From d4a21d7e746dc1284f44137d1c3e45b7b5ee09c0 Mon Sep 17 00:00:00 2001
From: xray7224 <xray7224@googlemail.com>
Date: Tue, 24 Sep 2013 20:30:51 +0100
Subject: Add basic upload image capabilities

---
 mediagoblin/tools/request.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mediagoblin/tools/request.py')

diff --git a/mediagoblin/tools/request.py b/mediagoblin/tools/request.py
index d4739039..2de0b32f 100644
--- a/mediagoblin/tools/request.py
+++ b/mediagoblin/tools/request.py
@@ -45,7 +45,7 @@ def setup_user_in_request(request):
 
 def decode_request(request):
     """ Decodes a request based on MIME-Type """
-    data = request.get_data()
+    data = request.data
     
     if request.content_type == json_encoded:
         data = json.loads(data)
-- 
cgit v1.2.3


From 967df5eff0c00fe7cd860ebfb297ee1f2e0bcdaf Mon Sep 17 00:00:00 2001
From: Jessica Tallon <jessica@megworld.co.uk>
Date: Thu, 10 Jul 2014 18:17:47 +0100
Subject: Require uploader privileges to upload media to API

---
 mediagoblin/tools/request.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'mediagoblin/tools/request.py')

diff --git a/mediagoblin/tools/request.py b/mediagoblin/tools/request.py
index 2de0b32f..d2cb0f6a 100644
--- a/mediagoblin/tools/request.py
+++ b/mediagoblin/tools/request.py
@@ -16,7 +16,9 @@
 
 import json
 import logging
-from mediagoblin.db.models import User
+
+from mediagoblin.db.models import User, AccessToken
+from mediagoblin.oauth.tools.request import decode_authorization_header
 
 _log = logging.getLogger(__name__)
 
@@ -31,6 +33,18 @@ def setup_user_in_request(request):
     Examine a request and tack on a request.user parameter if that's
     appropriate.
     """
+    # If API request the user will be associated with the access token
+    authorization = decode_authorization_header(request.headers)
+
+    if authorization.get(u"access_token"):
+        # Check authorization header.
+        token = authorization[u"oauth_token"]
+        token = AccessToken.query.filter_by(token=token).first()
+        if token is not None:
+            request.user = token.user
+            return
+
+
     if 'user_id' not in request.session:
         request.user = None
         return
@@ -46,7 +60,7 @@ def setup_user_in_request(request):
 def decode_request(request):
     """ Decodes a request based on MIME-Type """
     data = request.data
-    
+
     if request.content_type == json_encoded:
         data = json.loads(data)
     elif request.content_type == form_encoded or request.content_type == "":
-- 
cgit v1.2.3