heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature #403 - Ability to delete media entries - Fixes according to feedback

Browse Source 
*   Moved `mediagoblin.confirm` stuff to `mediagoblin.user_pages`,
    templates too.
*   Removed route extension for `mediagoblin.confirm`
*   Created `delete_media_files` which deletes all media files
    on the public_store when the entry is deleted
*   Created a new decorator to check if a user has the permission
     to delete an entry.
This commit is contained in:
Joar Wandborg 2011-08-30 23:16:46 +02:00
parent 7d0efbae29
commit 502073f2bf
10 changed files with 135 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
mediagoblin/decorators.py
View File

@ -51,6 +51,31 @@ def require_active_login(controller):
return _make_safe(new_controller_func, controller) return _make_safe(new_controller_func, controller)
def user_may_delete_media(controller):
"""
Require user ownership of the MediaEntry
Originally:
def may_delete_media(request, media):
\"\"\"
Check, if the request's user may edit the media details
\"\"\"
if media['uploader'] == request.user['_id']:
return True
if request.user['is_admin']:
return True
return False
"""
def wrapper(request, *args, **kwargs):
if not request.user['_id'] == request.db.MediaEntry.find_one(
{'_id': ObjectId(
request.matchdict['media'])}).uploader()['_id']:
return exc.HTTPForbidden()
return controller(request, *args, **kwargs)
return _make_safe(wrapper, controller)
def uses_pagination(controller): def uses_pagination(controller):
""" """
@ -122,3 +147,4 @@ def get_media_entry_by_id(controller):
return controller(request, media=media, *args, **kwargs) return controller(request, media=media, *args, **kwargs)
return _make_safe(wrapper, controller) return _make_safe(wrapper, controller)

1
mediagoblin/routing.py
View File

@ -37,6 +37,5 @@ def get_mapper():
mapping.extend(user_routes, '/u') mapping.extend(user_routes, '/u')
mapping.extend(edit_routes, '/edit') mapping.extend(edit_routes, '/edit')
mapping.extend(tag_routes, '/tag') mapping.extend(tag_routes, '/tag')
mapping.extend(confirm_routes, '/confirm')
return mapping return mapping

3
mediagoblin/storage.py
View File

@ -281,7 +281,8 @@ class CloudFilesStorage(StorageInterface):
def delete_file(self, filepath): def delete_file(self, filepath):
# TODO: Also delete unused directories if empty (safely, with # TODO: Also delete unused directories if empty (safely, with
# checks to avoid race conditions). # checks to avoid race conditions).
self.container.delete_object(filepath) self.container.delete_object(
self._resolve_filepath(filepath))
def file_url(self, filepath): def file_url(self, filepath):
return '/'.join([ return '/'.join([

2
mediagoblin/templates/mediagoblin/user_pages/media.html
View File

@ -128,7 +128,7 @@
class="media_icon" />edit</a> class="media_icon" />edit</a>
</p> </p>
<p> <p>
<a href="{{ request.urlgen('mediagoblin.confirm.confirm_delete', <a href="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
user= media.uploader().username, user= media.uploader().username,
media= media._id) }}" media= media._id) }}"
><img src="{{ request.staticdirect('/images/icon_delete.png') }}" ><img src="{{ request.staticdirect('/images/icon_delete.png') }}"

48
mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html Normal file
View File

@ -0,0 +1,48 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 Free Software Foundation, Inc
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% extends "mediagoblin/base.html" %}
{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.user_pages.media_confirm_delete',
user=media.uploader().username,
media=media._id) }}"
method="POST" enctype="multipart/form-data">
<div class="grid_8 prefix_1 suffix_1 edit_box form_box">
<h1>
{%- trans title=media['title'] -%}
Really delete {{ title }}?
{%- endtrans %}
</h1>
<p>
<em>
{%- trans -%}
If you choose yes, the media entry will be deleted <strong>permanently.</strong>
{%- endtrans %}
</em>
</p>
{{ wtforms_util.render_divs(form) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
</div>
</div>
</form>
{% endblock %}

4
mediagoblin/tests/test_submission.py
View File

@ -174,7 +174,7 @@ class TestSubmission:
# Do not confirm deletion # Do not confirm deletion
# --------------------------------------------------- # ---------------------------------------------------
response = self.test_app.post( response = self.test_app.post(
request.urlgen('mediagoblin.confirm.confirm_delete', request.urlgen('mediagoblin.user_pages.media_confirm_delete',
# No work: user=media.uploader().username, # No work: user=media.uploader().username,
user=self.test_user['username'], user=self.test_user['username'],
media=media['_id']), media=media['_id']),
@ -193,7 +193,7 @@ class TestSubmission:
# Confirm deletion # Confirm deletion
# --------------------------------------------------- # ---------------------------------------------------
response = self.test_app.post( response = self.test_app.post(
request.urlgen('mediagoblin.confirm.confirm_delete', request.urlgen('mediagoblin.user_pages.media_confirm_delete',
# No work: user=media.uploader().username, # No work: user=media.uploader().username,
user=self.test_user['username'], user=self.test_user['username'],
media=media['_id']), media=media['_id']),

7
mediagoblin/user_pages/forms.py
View File

@ -23,3 +23,10 @@ class MediaCommentForm(wtforms.Form):
comment_content = wtforms.TextAreaField( comment_content = wtforms.TextAreaField(
_('Comment'), _('Comment'),
[wtforms.validators.Required()]) [wtforms.validators.Required()])
class ConfirmDeleteForm(wtforms.Form):
confirm = wtforms.RadioField('Confirm',
default='False',
choices=[('False', 'No, I made a mistake!'),
('True', 'Yes, delete it!')])

4
mediagoblin/user_pages/routing.py
View File

@ -32,9 +32,9 @@ user_routes = [
Route('mediagoblin.edit.attachments', Route('mediagoblin.edit.attachments',
'/{user}/m/{media}/attachments/', '/{user}/m/{media}/attachments/',
controller="mediagoblin.edit.views:edit_attachments"), controller="mediagoblin.edit.views:edit_attachments"),
Route('mediagoblin.confirm.confirm_delete', Route('mediagoblin.user_pages.media_confirm_delete',
"/{user}/m/{media}/confirm-delete/", "/{user}/m/{media}/confirm-delete/",
controller="mediagoblin.confirm.views:confirm_delete"), controller="mediagoblin.user_pages.views:media_confirm_delete"),
Route('mediagoblin.user_pages.atom_feed', '/{user}/atom/', Route('mediagoblin.user_pages.atom_feed', '/{user}/atom/',
controller="mediagoblin.user_pages.views:atom_feed"), controller="mediagoblin.user_pages.views:atom_feed"),
Route('mediagoblin.user_pages.media_post_comment', Route('mediagoblin.user_pages.media_post_comment',

34
mediagoblin/user_pages/views.py
View File

@ -20,11 +20,11 @@ from mediagoblin import messages, mg_globals
from mediagoblin.db.util import DESCENDING, ObjectId from mediagoblin.db.util import DESCENDING, ObjectId
from mediagoblin.util import ( from mediagoblin.util import (
Pagination, render_to_response, redirect, cleaned_markdown_conversion, Pagination, render_to_response, redirect, cleaned_markdown_conversion,
render_404) render_404, delete_media_files)
from mediagoblin.user_pages import forms as user_forms from mediagoblin.user_pages import forms as user_forms
from mediagoblin.decorators import (uses_pagination, get_user_media_entry, from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
require_active_login) require_active_login, user_may_delete_media)
from werkzeug.contrib.atom import AtomFeed from werkzeug.contrib.atom import AtomFeed
@ -145,6 +145,36 @@ def media_post_comment(request):
user = request.matchdict['user']) user = request.matchdict['user'])
@get_user_media_entry
@require_active_login
@user_may_delete_media
def media_confirm_delete(request, media):
form = user_forms.ConfirmDeleteForm(request.POST)
if request.method == 'POST' and form.validate():
if request.POST.get('confirm') == 'True':
username = media.uploader()['username']
# Delete all files on the public storage
delete_media_files(media)
media.delete()
return redirect(request, "mediagoblin.user_pages.user_home",
user=username)
else:
return redirect(request, "mediagoblin.user_pages.media_home",
user=media.uploader()['username'],
media=media['slug'])
return render_to_response(
request,
'mediagoblin/user_pages/media_confirm_delete.html',
{'media': media,
'form': form})
ATOM_DEFAULT_NR_OF_UPDATED_ITEMS = 15 ATOM_DEFAULT_NR_OF_UPDATED_ITEMS = 15
def atom_feed(request): def atom_feed(request):

15
mediagoblin/util.py
View File

@ -681,3 +681,18 @@ def render_404(request):
""" """
return render_to_response( return render_to_response(
request, 'mediagoblin/404.html', {}, status=400) request, 'mediagoblin/404.html', {}, status=400)
def delete_media_files(media):
"""
Delete all files associated with a MediaEntry
Arguments:
- media: A MediaEntry document
"""
for handle, listpath in media['media_files'].items():
mg_globals.public_store.delete_file(
listpath)
for attachment in media['attachment_files']:
mg_globals.public_store.delete_file(
attachment['filepath'])