heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make sure that a MediaEntry does belong to this appropriate user in

Browse Source 
the decorator.  (Thanks Elrond)
This commit is contained in:
Christopher Allan Webber 2011-05-20 19:12:32 -05:00
parent 571198c938
commit 01674e105c
2 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mediagoblin/decorators.py
View File

@ -15,6 +15,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from bson.errors import InvalidId
from webob import exc from webob import exc
from mediagoblin.db.util import ObjectId from mediagoblin.db.util import ObjectId
@ -65,20 +66,31 @@ def uses_pagination(controller):
return _make_safe(wrapper, controller) return _make_safe(wrapper, controller)
def get_media_entry(controller): def get_user_media_entry(controller):
""" """
Pass in a MediaEntry based off of a url component Pass in a MediaEntry based off of a url component
""" """
def wrapper(request, *args, **kwargs): def wrapper(request, *args, **kwargs):
user = request.db.User.find_one(
{'username': request.matchdict['user']})
if not user:
return exc.HTTPNotFound()
media = request.db.MediaEntry.find_one( media = request.db.MediaEntry.find_one(
{'slug': request.matchdict['media'], {'slug': request.matchdict['media'],
'state': 'processed'}) 'state': 'processed',
'uploader._id': user['_id']})
# no media via slug? Grab it via ObjectId # no media via slug? Grab it via ObjectId
if not media: if not media:
media = request.db.MediaEntry.find_one( try:
{'_id': ObjectId(request.matchdict['media']), media = request.db.MediaEntry.find_one(
'state': 'processed'}) {'_id': ObjectId(request.matchdict['media']),
'state': 'processed',
'uploader._id': user['_id']})
except InvalidId:
return exc.HTTPNotFound()
# Still no media? Okay, 404. # Still no media? Okay, 404.
if not media: if not media:

4
mediagoblin/user_pages/views.py
View File

@ -18,7 +18,7 @@ from webob import Response, exc
from mediagoblin.db.util import DESCENDING from mediagoblin.db.util import DESCENDING
from mediagoblin.util import Pagination from mediagoblin.util import Pagination
from mediagoblin.decorators import uses_pagination, get_media_entry from mediagoblin.decorators import uses_pagination, get_user_media_entry
@uses_pagination @uses_pagination
@ -52,7 +52,7 @@ def user_home(request, page):
'pagination': pagination})) 'pagination': pagination}))
@get_media_entry @get_user_media_entry
def media_home(request, media): def media_home(request, media):
"""'Homepage' of a MediaEntry()""" """'Homepage' of a MediaEntry()"""
# Check that media uploader and user correspond. # Check that media uploader and user correspond.