This was a simple commit. I changed all references to Groups into Privileges so
as to not conflict with the new federated groups which are also being written. I also fixed up some of the code in the user_in_group/user_has_privilege decor- ator. Users are now assigned the default privileges when they sign up, and ass- iged active once they are activated. I updated the gmg command makeadmin to use my groups as well. Lastly, I added the decorator to various views, requiring th- at users belong to appropriate groups to access pages. --\ mediagoblin/auth/tools.py --| Added code to assign new users to default privileges --\ mediagoblin/auth/views.py --| Added code to assign users to u'active' privilege once the email | verification is complete --\ mediagoblin/db/migrations.py --| Renamed Group class to Privilege class --\ mediagoblin/db/models.py --| Renamed Group class to Privilege class --\ mediagoblin/decorators.py --| Renamed function based on the Group->Privilege change --| Rewrote the function to be, ya know, functional --\ mediagoblin/gmg_commands/users.py --| Changed the 'makeadmin' command to add the target user to the admin | privilege group as well as affecting 'is_admin' column --\ mediagoblin/submit/views.py --| Added the requirement that a user has the 'uploader' privilege in order | to submit new media. --\ mediagoblin/user_pages/views.py --| Added the requirement that a user has the 'commenter' privilege in order | to make a comment. --| Added the requirement that a user has the 'reporter' privilege in order | to submit new reports. --| Got rid of some vestigial code in the file_a_report function.
This commit is contained in:
parent
9b8ef022ef
commit
3fb96fc978
@ -22,7 +22,7 @@ from sqlalchemy import or_
|
|||||||
|
|
||||||
from mediagoblin import mg_globals
|
from mediagoblin import mg_globals
|
||||||
from mediagoblin.auth import lib as auth_lib
|
from mediagoblin.auth import lib as auth_lib
|
||||||
from mediagoblin.db.models import User
|
from mediagoblin.db.models import User, Privilege
|
||||||
from mediagoblin.tools.mail import (normalize_email, send_email,
|
from mediagoblin.tools.mail import (normalize_email, send_email,
|
||||||
email_debug_message)
|
email_debug_message)
|
||||||
from mediagoblin.tools.template import render_template
|
from mediagoblin.tools.template import render_template
|
||||||
@ -130,6 +130,14 @@ def register_user(request, register_form):
|
|||||||
user.verification_key = unicode(uuid.uuid4())
|
user.verification_key = unicode(uuid.uuid4())
|
||||||
user.save()
|
user.save()
|
||||||
|
|
||||||
|
# give the user the default privileges
|
||||||
|
default_privileges = [
|
||||||
|
Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
|
||||||
|
Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
|
||||||
|
Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
|
||||||
|
user.all_privileges += default_privileges
|
||||||
|
user.save()
|
||||||
|
|
||||||
# log the user in
|
# log the user in
|
||||||
request.session['user_id'] = unicode(user.id)
|
request.session['user_id'] = unicode(user.id)
|
||||||
request.session.save()
|
request.session.save()
|
||||||
|
@ -18,7 +18,7 @@ import uuid
|
|||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
from mediagoblin import messages, mg_globals
|
from mediagoblin import messages, mg_globals
|
||||||
from mediagoblin.db.models import User
|
from mediagoblin.db.models import User, Privilege
|
||||||
from mediagoblin.tools.response import render_to_response, redirect, render_404
|
from mediagoblin.tools.response import render_to_response, redirect, render_404
|
||||||
from mediagoblin.tools.translate import pass_to_ugettext as _
|
from mediagoblin.tools.translate import pass_to_ugettext as _
|
||||||
from mediagoblin.tools.mail import email_debug_message
|
from mediagoblin.tools.mail import email_debug_message
|
||||||
@ -124,6 +124,9 @@ def verify_email(request):
|
|||||||
user.status = u'active'
|
user.status = u'active'
|
||||||
user.email_verified = True
|
user.email_verified = True
|
||||||
user.verification_key = None
|
user.verification_key = None
|
||||||
|
user.all_privileges.append(
|
||||||
|
Privilege.query.filter(
|
||||||
|
Privilege.privilege_name==u'active').first())
|
||||||
|
|
||||||
user.save()
|
user.save()
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ from sqlalchemy.sql import and_
|
|||||||
from migrate.changeset.constraint import UniqueConstraint
|
from migrate.changeset.constraint import UniqueConstraint
|
||||||
|
|
||||||
from mediagoblin.db.migration_tools import RegisterMigration, inspect_table
|
from mediagoblin.db.migration_tools import RegisterMigration, inspect_table
|
||||||
from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Group
|
from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment, Privilege
|
||||||
|
|
||||||
MIGRATIONS = {}
|
MIGRATIONS = {}
|
||||||
|
|
||||||
@ -329,23 +329,23 @@ class UserBan_v0(declarative_base()):
|
|||||||
expiration_date = Column(DateTime)
|
expiration_date = Column(DateTime)
|
||||||
reason = Column(UnicodeText, nullable=False)
|
reason = Column(UnicodeText, nullable=False)
|
||||||
|
|
||||||
class Group_v0(declarative_base()):
|
class Privilege_v0(declarative_base()):
|
||||||
__tablename__ = 'core__groups'
|
__tablename__ = 'core__privileges'
|
||||||
id = Column(Integer, nullable=False, primary_key=True, unique=True)
|
id = Column(Integer, nullable=False, primary_key=True, unique=True)
|
||||||
group_name = Column(Unicode, nullable=False)
|
privilege_name = Column(Unicode, nullable=False)
|
||||||
|
|
||||||
class GroupUserAssociation_v0(declarative_base()):
|
class PrivilegeUserAssociation_v0(declarative_base()):
|
||||||
__tablename__ = 'core__group_user_associations'
|
__tablename__ = 'core__privileges_users'
|
||||||
|
|
||||||
group_id = Column(
|
group_id = Column(
|
||||||
'core__group_id',
|
'core__privilege_id',
|
||||||
Integer,
|
Integer,
|
||||||
ForeignKey(User.id),
|
ForeignKey(User.id),
|
||||||
primary_key=True)
|
primary_key=True)
|
||||||
user_id = Column(
|
user_id = Column(
|
||||||
'core__user_id',
|
'core__user_id',
|
||||||
Integer,
|
Integer,
|
||||||
ForeignKey(Group.id),
|
ForeignKey(Privilege.id),
|
||||||
primary_key=True)
|
primary_key=True)
|
||||||
|
|
||||||
@RegisterMigration(11, MIGRATIONS)
|
@RegisterMigration(11, MIGRATIONS)
|
||||||
@ -354,8 +354,8 @@ def create_moderation_tables(db):
|
|||||||
CommentReport_v0.__table__.create(db.bind)
|
CommentReport_v0.__table__.create(db.bind)
|
||||||
MediaReport_v0.__table__.create(db.bind)
|
MediaReport_v0.__table__.create(db.bind)
|
||||||
UserBan_v0.__table__.create(db.bind)
|
UserBan_v0.__table__.create(db.bind)
|
||||||
Group_v0.__table__.create(db.bind)
|
Privilege_v0.__table__.create(db.bind)
|
||||||
GroupUserAssociation_v0.__table__.create(db.bind)
|
PrivilegeUserAssociation_v0.__table__.create(db.bind)
|
||||||
db.commit()
|
db.commit()
|
||||||
|
|
||||||
|
|
||||||
|
@ -559,50 +559,50 @@ class UserBan(Base):
|
|||||||
reason = Column(UnicodeText, nullable=False)
|
reason = Column(UnicodeText, nullable=False)
|
||||||
|
|
||||||
|
|
||||||
class Group(Base):
|
class Privilege(Base):
|
||||||
__tablename__ = 'core__groups'
|
__tablename__ = 'core__privileges'
|
||||||
|
|
||||||
id = Column(Integer, nullable=False, primary_key=True)
|
id = Column(Integer, nullable=False, primary_key=True)
|
||||||
group_name = Column(Unicode, nullable=False, unique=True)
|
privilege_name = Column(Unicode, nullable=False, unique=True)
|
||||||
all_users = relationship(
|
all_users = relationship(
|
||||||
User,
|
User,
|
||||||
backref='all_groups',
|
backref='all_privileges',
|
||||||
secondary="core__group_user_associations")
|
secondary="core__privileges_users")
|
||||||
|
|
||||||
def __init__(self, group_name):
|
def __init__(self, privilege_name):
|
||||||
self.group_name = group_name
|
self.privilege_name = privilege_name
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return "<Group %s>" % (self.group_name)
|
return "<Privilege %s>" % (self.privilege_name)
|
||||||
|
|
||||||
class GroupUserAssociation(Base):
|
class PrivilegeUserAssociation(Base):
|
||||||
__tablename__ = 'core__group_user_associations'
|
__tablename__ = 'core__privileges_users'
|
||||||
|
|
||||||
group_id = Column(
|
privilege_id = Column(
|
||||||
'core__group_id',
|
'core__privilege_id',
|
||||||
Integer,
|
Integer,
|
||||||
ForeignKey(User.id),
|
ForeignKey(User.id),
|
||||||
primary_key=True)
|
primary_key=True)
|
||||||
user_id = Column(
|
user_id = Column(
|
||||||
'core__user_id',
|
'core__user_id',
|
||||||
Integer,
|
Integer,
|
||||||
ForeignKey(Group.id),
|
ForeignKey(Privilege.id),
|
||||||
primary_key=True)
|
primary_key=True)
|
||||||
|
|
||||||
|
|
||||||
group_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
|
privilege_foundations = [[u'admin'], [u'moderator'], [u'commenter'], [u'uploader'],[u'reporter'],[u'active']]
|
||||||
|
|
||||||
MODELS = [
|
MODELS = [
|
||||||
User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem,
|
User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem,
|
||||||
MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase,
|
MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase,
|
||||||
CommentReport, MediaReport, UserBan, Group, GroupUserAssociation]
|
CommentReport, MediaReport, UserBan, Privilege, PrivilegeUserAssociation]
|
||||||
|
|
||||||
# Foundations are the default rows that are created immediately after the tables are initialized. Each entry to
|
# Foundations are the default rows that are created immediately after the tables are initialized. Each entry to
|
||||||
# this dictionary should be in the format of
|
# this dictionary should be in the format of
|
||||||
# ModelObject:List of Rows
|
# ModelObject:List of Rows
|
||||||
# (Each Row must be a list of parameters that can create and instance of the ModelObject)
|
# (Each Row must be a list of parameters that can create and instance of the ModelObject)
|
||||||
#
|
#
|
||||||
FOUNDATIONS = {Group:group_foundations}
|
FOUNDATIONS = {Privilege:privilege_foundations}
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
# Special, migrations-tracking table
|
# Special, migrations-tracking table
|
||||||
|
@ -21,7 +21,7 @@ from werkzeug.exceptions import Forbidden, NotFound
|
|||||||
from werkzeug.urls import url_quote
|
from werkzeug.urls import url_quote
|
||||||
|
|
||||||
from mediagoblin import mg_globals as mgg
|
from mediagoblin import mg_globals as mgg
|
||||||
from mediagoblin.db.models import MediaEntry, User, MediaComment, Group
|
from mediagoblin.db.models import MediaEntry, User, MediaComment, Privilege
|
||||||
from mediagoblin.tools.response import redirect, render_404
|
from mediagoblin.tools.response import redirect, render_404
|
||||||
|
|
||||||
|
|
||||||
@ -63,25 +63,23 @@ def active_user_from_url(controller):
|
|||||||
|
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
||||||
def user_in_group(group_name):
|
def user_has_privilege(privilege_name):
|
||||||
#TODO handle possible errors correctly
|
#TODO handle possible errors correctly
|
||||||
def user_in_group_decorator(controller):
|
def user_has_privilege_decorator(controller):
|
||||||
@wraps(controller)
|
@wraps(controller)
|
||||||
|
|
||||||
def wrapper(request, *args, **kwargs):
|
def wrapper(request, *args, **kwargs):
|
||||||
user_id = request.user.id
|
user_id = request.user.id
|
||||||
group = Group.query.filter(
|
privileges_of_user = Privilege.query.filter(
|
||||||
Group.group_name==group_name).first()
|
Privilege.all_users.any(
|
||||||
if not (group.query.filter(
|
User.id==user_id))
|
||||||
Group.all_users.any(
|
if not privileges_of_user.filter(
|
||||||
User.id==user_id)).count()):
|
Privilege.privilege_name==privilege_name).count():
|
||||||
|
|
||||||
raise Forbidden()
|
raise Forbidden()
|
||||||
|
|
||||||
return controller(request, *args, **kwargs)
|
return controller(request, *args, **kwargs)
|
||||||
|
|
||||||
return wrapper
|
return wrapper
|
||||||
return user_in_group_decorator
|
return user_has_privilege_decorator
|
||||||
|
|
||||||
|
|
||||||
def user_may_delete_media(controller):
|
def user_may_delete_media(controller):
|
||||||
|
@ -74,6 +74,10 @@ def makeadmin(args):
|
|||||||
user = db.User.one({'username': unicode(args.username.lower())})
|
user = db.User.one({'username': unicode(args.username.lower())})
|
||||||
if user:
|
if user:
|
||||||
user.is_admin = True
|
user.is_admin = True
|
||||||
|
user.all_privileges.append(
|
||||||
|
db.Privilege.one({
|
||||||
|
'privilege_name':u'admin'})
|
||||||
|
)
|
||||||
user.save()
|
user.save()
|
||||||
print 'The user is now Admin'
|
print 'The user is now Admin'
|
||||||
else:
|
else:
|
||||||
|
@ -26,7 +26,7 @@ _log = logging.getLogger(__name__)
|
|||||||
from mediagoblin.tools.text import convert_to_tag_list_of_dicts
|
from mediagoblin.tools.text import convert_to_tag_list_of_dicts
|
||||||
from mediagoblin.tools.translate import pass_to_ugettext as _
|
from mediagoblin.tools.translate import pass_to_ugettext as _
|
||||||
from mediagoblin.tools.response import render_to_response, redirect
|
from mediagoblin.tools.response import render_to_response, redirect
|
||||||
from mediagoblin.decorators import require_active_login
|
from mediagoblin.decorators import require_active_login, user_has_privilege
|
||||||
from mediagoblin.submit import forms as submit_forms
|
from mediagoblin.submit import forms as submit_forms
|
||||||
from mediagoblin.messages import add_message, SUCCESS
|
from mediagoblin.messages import add_message, SUCCESS
|
||||||
from mediagoblin.media_types import sniff_media, \
|
from mediagoblin.media_types import sniff_media, \
|
||||||
@ -36,6 +36,7 @@ from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
|
|||||||
|
|
||||||
|
|
||||||
@require_active_login
|
@require_active_login
|
||||||
|
@user_has_privilege(u'uploader')
|
||||||
def submit_start(request):
|
def submit_start(request):
|
||||||
"""
|
"""
|
||||||
First view for submitting a file.
|
First view for submitting a file.
|
||||||
|
@ -20,7 +20,7 @@ import datetime
|
|||||||
from mediagoblin import messages, mg_globals
|
from mediagoblin import messages, mg_globals
|
||||||
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
|
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
|
||||||
CollectionItem, User, MediaComment,
|
CollectionItem, User, MediaComment,
|
||||||
CommentReport, MediaReport, Group)
|
CommentReport, MediaReport)
|
||||||
from mediagoblin.tools.response import render_to_response, render_404, \
|
from mediagoblin.tools.response import render_to_response, render_404, \
|
||||||
redirect, redirect_obj
|
redirect, redirect_obj
|
||||||
from mediagoblin.tools.translate import pass_to_ugettext as _
|
from mediagoblin.tools.translate import pass_to_ugettext as _
|
||||||
@ -30,7 +30,7 @@ from mediagoblin.user_pages.lib import (send_comment_email, build_report_form,
|
|||||||
add_media_to_collection)
|
add_media_to_collection)
|
||||||
|
|
||||||
from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
|
from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
|
||||||
get_media_entry_by_id, user_in_group,
|
get_media_entry_by_id, user_has_privilege,
|
||||||
require_active_login, user_may_delete_media, user_may_alter_collection,
|
require_active_login, user_may_delete_media, user_may_alter_collection,
|
||||||
get_user_collection, get_user_collection_item, active_user_from_url,
|
get_user_collection, get_user_collection_item, active_user_from_url,
|
||||||
get_media_comment_by_id)
|
get_media_comment_by_id)
|
||||||
@ -152,6 +152,7 @@ def media_home(request, media, page, **kwargs):
|
|||||||
|
|
||||||
@get_media_entry_by_id
|
@get_media_entry_by_id
|
||||||
@require_active_login
|
@require_active_login
|
||||||
|
@user_has_privilege(u'commenter')
|
||||||
def media_post_comment(request, media):
|
def media_post_comment(request, media):
|
||||||
"""
|
"""
|
||||||
recieves POST from a MediaEntry() comment form, saves the comment.
|
recieves POST from a MediaEntry() comment form, saves the comment.
|
||||||
@ -621,8 +622,8 @@ def processing_panel(request):
|
|||||||
|
|
||||||
@require_active_login
|
@require_active_login
|
||||||
@get_user_media_entry
|
@get_user_media_entry
|
||||||
@user_in_group(u'reporter')
|
@user_has_privilege(u'reporter')
|
||||||
def file_a_report(request, media, comment=None, required_group=1):
|
def file_a_report(request, media, comment=None):
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
report_form = build_report_form(request.form)
|
report_form = build_report_form(request.form)
|
||||||
report_form.save()
|
report_form.save()
|
||||||
|
Loading…
x
Reference in New Issue
Block a user