From 4deda94a380dc4217247b49df6e8a5bce0082ddc Mon Sep 17 00:00:00 2001 From: Elrond Date: Mon, 19 Dec 2011 22:29:40 +0100 Subject: [PATCH] Replace media.get_uploader()._id by media.uploader media.get_uploader()._id loads a complete user object without actually needing it, because media.uploader already has the id! --- mediagoblin/decorators.py | 6 +++--- mediagoblin/user_pages/views.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index 229664d7..4cf14a70 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -57,10 +57,10 @@ def user_may_delete_media(controller): Require user ownership of the MediaEntry to delete. """ def wrapper(request, *args, **kwargs): - uploader = request.db.MediaEntry.find_one( - {'_id': ObjectId(request.matchdict['media'])}).get_uploader() + uploader_id = request.db.MediaEntry.find_one( + {'_id': ObjectId(request.matchdict['media'])}).uploader if not (request.user.is_admin or - request.user._id == uploader._id): + request.user._id == uploader_id): return exc.HTTPForbidden() return controller(request, *args, **kwargs) diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 87b82c74..449e3b1c 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -192,7 +192,7 @@ def media_confirm_delete(request, media): location=media.url_for_self(request.urlgen)) if ((request.user.is_admin and - request.user._id != media.get_uploader()._id)): + request.user._id != media.uploader)): messages.add_message( request, messages.WARNING, _("You are about to delete another user's media. "