| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as to not conflict with the new federated groups which are also being written.
I also fixed up some of the code in the user_in_group/user_has_privilege decor-
ator. Users are now assigned the default privileges when they sign up, and ass-
iged active once they are activated. I updated the gmg command makeadmin to use
my groups as well. Lastly, I added the decorator to various views, requiring th-
at users belong to appropriate groups to access pages.
--\ mediagoblin/auth/tools.py
--| Added code to assign new users to default privileges
--\ mediagoblin/auth/views.py
--| Added code to assign users to u'active' privilege once the email
| verification is complete
--\ mediagoblin/db/migrations.py
--| Renamed Group class to Privilege class
--\ mediagoblin/db/models.py
--| Renamed Group class to Privilege class
--\ mediagoblin/decorators.py
--| Renamed function based on the Group->Privilege change
--| Rewrote the function to be, ya know, functional
--\ mediagoblin/gmg_commands/users.py
--| Changed the 'makeadmin' command to add the target user to the admin
| privilege group as well as affecting 'is_admin' column
--\ mediagoblin/submit/views.py
--| Added the requirement that a user has the 'uploader' privilege in order
| to submit new media.
--\ mediagoblin/user_pages/views.py
--| Added the requirement that a user has the 'commenter' privilege in order
| to make a comment.
--| Added the requirement that a user has the 'reporter' privilege in order
| to submit new reports.
--| Got rid of some vestigial code in the file_a_report function.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code. I added in two major pieces of functionality: table foundations and a
decorator to confirm whether or not a user is a member of a certain group.
Table Foundations are default rows that should be present in a given table as
soon as the database is initialized. For example, I am using these to populate
the core__groups table with all of the necessary groups ('moderator', 'com-
menter', etc). Right now, this is achieved by adding a dictionary of parameters
(with the parameters as lists) to the constant FOUNDATIONS in
mediagoblin.db.models. The keys to this dictionary are uninstantiated classes.
The classes which require foundations also have must have a constructor so that
the list of parameters can be passed appropriately like so:
Model(*parameters)
In order to implement these foundations, I added the method populate_table_fou-
-ndations to MigrationManager in mediagoblin.db.migration_tools.
The decorator, called user_in_group, accepts as a parameter a unicode string,
and then decides whether to redirect to 403 or let the user access the page. The
identifier is the Group.group_name string, because I believe that will allow for
the most readable code.
I also added in the simple decorator require_admin_login.
In terms of tightening up my code, I made many minor changes to my use of white
space and made a few small documentation additions. I removed a vestigial class
(ReportForm) from mediagoblin.user_pages.forms. I moved all of my migrations in-
to one registered Migration.
Setting up Foundations
==============================
--\ mediagoblin/db/migration_tools.py
--| created: MigrationManager.populate_table_foundations
--| modified: MigrationManager.init_or_migrate to run
| self.populate_table_foundations on init
--\ mediagoblin/db/models.py
--| created: FOUNDATIONS
----| created: group_foundations
Working With Permissions
==============================
--\ mediagoblin/decorators.py
--| created: user_in_group
--| created: require_admin_login
--\ mediagoblin/user_pages/views.py
--| modified: added decorator user_in_group to file_a_report
--\ mediagoblin/admin/views.py
--| modified: added decorator require_admin_login to all views functions
General Code Tidying
=============================
--/ mediagoblin/admin/views.py
--/ mediagoblin/user_pages/forms.py
--/ mediagoblin/db/models.py
--/ mediagoblin/user_pages/lib.py
--/ mediagoblin/user_pages/views.py
--/ mediagoblin/db/migrations.py
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lity. At this point, I have finished all the of basic work with the models! I
still need to do some tightening of their documentation, but they seem to be
working well.
Working with Models
========================================
--\ mediagoblin/db/models.py
--| Added in the Report model and table. This model is strictly a parent
----| Added in the CommentReport model which holds information about a report
| filed against a comment. This class inherits from Report.
----| Added in the MediaReport model which holds information about a report f-
| -iled against a media entry. This class inherits from Report.
--| Added in a UserBan model and table. This model is in a one to one relatio-
| -nship with User. This object acts as a marker for whether a user is banned
| or not.
--| Added in a Group model. These objects are in a many-to-many relationship
| with User to explain which privileges a User has.
----| Added in GroupUserAssociation which is a table used to hold this many to
| many relationship between Group & User.
--\ mediagoblin/db/migrations.py
--| Added in the migrations for all of the additions to models
--| Added UserBan_v0
--| Added Report_v0
----| Added CommentReport_v0
----| Added MediaReport_v0
--| Added Group_v0
----| Added GroupUserAssociation_v0
Working with Templates, Views, and Routing
===============================================
>>> Reporting a Comment or a MediaEntry
--\ mediagoblin/user_pages/views.py
--| Added in the function file_a_report to allow user to file reports against
| MediaEntries or Comments. Handles GET and POST requests.
--| Added in the function file_a_comment_report which uses file_a_report but
| also catches appropriate information for comment_ids. I may be able to do
| this more eloquently with decorators.
--\ mediagoblin/user_pages/routing.py
--| Added in route 'mediagoblin.user_pages.media_home.report_media'
| (linked to address /u/<user>/m/<media>/report/ )
--| Added in route ''mediagoblin.user_pages.media_home.report_comment'
| (linked to address /u/<user>/m/<media>/c/<comment>/report/ )
--\ mediagoblin/templates/mediagoblin/user_pages/report.html
--| I created this file to handle the filing of a report.
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--| Modified this file to add in links allowing users to report either media
| or comments.
--\ mediagoblin/user_pages/lib.py
--| Added in build_report_form which processes data as either a CommentReport or
| a MediaReport depending on which parameters are present
--\ mediagoblin/user_pages/forms.py
--| Added in CommentReportForm
--| Added in MediaReportForm
--| note: ReportForm is vestigial to an earlier strategy I used and I'll remove it
| promptly
--\ mediagoblin/decorators.py
--| Added in 'get_media_comment_by_id' for use in mediagoblin/user_pages/views.py
>>> New Admin Panels
--\ mediagoblin/admin/views.py
--| Added in the function admin_users_panel
--| Added in the function admin_reports_panel
--\ mediagoblin/admin/routing.py
--| Added in route 'mediagoblin.admin.users'
| (linked to address '/a/users')
--| Added in route 'mediagoblin.admin.reports'
| (linked to address '/a/reports/')
--\ mediagoblin/templates/admin/user.html
--| Created this file as a template for monitoring users
--\ mediagoblin/templates/admin/report.html
--| Created this file as a template for monitoring reports filed against media or
| comments
|
| | |
|
| |
|
|
|
|
| |
As pointed out, we didn't need that nested if.
This commit sponsored by Paul Kuriakose. Thank you!
|
| |
|
|
|
|
| |
Thanks for pointing this out, Elrond ;)
This commit sponsored by Gerardo Joven Valdivia. Thank you!
|
| |
|
|
|
|
|
|
| |
/u/cwebber/m/4112/
This avoids some potential name collision issues.
This commit sponsored by Asokan Pichai. Thank you!
|
| |
|
|
| |
This commit sponsored by Mats Sjöberg. Thanks!
|
| | |
|
| |
|
|
|
|
|
| |
User fields are always existent, so there is no need to .get() them,
just use them directly.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
1) destroy_self() is a horrible function name, make it "destroy".
workbench.destroy() is descriptive enough.
2) WorkbenchManager.create_workbench() -> WorkbenchManager.create()
We use the pattern "with workbench_manager.create() as workbench:"
No need to mention workbenches three times in a row...
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
| |
This passes in a Workbench() via the 'workbench' keyword argument, and
conveniently cleans it up after the function has finished. 2 out of our 5
backends forgot to clean up their workbench, so this is clearly needed :-).
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We have a bunch of URLs that are more for internal use. At
least they're definitely not intended to be posted
somewhere for long term useage.
When those things affect a media, it's much better to
reference the media by its id. This can't change, ever.
This is better for races.
Like someone posting a comment while the owner
corrects a typo in the slug.
|
| |
|
|
|
|
|
|
|
|
|
| |
Removing the Mongo InvalidID legacy code removed an explicit check for
"int" for the id lookup. This led the @get_user_media_entry decorator to
fail if we looked up a nonexisting non-numerical slug (it tried to query
the id with a string, which failed). Cast id to int and return 404 in
case it is non-numeric which fixes the regression. It does not fix the
underlying problem of slug_or_id lookups that were discussed.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| | |
|
| |
|
|
|
|
|
| |
This was one of the last remaining Mongo holdouts and has been removed from
the tree herewith. Good bye, ObjectId.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
| |
It was a NoOp in our Non-mongo world. So it is safe to remove.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
| |
controllers (view function) raise HttpException's and do not return them.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
| |
Use our own redirect function rather than webobs HttpFound
Also replace HttpForbidden() with webob's Forbidden()
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were refering to model._id in most of the code base as this is
what Mongo uses. However, each use of _id required a) fixup of queries:
e.g. what we did in our find() and find_one() functions moving all
'_id' to 'id'. It also required using AliasFields to make the ._id
attribute available. This all means lots of superfluous fixing and
transitioning in a SQL world.
It will also not work in the long run. Much newer code already refers
to the objects by model.id (e.g. in the oauth plugin), which will break
with Mongo. So let's be honest, rip out the _id mongoism and live with
.id as the one canonical way to address objects.
This commit modifies all users and providers of model._id to use
model.id instead. This patch works with or without Mongo removed first,
but will break Mongo usage (even more than before)
I have not bothered to fixup db.mongo.* and db.sql.convert
(which converts from Mongo to SQL)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
| |
This can be used for URL patterns containing a <user> element. It will look
up the corresponding user among all active users and return a 404 NOT FOUND
page if there is no such active user. It then passes the User() instance as
url_user keyword argument to the decorated view function.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| | |
|
| |
|
|
| |
It now includes the full URI, including GET args, not just the path.
|
| | |
|
| |
|
|
| |
This commit makes test_submission mostly warning-clean.
|
| | |
|
| |
|
|
|
|
| |
media.get_uploader()._id loads a complete user object
without actually needing it, because media.uploader already
has the id!
|
| | |
|
| | |
|
| |
|
|
| |
See http://bugs.foocorp.net/issues/695
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
'remotes/lorochka85/bug852_use_media_slug_instead_of_id'
Conflicts:
mediagoblin/decorators.py
mediagoblin/templates/mediagoblin/user_pages/media.html
mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
|
| | |\ |
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
The .uploader() method conflicts with the uploader database
field. As we're moving to .FIELD for db field access, this
is a relevant conflict.
So renaming .uploader() to .get_uploader()
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Note: Migrations can't use "Dot Notation"!
Migrations run on pymongo, not mongokit.
So they can't use the "Dot Notation".
This isn't really a big issue, as migrations are anyway
quite mongo specific.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
mediagoblin/db/migrations.py
mediagoblin/db/models.py
mediagoblin/user_pages/views.py
mediagoblin/util.py
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Removed trailing whitespace
* Line length < 80 where possible
* Honor conventions on number of blank lines
* Honor conventions about spaces around :, =
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running mediagoblin in a sub path on a web server,
most things inside mediagoblin need the "inside path", but
when generating URLs for the webbrowser, full paths are
needed.
urlgen and routes already do that.
Some (mostly pagination and login) need the URL of the
current page. They used request.path_info. But this is the
"inside" path, not the full.
So now there is request.full_path and its used in various
places.
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Moved `mediagoblin.confirm` stuff to `mediagoblin.user_pages`,
templates too.
* Removed route extension for `mediagoblin.confirm`
* Created `delete_media_files` which deletes all media files
on the public_store when the entry is deleted
* Created a new decorator to check if a user has the permission
to delete an entry.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Instead of import InvalidId from the low level bson module,
first import it in our db.util wrapper and second import it
from pymongo.errors.
|
| |
|
|
|
| |
This is just replacing exc.HTTPFound(location=request.urlgen(...))
by redirect(request, ...). No magic.
|
| |\
| |
| |
| |
| | |
Conflicts:
mediagoblin/templates/mediagoblin/user_pages/media.html
|
| | | |
|
| | |
| |
| |
| | |
their emails.
|
| | |
| |
| |
| | |
to authenticate.
|
