integer, ForeignKey(User.id), nullable=False)
+ reporter = relationship(
+ User,
+ backref=backref("reports_filed_by",
+ lazy="dynamic",
+ cascade="all, delete-orphan"),
+ primaryjoin="User.id==ReportBase.reporter_id")
+ report_content = Column(UnicodeText)
+ reported_user_id = Column(Integer, ForeignKey(User.id), nullable=False)
+ reported_user = relationship(
+ User,
+ backref=backref("reports_filed_on",
+ lazy="dynamic",
+ cascade="all, delete-orphan"),
+ primaryjoin="User.id==ReportBase.reported_user_id")
+ created = Column(DateTime, nullable=False, default=datetime.datetime.now())
+ discriminator = Column('type', Unicode(50))
+ __mapper_args__ = {'polymorphic_on': discriminator}
+
+ def is_comment_report(self):
+ return self.discriminator=='comment_report'
+
+ def is_media_entry_report(self):
+ return self.discriminator=='media_report'
+
+ def is_archived_report(self):
+ return self.discriminator=='archived_report'
+
+
+class CommentReport(ReportBase):
+ """
+ A class to keep track of reports that have been filed on comments
+ """
+ __tablename__ = 'core__reports_on_comments'
+ __mapper_args__ = {'polymorphic_identity': 'comment_report'}
+
+ id = Column('id',Integer, ForeignKey('core__reports.id'),
+ primary_key=True)
+ comment_id = Column(Integer, ForeignKey(MediaComment.id), nullable=False)
+ comment = relationship(
+ MediaComment, backref=backref("reports_filed_on",
+ lazy="dynamic",
+ cascade="all, delete-orphan"))
+
+class MediaReport(ReportBase):
+ """
+ A class to keep track of reports that have been filed on media entries
+ """
+ __tablename__ = 'core__reports_on_media'
+ __mapper_args__ = {'polymorphic_identity': 'media_report'}
+
+ id = Column('id',Integer, ForeignKey('core__reports.id'),
+ primary_key=True)
+ media_entry_id = Column(Integer, ForeignKey(MediaEntry.id), nullable=False)
+ media_entry = relationship(
+ MediaEntry,
+ backref=backref("reports_filed_onmod/reports/1/",
+ lazy="dynamic",
+ cascade="all, delete-orphan"))
+
+class ArchivedReport(ReportBase):
+ """
+ A table to keep track of reports that have been resolved
+ """
+ __tablename__ = 'core__reports_archived'
+ __mapper_args__ = {'polymorphic_identity': 'archived_report'}
+ id = Column('id',Integer, ForeignKey('core__reports.id'),
+ primary_key=True)
+
+ media_entry_id = Column(Integer, ForeignKey(MediaEntry.id))
+ media_entry = relationship(
+ MediaEntry,
+ backref=backref("past_reports_filed_on",
+ lazy="dynamic"))
+ comment_id = Column(Integer, ForeignKey(MediaComment.id))
+ comment = relationship(
+ MediaComment, backref=backref("past_reports_filed_on",
+ lazy="dynamic"))
+
+ resolver_id = Column(Integer, ForeignKey(User.id), nullable=False)
+ resolver = relationship(
+ User,
+ backref=backref("reports_resolved_by",
+ lazy="dynamic",
+ cascade="all, delete-orphan"),
+ primaryjoin="User.id==ArchivedReport.resolver_id")
+
+ resolved = Column(DateTime)
+ result = Column(UnicodeText)
+
+class UserBan(Base):
+ """
+ Holds the information on a specific user's ban-state. As long as one of
+ these is attached to a user, they are banned from accessing mediagoblin.
+ When they try to log in, they are greeted with a page that tells them
+ the reason why they are banned and when (if ever) the ban will be
+ lifted
+
+ :keyword user_id Holds the id of the user this object is
+ attached to. This is a one-to-one
+ relationship.
+ :keyword expiration_date Holds the date that the ban will be lifted.
+ If this is null, the ban is permanent
+ unless a moderator manually lifts it.
+ :keyword reason Holds the reason why the user was banned.
+ """
+ __tablename__ = 'core__user_bans'
+
+ user_id = Column(Integer, ForeignKey(User.id), nullable=False,
+ primary_key=True)
+ expiration_date = Column(DateTime)
+ reason = Column(UnicodeText, nullable=False)
+
+
+class Privilege(Base):
+ """
+ The Privilege table holds all of the different privileges a user can hold.
+ If a user 'has' a privilege, the User object is in a relationship with the
+ privilege object.
+
+ :keyword privilege_name Holds a unicode object that is the recognizable
+ name of this privilege. This is the column
+ used for identifying whether or not a user
+ has a necessary privilege or not.
+
+ """
+ __tablename__ = 'core__privileges'
+
+ id = Column(Integer, nullable=False, primary_key=True)
+ privilege_name = Column(Unicode, nullable=False, unique=True)
+ all_users = relationship(
+ User,
+ backref='all_privileges',
+ secondary="core__privileges_users")
+
+ def __init__(self, privilege_name):
+ '''
+ Currently consructors are required for tables that are initialized thru
+ the FOUNDATIONS system. This is because they need to be able to be con-
+ -structed by a list object holding their arg*s
+ '''
+ self.privilege_name = privilege_name
+
+ def __repr__(self):
+ return "<Privilege %s>" % (self.privilege_name)
+
+
+class PrivilegeUserAssociation(Base):
+ '''
+ This table holds the many-to-many relationship between User and Privilege
+ '''
+
+ __tablename__ = 'core__privileges_users'
+
+ privilege_id = Column(
+ 'core__privilege_id',
+ Integer,
+ ForeignKey(User.id),
+ primary_key=True)
+ user_id = Column(
+ 'core__user_id',
+ Integer,
+ ForeignKey(Privilege.id),
+ primary_key=True)
with_polymorphic(
Notification,
[ProcessingNotification, CommentNotification])
MODELS = [
- User, Client, RequestToken, AccessToken, NonceTimestamp, MediaEntry, Tag,
- MediaTag, MediaComment, Collection, CollectionItem, MediaFile, FileKeynames,
- MediaAttachmentFile, ProcessingMetaData, Notification, CommentNotification,
- ProcessingNotification, CommentSubscription]
+ User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem,
+ MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData,
+ Notification, CommentNotification, ProcessingNotification,
+ CommentSubscription, ReportBase, CommentReport, MediaReport, UserBan,
+ Privilege, PrivilegeUserAssociation, ArchivedReport, ArchivedReport]
"""
Foundations are the default rows that are created immediately after the tables
@@ -665,7 +853,13 @@ MODELS = [
FOUNDATIONS = {User:user_foundations}
"""
-FOUNDATIONS = {}
+privilege_foundations = [{'privilege_name':u'admin'},
+ {'privilege_name':u'moderator'},
+ {'privilege_name':u'uploader'},
+ {'privilege_name':u'reporter'},
+ {'privilege_name':u'commenter'},
+ {'privilege_name':u'active'}]
+FOUNDATIONS = {Privilege:privilege_foundations}
######################################################
# Special, migrations-tracking table
diff --git a/mediagoblin/db/util.py b/mediagoblin/db/util.py
index 8431361a..31fc49fb 100644
--- a/mediagoblin/db/util.py
+++ b/mediagoblin/db/util.py
@@ -15,7 +15,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from mediagoblin.db.base import Session
-from mediagoblin.db.models import MediaEntry, Tag, MediaTag, Collection
+from mediagoblin.db.models import (MediaEntry, Tag, MediaTag, Collection, \
+ User, Privilege, FOUNDATIONS)
##########################
@@ -67,6 +68,23 @@ def check_collection_slug_used(creator_id, slug, ignore_c_id):
does_exist = Session.query(Collection.id).filter(filt).first() is not None
return does_exist
+def user_privileges_to_dictionary(user_id):
+ """
+ This function accepts a users id and returns a dictionary of True or False
+ values for each privilege the user does or does not have. This allows for
+ easier referencing of a user's privileges inside templates.
+ """
+ privilege_dictionary = {}
+ user = User.query.get(user_id)
+ users_privileges = [p_item.privilege_name for p_item in user.all_privileges]
+ #TODO update this to account for plugins that may add foundations
+ for privilege in FOUNDATIONS[Privilege]:
+ privilege_name = privilege['privilege_name']
+ if privilege_name in users_privileges:
+ privilege_dictionary[privilege_name]=True
+ else:
+ privilege_dictionary[privilege_name]=False
+ return privilege_dictionary
if __name__ == '__main__':
from mediagoblin.db.open import setup_connection_and_db_from_config
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py
index 685d0d98..a3479164 100644
--- a/mediagoblin/decorators.py
+++ b/mediagoblin/decorators.py
@@ -22,8 +22,10 @@ from oauthlib.oauth1 import ResourceEndpoint
from mediagoblin import mg_globals as mgg
from mediagoblin import messages
-from mediagoblin.db.models import MediaEntry, User
-from mediagoblin.tools.response import json_response, redirect, render_404
+from mediagoblin.db.models import (MediaEntry, User, MediaComment,
+ UserBan, Privilege)
+from mediagoblin.tools.response import (redirect, render_404,
+ render_user_banned, json_response)
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.oauth.tools.request import decode_authorization_header
@@ -36,11 +38,11 @@ def require_active_login(controller):
@wraps(controller)
def new_controller_func(request, *args, **kwargs):
if request.user and \
- request.user.status == u'needs_email_verification':
+ not request.user.has_privilege(u'active'):
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=request.user.username)
- elif not request.user or request.user.status != u'active':
+ elif not request.user or not request.user.has_privilege(u'active'):
next_url = urljoin(
request.urlgen('mediagoblin.auth.login',
qualified=True),
@@ -67,6 +69,22 @@ def active_user_from_url(controller):
return wrapper
+def user_has_privilege(privilege_name):
+
+ def user_has_privilege_decorator(controller):
+ @wraps(controller)
+ def wrapper(request, *args, **kwargs):
+ user_id = request.user.id
+ if UserBan.query.filter(UserBan.user_id==user_id).count():
+ return render_user_banned(request)
+ elif not request.user.has_privilege(privilege_name):
+ raise Forbidden()
+
+ return controller(request, *args, **kwargs)
+
+ return wrapper
+ return user_has_privilege_decorator
+
def user_may_delete_media(controller):
"""
@@ -75,7 +93,7 @@ def user_may_delete_media(controller):
@wraps(controller)
def wrapper(request, *args, **kwargs):
uploader_id = kwargs['media'].uploader
- if not (request.user.is_admin or
+ if not (request.user.has_privilege(u'admin') or
request.user.id == uploader_id):
raise Forbidden()
@@ -92,7 +110,7 @@ def user_may_alter_collection(controller):
def wrapper(request, *args, **kwargs):
creator_id = request.db.User.query.filter_by(
username=request.matchdict['user']).first().id
- if not (request.user.is_admin or
+ if not (request.user.has_privilege(u'admin') or
request.user.id == creator_id):
raise Forbidden()
@@ -256,6 +274,22 @@ def allow_registration(controller):
return wrapper
+def get_media_comment_by_id(controller):
+ """
+ Pass in a MediaComment based off of a url component
+ """
+ @wraps(controller)
+ def wrapper(request, *args, **kwargs):
+ comment = MediaComment.query.filter_by(
+ id=request.matchdict['comment']).first()
+ # Still no media? Okay, 404.
+ if not comment:
+ return render_404(request)
+
+ return controller(request, comment=comment, *args, **kwargs)
+
+ return wrapper
+
def auth_enabled(controller):
"""Decorator for if an auth plugin is enabled"""
@@ -272,6 +306,47 @@ def auth_enabled(controller):
return wrapper
+def require_admin_or_moderator_login(controller):
+ """
+ Require an login from an administrator or a moderator.
+ """
+ @wraps(controller)
+ def new_controller_func(request, *args, **kwargs):
+ if request.user and \
+ not request.user.has_privilege(u'admin',u'moderator'):
+
+ raise Forbidden()
+ elif not request.user:
+ next_url = urljoin(
+ request.urlgen('mediagoblin.auth.login',
+ qualified=True),
+ request.url)
+
+ return redirect(request, 'mediagoblin.auth.login',
+ next=next_url)
+
+ return controller(request, *args, **kwargs)
+
+ return new_controller_func
+
+
+def user_not_banned(controller):
+ """
+ Requires that the user has not been banned. Otherwise redirects to the page
+ explaining why they have been banned
+ """
+ @wraps(controller)
+ def wrapper(request, *args, **kwargs):
+ if request.user:
+ user_banned = UserBan.query.get(request.user.id)
+ if user_banned:
+ return render_user_banned(request)
+ return controller(request, *args, **kwargs)
+
+ return wrapper
+
+
+
def oauth_required(controller):
""" Used to wrap API endpoints where oauth is required """
@wraps(controller)
diff --git a/mediagoblin/edit/lib.py b/mediagoblin/edit/lib.py
index aab537a0..6acebc96 100644
--- a/mediagoblin/edit/lib.py
+++ b/mediagoblin/edit/lib.py
@@ -19,6 +19,6 @@ def may_edit_media(request, media):
"""Check, if the request's user may edit the media details"""
if media.uploader == request.user.id:
return True
- if request.user.is_admin:
+ if request.user.has_privilege(u'admin'):
return True
return False
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 6aa2acd9..c6c3c03e 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -83,7 +83,7 @@ def edit_media(request, media):
return redirect_obj(request, media)
- if request.user.is_admin \
+ if request.user.has_privilege(u'admin') \
and media.uploader != request.user.id \
and request.method != 'POST':
messages.add_message(
@@ -184,7 +184,7 @@ def legacy_edit_profile(request):
def edit_profile(request, url_user=None):
# admins may edit any user profile
if request.user.username != url_user.username:
- if not request.user.is_admin:
+ if not request.user.has_privilege(u'admin'):
raise Forbidden(_("You can only edit your own profile."))
# No need to warn again if admin just submitted an edited profile
@@ -326,7 +326,7 @@ def edit_collection(request, collection):
return redirect_obj(request, collection)
- if request.user.is_admin \
+ if request.user.has_privilege(u'admin') \
and collection.creator != request.user.id \
and request.method != 'POST':
messages.add_message(
diff --git a/mediagoblin/gmg_commands/users.py b/mediagoblin/gmg_commands/users.py
index e44b0aa9..0002daad 100644
--- a/mediagoblin/gmg_commands/users.py
+++ b/mediagoblin/gmg_commands/users.py
@@ -55,6 +55,17 @@ def adduser(args):
entry.pw_hash = auth.gen_password_hash(args.password)
entry.status = u'active'
entry.email_verified = True
+ default_privileges = [
+ db.Privilege.query.filter(
+ db.Privilege.privilege_name==u'commenter').one(),
+ db.Privilege.query.filter(
+ db.Privilege.privilege_name==u'uploader').one(),
+ db.Privilege.query.filter(
+ db.Privilege.privilege_name==u'reporter').one(),
+ db.Privilege.query.filter(
+ db.Privilege.privilege_name==u'active').one()
+ ]
+ entry.all_privileges = default_privileges
entry.save()
print "User created (and email marked as verified)"
@@ -74,7 +85,10 @@ def makeadmin(args):
user = db.User.query.filter_by(
username=unicode(args.username.lower())).one()
if user:
- user.is_admin = True
+ user.all_privileges.append(
+ db.Privilege.query.filter(
+ db.Privilege.privilege_name==u'admin').one()
+ )
user.save()
print 'The user is now Admin'
else:
diff --git a/mediagoblin/meta/__init__.py b/mediagoblin/meta/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/mediagoblin/meta/__init__.py
diff --git a/mediagoblin/meta/routing.py b/mediagoblin/meta/routing.py
new file mode 100644
index 00000000..e61bc065
--- /dev/null
+++ b/mediagoblin/meta/routing.py
@@ -0,0 +1,27 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+meta_routes = [
+ ('mediagoblin.meta.code_of_conduct',
+ '/coc/',
+ 'mediagoblin.meta.views:code_of_conduct'),
+ ('mediagoblin.meta.reports_panel',
+ '/reports/',
+ 'mediagoblin.meta.views:public_reports_panel'),
+ ('mediagoblin.meta.reports_detail',
+ '/reports/<int:report_id>',
+ 'mediagoblin.meta.views:public_reports_details')
+]
diff --git a/mediagoblin/meta/views.py b/mediagoblin/meta/views.py
new file mode 100644
index 00000000..3df0688c
--- /dev/null
+++ b/mediagoblin/meta/views.py
@@ -0,0 +1,33 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from mediagoblin.tools.response import render_to_response
+
+
+def code_of_conduct(request):
+ return render_to_response(request,
+ 'mediagoblin/meta/code_of_conduct.html',
+ {})
+
+def public_reports_panel(request):
+ return render_to_response(request,
+ 'mediagoblin/meta/reports_panel.html',
+ {})
+
+def public_reports_details(request):
+ return render_to_response(request,
+ 'mediagoblin/meta/reports_details.html',
+ {})
diff --git a/mediagoblin/admin/__init__.py b/mediagoblin/moderation/__init__.py
index 719b56e7..719b56e7 100644
--- a/mediagoblin/admin/__init__.py
+++ b/mediagoblin/moderation/__init__.py
diff --git a/mediagoblin/moderation/forms.py b/mediagoblin/moderation/forms.py
new file mode 100644
index 00000000..718cd8fa
--- /dev/null
+++ b/mediagoblin/moderation/forms.py
@@ -0,0 +1,60 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import wtforms
+from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+
+ACTION_CHOICES = [(_(u'takeaway'),_(u'Take away privilege')),
+ (_(u'userban'),_(u'Ban the user')),
+ (_(u'sendmessage'),(u'Send the user a message')),
+ (_(u'delete'),_(u'Delete the content'))]
+
+class MultiCheckboxField(wtforms.SelectMultipleField):
+ """
+ A multiple-select, except displays a list of checkboxes.
+
+ Iterating the field will produce subfields, allowing custom rendering of
+ the enclosed checkbox fields.
+
+ code from http://wtforms.simplecodes.com/docs/1.0.4/specific_problems.html
+ """
+ widget = wtforms.widgets.ListWidget(prefix_label=False)
+ option_widget = wtforms.widgets.CheckboxInput()
+
+
+class PrivilegeAddRemoveForm(wtforms.Form):
+ privilege_name = wtforms.HiddenField('',[wtforms.validators.required()])
+
+class ReportResolutionForm(wtforms.Form):
+ action_to_resolve = MultiCheckboxField(
+ _(u'What action will you take to resolve the report?'),
+ validators=[wtforms.validators.optional()],
+ choices=ACTION_CHOICES)
+ targeted_user = wtforms.HiddenField('',
+ validators=[wtforms.validators.required()])
+ take_away_privileges = wtforms.SelectMultipleField(
+ _(u'What privileges will you take away?'),
+ validators=[wtforms.validators.optional()])
+ user_banned_until = wtforms.DateField(
+ _(u'User will be banned until:'),
+ format='%Y-%m-%d',
+ validators=[wtforms.validators.optional()])
+ why_user_was_banned = wtforms.TextAreaField(
+ validators=[wtforms.validators.optional()])
+ message_to_user = wtforms.TextAreaField(
+ validators=[wtforms.validators.optional()])
+ resolution_content = wtforms.TextAreaField()
+
diff --git a/mediagoblin/moderation/routing.py b/mediagoblin/moderation/routing.py
new file mode 100644
index 00000000..f177c32a
--- /dev/null
+++ b/mediagoblin/moderation/routing.py
@@ -0,0 +1,35 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+moderation_routes = [
+ ('mediagoblin.moderation.media_panel',
+ '/media/',
+ 'mediagoblin.moderation.views:moderation_media_processing_panel'),
+ ('mediagoblin.moderation.users',
+ '/users/',
+ 'mediagoblin.moderation.views:moderation_users_panel'),
+ ('mediagoblin.moderation.reports',
+ '/reports/',
+ 'mediagoblin.moderation.views:moderation_reports_panel'),
+ ('mediagoblin.moderation.users_detail',
+ '/users/<string:user>/',
+ 'mediagoblin.moderation.views:moderation_users_detail'),
+ ('mediagoblin.moderation.give_or_take_away_privilege',
+ '/users/<string:user>/privilege/',
+ 'mediagoblin.moderation.views:give_or_take_away_privilege'),
+ ('mediagoblin.moderation.reports_detail',
+ '/reports/<int:report_id>/',
+ 'mediagoblin.moderation.views:moderation_reports_detail')]
diff --git a/mediagoblin/moderation/tools.py b/mediagoblin/moderation/tools.py
new file mode 100644
index 00000000..b4daca15
--- /dev/null
+++ b/mediagoblin/moderation/tools.py
@@ -0,0 +1,135 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from mediagoblin import mg_globals
+from mediagoblin.db.models import User, Privilege, ArchivedReport, UserBan
+from mediagoblin.db.base import Session
+from mediagoblin.tools.mail import send_email
+from mediagoblin.tools.response import redirect
+from datetime import datetime
+from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+import sys, traceback
+
+def take_punitive_actions(request, form, report, user):
+ message_body =''
+ try:
+
+ # The bulk of this action is running through all of the different
+ # punitive actions that a moderator could take.
+ if u'takeaway' in form.action_to_resolve.data:
+ for privilege_name in form.take_away_privileges.data:
+ privilege = Privilege.query.filter(
+ Privilege.privilege_name==privilege_name).one()
+ form.resolution_content.data += \
+ u"<br>%s took away %s\'s %s privileges" % (
+ request.user.username,
+ user.username,
+ privilege.privilege_name)
+ user.all_privileges.remove(privilege)
+
+ # If the moderator elects to ban the user, a new instance of user_ban
+ # will be created.
+ if u'userban' in form.action_to_resolve.data:
+ reason = form.resolution_content.data + \
+ "<br>"+request.user.username
+ user_ban = UserBan(
+ user_id=form.targeted_user.data,
+ expiration_date=form.user_banned_until.data,
+ reason= form.why_user_was_banned.data
+ )
+ Session.add(user_ban)
+
+ if form.user_banned_until.data is not None:
+ form.resolution_content.data += \
+ u"<br>%s banned user %s until %s." % (
+ request.user.username,
+ user.username,
+ form.user_banned_until.data)
+ else:
+ form.resolution_content.data += \
+ u"<br>%s banned user %s indefinitely." % (
+ request.user.username,
+ user.username)
+
+ # If the moderator elects to send a warning message. An email will be
+ # sent to the email address given at sign up
+ if u'sendmessage' in form.action_to_resolve.data:
+ message_body = form.message_to_user.data
+ form.resolution_content.data += \
+ u"<br>%s sent a warning email to the offender." % (
+ request.user.username)
+
+ archive = ArchivedReport(
+ reporter_id=report.reporter_id,
+ report_content=report.report_content,
+ reported_user_id=report.reported_user_id,
+ created=report.created,
+ resolved=datetime.now(),
+ resolver_id=request.user.id
+ )
+
+ if u'delete' in form.action_to_resolve.data and \
+ report.is_comment_report():
+ deleted_comment = report.comment
+ Session.delete(deleted_comment)
+ form.resolution_content.data += \
+ u"<br>%s deleted the comment" % (
+ request.user.username)
+ elif u'delete' in form.action_to_resolve.data and \
+ report.is_media_entry_report():
+ deleted_media = report.media_entry
+ Session.delete(deleted_media)
+ form.resolution_content.data += \
+ u"<br>%s deleted the media entry" % (
+ request.user.username)
+
+ # If the moderator didn't delete the content we then attach the
+ # content to the archived report. We also have to actively delete the
+ # old report, since it won't be deleted by cascading.
+ elif report.is_comment_report():
+ archive.comment_id = report.comment_id
+ Session.delete(report)
+ elif report.is_media_entry_report():
+ archive.media_entry_id = report.media_entry.id
+ Session.delete(report)
+
+
+ archive.result=form.resolution_content.data
+ Session.add(archive)
+ Session.commit()
+ if message_body:
+ send_email(
+ mg_globals.app_config['email_sender_address'],
+ [user.email],
+ _('Warning from')+ '- {moderator} '.format(
+ moderator=request.user.username),
+ message_body)
+
+ return redirect(
+ request,
+ 'mediagoblin.moderation.users_detail',
+ user=user.username)
+ except:
+#TODO make a more effective and specific try except statement. To account for
+# incorrect value addition my moderators
+ print sys.exc_info()[0]
+ print sys.exc_info()[1]
+ traceback.print_tb(sys.exc_info()[2])
+ Session.rollback()
+ return redirect(
+ request,
+ 'mediagoblin.moderation.reports_detail',
+ report_id=report.id)
diff --git a/mediagoblin/moderation/views.py b/mediagoblin/moderation/views.py
new file mode 100644
index 00000000..d82eca7d
--- /dev/null
+++ b/mediagoblin/moderation/views.py
@@ -0,0 +1,155 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from werkzeug.exceptions import Forbidden
+
+from mediagoblin.db.models import (MediaEntry, User, MediaComment, \
+ CommentReport, ReportBase, Privilege, \
+ UserBan, ArchivedReport)
+from mediagoblin.db.util import user_privileges_to_dictionary
+from mediagoblin.decorators import (require_admin_or_moderator_login, \
+ active_user_from_url)
+from mediagoblin.tools.response import render_to_response, redirect
+from mediagoblin.moderation import forms as moderation_forms
+from mediagoblin.moderation.tools import take_punitive_actions
+from datetime import datetime
+
+@require_admin_or_moderator_login
+def moderation_media_processing_panel(request):
+ '''
+ Show the global media processing panel for this instance
+ '''
+ processing_entries = MediaEntry.query.filter_by(state = u'processing').\
+ order_by(MediaEntry.created.desc())
+
+ # Get media entries which have failed to process
+ failed_entries = MediaEntry.query.filter_by(state = u'failed').\
+ order_by(MediaEntry.created.desc())
+
+ processed_entries = MediaEntry.query.filter_by(state = u'processed').\
+ order_by(MediaEntry.created.desc()).limit(10)
+
+ # Render to response
+ return render_to_response(
+ request,
+ 'mediagoblin/moderation/media_panel.html',
+ {'processing_entries': processing_entries,
+ 'failed_entries': failed_entries,
+ 'processed_entries': processed_entries})
+
+@require_admin_or_moderator_login
+def moderation_users_panel(request):
+ '''
+ Show the global panel for monitoring users in this instance
+ '''
+ user_list = User.query
+
+ return render_to_response(
+ request,
+ 'mediagoblin/moderation/user_panel.html',
+ {'user_list': user_list})
+
+@require_admin_or_moderator_login
+def moderation_users_detail(request):
+ '''
+ Shows details about a particular user.
+ '''
+ user = User.query.filter_by(username=request.matchdict['user']).first()
+ active_reports = user.reports_filed_on.filter(
+ ReportBase.discriminator!='archived_report').limit(5)
+ closed_reports = user.reports_filed_on.filter(
+ ReportBase.discriminator=='archived_report').all()
+ privileges = Privilege.query
+ user_banned = UserBan.query.get(user.id)
+
+ return render_to_response(
+ request,
+ 'mediagoblin/moderation/user.html',
+ {'user':user,
+ 'privileges': privileges,
+ 'reports':active_reports,
+ 'user_banned':user_banned})
+
+@require_admin_or_moderator_login
+def moderation_reports_panel(request):
+ '''
+ Show the global panel for monitoring reports filed against comments or
+ media entries for this instance.
+ '''
+ report_list = ReportBase.query.filter(
+ ReportBase.discriminator!="archived_report").order_by(
+ ReportBase.created.desc()).limit(10)
+ closed_report_list = ReportBase.query.filter(
+ ReportBase.discriminator=="archived_report").order_by(
+ ReportBase.created.desc()).limit(10)
+
+ # Render to response
+ return render_to_response(
+ request,
+ 'mediagoblin/moderation/report_panel.html',
+ {'report_list':report_list,
+ 'closed_report_list':closed_report_list})
+
+@require_admin_or_moderator_login
+def moderation_reports_detail(request):
+ """
+ This is the page an admin or moderator goes to see the details of a report.
+ The report can be resolved or unresolved. This is also the page that a mod-
+ erator would go to to take an action to resolve a report.
+ """
+ form = moderation_forms.ReportResolutionForm(request.form)
+ report = ReportBase.query.get(request.matchdict['report_id'])
+
+ form.take_away_privileges.choices = [
+ (s.privilege_name,s.privilege_name.title()) \
+ for s in report.reported_user.all_privileges
+ ]
+
+ if request.method == "POST" and form.validate() and not (
+ not request.user.has_privilege(u'admin') and
+ report.reported_user.has_privilege(u'admin')):
+
+ user = User.query.get(form.targeted_user.data)
+ return take_punitive_actions(request, form, report, user)
+
+
+ form.targeted_user.data = report.reported_user_id
+
+ return render_to_response(
+ request,
+ 'mediagoblin/moderation/report.html',
+ {'report':report,
+ 'form':form})
+
+@require_admin_or_moderator_login
+@active_user_from_url
+def give_or_take_away_privilege(request, url_user):
+ '''
+ A form action to give or take away a particular privilege from a user
+ '''
+ form = moderation_forms.PrivilegeAddRemoveForm(request.form)
+ if request.method == "POST" and form.validate():
+ privilege = Privilege.query.filter(
+ Privilege.privilege_name==form.privilege_name.data).one()
+ if privilege in url_user.all_privileges:
+ url_user.all_privileges.remove(privilege)
+ else:
+ url_user.all_privileges.append(privilege)
+ url_user.save()
+ return redirect(
+ request,
+ 'mediagoblin.moderation.users_detail',
+ user=url_user.username)
diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py
index 5961f33b..a9809c44 100644
--- a/mediagoblin/routing.py
+++ b/mediagoblin/routing.py
@@ -18,8 +18,9 @@ import logging
from mediagoblin.tools.routing import add_route, mount, url_map
from mediagoblin.tools.pluginapi import PluginManager
-from mediagoblin.admin.routing import admin_routes
+from mediagoblin.moderation.routing import moderation_routes
from mediagoblin.auth.routing import auth_routes
+from mediagoblin.meta.routing import meta_routes
_log = logging.getLogger(__name__)
@@ -28,7 +29,8 @@ _log = logging.getLogger(__name__)
def get_url_map():
add_route('index', '/', 'mediagoblin.views:root_view')
mount('/auth', auth_routes)
- mount('/a', admin_routes)
+ mount('/mod', moderation_routes)
+ mount('/meta', meta_routes)
import mediagoblin.submit.routing
import mediagoblin.user_pages.routing
diff --git a/mediagoblin/static/css/base.css b/mediagoblin/static/css/base.css
index d96b9200..7fcbb93e 100644
--- a/mediagoblin/static/css/base.css
+++ b/mediagoblin/static/css/base.css
@@ -220,6 +220,7 @@ footer {
color: #283F35;
}
+
.button_form {
min-width: 99px;
margin: 10px 0px 10px 15px;
@@ -351,40 +352,40 @@ textarea#description, textarea#bio {
/* comments */
-.comment_wrapper {
+.comment_wrapper, .report_wrapper {
margin-top: 20px;
margin-bottom: 20px;
}
-.comment_wrapper p {
+.comment_wrapper p, .report_wrapper p {
margin-bottom: 2px;
}
-.comment_author {
+.comment_author, .report_author {
padding-top: 4px;
font-size: 0.9em;
}
-a.comment_authorlink {
+a.comment_authorlink, a.report_authorlink {
text-decoration: none;
padding-right: 5px;
font-weight: bold;
padding-left: 2px;
}
-a.comment_authorlink:hover {
+a.comment_authorlink:hover, a.report_authorlink:hover {
text-decoration: underline;
}
-a.comment_whenlink {
+a.comment_whenlink, a.report_whenlink {
text-decoration: none;
}
-a.comment_whenlink:hover {
+a.comment_whenlink:hover, a.report_whenlink:hover {
text-decoration: underline;
}
-.comment_content {
+.comment_content, .report_content {
margin-left: 8px;
margin-top: 8px;
}
@@ -408,6 +409,13 @@ textarea#comment_content {
padding-right: 6px;
}
+
+a.report_authorlink, a.report_whenlink {
+ color: #D486B1;
+}
+
+ul#action_to_resolve {list-style:none; margin-left:10px;}
+
/* media galleries */
.media_thumbnail {
@@ -608,6 +616,38 @@ table.media_panel th {
text-align: left;
}
+/* moderator panels */
+
+table.admin_panel {
+ width: 100%
+}
+
+table.admin_side_panel {
+ width: 60%
+}
+
+table.admin_panel th, table.admin_side_panel th {
+ font-weight: bold;
+ padding-bottom: 4px;
+ text-align: left;
+ color: #fff;
+}
+
+table td.user_with_privilege {
+ font-weight: bold;
+ color: #86D4B1;
+}
+
+table td.user_without_privilege {
+ font-weight: bold;
+ color: #D486B1;
+}
+
+.return_to_panel {
+ text-align:right;
+ float: right;
+ font-size:1.2em
+}
/* Delete panel */
@@ -616,6 +656,21 @@ table.media_panel th {
margin-left: 10px;
}
+/* code of conduct */
+
+#code_of_conduct_list {
+ margin-left:25px;
+ margin-bottom: 10px;
+}
+#code_of_conduct_list li {
+ margin-top:5px;
+}
+ol.nested_sublist{
+ margin: 5px 0 10px 25px;
+ font-size:80%;
+}
+
+
/* ASCII art and code */
@font-face {
diff --git a/mediagoblin/static/images/icon_clipboard.png b/mediagoblin/static/images/icon_clipboard.png
new file mode 100644
index 00000000..6f94498b
--- /dev/null
+++ b/mediagoblin/static/images/icon_clipboard.png
Binary files differ
diff --git a/mediagoblin/static/images/icon_clipboard_alert.png b/mediagoblin/static/images/icon_clipboard_alert.png
new file mode 100644
index 00000000..952c588d
--- /dev/null
+++ b/mediagoblin/static/images/icon_clipboard_alert.png
Binary files differ
diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py
index 6bb95ecb..8640b8de 100644
--- a/mediagoblin/submit/views.py
+++ b/mediagoblin/submit/views.py
@@ -27,7 +27,7 @@ _log = logging.getLogger(__name__)
from mediagoblin.tools.text import convert_to_tag_list_of_dicts
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.response import render_to_response, redirect
-from mediagoblin.decorators import require_active_login
+from mediagoblin.decorators import require_active_login, user_has_privilege
from mediagoblin.submit import forms as submit_forms
from mediagoblin.messages import add_message, SUCCESS
from mediagoblin.media_types import sniff_media, \
@@ -39,6 +39,7 @@ from mediagoblin.notifications import add_comment_subscription
@require_active_login
+@user_has_privilege(u'uploader')
def submit_start(request):
"""
First view for submitting a file.
diff --git a/mediagoblin/templates/mediagoblin/banned.html b/mediagoblin/templates/mediagoblin/banned.html
new file mode 100644
index 00000000..4eda0540
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/banned.html
@@ -0,0 +1,28 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% block title %}You are Banned.{% endblock %}
+
+{% block mediagoblin_content %}
+ <img class="right_align" src="{{ request.staticdirect('/images/404.png') }}"
+ alt="{% trans %}Image of goblin stressing out{% endtrans %}" />
+ <h1>You have been banned until {{ expiration_date }}</h1>
+ <p>{{ reason|safe }}</p>
+ <div class="clear"></div>
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/base.html b/mediagoblin/templates/mediagoblin/base.html
index f7e2dff0..7d53585b 100644
--- a/mediagoblin/templates/mediagoblin/base.html
+++ b/mediagoblin/templates/mediagoblin/base.html
@@ -127,12 +127,18 @@
<a class="button_action" href="{{ request.urlgen('mediagoblin.submit.collection') }}">
{%- trans %}Create new collection{% endtrans -%}
</a>
- {% if request.user.is_admin %}
+ {% if request.user.has_privilege('admin','moderator') %}
<p>
- <span class="dropdown_title">Admin powers:</span>
- <a href="{{ request.urlgen('mediagoblin.admin.panel') }}">
+ <span class="dropdown_title">Moderation powers:</span>
+ <a href="{{ request.urlgen('mediagoblin.moderation.media_panel') }}">
{%- trans %}Media processing panel{% endtrans -%}
</a>
+ <a href="{{ request.urlgen('mediagoblin.moderation.users') }}">
+ {%- trans %}User management panel{% endtrans -%}
+ </a>
+ <a href="{{ request.urlgen('mediagoblin.moderation.reports') }}">
+ {%- trans %}Report management panel{% endtrans -%}
+ </a>
</p>
{% endif %}
{% include 'mediagoblin/fragments/header_notifications.html' %}
diff --git a/mediagoblin/templates/mediagoblin/meta/code_of_conduct.html b/mediagoblin/templates/mediagoblin/meta/code_of_conduct.html
new file mode 100644
index 00000000..e8233ad3
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/meta/code_of_conduct.html
@@ -0,0 +1,46 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% block title %}
+ Code of Conduct
+{% endblock %}
+
+{% block mediagoblin_content -%}
+<h2>{% trans %}Code of Conduct for this Website{% endtrans %}</h2>
+
+{# Suggested layout for this page:
+<ol id="code_of_conduct_list">
+ <li> Item #1 </li>
+ <li>
+ Item #2
+ <ol class="nested_sublist">
+ <li>Sub-Item #1</li>
+ <li>Sub-Item #2</li>
+ <li>
+ Sub-Item #3
+ <ol class="nested_sublist">
+ <li>Sub-Subitem #1</li>
+ </ol>
+ </li>
+ </ol>
+ </li>
+ <li>Item #3 </li>
+</ol>
+#}
+{% endblock -%}
diff --git a/mediagoblin/admin/routing.py b/mediagoblin/templates/mediagoblin/meta/reports_details.html
index 29515f12..6fa5ae59 100644
--- a/mediagoblin/admin/routing.py
+++ b/mediagoblin/templates/mediagoblin/meta/reports_details.html
@@ -1,3 +1,4 @@
+{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
@@ -13,8 +14,4 @@
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-admin_routes = [
- ('mediagoblin.admin.panel',
- '/panel',
- 'mediagoblin.admin.views:admin_processing_panel')]
+#}
diff --git a/mediagoblin/templates/mediagoblin/meta/reports_panel.html b/mediagoblin/templates/mediagoblin/meta/reports_panel.html
new file mode 100644
index 00000000..6fa5ae59
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/meta/reports_panel.html
@@ -0,0 +1,17 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
diff --git a/mediagoblin/templates/mediagoblin/admin/panel.html b/mediagoblin/templates/mediagoblin/moderation/media_panel.html
index 1c3c866e..1c3c866e 100644
--- a/mediagoblin/templates/mediagoblin/admin/panel.html
+++ b/mediagoblin/templates/mediagoblin/moderation/media_panel.html
diff --git a/mediagoblin/templates/mediagoblin/moderation/report.html b/mediagoblin/templates/mediagoblin/moderation/report.html
new file mode 100644
index 00000000..04788f05
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/moderation/report.html
@@ -0,0 +1,194 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{%- extends "mediagoblin/base.html" %}
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{%- block mediagoblin_content %}
+{% if not report %}
+ Sorry, no such report found.
+{% else %}
+ <a href="{{ request.urlgen('mediagoblin.moderation.reports') }}"
+ class="return_to_panel button_action"
+ title="Return to Reports Panel">
+ {% trans %}Return to Reports Panel{% endtrans %}</a>
+ <h2>{% trans %}Report{% endtrans %} #{{ report.id }}</h2>
+ {% if report.is_comment_report() or
+ (report.is_archived_report() and report.comment) %}
+
+ {% trans %}Reported comment{% endtrans %}:
+ {% set comment = report.comment %}
+ {% set reported_user = comment.get_author %}
+ <div id="comment-{{ comment.id }}"
+ class="comment_wrapper">
+ <div class="comment_author">
+ <img src="{{ request.staticdirect('/images/icon_comment.png') }}" />
+ <a href="{{ request.urlgen('mediagoblin.moderation.users_detail',
+ user=comment.get_author.username) }}"
+ class="comment_authorlink">
+ {{- reported_user.username -}}
+ </a>
+ <a href="{{ request.urlgen(
+ 'mediagoblin.user_pages.media_home.view_comment',
+ comment=comment.id,
+ user=comment.get_media_entry.get_uploader.username,
+ media=comment.get_media_entry.slug_or_id) }}#comment"
+ class="comment_whenlink">
+ <span title='{{- comment.created.strftime("%I:%M%p %Y-%m-%d") -}}'>
+ {%- trans formatted_time=timesince(comment.created) -%}
+ {{ formatted_time }} ago
+ {%- endtrans -%}
+ </span></a>:
+ </div>
+ <div class=comment_content>
+ {% autoescape False %}
+ {{ comment.content_html }}
+ {% endautoescape %}
+ </div>
+ </div>
+ {% elif report.is_media_entry_report() or
+ (report.is_archived_report() and report.media_entry) %}
+
+ {% set media_entry = report.media_entry %}
+ <div class="media_thumbnail">
+ <a href="{{ request.urlgen('mediagoblin.user_pages.media_home',
+ user=media_entry.get_uploader.username,
+ media=media_entry.slug_or_id) }}">
+ <img src="{{ media_entry.thumb_url}}"/></a>
+ <a href="{{ request.urlgen('mediagoblin.user_pages.media_home',
+ user=media_entry.get_uploader.username,
+ media=media_entry.slug_or_id) }}" class=thumb_entry_title>
+ {{ media_entry.title }}</a>
+ </div>
+ <div class=clear></div>
+ <p>
+ {% trans user_name=report.reported_user.username,
+ user_url=request.urlgen(
+ 'mediagoblin.moderation.users_detail',
+ user=report.reporter.username) %}
+ ❖ Reported media by <a href="{{ user_url }}">{{ user_name }}</a>
+ {% endtrans %}
+ </p>
+ <div class=clear></div>
+ {% else %}
+ <h2>{% trans user_url=request.urlgen(
+ 'mediagoblin.moderation.users_detail',
+ user=report.reporter.username),
+ user_name=report.reported_user.username %}
+ CONTENT BY
+ <a href="{{ user_url }}"> {{ user_name }}</a>
+ HAS BEEN DELETED
+ {% endtrans %}
+ </h2>
+ {% endif %}
+ Reason for report:
+ <div id="report-{{ report.id }}"
+ class="report_wrapper">
+ <div class="report_author">
+ <img src="{{ request.staticdirect(
+ '/images/icon_clipboard_alert.png') }}"
+ alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
+ Distributed by the GNOME project http://www.gnome.org" />
+ <a href="{{ request.urlgen('mediagoblin.moderation.users_detail',
+ user=report.reporter.username) }}"
+ class="report_authorlink">
+ {{- report.reporter.username -}}
+ </a>
+ <a href="{{ request.urlgen('mediagoblin.moderation.reports_detail',
+ report_id=report.id) }}"
+ class="report_whenlink">
+ <span title='{{- report.created.strftime("%I:%M%p %Y-%m-%d") -}}'>
+ {%- trans formatted_time=timesince(report.created) -%}
+ {{ formatted_time }} ago
+ {%- endtrans -%}
+ </span>
+ </a>
+ </div>
+ <div class="report_content">
+ {{ report.report_content }}
+ </div>
+ </div>
+ {% if not report.is_archived_report() and not (report.reported_user.has_privilege('admin') and not request.user.has_privilege('admin')) %}
+ <input type=button value=Resolve id=open_resolution_form />
+ <form action="" method="POST" id=resolution_form>
+ {{ wtforms_util.render_divs(form) }}
+ {{ csrf_token }}
+ <input type=submit id="submit_this_report" value="Resolve This Report"/>
+ </form>
+
+
+ <script>
+$(document).ready(function() {
+ hidden_input_names = {
+ 'takeaway':['take_away_privileges'],
+ 'userban':['user_banned_until','why_user_was_banned'],
+ 'sendmessage':['message_to_user']
+}
+
+ $('form#resolution_form').hide()
+ $('#user_banned_until').val("YYYY-MM-DD")
+ $('#open_resolution_form').click(function() {
+ $('form#resolution_form').toggle();
+ $.each(hidden_input_names, function(key, list){
+ $.each(list, function(index, name){
+ $('label[for='+name+']').hide();
+ $('#'+name).hide();
+ });
+ });
+ });
+ $('#action_to_resolve').change(function() {
+ $('ul#action_to_resolve li input:checked').each(function() {
+ $.each(hidden_input_names[$(this).val()], function(index, name){
+ $('label[for='+name+']').show();
+ $('#'+name).show();
+ });
+ });
+ $('ul#action_to_resolve li input:not(:checked)').each(function() {
+ $.each(hidden_input_names[$(this).val()], function(index, name){
+ $('label[for='+name+']').hide();
+ $('#'+name).hide();
+ });
+ });
+ });
+ $("#user_banned_until").focus(function() {
+ $(this).val("");
+ $(this).unbind('focus');
+ });
+ $("#submit_this_report").click(function(){
+ if ($("#user_banned_until").val() == 'YYYY-MM-DD'){
+ $("#user_banned_until").val("");
+ }
+ });
+ });
+ </script>
+ {% elif not (report.reported_user.has_privilege('admin')) %}
+ <h2><img src="{{ request.staticdirect('/images/icon_clipboard.png') }}"
+ alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
+ Distributed by the GNOME project http://www.gnome.org" />
+ {% trans %}Status{% endtrans %}:
+ </h2>
+ <b>{% trans %}RESOLVED{% endtrans %}</b>
+ {{ report.resolved.strftime("%I:%M%p %Y-%m-%d") }}
+ {% autoescape False %}
+ <p>{{ report.result }}</p>
+ {% endautoescape %}
+ {% else %}
+ <input type=button disabled=disabled value="Resolve This Report"/>
+ <p>You cannot take action against an administrator</p>
+ {% endif %}
+{% endif %}
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/moderation/report_panel.html b/mediagoblin/templates/mediagoblin/moderation/report_panel.html
new file mode 100644
index 00000000..2818eb80
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/moderation/report_panel.html
@@ -0,0 +1,122 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% block title -%}
+ {% trans %}Report panel{% endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+
+<h1>{% trans %}Report panel{% endtrans %}</h1>
+
+<p>
+ {% trans %}
+ Here you can look up open reports that have been filed by users.
+ {% endtrans %}
+</p>
+
+<h2>{% trans %}Active Reports Filed{% endtrans %}</h2>
+
+{% if report_list.count() %}
+ <table class="admin_panel processing">
+ <tr>
+ <th></th>
+ <th>{% trans %}Offender{% endtrans %}</th>
+ <th>{% trans %}When Reported{% endtrans %}</th>
+ <th>{% trans %}Reported By{% endtrans %}</th>
+ <th>{% trans %}Reason{% endtrans %}</th>
+ </tr>
+ {% for report in report_list %}
+ <tr>
+ {% if report.discriminator == "comment_report" %}
+ <td>
+ <img
+ src="{{ request.staticdirect('/images/icon_clipboard_alert.png') }}"
+ alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
+ Distributed by the GNOME project http://www.gnome.org" />
+ <a href="{{ request.urlgen(
+ 'mediagoblin.moderation.reports_detail',
+ report_id=report.id) }}">
+ {% trans report_id=report.id %}
+ Comment Report #{{ report_id }}
+ {% endtrans %}
+ </a>
+ </td>
+ {% elif report.discriminator == "media_report" %}
+ <td>
+ <img
+ src="{{ request.staticdirect('/images/icon_clipboard_alert.png') }}"
+ alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
+ Distributed by the GNOME project http://www.gnome.org" />
+ <a href="{{ request.urlgen(
+ 'mediagoblin.moderation.reports_detail',
+ report_id=report.id) }}">
+ {% trans report_id=report.id %}
+ Media Report #{{ report_id }}
+ {% endtrans %}
+ </a>
+ </td>
+ {% endif %}
+ <td>{{ report.reported_user.username }}</td>
+ <td>{{ report.created.strftime("%F %R") }}</td>
+ <td>{{ report.reporter.username }}</td>
+ <td>{{ report.report_content[0:20] }}...</td>
+ </tr>
+ {% endfor %}
+ </table>
+{% else %}
+ <p><em>{% trans %}No open reports found.{% endtrans %}</em></p>
+{% endif %}
+<h2>{% trans %}Closed Reports{% endtrans %}</h2>
+{% if closed_report_list.count() %}
+ <table class="media_panel processing">
+ <tr>
+ <th></th>
+ <th>{% trans %}Resolved{% endtrans %}</th>
+ <th>{% trans %}Offender{% endtrans %}</th>
+ <th>{% trans %}Action Taken{% endtrans %}</th>
+ <th>{% trans %}Reported By{% endtrans %}</th>
+ <th>{% trans %}Reason{% endtrans %}</th>
+ </tr>
+ {% for report in closed_report_list %}
+ <tr>
+ <td>
+ <img
+ src="{{ request.staticdirect('/images/icon_clipboard.png') }}"
+ alt="Under a GNU LGPL v.3 or Creative Commons BY-SA 3.0 license.
+ Distributed by the GNOME project http://www.gnome.org" />
+ <a href="{{ request.urlgen('mediagoblin.moderation.reports_detail',
+ report_id=report.id) }}">
+ {% trans report_id=report.id %}
+ Closed Report #{{ report_id }}
+ {% endtrans %}
+ </a>
+ </td>
+ <td>{{ report.resolved.strftime("%F %R") }}</td>
+ <td>{{ report.reported_user.username }}</td>
+ <td>{{ report.created.strftime("%F %R") }}</td>
+ <td>{{ report.reporter.username }}</td>
+ <td>{{ report.report_content[:15] }}...</td>
+ </tr>
+ {% endfor %}
+ </table>
+{% else %}
+ <p><em>{% trans %}No closed reports found.{% endtrans %}</em></p>
+{% endif %}
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/moderation/user.html b/mediagoblin/templates/mediagoblin/moderation/user.html
new file mode 100644
index 00000000..ef48fe54
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/moderation/user.html
@@ -0,0 +1,186 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+
+{% block title %}
+ {%- if user -%}
+ {%- trans username=user.username -%}
+ User: {{ username }}
+ {%- endtrans %} &mdash; {{ super() }}
+ {%- else -%}
+ {{ super() }}
+ {%- endif -%}
+{% endblock %}
+
+
+{% block mediagoblin_content -%}
+ {# If no user... #}
+ {% if not user %}
+ <p>{% trans %}Sorry, no such user found.{% endtrans %}</p>
+ {# User exists, but needs verification #}
+ {% elif user.status == "needs_email_verification" %}
+ <div class="form_box">
+ <h1>{% trans %}Email verification needed{% endtrans %}</h1>
+ <p>
+ {% trans -%}
+ Someone has registered an account with this username, but it still has
+ to be activated.
+ {%- endtrans %}
+ </p>
+
+ <p>
+ {% trans login_url=request.urlgen('mediagoblin.auth.login') -%}
+ If you are that person but you've lost your verification email, you can
+ <a href="{{ login_url }}">log in</a> and resend it.
+ {%- endtrans %}
+ </p>
+ </div>
+
+ {# Active(?) (or at least verified at some point) user, horray! #}
+ {% else %}
+ <a href="{{ request.urlgen('mediagoblin.moderation.users') }}"
+ class="return_to_panel button_action"
+ title="Return to Users Panel">
+ {% trans %}Return to Users Panel{% endtrans %}</a>
+ <h1>
+ {%- trans username=user.username %}{{ username }}'s profile{% endtrans -%}
+ {% if user_banned and user_banned.expiration_date %}
+ &mdash; BANNED until {{ user_banned.expiration_date }}
+ {% elif user_banned %}
+ &mdash; Banned Indefinitely
+ {% endif %}
+ </h1>
+ {% if not user.url and not user.bio %}
+ <div class="profile_sidebar empty_space">
+ <p>
+ {% trans -%}
+ This user hasn't filled in their profile (yet).
+ {%- endtrans %}
+ </p>
+ {% else %}
+ <div class="profile_sidebar">
+ {% include "mediagoblin/utils/profile.html" %}
+ {% if request.user and
+ (request.user.id == user.id or request.user.has_privilege('admin')) %}
+ <a href="{{ request.urlgen('mediagoblin.edit.profile',
+ user=user.username) }}">
+ {%- trans %}Edit profile{% endtrans -%}
+ </a>
+ {% endif %}
+ {% endif %}
+ <p>
+ <a href="{{ request.urlgen('mediagoblin.user_pages.collection_list',
+ user=user.username) }}">
+ {%- trans %}Browse collections{% endtrans -%}
+ </a>
+ </p>
+ </div>
+ {% endif %}
+ {% if user %}
+ <h2>{%- trans %}Active Reports on {% endtrans -%}{{ user.username }}</h2>
+ {% if reports.count() %}
+ <table class="admin_side_panel">
+ <tr>
+ <th>{%- trans %}Report ID{% endtrans -%}</th>
+ <th>{%- trans %}Reported Content{% endtrans -%}</th>
+ <th>{%- trans %}Description of Report{% endtrans -%}</th>
+ </tr>
+ {% for report in reports %}
+ <tr>
+ <td>
+ <img src="{{ request.staticdirect('/images/icon_clipboard.png') }}" />
+ <a href="{{ request.urlgen('mediagoblin.moderation.reports_detail',
+ report_id=report.id) }}">
+ {%- trans %}Report #{% endtrans -%}{{ report.id }}
+ </a>
+ </td>
+ <td>
+ {% if report.discriminator == "comment_report" %}
+ <a>{%- trans %}Reported Comment{% endtrans -%}</a>
+ {% elif report.discriminator == "media_report" %}
+ <a>{%- trans %}Reported Media Entry{% endtrans -%}</a>
+ {% endif %}
+ </td>
+ <td>{{ report.report_content[:21] }}
+ {% if report.report_content|count >20 %}...{% endif %}</td>
+ <td>{%- trans %}Resolve{% endtrans -%}</td>
+ </tr>
+ {% endfor %}
+ <tr><td></td><td></td>
+ </table>
+ {% else %}
+ {%- trans %}No active reports filed on {% endtrans -%} {{ user.username }}
+ {% endif %}
+ <a class="right_align">{{ user.username }}'s report history</a>
+ <span class=clear></span>
+ <h2>{{ user.username }}'s Privileges</h2>
+ {% if request.user.has_privilege('admin') and not user_banned and
+ not user.id == request.user.id %}
+ <input type=button class="button_action right_align"
+ value="Ban User" />
+ {% elif request.user.has_privilege('admin') and
+ not user.id == request.user.id %}
+ <input type=button class="button_action right_align"
+ value="UnBan User" />
+ {% endif %}
+ <form action="{{ request.urlgen('mediagoblin.moderation.give_or_take_away_privilege',
+ user=user.username) }}"
+ method=post >
+ <table class="admin_side_panel">
+ <tr>
+ <th>{% trans %}Privilege{% endtrans %}</th>
+ <th>{% trans %}User Has Privilege{% endtrans %}</th>
+ </tr>
+ {% for privilege in privileges %}
+ <tr>
+ <td>{{ privilege.privilege_name }}</td>
+ {% if privilege in user.all_privileges %}
+ <td class="user_with_privilege">
+ Yes{% else %}
+ <td class="user_without_privilege">
+ No{% endif %}
+ </td>
+ {% if request.user.has_privilege('admin') %}
+ <td>
+ {% if privilege in user.all_privileges %}
+ <input type=submit id="{{ privilege.privilege_name }}"
+ class="submit_button button_action"
+ value =" -" />
+ {% else %}
+ <input type=submit id="{{ privilege.privilege_name }}"
+ class="submit_button button_action"
+ value ="+" />
+ {% endif %}
+ </td>
+ {% endif %}
+ </tr>
+ {% endfor %}
+ </table>
+ {{ csrf_token }}
+ <input type=hidden name=privilege_name id=hidden_privilege_name />
+ </form>
+ {% endif %}
+ <script>
+$(document).ready(function(){
+ $('.submit_button').click(function(){
+ $('#hidden_privilege_name').val($(this).attr('id'));
+ });
+});
+ </script>
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/moderation/user_panel.html b/mediagoblin/templates/mediagoblin/moderation/user_panel.html
new file mode 100644
index 00000000..6762a844
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/moderation/user_panel.html
@@ -0,0 +1,61 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% block title -%}
+ {% trans %}User panel{% endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+
+<h1>{% trans %}User panel{% endtrans %}</h1>
+
+<p>
+ {% trans %}
+ Here you can look up users in order to take punitive actions on them.
+ {% endtrans %}
+</p>
+
+<h2>{% trans %}Active Users{% endtrans %}</h2>
+
+{% if user_list.count() %}
+ <table class="admin_panel processing">
+ <tr>
+ <th>{% trans %}ID{% endtrans %}</th>
+ <th>{% trans %}Username{% endtrans %}</th>
+ <th>{% trans %}When Joined{% endtrans %}</th>
+ <th>{% trans %}# of Comments Posted{% endtrans %}</th>
+ </tr>
+ {% for user in user_list %}
+ <tr>
+ <td>{{ user.id }}</td>
+ <td>
+ <a href="{{ request.urlgen('mediagoblin.moderation.users_detail',
+ user= user.username) }}">
+ {{ user.username }}
+ </a>
+ </td>
+ <td>{{ user.created.strftime("%F %R") }}</td>
+ <td>{{ user.posted_comments.count() }}</td>
+ </tr>
+ {% endfor %}
+ </table>
+{% else %}
+ <p><em>{% trans %}No users found.{% endtrans %}</em></p>
+{% endif %}
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/collection.html b/mediagoblin/templates/mediagoblin/user_pages/collection.html
index 5a7baadd..87635dcb 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/collection.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/collection.html
@@ -45,7 +45,7 @@
{%- endtrans %}
</h1>
{% if request.user and (collection.creator == request.user.id or
- request.user.is_admin) %}
+ request.user.has_privilege(u'admin')) %}
{% set edit_url = request.urlgen('mediagoblin.edit.edit_collection',
user=collection.get_creator.username,
collection=collection.slug) %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 39935b40..e161afc9 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -72,7 +72,7 @@
</h2>
{% if request.user and
(media.uploader == request.user.id or
- request.user.is_admin) %}
+ request.user.has_privilege('admin')) %}
{% set edit_url = request.urlgen('mediagoblin.edit.edit_media',
user= media.get_uploader.username,
media_id=media.id) %}
@@ -146,6 +146,17 @@
{{ comment.content_html }}
{%- endautoescape %}
</div>
+ <div>
+ <a {% if not request.user -%}
+ href="{{ request.urlgen('mediagoblin.auth.login') }}"
+ {%- else %}
+ href="{{ request.urlgen('mediagoblin.user_pages.media_home.report_comment',
+ user=media.get_uploader.username,
+ media=media.slug_or_id,
+ comment=comment.id) }}"
+ {%- endif %}>
+ {% trans %} Report {% endtrans %}</a>
+ </div>
</li>
{% endfor %}
</ul>
@@ -170,6 +181,8 @@
{% include "mediagoblin/utils/collections.html" %}
+ {% include "mediagoblin/utils/report.html" %}
+
{% include "mediagoblin/utils/license.html" %}
{% include "mediagoblin/utils/exif.html" %}
@@ -189,7 +202,7 @@
{%- if app_config['allow_attachments']
and request.user
and (media.uploader == request.user.id
- or request.user.is_admin) %}
+ or request.user.has_privilege('admin')) %}
{%- if not media.attachment_files|count %}
<h3>{% trans %}Attachments{% endtrans %}</h3>
{%- endif %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/report.html b/mediagoblin/templates/mediagoblin/user_pages/report.html
new file mode 100644
index 00000000..cd5e6f59
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/user_pages/report.html
@@ -0,0 +1,83 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{%- extends "mediagoblin/base.html" %}
+{%- import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+{%- block mediagoblin_content -%}
+{% trans %}<h2>File a Report</h2>{% endtrans %}
+<form action="" method=POST >
+ {% if comment is defined %}
+ <h3>{% trans %}Reporting this Comment{% endtrans %}</h3>
+ {%- set comment_author = comment.get_author %}
+ {%- set comment_author_url = request.urlgen(
+ 'mediagoblin.user_pages.user_home',
+ user=comment_author.username) %}
+ {%- set comment_url = request.urlgen(
+ 'mediagoblin.user_pages.media_home.view_comment',
+ comment=comment.id,
+ user=media.get_uploader.username,
+ media=media.slug_or_id) %}
+ <div id="comment-{{ comment.id }}"
+ class="comment_wrapper">
+ <div class="comment_author">
+ <img
+ src="{{ request.staticdirect('/images/icon_comment.png') }}" />
+ <a href="{{ comment_author_url }}"
+ class="comment_authorlink">
+ {{- comment_author.username -}}
+ </a>
+ <a href="{{ comment_url }}"
+ class="comment_whenlink">
+ <span
+ title='{{- comment.created.strftime("%I:%M%p %Y-%m-%d") -}}'>
+
+ {%- trans formatted_time=timesince(comment.created) -%}
+ {{ formatted_time }} ago
+ {%- endtrans -%}
+ </span></a>:
+ </div>
+ <div class="comment_content">
+ {% autoescape False -%}
+ {{ comment.content_html }}
+ {%- endautoescape %}
+ </div>
+ </div>
+ {% elif media is defined %}
+ <h3>{% trans %}Reporting this Media Entry{% endtrans %}</h3>
+ <div class="media_thumbnail">
+ <a href="{{ request.urlgen('mediagoblin.user_pages.media_home',
+ user=media.get_uploader.username,
+ media=media.slug_or_id) }}">
+ <img src="{{ media.thumb_url }}"/></a>
+ <a href="{{ request.urlgen('mediagoblin.user_pages.media_home',
+ user=media.get_uploader.username,
+ media=media.slug_or_id) }}"
+ class=thumb_entry_title>{{ media.title }}</a>
+ </div>
+ <div class=clear></div>
+ {%- trans user_url = request.urlgen('mediagoblin.user_pages.user_home', user=media.get_uploader.username),
+ username = media.get_uploader.username %}
+ ❖ Published by <a href="{{ user_url }}"
+ class="comment_authorlink">{{ username }}</a>
+ {% endtrans %}
+ {%- endif %}
+
+ {{- wtforms_util.render_divs(form) }}
+ {{ csrf_token }}
+ <input type=submit value="{% trans %}File Report {% endtrans %}" />
+</form>
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/user.html b/mediagoblin/templates/mediagoblin/user_pages/user.html
index 71acd66c..de92fb5e 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/user.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/user.html
@@ -111,7 +111,7 @@
<div class="profile_sidebar">
{% include "mediagoblin/utils/profile.html" %}
{% if request.user and
- (request.user.id == user.id or request.user.is_admin) %}
+ (request.user.id == user.id or request.user.has_privilege('admin')) %}
<a href="{{ request.urlgen('mediagoblin.edit.profile',
user=user.username) }}">
{%- trans %}Edit profile{% endtrans -%}
diff --git a/mediagoblin/templates/mediagoblin/utils/collection_gallery.html b/mediagoblin/templates/mediagoblin/utils/collection_gallery.html
index dcc59244..24bf6832 100644
--- a/mediagoblin/templates/mediagoblin/utils/collection_gallery.html
+++ b/mediagoblin/templates/mediagoblin/utils/collection_gallery.html
@@ -39,7 +39,7 @@
{% endif %}
{% if request.user and
(item.in_collection.creator == request.user.id or
- request.user.is_admin) %}
+ request.user.has_privilege(u'admin')) %}
{%- set remove_url=request.urlgen(
'mediagoblin.user_pages.collection_item_confirm_remove',
user=item.in_collection.get_creator.username,
diff --git a/mediagoblin/templates/mediagoblin/utils/report.html b/mediagoblin/templates/mediagoblin/utils/report.html
new file mode 100644
index 00000000..4108cd82
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/utils/report.html
@@ -0,0 +1,33 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+
+{% block report_content -%}
+ <p>
+ <a
+ {% if not request.user -%}
+ href="{{ request.urlgen('mediagoblin.auth.login') }}"
+ {% else %}
+ href="{{ request.urlgen('mediagoblin.user_pages.media_home.report_media',
+ user=media.get_uploader.username,
+ media=media.slug_or_id) }}"
+ {% endif %}
+ class="button_action" id="button_reportmedia" title="Report media">
+ {% trans %}Report media{% endtrans %}
+ </a>
+ </p>
+{% endblock %}
diff --git a/mediagoblin/tests/test_api.py b/mediagoblin/tests/test_api.py
index 89cf1026..eb9c0fd4 100644
--- a/mediagoblin/tests/test_api.py
+++ b/mediagoblin/tests/test_api.py
@@ -25,6 +25,7 @@ from mediagoblin.tools import template, pluginapi
from mediagoblin.tests.tools import fixture_add_user
from .resources import GOOD_JPG, GOOD_PNG, EVIL_FILE, EVIL_JPG, EVIL_PNG, \
BIG_BLUE
+from mediagoblin.db.models import Privilege
_log = logging.getLogger(__name__)
@@ -35,7 +36,8 @@ class TestAPI(object):
self.db = mg_globals.database
self.user_password = u'4cc355_70k3N'
- self.user = fixture_add_user(u'joapi', self.user_password)
+ self.user = fixture_add_user(u'joapi', self.user_password,
+ privileges=[u'active',u'uploader'])
def login(self, test_app):
test_app.post(
diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py
index 61503d32..7d7748ac 100644
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@@ -83,18 +83,18 @@ def test_register_views(test_app):
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
- 'username': u'happygirl',
- 'password': 'iamsohappy',
- 'email': 'happygrrl@example.org'})
+ 'username': u'angrygirl',
+ 'password': 'iamsoangry',
+ 'email': 'angrygrrl@example.org'})
response.follow()
## Did we redirect to the proper page? Use the right template?
- assert urlparse.urlsplit(response.location)[2] == '/u/happygirl/'
+ assert urlparse.urlsplit(response.location)[2] == '/u/angrygirl/'
assert 'mediagoblin/user_pages/user.html' in template.TEMPLATE_TEST_CONTEXT
## Make sure user is in place
new_user = mg_globals.database.User.query.filter_by(
- username=u'happygirl').first()
+ username=u'angrygirl').first()
assert new_user
assert new_user.status == u'needs_email_verification'
assert new_user.email_verified == False
@@ -107,7 +107,7 @@ def test_register_views(test_app):
## Make sure we get email confirmation, and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
- assert message['To'] == 'happygrrl@example.org'
+ assert message['To'] == 'angrygrrl@example.org'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/verification_email.txt']
assert email_context['verification_url'] in message.get_payload(decode=True)
@@ -129,7 +129,7 @@ def test_register_views(test_app):
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.User.query.filter_by(
- username=u'happygirl').first()
+ username=u'angrygirl').first()
assert new_user
assert new_user.status == u'needs_email_verification'
assert new_user.email_verified == False
@@ -143,7 +143,7 @@ def test_register_views(test_app):
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.User.query.filter_by(
- username=u'happygirl').first()
+ username=u'angrygirl').first()
assert new_user
assert new_user.status == u'active'
assert new_user.email_verified == True
@@ -154,9 +154,9 @@ def test_register_views(test_app):
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
- 'username': u'happygirl',
- 'password': 'iamsohappy2',
- 'email': 'happygrrl2@example.org'})
+ 'username': u'angrygirl',
+ 'password': 'iamsoangry2',
+ 'email': 'angrygrrl2@example.org'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
@@ -171,7 +171,7 @@ def test_register_views(test_app):
template.clear_test_template_context()
response = test_app.post(
'/auth/forgot_password/',
- {'username': u'happygirl'})
+ {'username': u'angrygirl'})
response.follow()
## Did we redirect to the proper page? Use the right template?
@@ -181,7 +181,7 @@ def test_register_views(test_app):
## Make sure link to change password is sent by email
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
- assert message['To'] == 'happygrrl@example.org'
+ assert message['To'] == 'angrygrrl@example.org'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/fp_verification_email.txt']
#TODO - change the name of verification_url to something forgot-password-ish
@@ -210,7 +210,7 @@ def test_register_views(test_app):
template.clear_test_template_context()
response = test_app.post(
'/auth/forgot_password/verify/', {
- 'password': 'iamveryveryhappy',
+ 'password': 'iamveryveryangry',
'token': parsed_get_params['token']})
response.follow()
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
@@ -219,8 +219,8 @@ def test_register_views(test_app):
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
- 'username': u'happygirl',
- 'password': 'iamveryveryhappy'})
+ 'username': u'angrygirl',
+ 'password': 'iamveryveryangry'})
# User should be redirected
response.follow()
@@ -233,7 +233,7 @@ def test_authentication_views(test_app):
Test logging in and logging out
"""
# Make a new user
- test_user = fixture_add_user(active_user=False)
+ test_user = fixture_add_user()
# Get login
diff --git a/mediagoblin/tests/test_modelmethods.py b/mediagoblin/tests/test_modelmethods.py
index 427aa47c..77d375b7 100644
--- a/mediagoblin/tests/test_modelmethods.py
+++ b/mediagoblin/tests/test_modelmethods.py
@@ -18,7 +18,7 @@
# methods, and so it makes sense to test them here.
from mediagoblin.db.base import Session
-from mediagoblin.db.models import MediaEntry
+from mediagoblin.db.models import MediaEntry, User, Privilege
from mediagoblin.tests.tools import fixture_add_user
@@ -151,6 +151,46 @@ class TestMediaEntrySlugs(object):
qbert_entry.generate_slug()
assert qbert_entry.slug is None
+class TestUserHasPrivilege:
+ def _setup(self):
+ self.natalie_user = fixture_add_user(u'natalie')
+ self.aeva_user = fixture_add_user(u'aeva')
+ self.natalie_user.all_privileges += [
+ Privilege.query.filter(
+ Privilege.privilege_name == u'admin').one(),
+ Privilege.query.filter(
+ Privilege.privilege_name == u'moderator').one()]
+ self.aeva_user.all_privileges += [
+ Privilege.query.filter(
+ Privilege.privilege_name == u'moderator').one()]
+
+ def test_privilege_added_correctly(self, test_app):
+ self._setup()
+ admin = Privilege.query.filter(
+ Privilege.privilege_name == u'admin').one()
+ # first make sure the privileges were added successfully
+
+ assert admin in self.natalie_user.all_privileges
+ assert admin not in self.aeva_user.all_privileges
+
+ def test_user_has_privilege_one(self, test_app):
+ self._setup()
+
+ # then test out the user.has_privilege method for one privilege
+ assert not natalie_user.has_privilege(u'commenter')
+ assert aeva_user.has_privilege(u'active')
+
+
+ def test_user_has_privileges_multiple(self, test_app):
+ self._setup()
+
+ # when multiple args are passed to has_privilege, the method returns
+ # True if the user has ANY of the privileges
+ assert natalie_user.has_privilege(u'admin',u'commenter')
+ assert aeva_user.has_privilege(u'moderator',u'active')
+ assert not natalie_user.has_privilege(u'commenter',u'uploader')
+
+
def test_media_data_init(test_app):
Session.rollback()
@@ -165,3 +205,4 @@ def test_media_data_init(test_app):
obj_in_session += 1
print repr(obj)
assert obj_in_session == 0
+
diff --git a/mediagoblin/tests/test_oauth2.py b/mediagoblin/tests/test_oauth2.py
index 86f9e8cc..957f4e65 100644
--- a/mediagoblin/tests/test_oauth2.py
+++ b/mediagoblin/tests/test_oauth2.py
@@ -38,7 +38,8 @@ class TestOAuth(object):
self.pman = pluginapi.PluginManager()
self.user_password = u'4cc355_70k3N'
- self.user = fixture_add_user(u'joauth', self.user_password)
+ self.user = fixture_add_user(u'joauth', self.user_password,
+ privileges=[u'active'])
self.login()
diff --git a/mediagoblin/tests/tools.py b/mediagoblin/tests/tools.py
index 98361adc..ec17d791 100644
--- a/mediagoblin/tests/tools.py
+++ b/mediagoblin/tests/tools.py
@@ -25,7 +25,7 @@ from webtest import TestApp
from mediagoblin import mg_globals
from mediagoblin.db.models import User, MediaEntry, Collection, MediaComment, \
- CommentSubscription, CommentNotification
+ CommentSubscription, CommentNotification, Privilege
from mediagoblin.tools import testing
from mediagoblin.init.config import read_mediagoblin_config
from mediagoblin.db.base import Session
@@ -170,7 +170,7 @@ def assert_db_meets_expected(db, expected):
def fixture_add_user(username=u'chris', password=u'toast',
- active_user=True, wants_comment_notification=True):
+ privileges=[], wants_comment_notification=True):
# Reuse existing user or create a new one
test_user = User.query.filter_by(username=username).first()
if test_user is None:
@@ -179,14 +179,13 @@ def fixture_add_user(username=u'chris', password=u'toast',
test_user.email = username + u'@example.com'
if password is not None:
test_user.pw_hash = gen_password_hash(password)
- if active_user:
- test_user.email_verified = True
- test_user.status = u'active'
-
test_user.wants_comment_notification = wants_comment_notification
+ for privilege in privileges:
+ query = Privilege.query.filter(Privilege.privilege_name==privilege)
+ if query.count():
+ test_user.all_privileges.append(query.one())
test_user.save()
-
# Reload
test_user = User.query.filter_by(username=username).first()
diff --git a/mediagoblin/tools/response.py b/mediagoblin/tools/response.py
index b0401e08..a8cf1df9 100644
--- a/mediagoblin/tools/response.py
+++ b/mediagoblin/tools/response.py
@@ -21,6 +21,8 @@ from werkzeug.wrappers import Response as wz_Response
from mediagoblin.tools.template import render_template
from mediagoblin.tools.translate import (lazy_pass_to_ugettext as _,
pass_to_ugettext)
+from mediagoblin.db.models import UserBan, User
+from datetime import datetime
class Response(wz_Response):
"""Set default response mimetype to HTML, otherwise we get text/plain"""
@@ -71,6 +73,19 @@ def render_404(request):
"you're looking for has been moved or deleted.")
return render_error(request, 404, err_msg=err_msg)
+def render_user_banned(request):
+ """Renders the page which tells a user they have been banned, for how long
+ and the reason why they have been banned"
+ """
+ user_ban = UserBan.query.get(request.user.id)
+ if datetime.now()>user_ban.expiration_date:
+ user_ban.delete()
+ redirect(request,
+ 'index')
+ return render_to_response(request,
+ 'mediagoblin/banned.html',
+ {'reason':user_ban.reason,
+ 'expiration_date':user_ban.expiration_date})
def render_http_exception(request, exc, description):
"""Return Response() given a werkzeug.HTTPException
diff --git a/mediagoblin/user_pages/forms.py b/mediagoblin/user_pages/forms.py
index ac8084c5..eb786f47 100644
--- a/mediagoblin/user_pages/forms.py
+++ b/mediagoblin/user_pages/forms.py
@@ -49,3 +49,15 @@ class MediaCollectForm(wtforms.Form):
description=_("""You can use
<a href="http://daringfireball.net/projects/markdown/basics" target="_blank">
Markdown</a> for formatting."""))
+
+class CommentReportForm(wtforms.Form):
+ report_reason = wtforms.TextAreaField(
+ _('Reason for Reporting'),
+ [wtforms.validators.Required()])
+ reporter_id = wtforms.HiddenField('')
+
+class MediaReportForm(wtforms.Form):
+ report_reason = wtforms.TextAreaField(
+ _('Reason for Reporting'),
+ [wtforms.validators.Required()])
+ reporter_id = wtforms.HiddenField('')
diff --git a/mediagoblin/user_pages/lib.py b/mediagoblin/user_pages/lib.py
index 2f47e4b1..7f03fcd3 100644
--- a/mediagoblin/user_pages/lib.py
+++ b/mediagoblin/user_pages/lib.py
@@ -19,7 +19,9 @@ from mediagoblin.tools.template import render_template
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin import mg_globals
from mediagoblin.db.base import Session
-from mediagoblin.db.models import CollectionItem
+from mediagoblin.db.models import (CollectionItem, MediaReport, CommentReport,
+ MediaComment, MediaEntry)
+from mediagoblin.user_pages import forms as user_forms
def send_comment_email(user, comment, media, request):
@@ -75,3 +77,34 @@ def add_media_to_collection(collection, media, note=None, commit=True):
if commit:
Session.commit()
+
+def build_report_object(report_form, media_entry=None, comment=None):
+ """
+ This function is used to convert a form object (from a User filing a
+ report) into either a MediaReport or CommentReport object.
+
+ :param report_form should be a MediaReportForm or a CommentReportForm
+ object
+ :param
+
+ :returns either of MediaReport or a CommentReport object that has not been
+ saved. In case of an improper form_dict, returns None
+ """
+
+ if report_form.validate() and comment is not None:
+ report_object = CommentReport()
+ report_object.comment_id = comment.id
+ report_object.reported_user_id = MediaComment.query.get(
+ comment.id).get_author.id
+ elif report_form.validate() and media_entry is not None:
+ report_object = MediaReport()
+ report_object.media_entry_id = media_entry.id
+ report_object.reported_user_id = MediaEntry.query.get(
+ media_entry.id).get_uploader.id
+ else:
+ return None
+
+ report_object.report_content = report_form.report_reason.data
+ report_object.reporter_id = report_form.reporter_id.data
+ return report_object
+
diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py
index b1dde397..b535bbf2 100644
--- a/mediagoblin/user_pages/routing.py
+++ b/mediagoblin/user_pages/routing.py
@@ -23,6 +23,10 @@ add_route('mediagoblin.user_pages.media_home',
'/u/<string:user>/m/<string:media>/',
'mediagoblin.user_pages.views:media_home')
+add_route('mediagoblin.user_pages.media_home.report_media',
+ '/u/<string:user>/m/<string:media>/report/',
+ 'mediagoblin.user_pages.views:file_a_report')
+
add_route('mediagoblin.user_pages.media_confirm_delete',
'/u/<string:user>/m/<int:media_id>/confirm-delete/',
'mediagoblin.user_pages.views:media_confirm_delete')
@@ -44,6 +48,10 @@ add_route('mediagoblin.user_pages.media_home.view_comment',
'/u/<string:user>/m/<string:media>/c/<int:comment>/',
'mediagoblin.user_pages.views:media_home')
+add_route('mediagoblin.user_pages.media_home.report_comment',
+ '/u/<string:user>/m/<string:media>/c/<int:comment>/report/',
+ 'mediagoblin.user_pages.views:file_a_comment_report')
+
# User's tags gallery
add_route('mediagoblin.user_pages.user_tag_gallery',
'/u/<string:user>/tag/<string:tag>/',
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py
index 49691a29..00fcf282 100644
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@@ -20,20 +20,24 @@ import json
from mediagoblin import messages, mg_globals
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
- CollectionItem, User)
+ CollectionItem, User, MediaComment,
+ CommentReport, MediaReport)
from mediagoblin.tools.response import render_to_response, render_404, \
redirect, redirect_obj
from mediagoblin.tools.text import cleaned_markdown_conversion
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.pagination import Pagination
from mediagoblin.user_pages import forms as user_forms
-from mediagoblin.user_pages.lib import add_media_to_collection
+from mediagoblin.user_pages.lib import (send_comment_email,
+ add_media_to_collection, build_report_object)
from mediagoblin.notifications import trigger_notification, \
add_comment_subscription, mark_comment_notification_seen
+
from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
- get_media_entry_by_id,
+ get_media_entry_by_id, user_has_privilege,
require_active_login, user_may_delete_media, user_may_alter_collection,
- get_user_collection, get_user_collection_item, active_user_from_url)
+ get_user_collection, get_user_collection_item, active_user_from_url,
+ get_media_comment_by_id, user_not_banned)
from werkzeug.contrib.atom import AtomFeed
from werkzeug.exceptions import MethodNotAllowed
@@ -43,7 +47,7 @@ from werkzeug.wrappers import Response
_log = logging.getLogger(__name__)
_log.setLevel(logging.DEBUG)
-
+@user_not_banned
@uses_pagination
def user_home(request, page):
"""'Homepage' of a User()"""
@@ -82,7 +86,7 @@ def user_home(request, page):
'media_entries': media_entries,
'pagination': pagination})
-
+@user_not_banned
@active_user_from_url
@uses_pagination
def user_gallery(request, page, url_user=None):
@@ -117,7 +121,7 @@ def user_gallery(request, page, url_user=None):
MEDIA_COMMENTS_PER_PAGE = 50
-
+@user_not_banned
@get_user_media_entry
@uses_pagination
def media_home(request, media, page, **kwargs):
@@ -168,7 +172,6 @@ def media_post_comment(request, media):
comment = request.db.MediaComment()
comment.media_entry = media.id
comment.author = request.user.id
- print request.form['comment_content']
comment.content = unicode(request.form['comment_content'])
# Show error message if commenting is disabled.
@@ -195,19 +198,7 @@ def media_post_comment(request, media):
return redirect_obj(request, media)
-
-
-def media_preview_comment(request):
- """Runs a comment through markdown so it can be previewed."""
- # If this isn't an ajax request, render_404
- if not request.is_xhr:
- return render_404(request)
-
- comment = unicode(request.form['comment_content'])
- cleancomment = { "content":cleaned_markdown_conversion(comment)}
-
- return Response(json.dumps(cleancomment))
-
+@user_not_banned
@get_media_entry_by_id
@require_active_login
def media_collect(request, media):
@@ -286,6 +277,7 @@ def media_collect(request, media):
#TODO: Why does @user_may_delete_media not implicate @require_active_login?
+@user_not_banned
@get_media_entry_by_id
@require_active_login
@user_may_delete_media
@@ -314,7 +306,7 @@ def media_confirm_delete(request, media):
_("The media was not deleted because you didn't check that you were sure."))
return redirect_obj(request, media)
- if ((request.user.is_admin and
+ if ((request.user.has_privilege(u'admin') and
request.user.id != media.uploader)):
messages.add_message(
request, messages.WARNING,
@@ -327,7 +319,7 @@ def media_confirm_delete(request, media):
{'media': media,
'form': form})
-
+@user_not_banned
@active_user_from_url
@uses_pagination
def user_collection(request, page, url_user=None):
@@ -357,7 +349,7 @@ def user_collection(request, page, url_user=None):
'collection_items': collection_items,
'pagination': pagination})
-
+@user_not_banned
@active_user_from_url
def collection_list(request, url_user=None):
"""A User-defined Collection"""
@@ -400,7 +392,7 @@ def collection_item_confirm_remove(request, collection_item):
return redirect_obj(request, collection)
- if ((request.user.is_admin and
+ if ((request.user.has_privilege(u'admin') and
request.user.id != collection_item.in_collection.creator)):
messages.add_message(
request, messages.WARNING,
@@ -413,7 +405,7 @@ def collection_item_confirm_remove(request, collection_item):
{'collection_item': collection_item,
'form': form})
-
+@user_not_banned
@get_user_collection
@require_active_login
@user_may_alter_collection
@@ -448,7 +440,7 @@ def collection_confirm_delete(request, collection):
return redirect_obj(request, collection)
- if ((request.user.is_admin and
+ if ((request.user.has_privilege(u'admin') and
request.user.id != collection.creator)):
messages.add_message(
request, messages.WARNING,
@@ -597,7 +589,7 @@ def collection_atom_feed(request):
return feed.get_response()
-
+@user_not_banned
@require_active_login
def processing_panel(request):
"""
@@ -609,7 +601,7 @@ def processing_panel(request):
#
# Make sure we have permission to access this user's panel. Only
# admins and this user herself should be able to do so.
- if not (user.id == request.user.id or request.user.is_admin):
+ if not (user.id == request.user.id or request.user.has_privilege(u'admin')):
# No? Simply redirect to this user's homepage.
return redirect(
request, 'mediagoblin.user_pages.user_home',
@@ -641,3 +633,43 @@ def processing_panel(request):
'processing_entries': processing_entries,
'failed_entries': failed_entries,
'processed_entries': processed_entries})
+
+@require_active_login
+@get_user_media_entry
+@user_has_privilege(u'reporter')
+def file_a_report(request, media, comment=None):
+ if comment is not None:
+ form = user_forms.CommentReportForm(request.form)
+ form.reporter_id.data = request.user.id
+ context = {'media': media,
+ 'comment':comment,
+ 'form':form}
+ else:
+ form = user_forms.MediaReportForm(request.form)
+ form.reporter_id.data = request.user.id
+ context = {'media': media,
+ 'form':form}
+
+ if request.method == "POST":
+ report_table = build_report_object(form,
+ media_entry=media,
+ comment=comment)
+
+ # if the object was built successfully, report_table will not be None
+ if report_table:
+ report_table.save()
+ return redirect(
+ request,
+ 'index')
+
+
+ return render_to_response(
+ request,
+ 'mediagoblin/user_pages/report.html',
+ context)
+
+@require_active_login
+@get_user_media_entry
+@get_media_comment_by_id
+def file_a_comment_report(request, media, comment):
+ return file_a_report(request, comment=comment)
diff --git a/mediagoblin/views.py b/mediagoblin/views.py
index 6acd7e96..595f2725 100644
--- a/mediagoblin/views.py
+++ b/mediagoblin/views.py
@@ -18,10 +18,10 @@ from mediagoblin import mg_globals
from mediagoblin.db.models import MediaEntry
from mediagoblin.tools.pagination import Pagination
from mediagoblin.tools.response import render_to_response
-from mediagoblin.decorators import uses_pagination
-
+from mediagoblin.decorators import uses_pagination, user_not_banned
+@user_not_banned
@uses_pagination
def root_view(request, page):
cursor = MediaEntry.query.filter_by(state=u'processed').\