diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 2e7ad386..34a471cb 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -15,6 +15,7 @@ # along with this program. If not, see . +from bson.errors import InvalidId from webob import exc from mediagoblin.db.util import ObjectId @@ -65,20 +66,31 @@ def uses_pagination(controller): return _make_safe(wrapper, controller) -def get_media_entry(controller): +def get_user_media_entry(controller): """ Pass in a MediaEntry based off of a url component """ def wrapper(request, *args, **kwargs): + user = request.db.User.find_one( + {'username': request.matchdict['user']}) + + if not user: + return exc.HTTPNotFound() + media = request.db.MediaEntry.find_one( {'slug': request.matchdict['media'], - 'state': 'processed'}) + 'state': 'processed', + 'uploader._id': user['_id']}) # no media via slug? Grab it via ObjectId if not media: - media = request.db.MediaEntry.find_one( - {'_id': ObjectId(request.matchdict['media']), - 'state': 'processed'}) + try: + media = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media']), + 'state': 'processed', + 'uploader._id': user['_id']}) + except InvalidId: + return exc.HTTPNotFound() # Still no media? Okay, 404. if not media: diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 0803749a..4a570579 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -18,7 +18,7 @@ from webob import Response, exc from mediagoblin.db.util import DESCENDING from mediagoblin.util import Pagination -from mediagoblin.decorators import uses_pagination, get_media_entry +from mediagoblin.decorators import uses_pagination, get_user_media_entry @uses_pagination @@ -52,7 +52,7 @@ def user_home(request, page): 'pagination': pagination})) -@get_media_entry +@get_user_media_entry def media_home(request, media): """'Homepage' of a MediaEntry()""" # Check that media uploader and user correspond.